Commit Graph

2529 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
c997008e2f
version 4.1.7 2020-01-17 05:12:04 +01:00
AJ Jordan
52d1051137
Fix typo 2020-01-16 14:12:01 -05:00
Marek Marczykowski-Górecki
3adec4b952
Merge remote-tracking branch 'origin/pr/205'
* origin/pr/205:
  qubes-session-autostart: handle error when reading a directory
2020-01-16 04:25:00 +01:00
Marek Marczykowski-Górecki
d2087c5abf
Merge remote-tracking branch 'origin/pr/203'
* origin/pr/203:
  Added "QubesIncoming" shortcut to Nautilus
2020-01-16 04:24:07 +01:00
Marek Marczykowski-Górecki
f40c4ea9eb
Merge remote-tracking branch 'origin/pr/201'
* origin/pr/201:
  update_connected_ips: set iptables policy to drop while updating
  update_connected_ips: reload nftables using one command
  get_connected_ips: handle empty and missing keys, add tests
  update_connected_ips: correctly handle byte-string
  firewall: fix family / family_name
  qubes-firewall: correctly handle empty connected-ips list
  Update tests for anti-spoofing, add test for the method itself
  Update rule priorities for anti-spoofing
  Update firewall tests
  qubes-firewall: add anti-spoofing rules for connected machines
2020-01-16 04:22:03 +01:00
unman
af20dbc3db
Disable package caching in apt operations 2020-01-15 18:47:53 +00:00
Pawel Marczewski
22a309d154
qubes-session-autostart: handle error when reading a directory
Fixes QubesOS/qubes-issues#5043.
2020-01-15 11:20:21 +01:00
Frédéric Pierret (fepitre)
9d7a3f2cb9
qubes-sysinit: set GUI_OPTS in gui-agent-linux 2020-01-14 17:57:08 +01:00
Pawel Marczewski
e6eee9f4e0
update_connected_ips: set iptables policy to drop while updating 2020-01-14 11:46:23 +01:00
Pawel Marczewski
a12e72b89c
update_connected_ips: reload nftables using one command
Get rid of race condition between flushing the chains
and adding new rules.
2020-01-14 10:46:51 +01:00
Pawel Marczewski
4aace50313
get_connected_ips: handle empty and missing keys, add tests 2020-01-14 10:23:41 +01:00
Pawel Marczewski
e43fd2fc5a
update_connected_ips: correctly handle byte-string 2020-01-14 10:14:00 +01:00
Pawel Marczewski
39885a4329
firewall: fix family / family_name 2020-01-13 16:47:49 +01:00
Marta Marczykowska-Górecka
fd6e551ebe
Added "QubesIncoming" shortcut to Nautilus
A small script will add the QubesIncoming shortcut to Nautilus file pane
on the first use of qvm-copy to a given VM. The shortcut will not be recreated if
deleted.

fixes QubesOS/qubes-issues#2229
2020-01-13 16:45:41 +01:00
Pawel Marczewski
00fbb956b4
qubes-firewall: correctly handle empty connected-ips list 2020-01-13 14:43:05 +01:00
Frédéric Pierret (fepitre)
eac2e79483
travis: switch to dom0 Fedora 31
QubesOS/qubes-issues#5529
2020-01-11 11:38:27 +01:00
Pawel Marczewski
860a07166b
Update tests for anti-spoofing, add test for the method itself 2020-01-10 09:19:40 +01:00
Pawel Marczewski
cd19073d50
Update rule priorities for anti-spoofing 2020-01-10 09:19:32 +01:00
Pawel Marczewski
c1d8d7bce1
Update firewall tests 2020-01-09 18:42:14 +01:00
Pawel Marczewski
bfe31cfec8
qubes-firewall: add anti-spoofing rules for connected machines
qubes-firewall will now blacklist IP addresses from all connected
machines on non-vif* interfaces. This prevents spoofing source or
target address on packets going over an upstream link, even if
a VM in question is powered off at the moment.

Depends on QubesOS/qubes-core-admin#303 which makes admin maintain
the list of IPs in qubesdb.

Fixes QubesOS/qubes-issues#5540.
2020-01-09 18:25:08 +01:00
Marek Marczykowski-Górecki
cc68f165bc
Merge remote-tracking branch 'origin/pr/199'
* origin/pr/199:
  qubes.GetAppmenus: handle home directory properly in case of sudo
  Silence shellcheck
  GetAppmenus: ensure right app directories
2020-01-09 01:38:12 +01:00
Pawel Marczewski
418a5ec6e3
qubes.GetAppmenus: handle home directory properly in case of sudo 2020-01-08 17:05:32 +01:00
Pawel Marczewski
2df17a4790
Silence shellcheck
See https://github.com/koalaman/shellcheck/wiki/SC1090
2020-01-08 10:29:36 +01:00
Marek Marczykowski-Górecki
cf2c91bc79
Merge remote-tracking branch 'origin/pr/200'
* origin/pr/200:
  Make the file copy operation respect default_user
2020-01-08 02:21:59 +01:00
Pawel Marczewski
e78edba725
Make the file copy operation respect default_user
Previously, both file path and username were hardcoded.

Fixes QubesOS/qubes-issues#5385.
2020-01-07 16:54:19 +01:00
Pawel Marczewski
552b6de862
GetAppmenus: ensure right app directories
The script depends on XDG_DATA_DIRS environment variable
being set up correctly, which is not the case when it is
running under sudo. As a result, a post-install trigger
for apt could remove application entries from other sources
(Snap, Flatpak).

Fixes QubesOS/qubes-issues#5477.
2020-01-07 15:45:05 +01:00
Pawel Marczewski
03621e5792
StartApp: remove workaround for .desktop suffix
The workaround is no longer necessary, and it breaks when
the app name itself contains .desktop (such as org.telegram.desktop).

Fixes QubesOS/qubes-issues#5408.
2020-01-07 13:06:57 +01:00
Patrick Schleizer
b20373213d
console=hvc0 must be last
https://github.com/QubesOS/qubes-issues/issues/5490#issuecomment-562263712
2019-12-07 16:56:53 +00:00
Marek Marczykowski-Górecki
1b28fcd4f1
Do not load u2mfn module anymore
It isn't used in Qubes R4.1 anymore

QubesOS/qubes-issues#4280
2019-12-03 13:55:49 +01:00
Jonas DOREL
281d1a5776
Mention Update Proxy in configuration
This makes it easier to understand why this configuration is present.
2019-12-01 13:41:54 +01:00
Marek Marczykowski-Górecki
a279b08e3f
version 4.1.6 2019-11-13 06:06:40 +01:00
Marek Marczykowski-Górecki
01aa61521b
Merge remote-tracking branch 'origin/pr/192'
* origin/pr/192:
  vm-file-editor: drop old wait-for-session mechanism
  qubes.WaitForSession: refactor by waiting for qrexec-fork-server socket
2019-11-13 05:43:55 +01:00
Frédéric Pierret (fepitre)
71ef524dec
vm-file-editor: drop old wait-for-session mechanism 2019-11-11 16:08:28 +01:00
Otto Sabart
b9d3e87438
archlinux: fix proxy setting in XferCommand
Starting from pacman v5.2.0 there is a problem with updating/installing
new packages:

$ pacman -Sy
...
debug: running command: ALL_PROXY=http://127.0.0.1:8082/ /usr/bin/curl -C - -f https://gluttony.sin.cvut.cz/arch/core/os/x86_64/core.db > /var/lib/pacman/sync/core.db.part
warning: running XferCommand: fork failed!
...

The problem is caused by change in pacman "run XferCommand via exec" [0].


Refs.:
- [0] https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee
- [1] https://github.com/QubesOS/qubes-issues/issues/5443
2019-11-04 10:18:20 +01:00
Frédéric Pierret (fepitre)
a44e73900e
qubes.WaitForSession: refactor by waiting for qrexec-fork-server socket 2019-11-02 23:11:32 +01:00
Amadeusz Piotr Żołnowski
8c8666451e
Install qubes-rpc files in Archlinux 2019-10-21 23:00:51 +01:00
Amadeusz Piotr Żołnowski
c104d73a85
Don't clean tilda files in qubes-rpc
These are not created by build system, but by some editors. Developers
should deal with extra files created by theirs editors outside of build
files.
2019-10-21 22:45:36 +01:00
Marek Marczykowski-Górecki
e43e262b2d
Merge remote-tracking branch 'origin/pr/188'
* origin/pr/188:
  Use built-in rules in qubes-rpc makefile
  Ignore build result: tar2qfile
  Remove no longer needed xorg-preload-apps.conf
  Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
2019-10-21 00:45:47 +02:00
Amadeusz Piotr Żołnowski
863c7e130f
Use built-in rules in qubes-rpc makefile
That allows a build system to customize compiler and linker and pass
extra flags to these.

Remove `-g` as default flag and enable it only when `DEBUG` variable is
set.
2019-10-20 09:12:08 +01:00
Amadeusz Piotr Żołnowski
e98d9332fa
Ignore build result: tar2qfile 2019-10-20 09:12:08 +01:00
Amadeusz Piotr Żołnowski
6b0179c107
Remove no longer needed xorg-preload-apps.conf 2019-10-20 09:12:07 +01:00
Amadeusz Piotr Żołnowski
3152c609a9
Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
qubes-rpc has its own Makefile that's responsible for building some
executables. The root Makefile was installing qubes-rpc files. To make
qubes-rpc a bit more indepdent from core-agent root Makefile and to ease
potential maintainer work on packaging qubes-rpc separately, the
installation has been moved to qubes-rpc Makefile. Moreover that should
make the Makefiles easier to read and maintain.
2019-10-20 09:12:07 +01:00
Marek Marczykowski-Górecki
22246c5fdf
Merge remote-tracking branch 'origin/pr/189'
* origin/pr/189:
  travis: switch to bionic
2019-10-20 01:47:39 +02:00
Frédéric Pierret (fepitre)
bd94953783
travis: switch to bionic
QubesOS/qubes-issues#4613
2019-10-19 21:45:31 +02:00
Hans Jerry Illikainen
b9a5fb7e3f
qubes-download-dom0-updates: verify package signatures 2019-10-12 20:43:38 +00:00
Marek Marczykowski-Górecki
b7f714b742
version 4.1.5 2019-10-09 04:15:20 +02:00
Marek Marczykowski-Górecki
3c47a7890f
Merge branch 'fc31'
* fc31:
  rpm: switch deps to python3-setuptools on CentOS too
  debian: switch to python3
  Use spaces in xdg-icon script
  Convert other scripts to python3
  Convert qubesagent module to python3
  Minor codestyle fix in qubesadmin/firewall.py
  Require python setuptools
  Update python2 dependencies to python3 and clean deprecated requirements
2019-10-06 07:00:10 +02:00
Marek Marczykowski-Górecki
033f544d9b
Merge branch 'bug5110'
* bug5110:
  network: don't fail the whole vif setup if IPv6 is disabled
2019-10-06 06:33:40 +02:00
Marek Marczykowski-Górecki
34921cd9c0
network: don't fail the whole vif setup if IPv6 is disabled
Detect if IPv6 is disabled in the kernel (like it is in Whonix Gateway)
and skip setting IPv6 in that case. Otherwise 'ip' call would fail and
since the script is with 'set -e', it would interrupt setting IPv4 too.
Log error message in that case anyway.

Fixes QubesOS/qubes-issues#5110
2019-10-06 06:19:16 +02:00
Marek Marczykowski-Górecki
2dcaebd110
resize-rootfs: wait for partition table to reload
partprobe triggers reloading partition table, but apparently it isn't
guaranteed udev re-create device nodes at the time it finishes. This may lead
to /dev/mapper/dmroot pointing to nowhere. Fix this by calling udevadm settle
after reloading partition table.
2019-10-06 03:12:56 +02:00