Commit Graph

146 Commits

Author SHA1 Message Date
Jason Mehring
56b0685aaa whonix: Added protected-files file used to prevent scripts from modifying files that need to be protected
A file is created in /var/lib/qubes/protected-files.  Scripts can grep this file before modifying
        known files to be protected and skip any modifications if the file path is within protected-files.

        Usage Example:
            if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then

        Also cleaned up maintainer scripts removing unneeded systemd status functions and streamlined
        the enable/disable systemd unit files functions
2015-04-25 02:36:43 +02:00
Marek Marczykowski-Górecki
ab38410f5c debian: install qubes-download-dom0-updates.sh 2015-04-14 00:22:35 +02:00
Marek Marczykowski-Górecki
3768426306 version 3.0.6 2015-04-11 03:40:57 +02:00
Marek Marczykowski-Górecki
e8c9f010ad version 3.0.5 2015-04-07 14:58:36 +02:00
Marek Marczykowski-Górecki
2951e1ba02 version 3.0.4 2015-04-02 00:55:09 +02:00
Marek Marczykowski-Górecki
d41ae5bc7f debian: update NetworkManager configuration
Especially add unmanaged-devices, otherwise NM will break vif*
configuration.
2015-03-30 22:49:50 +02:00
Marek Marczykowski-Górecki
52d502bce2 debian: fix handling SysV units in disableSystemdUnits
systemctl is-enabled always reports "disabled" for them (actually not a
real "disabled", but and error, but exit code is the same). So simply
always disable the unit, it is no-op for already disabled ones.
BTW systemctl preset also do not work for them.
2015-03-30 21:46:01 +02:00
Marek Marczykowski-Górecki
b05fa062be version 3.0.3 2015-03-27 01:24:43 +01:00
Marek Marczykowski-Górecki
add158d8e7 version 3.0.2 2015-03-26 23:56:25 +01:00
Jason Mehring
da2b0cde16
Removed code that deleted original nautilus actions
dpkg/rpm should handle this automatically on upgrading package
2015-02-27 16:17:44 -05:00
Jason Mehring
6836420c3c
Removed nautilus-actions depend and replaced with nautilus-python
nautilus-actions was orphaned in fc21, so all nautilus context menus have
been re-written as nautilus-python extensions
2015-02-27 00:52:17 -05:00
Jason Mehring
de51e155f3
debian: Add extend-diff-ignore options to debian packager
This will ignore excluded deb, rpm, pkg and .git directories that were
tar'ed for the .orig.tar.gz debian upstream package file and will prevent
build errors
2015-02-19 19:56:23 -05:00
Marek Marczykowski-Górecki
3c67f98a9b debian: fix version number 2015-02-17 16:25:01 +01:00
Marek Marczykowski-Górecki
4947c0c53a version 3.0.1 2015-02-17 14:14:16 +01:00
Jason Mehring
567a045bcd
Make sure when user is added to qubes group that the group is appended
added -a option to usermod.
This will prevent other groups from being un-subscribed when qubes group is added
2015-02-13 15:00:54 -05:00
Jason Mehring
197fa604ed
debian: Remove unneeded patch file and README 2015-02-12 11:34:13 -05:00
Jason Mehring
51c94ccc2b
debian: Move creation of directories into debian.dirs configuration file 2015-02-12 11:29:00 -05:00
Jason Mehring
45cbeda244
debian: Revert depends back to use libxen-dev 2015-02-12 11:27:35 -05:00
Jason Mehring
6e3be531c5
Merge branch 'r3-templates' of github.com:nrgaway/core-agent-linux into r3-templates
Conflicts:
	debian/rules
2015-02-11 08:06:45 -05:00
Jason Mehring
2274e65a32 debian: Refactor Debian quilt packaging for xen
- Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian
- Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf
2015-02-11 08:02:55 -05:00
Jason Mehring
79650f0c4c debian: Converted debian package to a quilt package to allow patches
Applied patch to qrexec Makefile to prevent compile failure on warnings
  qrexec: Disable all warnings being treated as errors

  gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2  -c -o qrexec-agent-data.o qrexec-agent-data.c
  qrexec-agent-data.c: In function 'handle_remote_data':
  qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
                 status = *(unsigned int *)buf;
                 ^
  cc1: all warnings being treated as errors
  <builtin>: recipe for target 'qrexec-agent-data.o' failed
2015-02-11 08:02:55 -05:00
Jason Mehring
fc42561586 Add a qubes group and then add the user 'user' to the group
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions.  /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
2015-02-11 08:02:55 -05:00
Jason Mehring
bb850ab95d debian: Remove 'exit 0' in maintainer section scripts to all other debhelpers (if any) to also execute 2015-02-11 08:02:55 -05:00
Marek Marczykowski-Górecki
b40c791914 debian: change systemctl set-default back to manual symlink
systemd in wheezy is old enough to not have this option.
2015-02-10 17:22:04 +01:00
Jason Mehring
0df84c7796
debian: Converted debian package to a quilt package to allow patches
Applied patch to qrexec Makefile to prevent compile failure on warnings
  qrexec: Disable all warnings being treated as errors

  gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2  -c -o qrexec-agent-data.o qrexec-agent-data.c
  qrexec-agent-data.c: In function 'handle_remote_data':
  qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
                 status = *(unsigned int *)buf;
                 ^
  cc1: all warnings being treated as errors
  <builtin>: recipe for target 'qrexec-agent-data.o' failed
2015-02-10 10:40:51 -05:00
Jason Mehring
ccff1f3149
Add a qubes group and then add the user 'user' to the group
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions.  /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
2015-02-07 06:07:35 -05:00
Jason Mehring
328430d3bf
debian: Remove 'exit 0' in maintainer section scripts to all other debhelpers (if any) to also execute 2015-02-07 04:51:45 -05:00
HW42
97dd21bcff debian: preinst: cleanup user creation
Generate user-groups via -U instead of explicit via groupadd. This also
fix the problem that the tinyproxy group were not gererated as
"system"-group.

Also suppress unneeded output of the existence test.
2015-02-05 05:42:08 +01:00
HW42
166ec3323f debian: prerm: remove obsolete code
this code has been obsoleted by commit 56607800, eb18af4c and 707be87a.
2015-02-05 05:42:08 +01:00
HW42
5c54d48c36 debian: preinst: don't force the default shell to bash 2015-02-05 05:42:08 +01:00
HW42
dad5bfbd18 remove 'bashisms' or explicit use bash 2015-02-05 05:42:08 +01:00
HW42
77392fd3a9 debian: preinst: remove modification of /etc/modules
modules are already handled by systemd and /lib/modules-load/qubes-*
2015-02-05 01:23:00 +01:00
HW42
6ff749a13a debian: install fstab as normal config file 2015-02-05 01:23:00 +01:00
HW42
641c516d76 debian: postinst: remove redundant and misleading trigger output 2015-02-05 01:22:21 +01:00
HW42
60a181b3f4 debian: postinst: enable haveged only if installed 2015-02-05 01:22:21 +01:00
HW42
05da6e6379 debian: postinst: don't start systemd services
Starting services in the postinst script doesn't make much sense since
the package is normally installed in the template. In addition the start
can fail when executed through a trigger.
2015-02-05 01:22:20 +01:00
HW42
e8f25bfac8 debian: postinst: cleanup 2015-02-05 01:22:20 +01:00
HW42
de53e1d0bb debian: postinst: enable netfilter-persistent service 2015-02-05 01:22:20 +01:00
HW42
5080c7c2d3 debian: postinst: remove fedora specific code
/etc/iptables/rules.* are already part of the packet.
The removed code has never done something in debian (since
/etc/iptables/rules.* already exists).
2015-02-05 01:22:20 +01:00
HW42
07c2f2a5f4 debian: postinst: use systemctl to set default target 2015-02-05 01:22:20 +01:00
HW42
a5fbbea98d debian: postinst: don't create /rw - it is already part of the package 2015-02-05 01:22:20 +01:00
HW42
b2307cfee6 debian: postinst: don't remove /etc/udev/rules.d/*
removing /etc/udev/rules.d/* in debian makes no sense since this folder
is only for custom udev rules.
2015-02-05 01:22:20 +01:00
HW42
47550ee2b6 debian: don't generate regular conf files in postinst 2015-02-05 01:22:19 +01:00
HW42
8a9d2378f6 debian: postinst: use dpkg-divert
dpkg-divert is not ideal for config files but should work better than
direct cp/mv.
2015-02-05 01:22:19 +01:00
HW42
4faece9e89 debian: postinst: use systemctl mask 2015-02-05 01:22:19 +01:00
HW42
d7fac08792 debian: fix for QSB #014 requires up to date qubes-utils 2015-02-05 01:22:19 +01:00
Jason Mehring
33d3a6c9ea fc21: iptables configurations conflict with fc21 yum package manager
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2015-01-30 00:43:31 +01:00
HW42
dbd19698b3 debian: remove unneeded acpid dependency
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ

Conflicts:
	debian/control
2015-01-30 00:39:35 +01:00
HW42
6f056486e0 debian: move not strictly required packages to Recommends-Section.
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ

Conflicts:
	debian/control
2015-01-30 00:38:07 +01:00
Marek Marczykowski-Górecki
a4ad010a45 debian: fix service name in postinst script 2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
c3ef00303f debian: remove obsolete code from postinst script
NetworkManager-dispatcher.service issue seems to be already fixed in
upstream package.
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
45e7cbb2ac debian: add missing python-gi to dependencies
Required for qubes-desktop-run tool.
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
995c758d14 debian: create tinyproxy as system user 2015-01-30 00:32:09 +01:00
Marek Marczykowski-Górecki
9130636c88 Merge branch 'debian'
Conflicts:
	misc/qubes-r2.list.in
	misc/qubes-trigger-sync-appmenus.sh
	network/30-qubes-external-ip
	network/qubes-firewall
	vm-systemd/network-proxy-setup.sh
	vm-systemd/prepare-dvm.sh
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski-Górecki
3a0ad108d4 version 3.0.0 2014-11-22 16:24:18 +01:00
Jason Mehring
4420df01ea debian: Don't display systemd info in chroot since systemd show does not work in chroot 2014-11-12 03:39:17 -05:00
Jason Mehring
da6f6bd22b debian: Wrong variable name was used to create /usr/share/qubes/xdg/autostart 2014-11-09 13:27:38 -05:00
Jason Mehring
51cac340ca debian: Added functionality to move desktop entry config files to /usr/share/qubes/xdg/autostart to preserve originals
Added trigger for new notify agent; removed trigger for old one
2014-11-09 12:58:57 -05:00
Jason Mehring
ef50c0d7b6 debian: Add new notification agent depends; remove other 2014-11-09 12:58:48 -05:00
Jason Mehring
cadb102781 debian: More depends for debian as netvm and some configuration tweaks.
Jessie base loads as netvm; wheezy base giving bad window error when trying to start nm-applet
Fixed qt MIT-SHM graphics issue
2014-11-08 02:58:07 -05:00
Jason Mehring
1f93dc0a60 debian: Added more error reporting to track down any missing dependancies
Prints various systemd messages when a unit fails to enable/disable/start/stop
Fixed issue with alternate NetworkManager* systemd files not being placed
Removed 'basename -s' since -s option not supported in wheezy
2014-11-07 22:52:32 -05:00
Jason Mehring
afcff2ca4b debian: removed commented out depends 2014-11-07 18:29:05 -05:00
Jason Mehring
9e065d6d9c debian: Added all other outstanding triggers contained in rpm_spec as well as triggers if other packages get installed at a later date the configurations will run on them 2014-11-07 18:28:04 -05:00
Jason Mehring
79db86a94a debian: Added postrm disable of other Qubes packages 2014-11-07 18:26:21 -05:00
Jason Mehring
abcc01b874 debian: Added more dependancies 2014-11-07 18:25:12 -05:00
Jason Mehring
dbffe57bc9 debian: Revert back to original NetworkManager, ModemManager service names 2014-11-07 03:32:06 -05:00
Jason Mehring
132729bd79 debian: Prepend package name to maintainers scripts 2014-11-07 00:16:51 -05:00
Jason Mehring
4c30f28864 debian: Cleanup
'set -e' in place of 'set -x'
Seperated out 'QT_X11_NO_MITSHM=1' export into own profile.d file
Seperated out 'QT_X11_NO_MITSHM=1' sudoers rule to own sudoers.d file
Commented out some services that were being enabled that are not installed (yet)
Reformated trigger section to allow for multiple triggers
2014-11-07 00:09:54 -05:00
Jason Mehring
802626c197 debian: set -e added in place of set -x 2014-11-07 00:08:26 -05:00
Marek Marczykowski-Górecki
a2bba58877 debian: fix initialization of /etc/hosts 2014-11-05 05:10:42 +01:00
Marek Marczykowski-Górecki
36b1793739 debian: support for appmenus
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWFwAAAoJEIwFIWzgnAk80z0QAKw8VMVP1E4AiFlAQLwW7fcu
 aUKf+i1kw5b7OiL3NRRw+9F79gOVMaHipxtotXei+jv0kKwiUuMOXPRfr8rqQtu5
 7NYeCL/T99aTVfZ6FqR5nZQM2fNhv9/FbnAqB3Uh96VsBBsp8ubnw5QqgOg4p5y2
 yT7OFObsRqhULbHltXVgaC1tND42eCIpsdBp9v8CPevxNuC+t3Q6ORRAV7+4QUwY
 TBESz6pYVQsvkChD/X5/x9lfhZxSyhMCWY71P/78RULdeAjlQV+oJ0q72GtZD4uA
 fvH4tU/wu3Q57IJHTalX/sbqZE7efQ9Xelz0tuc0PEAMcM3F3y6U0NEdE6BKiIQK
 5C6FlgkNM8ymjyHiZjGy4uOkNrIwzcQAZse4sCIt7YhcqepBBly262Ii4lcd93Mp
 ECeLm2/kakschG4QzLxoSShsYGrML+Mq2cceYCwS7e+ts2QoeaQ2l3MyOiTt3iq7
 tWSz1QpyXc2wJnAnLPwE/rKLNvdPy7xDaOSAgBGv56rouFYPtqw4qkTcbvb2Ovd0
 +AMS7R+cJWl4ftmJETmqELP2jkbhOjwqgK7UQWM5jlr8E/oWKVW7SPi8hE0yuppg
 Q2oadaqUb5m+AQIVRP485Fw58pio2+fXvq7w3ExkwQikVd7MTxFHqR3FBZurVlc8
 bxLDKNiYTkVEU7xsJTf7
 =hvgM
 -----END PGP SIGNATURE-----

Merge tag 'hw42_appmenus' into debian

debian: support for appmenus

Conflicts:
	debian/qubes-core-agent.postinst
2014-11-05 04:37:34 +01:00
Marek Marczykowski-Górecki
c817bb0282 little fix for the official template
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
 nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
 /Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
 hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
 2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
 eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
 NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
 lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
 xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
 7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
 OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
 cXas4+wsl0+qXRk/PDOn
 =6kCH
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-3' into debian

Conflicts:
	debian/control
	Merged postinst scripts from hw42 and nrgaway
2014-11-05 04:35:23 +01:00
HW42
f9b658e6ad debian: add support for qubes appmenus 2014-11-04 05:53:36 +01:00
HW42
457196ba58 debian: add dependency on xen-utils since it's needed for proxy/netvm
xen-utils provides the /etc/xen/ scripts which are needed for the
network setup.
2014-11-04 04:59:17 +01:00
HW42
63e915f6d4 Tag for commit 5d68e2cc70
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
2014-11-03 04:28:00 +01:00
Jason Mehring
be37c6cc5b debian: force shell to be bash since its default is dash and many qubes scripts rely on bash and will break in dash and added tinyproxy user 2014-11-02 16:28:50 -05:00
Jason Mehring
ef787ce40b debian: added new depends 2014-11-02 16:24:41 -05:00
Jason Mehring
d34268a085 debian: preinst needs a group and force no password entry on adduser 2014-10-31 03:04:42 -04:00
Jason Mehring
0937a3b3c6 debian: Added maintainers scripts (pre / postinit + rm) - Currently in debug mode 2014-10-31 01:59:20 -04:00
Jason Mehring
5c351bf4ae debian: add xen-utils-common as a dependancy to allow Debian proxies 2014-10-31 01:57:41 -04:00
Marek Marczykowski-Górecki
d208e9baa5 version 2.1.42 2014-10-25 01:49:58 +02:00
Marek Marczykowski-Górecki
20a2cfbce7 debian: custom dh_auto_clean no longer needed
qubes-builder now takes care of it
2014-10-21 05:29:20 +02:00
HW42
00e846bbbe debian: chown /home_volatile/user in posinst 2014-10-01 03:45:03 +02:00
HW42
bbb0b3610b add xserver-xorg-video-dummy to the dependencies list of qubes-core-agent
the dummy video module is needed by the dvm prepare script
2014-10-01 02:17:29 +02:00
Marek Marczykowski-Górecki
e83a91e3d3 debian: migrate to native systemd services 2014-09-30 00:54:33 +02:00
HW42
0d0261d1c1 improve update of /etc/hosts
* use 127.0.1.1 under debian (since it's the default there)
 * also set the IPv6 loopback address (::1) since some tools tries to
   AAAA resolve the hostname (for example sendmail)
 * ensure proper /etc/hosts format through postinst-script (hostname as
   last entry)
2014-09-29 05:25:32 +02:00
HW42
70bbc7923d install iptables/forwarding for debian 2014-09-29 05:25:14 +02:00
HW42
435c04e8a4 use systemd in debian 2014-09-29 05:24:26 +02:00
HW42
dad11bd378 don't track debina/files (since it is autogenerated) 2014-09-26 23:19:01 +02:00
Marek Marczykowski-Górecki
1a712c3a4a version 2.1.41 2014-08-15 17:45:15 +02:00
Marek Marczykowski-Górecki
77abedee36 version 2.1.40 2014-07-28 02:38:59 +02:00
Marek Marczykowski-Górecki
3bcf34942a debian: do not restart service during upgrade
It will break the VM (qrexec daemon will not be restarted, so VM will be
isolated from any qrexec calls, like qvm-run).
2014-07-28 02:29:26 +02:00
Marek Marczykowski-Górecki
9fc9b8ede7 debian: fix qfile-unpacker perms
Leave suid in place, it is required here.
2014-07-28 02:29:00 +02:00
Marek Marczykowski-Górecki
48b6bc5e5e debian: add updates repo definition and key 2014-07-28 02:27:56 +02:00
Marek Marczykowski-Górecki
27a12a0aac debian: update deps 2014-07-26 01:57:58 +02:00
Davíð Steinn Geirsson
65e8e96a68 Initial debian packaging 2014-07-23 05:13:32 +02:00