Commit Graph

2749 Commits

Author SHA1 Message Date
Patrick Schleizer
9b05427596 removed iptables-persistent from Depends to improve usablity (avoid redundant debconf question) 2015-08-02 21:44:51 +02:00
Marek Marczykowski-Górecki
b9a907c241
Merge remote-tracking branch 'origin/pr/9'
* origin/pr/9:
  archlinux: ensure python2 is used for all scripts and fix dependencies for qubes-desktop-run
  archlinux: enabled configuration of all core agent dependencies
  archlinux: pulseaudio should be configured in gui agent and will break installation of pulseaudio if installed in core-agent-linux
  archlinux: fix syntax errors in install file
  archlinux: reorganize install script to make it more easily compareable with the .spec file
  archlinux: update dependency list based on .spec file
2015-08-02 17:42:47 +02:00
Olivier MEDOC
f2c9a9320c archlinux: ensure python2 is used for all scripts and fix dependencies for qubes-desktop-run 2015-07-30 15:54:41 +02:00
Olivier MEDOC
2cfd4e6a13 archlinux: enabled configuration of all core agent dependencies 2015-07-28 16:12:07 +02:00
Olivier MEDOC
20c7f85f1f archlinux: pulseaudio should be configured in gui agent and will break installation of pulseaudio if installed in core-agent-linux 2015-07-28 16:11:16 +02:00
Olivier MEDOC
bceca326d8 Merge branch 'master' into archfix-201507 2015-07-28 09:14:00 +02:00
Patrick Schleizer
e1e5162720 also inform in cli if no new updates are available 2015-07-19 01:59:07 +02:00
Marek Marczykowski-Górecki
51d55c03dc
debian: fix permissions of /var/lib/qubes/dom0-updates
qubesos/qubes-issues#1029
2015-07-18 15:06:40 +02:00
Olivier MEDOC
78dcdd0f6a archlinux: fix syntax errors in install file 2015-07-14 08:09:11 +02:00
Olivier MEDOC
d84c07295b archlinux: reorganize install script to make it more easily compareable with the .spec file 2015-07-08 15:01:21 +02:00
Olivier MEDOC
0373f1cdfb archlinux: update dependency list based on .spec file 2015-07-08 15:00:50 +02:00
Marek Marczykowski-Górecki
916824eb3f qubes-core-vm-kernel-placeholder 1.0-3 2015-07-08 06:09:12 +02:00
Marek Marczykowski-Górecki
3491c1401b kernel-placeholder: prevent xl2tpd from pulling kernel packages 2015-07-02 17:51:12 +02:00
Marek Marczykowski-Górecki
a122380624 version 3.0.13 2015-07-01 07:05:53 +02:00
Marek Marczykowski-Górecki
4e44008607 network: disable tx csum offload on vif interfaces
It doesn't work with HVMs - more precisely with (ancient) qemu in
stubdomain.
2015-07-01 04:53:31 +02:00
Marek Marczykowski-Górecki
13c078ddbd network: guard iptables call with manual lock
Apparently even iptables-restore does not handle concurrent firewall
updates. This is especially a problem in case of HVM, which have two
network interfaces (one through stubom and the other direct) added at
the same time.
2015-07-01 01:25:00 +02:00
Marek Marczykowski-Górecki
2bfc6edddc network: use iptables-restore instead of iptables --wait
The later one is present only in latest iptables version - especially
debian does not have it. But we need to handle "Device or resources
busy" problem somehow.
2015-06-27 04:55:56 +02:00
Marek Marczykowski-Górecki
5176228abc fedora/systemd: fix service enabling code
Do not try to enable qubes-update-check.service, it is meant to be
started by qubes-update-check.timer (which is correctly enabled).
2015-06-26 19:57:44 +02:00
Marek Marczykowski-Górecki
3aca3f8c48 fedora: ensure that /etc/sysconfig/iptables exists (Fedora 20)
Even when iptables.service is configured to use different file, the
service would not start when there is no /etc/sysconfig/iptables. Fedora
20 package does not provide it.
2015-06-26 19:54:22 +02:00
Marek Marczykowski-Górecki
ea0615d4da version 3.0.12 2015-06-23 20:06:23 +02:00
Marek Marczykowski-Górecki
549761a144 Do not override file pointed by /etc/localtime symlink
On Fedora 21 (and probably others) /etc/localtime is no longer file
copy, but a symlink to original timezone file. Using `cp` to change
timezone here would override original file instead of just changing the
timezone.

Details:
https://groups.google.com/d/msgid/qubes-users/4a0de9457e08b93d1a39ac4cdbc6b632%40ruggedinbox.com
2015-06-23 19:59:17 +02:00
Marek Marczykowski-Górecki
0382f84eae rpm: improve setting iptables rules
Instead of overriding /etc/sysconfig/ip{,6}tables, store qubes rules in
/etc/sysconfig/iptables.qubes and configure the service to use that file
instead. This will prevent conflict on that file and also handle upgrades.
2015-06-19 09:42:55 +02:00
Marek Marczykowski-Górecki
b368ffe5c6 fedora, debian: make sure that default locale is generated
Otherwise some GUI applications would not start.
2015-06-16 02:27:23 +02:00
Marek Marczykowski-Górecki
3fdb67ac2b dom0-updates: make the tool working on Debian
Restore support for older yum: no --downloadonly option, so use
yumdownloader.
Also add some a code to handle some Debian quirks - especially default
rpmdb location in user home...
2015-06-16 02:22:42 +02:00
Marek Marczykowski-Górecki
cdebf33cf6 version 3.0.11 2015-06-11 04:06:26 +02:00
Marek Marczykowski-Górecki
a2f1f28825 Tag for commit 0ccd2c9a98
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVeKW1AAoJEBu5sftaTG2tK70P/1h1dP8a+KDEzmF09qmOdnTS
 qED7kIkcMW5BZUbXL1J2zClgNNK0WyWf2FJrKXDnGzVihL59vk3PIZWQYWZeQyrQ
 YN4vpimLQUiWFCoUMUNBEPBSls26KVdlL/QwQitlpe3tzFUwJ0SIqFHtKJ1qO3SL
 kFfYDR62CFa1QncIOz/uIWX4JSg1VLTZblxbR2Vu5uayb2r5fDPm0IuZRYyz0GZv
 wz6Inc8Pan6hMD7heQ1pk5Zed39jiu7gVLKDV/uXGqmh86Z8o/tdGVj0Q6DJ902Z
 c2HECrdljyd50smQsl1p0cqW2352xo2V5p/5JrT9WFYVzIHs6uq05JMX7WWRhWZA
 56tzgW7nZpcpm8yEFapH+ZKLtXnHlO3JN3CdqNbhGekcYrSLHEqNc/3+eRWdcFol
 btyPjnGXr4lQxq1yOiEL/hKm33pfeqUpxunzf7DplL8iYrNVDT/9kVJH8e2UjvL9
 OiA2q/wvnpJXtk8JDB3Tgymi1zmYb9fGDkm7Vgqe81GHD3TD7mrvJ309089G1flV
 V7Oqb61ibMcTyf8yVAZ8T99QmM3dvVmrFf2b8vQlmt9dUQyK9nSB0+3fmjS+Q9/j
 QkMGMcMtYHRtTpnGQG+YkGzHOoyfOJv+sknfHiphTaeMabgEYTuFQB8DEeQNRyNV
 otHUCWz1KbaSr8Xs6x0F
 =jTq0
 -----END PGP SIGNATURE-----

Merge tag 'jm_0ccd2c9a'

Tag for commit 0ccd2c9a98

# gpg: Signature made Wed 10 Jun 2015 11:01:41 PM CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD

* tag 'jm_0ccd2c9a':
  Set a default locale if missing
2015-06-11 04:06:18 +02:00
Jason Mehring
0ccd2c9a98
Set a default locale if missing 2015-06-10 17:01:33 -04:00
Marek Marczykowski-Górecki
f05268bf59 debian: fix apt sources.list generation (missing debian version field)
Add Build-Depends: lsb-release, which is used for that.
2015-06-08 08:47:22 +02:00
Marek Marczykowski-Górecki
bd9a3bf515 version 3.0.10 2015-06-02 11:20:18 +02:00
Marek Marczykowski-Górecki
c454c9063d rpm: add missing dependencies
Fixes qubesos/qubes-issues#1002
2015-05-27 22:34:43 +02:00
Marek Marczykowski-Górecki
52a1fee533 qrexec: do not show message about missing fork-sever - it isn't an error 2015-05-24 20:47:34 +02:00
Marek Marczykowski-Górecki
d922552198 rpm: ensure that all the services are enabled after upgrade
Especially when some new service was introduced in the meantime. For
example this happened between R2 and R3.x release.
2015-05-15 23:36:34 +02:00
Marek Marczykowski-Górecki
eb3e0c8c25 version 3.0.9 2015-05-15 03:27:58 +02:00
Marek Marczykowski-Górecki
447bb4cd9c rpm: mark service files as configuration to not override user changes 2015-05-13 23:23:07 +02:00
Marek Marczykowski-Górecki
23a9512402 qrexec: prefer VM-local service file (if present) over default one
This will allow a service to be overridden per-VM.
2015-05-13 23:21:01 +02:00
Marek Marczykowski-Górecki
6c288d0ac2 appmenus: hide message about missing /usr/local/share/applications
Debian template doesn't have this directory by default.
2015-05-11 22:06:03 +02:00
Marek Marczykowski-Górecki
c037afc52c Tag for commit 15459b0e82
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVQ0FeAAoJEBu5sftaTG2tTD8QAI3u9kF9FJq++THFDtjMtGK/
 LYQONH8KrJZrnVOI60Du4Vsf5EIZI+cNfnsp4i71McRDGAfb1fv2hu5rDv4pJ7+U
 ITYq2/pwuyrV8Yi9kGnFXN4sXN+B194lWmXQDwPq2v2JDysZlM7C++bV3wYFul6f
 r2JyyTQj5sE/Khrykuk2n4lGpWrCa/LC1ENbiqa+QogAGETBdLXkxhXNaRKF0Kml
 OKpcMcrMxgiMsPXkPj3m3WV6NAnx6bkaaBnt3GWOlvvThOOxZ0Nzzy/KTvSl0s+O
 Fnxr4Qqt36dhQ/Fc6dk7OVzwjuQsRbGbuMsBuf4+72PJC5pmgNj0H4Q5A57ru3cr
 xYDIFSC0JoooOzQ06qjbqou43ubpCiZG9KdACJ/Dc5jJuUt3rubIXWTtjWR7ivw9
 JtPhXqNTOs3Ee+SjqO1Xl7xfgcs94VDtNFMMNKNY5synhEt6jxjECHenaxyIQRvZ
 ZNUvD9FJLslVylB8+kyUUevcnc9uvI42B0BJv1vAUYOeM5FDtd/w7aB9VTrFp48r
 a0sAIw1paxYgON0RwvUjluHacGI5ZP43a+t8+8KQNVRL5/RZMMTSoASOff23FdZA
 hDVsI7EM0XiSeB1BQaA8HjngUBxn2JMcEhVv/3vDd3ZMe3NEJcOzjD/iktKbXnIK
 niNKyHMTh//17qsI/kXt
 =YGZB
 -----END PGP SIGNATURE-----

Merge tag 'jm_15459b0e'

Tag for commit 15459b0e82

# gpg: Signature made Fri 01 May 2015 11:03:26 AM CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD

* tag 'jm_15459b0e':
  debian: Allow apt-get post hook to fail gracefully (won't work in chroot)
  debian: Only notify dom0 on apt-get post hook; don't update package index
2015-05-10 04:23:09 +02:00
Jason Mehring
15459b0e82
debian: Allow apt-get post hook to fail gracefully (won't work in chroot) 2015-05-01 05:03:14 -04:00
Jason Mehring
293aab9e6a
debian: Only notify dom0 on apt-get post hook; don't update package index
There is a possiblilty of the apt-get post hook getting triggered
more than once for each apt-get session, therefore we only notify
dom0 that there are no updates available and do not perform an
apt-get update.

The qubes-update-check.service will still perform an update so even
if the dist-upgrade failed and there was actually more files to update
the qubes-update-check.serivce would then at some point notify dom0
about those updates being available
2015-05-01 01:35:36 -04:00
Marek Marczykowski-Górecki
4a7b355490 version 3.0.8 2015-04-28 12:51:48 +02:00
Marek Marczykowski-Górecki
04533a8f21 Tag for commit 21d89335fe
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVO0XmAAoJEBu5sftaTG2tTpsQAJaSV/4vUt1R+HloAxpiAkQQ
 ai6C9r0jXEDOggO+jqeNLhM6ZaFxPOqI7+O09EXoRQXnFjtXPq6V4Yj8vr7urh5Z
 ozg3K2atQ6htvoDjqktSHuMwJLTGCHDCKzHV/uvZlFT0o90XomGLAJ+3RuWqgZu7
 5h+jnzfo+pLxme2jiCFQvFQ+p6Y+yZiphiUc5HbnIs4aTvDJxKmhZHMXVshbFJQe
 wPr1kp4xdefiys5A5agKejPOdQm8z4PVzZfnehfQZholkKlYFSgOLc7s4qJ+WOFl
 Bwl8B0Nm4LqIr0hkyEvPBX7PwmAu8/2aHeEj423rLXCDvHjGbmDWE99LSRvDYFK4
 nuZkrR+dI0kbYqtfkWH8MMfu/YHcC+uHrkVbLpqV4r8F8jT/f6ysyJ/kb76WoVEK
 B2q/nfBjtcHXOb/7GT/Q8MIvIXDsAVNp9jtEiQ/u/Jr8T7t9GtuQbgy1Y+eDOl4G
 Hg5635qfj6SImKtj6e4VqOb968TqeE0qoqBeLFEG2boqyVOjHbfk8gj5IZParp3R
 WfZDAS6OpY95W+gJzH0rBUh0h5fcuB+aN16ak4snaDxwd6gl9NfdPOydt4zQTs4q
 tmKnyuXig5age0IgGFliubdWlAL72GSN8M+uBp+Pe0QoEoJRPN3AiaY63OgUBk9S
 ID6TzMI990IRIxGTQnho
 =nJSZ
 -----END PGP SIGNATURE-----

Merge tag 'jm_21d89335'

Tag for commit 21d89335fe

# gpg: Signature made Sat Apr 25 09:44:38 2015 CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD

* tag 'jm_21d89335':
  debian: Update notification now notifies dom0 when an upgrade is completed
2015-04-28 01:27:29 +02:00
Marek Marczykowski-Górecki
7adbc3fd59 Use iptables --wait only when it is supported 2015-04-28 00:51:05 +02:00
Jason Mehring
21d89335fe
debian: Update notification now notifies dom0 when an upgrade is completed 2015-04-25 03:44:28 -04:00
Marek Marczykowski-Górecki
32374123cd version 3.0.7 2015-04-25 02:36:55 +02:00
Jason Mehring
4373cda566 Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected-files.d 2015-04-25 02:36:43 +02:00
Jason Mehring
56b0685aaa whonix: Added protected-files file used to prevent scripts from modifying files that need to be protected
A file is created in /var/lib/qubes/protected-files.  Scripts can grep this file before modifying
        known files to be protected and skip any modifications if the file path is within protected-files.

        Usage Example:
            if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then

        Also cleaned up maintainer scripts removing unneeded systemd status functions and streamlined
        the enable/disable systemd unit files functions
2015-04-25 02:36:43 +02:00
Marek Marczykowski-Górecki
0c0cb5f6b2 rpm: cleanup R2->R3.0 transitional package 2015-04-23 02:20:56 +02:00
Marek Marczykowski-Górecki
c49d9283f0 network: wait for iptables lock instead of aborting
vif-route-qubes can be called simultaneously, for example in case of:
 - multiple domains startup
 - HVM startup (two interfaces: one to the target domain, second one to
   stubdom)
If that happens, one of calls can fail because of iptables lock.
2015-04-21 04:41:57 +02:00
Marek Marczykowski-Górecki
f2cf6933b9 prepare-dvm: fix bashism
$(( )) is POSIX syntax for shell arithmetic operations. Especially dash
(default shell in Debian) doesn't support $[ ].
2015-04-15 18:52:42 +02:00
Marek Marczykowski-Górecki
ab38410f5c debian: install qubes-download-dom0-updates.sh 2015-04-14 00:22:35 +02:00