Jason Mehring
21d89335fe
debian: Update notification now notifies dom0 when an upgrade is completed
2015-04-25 03:44:28 -04:00
Jason Mehring
4373cda566
Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected-files.d
2015-04-25 02:36:43 +02:00
Jason Mehring
56b0685aaa
whonix: Added protected-files file used to prevent scripts from modifying files that need to be protected
...
A file is created in /var/lib/qubes/protected-files. Scripts can grep this file before modifying
known files to be protected and skip any modifications if the file path is within protected-files.
Usage Example:
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
Also cleaned up maintainer scripts removing unneeded systemd status functions and streamlined
the enable/disable systemd unit files functions
2015-04-25 02:36:43 +02:00
Marek Marczykowski-Górecki
f2cf6933b9
prepare-dvm: fix bashism
...
$(( )) is POSIX syntax for shell arithmetic operations. Especially dash
(default shell in Debian) doesn't support $[ ].
2015-04-15 18:52:42 +02:00
Marek Marczykowski-Górecki
ff63a0b876
Minor fixes in mount-home.sh
...
Hide unneeded messages.
2015-04-11 02:51:10 +02:00
Marek Marczykowski-Górecki
65bc22fd1d
Fix resizing of /rw partition (private.img)
...
Offline resize requires to run fsck -f first. Because we support only
growing that image, we can simply use online resize instead.
This finally fixes qubesos/qubes-issues#772
2015-04-11 02:47:16 +02:00
Marek Marczykowski-Górecki
285071bd59
systemd: disable avahi-daemon and dnf-makecache
...
Especially dnf-makecache is senseless as its state will not survive VM
restart, but it takes a lot of CPU time.
2015-04-10 18:23:14 +02:00
Marek Marczykowski-Górecki
343ce1814c
systemd: use presets to enable services, call preset-all
...
This way the services will be enabled/disabled regardless of its initial
state.
2015-04-07 02:30:59 +02:00
Marek Marczykowski-Górecki
a58d0f95f7
Update comments and xenbus intf in startup scripts regarding vchan requirements
2015-03-25 00:20:11 +01:00
Marek Marczykowski-Górecki
04b5bd1b0a
Do not load xen-usbfront automatically
...
We no longer provide this module (it looks to be a dead project).
Instead in newer kernel USBIP can be used.
2015-03-21 00:54:19 +01:00
Marek Marczykowski-Górecki
b0c90d9d6c
Provide stub files in /rw/config
2015-03-19 23:40:25 +01:00
Marek Marczykowski-Górecki
34a38c668e
Create filesystem if the private.img is empty
2015-03-18 00:33:30 +01:00
Marek Marczykowski-Górecki
3687c4e622
dispvm: do not restart qubesdb-daemon, use watch instead
...
qubesdb-daemon will handle reconnection by itself.
2015-03-04 02:10:28 +01:00
Marek Marczykowski-Górecki
57be910135
dispvm: include memory caches in "used memory" notification
...
Also make the code more readable.
2015-03-04 02:09:18 +01:00
Marek Marczykowski-Górecki
4303b7dc52
dispvm: use qubes.WaitForSession to wait for gui-agent startup
2015-03-04 02:08:22 +01:00
Marek Marczykowski-Górecki
88d7ca7940
Move mounting /rw and /home to separate service
...
Many services depended on misc-post only because this was where /home
gets mounted. Move that to separate service, started earlier.
2015-03-04 01:52:18 +01:00
Marek Marczykowski-Górecki
06a0d30d50
dispvm: start gui agent early, do not kill Xorg
...
Now gui agent support reconnecting to guid.
2015-03-02 02:30:06 +01:00
Marek Marczykowski-Górecki
fdca69ae78
fc21: fix DispVM preparation - Xorg has new name
2015-03-01 20:27:27 +01:00
Marek Marczykowski-Górecki
f8db065a75
Merge remote-tracking branch 'nrgaway/r3-templates'
2015-02-17 04:58:04 +01:00
Marek Marczykowski-Górecki
e47197569a
Adjust permissions of /var/run/qubes
2015-02-17 04:56:35 +01:00
Jason Mehring
f1390c1436
Set permissions to /proc/xen/privcmd, so a user in qubes group can access
2015-02-11 08:02:55 -05:00
Matt McCutchen
377e0b4cd4
Switch to preset file for systemd units to disable.
2015-02-09 06:35:05 +01:00
HW42
dad5bfbd18
remove 'bashisms' or explicit use bash
2015-02-05 05:42:08 +01:00
Marek Marczykowski-Górecki
19a4c6d0dd
network: support for not setting DNS and/or default gateway (v2)
...
This patch introduces two new qvm-services:
- disable-default-route
- disable-dns-server
Both disabled by default. You can enable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.
This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C7FB59.2020603%40openmailbox.org
Conflicts:
network/setup-ip
vm-init.d/qubes-core
vm-systemd/qubes-sysinit.sh
2015-01-30 00:52:31 +01:00
Marek Marczykowski-Górecki
efb79d5784
systemd: allow to start cron daemon ( #909 )
2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
4637735882
network: support for not setting DNS and/or default gateway
...
This patch introduces two new qvm-services:
- set-default-route
- set-dns-server
Both enabled by default. You can disable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.
This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C39656.3090303%40openmailbox.org
Conflicts:
network/setup-ip
vm-init.d/qubes-core
vm-systemd/qubes-sysinit.sh
2015-01-30 00:48:55 +01:00
Marek Marczykowski-Górecki
756293ec75
Fix disabling nm-applet when NM is disabled
2015-01-30 00:32:09 +01:00
Marek Marczykowski-Górecki
9130636c88
Merge branch 'debian'
...
Conflicts:
misc/qubes-r2.list.in
misc/qubes-trigger-sync-appmenus.sh
network/30-qubes-external-ip
network/qubes-firewall
vm-systemd/network-proxy-setup.sh
vm-systemd/prepare-dvm.sh
vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski
d00d52fc31
dispvm: restart qubesdb at DispVM start
...
To connect to new qubesdb daemon in dom0.
2014-11-19 15:34:33 +01:00
Marek Marczykowski
1f04cf34cc
systemd: fix qubes-service handling
...
qubesdb-list does show only list of paths, without values. Use
qubesdb-multiread instead. Path (argument) must have terminating '/' so
it will be cut of printed paths (service names only).
2014-11-19 15:34:33 +01:00
Marek Marczykowski
db35abadc8
Use Qubes DB instead of Xenstore
2014-11-19 15:34:33 +01:00
Marek Marczykowski
93ad711f4e
load xen-gntalloc module required by libxenvchan
2014-11-19 15:34:32 +01:00
Jason Mehring
cc26e26be8
debian: apt-get needs to update first
2014-11-07 03:46:54 -05:00
Jason Mehring
96887ea1b8
debian: Add qubes-update-check for Debian
2014-11-07 03:30:45 -05:00
Marek Marczykowski-Górecki
c817bb0282
little fix for the official template
...
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
/Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
cXas4+wsl0+qXRk/PDOn
=6kCH
-----END PGP SIGNATURE-----
Merge tag 'hw42_debian-systemd-3' into debian
Conflicts:
debian/control
Merged postinst scripts from hw42 and nrgaway
2014-11-05 04:35:23 +01:00
HW42
63e915f6d4
Tag for commit 5d68e2cc70
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
+hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
+zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
BJkmYBjqgnjCsQFUBMnn
=shGW
-----END PGP SIGNATURE-----
Merge tag 'mm_5d68e2cc' into debian-systemd
Tag for commit 5d68e2cc70
Conflicts:
Makefile
debian/rules
network/qubes-firewall
vm-systemd/misc-post.sh
vm-systemd/qubes-sysinit.sh
2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
a4e4a6214b
systemd: fix xenstore-ls path
2014-11-02 00:31:49 +01:00
Marek Marczykowski-Górecki
5d68e2cc70
Handle tabs in /etc/hosts
2014-10-27 22:39:25 +01:00
Marek Marczykowski-Górecki
15f3a1b8d0
debian: fix proxy setup
2014-10-24 00:45:39 +02:00
Marek Marczykowski-Górecki
a2e17ef244
systemd: fix 'service' path
...
On Fedora it is all the same because /sbin -> /usr/sbin symlink. But on
Debian it does matter.
2014-10-19 04:11:15 +02:00
HW42
a91dfdf48b
fix xenstore-read path in network-proxy-setup.sh for debian
2014-10-01 06:51:58 +02:00
Marek Marczykowski-Górecki
4ee0de9fb8
updates-proxy-setup: support setting proxy for apt ( #887 )
2014-10-01 05:40:14 +02:00
HW42
434a794dda
use sleep instead os usleep since it is more portable
2014-10-01 03:44:33 +02:00
Marek Marczykowski-Górecki
e83a91e3d3
debian: migrate to native systemd services
2014-09-30 00:54:33 +02:00
Marek Marczykowski-Górecki
240066fc23
Add missing u2mfn module load
...
Is loaded as part of gui-agent startup, but qrexec-agent also needs it
so eliminate race condition here.
2014-09-29 21:39:17 +02:00
Marek Marczykowski-Górecki
4bccdb0ba5
Use systemd mechanism for loading kernel modules (when available)
...
One more thing done in more generic way (not Fedora-specific).
2014-09-29 21:31:10 +02:00
HW42
0d0261d1c1
improve update of /etc/hosts
...
* use 127.0.1.1 under debian (since it's the default there)
* also set the IPv6 loopback address (::1) since some tools tries to
AAAA resolve the hostname (for example sendmail)
* ensure proper /etc/hosts format through postinst-script (hostname as
last entry)
2014-09-29 05:25:32 +02:00
HW42
4886411570
various patches for debian
...
this should enable debian based templates to be used as proxy/netvm
2014-09-29 05:25:24 +02:00
Marek Marczykowski-Górecki
2e4cdc2f8d
Rename yum-proxy-setup service to updates-proxy-setup
...
Fedora is no longer the only supported distribution, so change the
service name to be more generic. Old name still supported for
compatibility.
2014-09-27 01:52:19 +02:00
Marek Marczykowski-Górecki
3f19c89301
Rename qubes-yum-proxy service to qubes-updates-proxy
...
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
2014-09-27 00:32:52 +02:00