Commit Graph

224 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
dca5265958
qubes-open: switch from mimeopen to xdg-open
xdg-open is more robust in choosing default application for particular
file type: it supports fallback if the preferred application isn't
working, and most importantly it support system-wide defaults
(/usr/share/applications/defaults.list,
 /usr/share/applications/mimeapps.list), so no "random" application is
chosen.

By default xdg-open tries to use environment-specific tool, like
gvfs-open - which isn't good for us, because many such tools do not wait
for editor/viewer termination. That would mean that DisposableVM would
be destroyed just after opening the file.
To avoid such effect, we set DE=generic.

Fixes QubesOS/qubes-issues#1621
2016-02-02 03:28:34 +01:00
Marek Marczykowski-Górecki
5570c899b8
version 3.1.12 2016-01-11 21:59:35 +01:00
Marek Marczykowski-Górecki
b36146961f
version 3.1.11 2016-01-07 05:52:36 +01:00
Marek Marczykowski-Górecki
89d5f8990f
version 3.1.10 2015-12-31 02:58:29 +01:00
Marek Marczykowski-Górecki
5a04fb34ed debian: add missing python-gtk2 dependency
qvm-mru-entry requires it.

Fixes QubesOS/qubes-issues#1567
2015-12-30 15:16:23 +01:00
Marek Marczykowski-Górecki
7835f4da2b
version 3.1.9 2015-12-26 14:24:03 +01:00
Marek Marczykowski-Górecki
ba5041579a
version 3.1.8 2015-12-20 03:12:39 +01:00
Marek Marczykowski-Górecki
8064682e9e
version 3.1.7 2015-12-04 15:32:14 +01:00
Marek Marczykowski-Górecki
5aa0f32c78
version 3.1.6 2015-11-29 00:34:34 +01:00
Marek Marczykowski-Górecki
a11897a1d0
Revert "network: use drop-ins for NetworkManager configuration (#1176)"
Apparently unmanaged devices are loaded only from main
NetworkManager.conf. Exactly the same line pasted (not typed!) to main
NetworkManager.conf works, but in
/etc/NetworkManager/conf.d/30-qubes.conf it doesn't.
BTW There was a typo in option name ("unmanaged_devices" instead of
"unmanaged-devices", but it wasn't the cause).

This reverts commit 6c4831339c.

QubesOS/qubes-issues#1176
2015-11-28 17:43:15 +01:00
Marek Marczykowski-Górecki
8482fbbd13
version 3.1.5 2015-11-28 14:48:34 +01:00
Marek Marczykowski-Górecki
c99dca37ce
debian: update build-depends for split qubes-utils package
QubesOS/qubes-issues#1416
2015-11-26 22:26:50 +01:00
Marek Marczykowski-Górecki
d4cf78652c
debian: reformat Build-Depends:
QubesOS/qubes-issues#1416
2015-11-26 21:10:23 +01:00
Patrick Schleizer
7a0286d58f clean up /etc/tinyproxy/filter-updates
https://github.com/QubesOS/qubes-issues/issues/1188
2015-11-15 12:31:32 +00:00
Marek Marczykowski-Górecki
b725c050c7
version 3.1.4 2015-11-15 04:29:30 +01:00
Marek Marczykowski-Górecki
5d74a8cbc0
version 3.1.3 2015-11-11 06:29:21 +01:00
Marek Marczykowski-Górecki
164387426b
Bump qubes-utils version requirement
Those commits needs updated qubes-utils:
823954c qrexec: use #define for protocol-specified strings
5774c78 qfile-agent: move data handling code to libqubes-rpc-filecopy

QubesOS/qubes-issues#1324
QubesOS/qubes-issues#1392
2015-11-11 05:25:17 +01:00
Marek Marczykowski-Górecki
7cca1b23ee
Get rid of qubes-core-vm-kernel-placeholder
Since /lib/modules is not mounted read-only anymore (only a selected
subdirectory there), it is no longer required to prevent kernel package
installation. Even more - since PV Grub being supported, it makes sense
to have kernel installed in the VM.

QubesOS/qubes-issues#1354
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
9d52b7d178
debian: install locales-all instead of custom locales generation
The custom way proved to be unreliable - for example does not survive
`locales` package upgrade. So settle on much more reliable way.

Fixes QubesOS/qubes-issues#1195
2015-10-27 00:23:20 +01:00
Marek Marczykowski-Górecki
22365369d2
Require new enough qubes-utils package for updated libqrexec-utils
Required by 97a3793 "qrexec: implement buffered write to a child stdin"
2015-10-24 22:25:19 +02:00
Patrick Schleizer
f2e6dc9391
cleanup /etc/apt/apt.conf.d/00notiy-hook on existing systems
00notiy-hook was renamed to 00notify-hook in
'debian: Renamed incorrect filename: 00notiy-hook -> 00notify-hook'
15f1df4947
but the old file was not removed.
(Files in /etc do not automatically get removed on Debian systems when these are removed from the package.)

This is an independent, but supporting fix for:
'Improved upgrade notifications sent to QVMM.'
- https://github.com/marmarek/qubes-core-agent-linux/pull/39
- https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906

Added debian/qubes-core-agent.maintscript.
2015-10-24 21:05:32 +02:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
d3bf3e0978
version 3.1.2 2015-10-11 03:00:00 +02:00
Patrick Schleizer
9664c97e55 minor 2015-10-06 17:13:52 +00:00
Marek Marczykowski-Górecki
6c4831339c
network: use drop-ins for NetworkManager configuration (#1176)
Do not modify main /etc/NetworkManager/NetworkManager.conf as it would
cause conflicts during updates. Use
/etc/NetworkManager/conf.d/30-qubes.conf instead.
Also remove some dead code for dynamically generated parts (no longer
required to "blacklist" eth0 in VMs - we have proper connection
generated for it). It was commented out for some time already

Fixes QubesOS/qubes-issues#1176
2015-10-06 15:15:26 +02:00
Marek Marczykowski-Górecki
8e497bffc0
Merge branch 'qubes-iptables'
Conflicts:
	debian/control
	rpm_spec/core-vm.spec

QubesOS/qubes-issues#1067
2015-10-05 01:47:01 +02:00
Marek Marczykowski-Górecki
ff40be9c99
version 3.1.1 2015-09-29 16:55:35 +02:00
Marek Marczykowski-Górecki
47a9940a8e
version 3.1.0 2015-09-29 16:39:55 +02:00
Marek Marczykowski-Górecki
0695a18020
Merge remote-tracking branch 'origin/pr/32'
* origin/pr/32:
  fix typo
2015-09-28 12:58:30 +02:00
Marek Marczykowski-Górecki
ca35c7ec70
Merge remote-tracking branch 'origin/pr/31'
* origin/pr/31:
  Fixed /etc/pam.d/su.qubes. (Moved line 'auth sufficient pam_permit.so' up. May not be low '@include' lines.)
  - Prevent 'su -' from asking for password in Debian [based] templates. Thanks to @unman and @marmarek for suggesting the fix! Fixes https://github.com/QubesOS/qubes-issues/issues/1128. - Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.

Conflicts:
	debian/control
2015-09-28 12:58:08 +02:00
Marek Marczykowski-Górecki
4342dc5c66
Merge remote-tracking branch 'origin/pr/30'
* origin/pr/30:
  added missing dependency xserver-xorg-dev
2015-09-28 12:57:13 +02:00
Marek Marczykowski-Górecki
c615afb88f
Merge remote-tracking branch 'origin/pr/28'
* origin/pr/28:
  qubes-rpc: fix icon selection using pyxdg and support SVG icons
  qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA

Conflicts:
	qubes-rpc/qubes.GetImageRGBA
	rpm_spec/core-vm.spec
2015-09-28 12:47:49 +02:00
Marek Marczykowski-Górecki
34b2e822ec
Merge remote-tracking branch 'origin/pr/27'
* origin/pr/27:
  added missing dependency python-dbus to 'Depends:'
2015-09-28 12:20:57 +02:00
Marek Marczykowski-Górecki
54f8bb4169
Merge remote-tracking branch 'origin/pr/23'
* origin/pr/23:
  Allow passwordless login for user "user" (when using 'sudo xl console') for images being upgraded.
2015-09-28 12:09:12 +02:00
Marek Marczykowski-Górecki
cae488dd34
Merge remote-tracking branch 'origin/pr/22'
* origin/pr/22:
  Allow passwordless login for user "user" (when using 'sudo xl console').
2015-09-28 12:08:39 +02:00
Patrick Schleizer
cf55fa54c9 fix typo 2015-09-20 04:01:57 +00:00
Patrick Schleizer
665453da76
- Prevent 'su -' from asking for password in Debian [based] templates.
Thanks to @unman and @marmarek for suggesting the fix!
Fixes https://github.com/QubesOS/qubes-issues/issues/1128.
- Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.
2015-09-13 17:19:25 +00:00
Patrick Schleizer
3f19b581cd added missing dependency xserver-xorg-dev 2015-09-12 22:54:26 +00:00
qubesuser
7f9fdc8327 qubes-rpc: fix icon selection using pyxdg and support SVG icons 2015-09-06 22:02:27 +02:00
Patrick Schleizer
5078b2030f added missing dependency python-dbus to 'Depends:'
https://github.com/marmarek/qubes-core-agent-linux/blob/master/misc/qubes-desktop-run depends on python-dbus.
(0b7ade11b8/misc/xdg.py (L5))
2015-09-06 16:02:52 +00:00
Marek Marczykowski-Górecki
e924758c54 version 3.0.16 2015-09-03 02:45:30 +02:00
Marek Marczykowski-Górecki
d491ade917 debian: depend on gawk
qubes.GetAppmenus uses "nextfile" which is gawk-specific.

Fixes qubesos/qubes-issues#1062
2015-09-02 02:36:35 +02:00
Marek Marczykowski-Górecki
c8ac55b179 Merge branch 'autostart-dropins'
Conflicts:
	misc/qubes-trigger-desktop-file-install

Fixes qubesos/qubes-issues#1151
2015-09-02 01:16:19 +02:00
Marek Marczykowski-Górecki
4f26006fa1
debian: fix /dev permissions on upgrade 2015-09-01 17:19:38 +02:00
Marek Marczykowski-Górecki
4703e3fca7
Remove dynamically generated autostart desktop files
qubesos/qubes-issues#1151
2015-08-27 22:08:04 +02:00
Patrick Schleizer
313860e02c Allow passwordless login for user "user" (when using 'sudo xl console') for images being upgraded.
Thanks to @marmarek for help with this fix.
Fixes https://github.com/QubesOS/qubes-issues/issues/1130.
2015-08-27 17:30:02 +00:00
Patrick Schleizer
131f79944c Allow passwordless login for user "user" (when using 'sudo xl console').
Fixes https://github.com/QubesOS/qubes-issues/issues/1130.
2015-08-26 12:33:35 +00:00
Jason Mehring
07591cce86
debian: Move python-xdg to depends section in debian/control
Otherwise it `qubes-desktop-file-install` fails in minimal template
2015-08-15 20:52:38 -04:00
Marek Marczykowski-Górecki
9e17db2901
Merge remote-tracking branch 'qubesos/pr/2' into qubes-iptables
* qubesos/pr/2:
  removed iptables-persistent from Depends to improve usablity (avoid redundant debconf question)

Conflicts:
	debian/control
2015-08-09 20:25:45 +02:00
Marek Marczykowski-Górecki
c6fa6c9b19
debian: remove SELinux disabling code
Debian doesn't have it enabled anyway. Do not prevent the user from
tinkering with that.

(reported by @adrelanos)
Fixes qubesos/qubes-issues#1103
2015-08-09 20:06:59 +02:00
Marek Marczykowski-Górecki
a32020fb25
version 3.0.15 2015-08-08 23:23:39 +02:00
Marek Marczykowski-Górecki
af03300b3a
debian: remove Recommends: chrony
It isn't used anywhere - we only call `ntpdate` as part of
qubes.SyncNtpTime.

If user want to install it, he/she is free to do that.

(reported by @adrelanos)
Fixes qubesos/qubes-issues#1102
2015-08-08 17:14:43 +02:00
Marek Marczykowski-Górecki
63b69e4cf0
version 3.0.14 2015-08-08 04:16:52 +02:00
Marek Marczykowski-Górecki
97a2f04f73
Merge remote-tracking branch 'origin/pr/18'
* origin/pr/18:
  fixed "in place upgrade issue - base-passwd debconf interative questi…on asks 'Remove group "qubes"'" for existing users
2015-08-08 03:09:42 +02:00
Patrick Schleizer
b72fec2988 fixed "in place upgrade issue - base-passwd debconf interative questi…on asks 'Remove group "qubes"'" for existing users
(reported by @adrelanos)
(thanks to @marmarek for help with the patch)
https://github.com/QubesOS/qubes-issues/issues/1105
2015-08-08 02:40:49 +02:00
Marek Marczykowski-Górecki
6d9ab6a17c
Merge remote-tracking branch 'origin/pr/16'
* origin/pr/16:
  fixed "in place upgrade issue - base-passwd debconf interative question asks 'Remove group "qubes"'"
2015-08-08 02:03:54 +02:00
Patrick Schleizer
f73484f750 fixed "in place upgrade issue - base-passwd debconf interative question asks 'Remove group "qubes"'"
(reported by @adrelanos)
fixed by no longer using static gid (fix suggested by @marmarek)
https://github.com/QubesOS/qubes-issues/issues/1105
2015-08-08 00:54:49 +02:00
Jason Mehring
c4718c1675 debian: Switch to using org.mate.NotificationDaemon by default to eliminate popups not closing
- uses 'slider' theme
2015-08-07 09:20:18 -04:00
Jason Mehring
0c62c58d75 debian: qubes-desktop-file-install: Add misssing depend to contol 2015-08-07 09:15:40 -04:00
Jason Mehring
e2b4961c5b debian: Reformat depends in control for better readability 2015-08-07 09:15:40 -04:00
Jason Mehring
b6c19fc2ef qubes-desktop-file-install: Manages xdg desktop entry files
qubes-desktop-file-install is called by qubes-triggers-desktop-file-install. It's
arguments are based on the Gnome desktop-install-file utility to allow it to be replaced
by same.  Currently the Gnome utility can not be used since it automatically validates
the .desktop entry files with no option to skip validation and will fail on some third
party .desktop files that are not formed properly.

A single trigger script is shared between Fedora, Debian.  This script is used by the
package managers triggers and will copy original .desktop files from `/etc/xdg/autostart`
to `/usr/share/qubes/xdg/autostart` and modify the OnlyShownIn / NotShownIn, etc.  The
original .desktop files are left untouched and left in place.

Qubes modifies the XDG_CONFIG_DIRS to first include the `/usr/share/qubes/xdg`
directory (XDG_CONFIG_DIRS=/usr/share/qubes/xdg:/etc/xdg).

If a package gets removed, it's desktop entry is also removed from the /usr/share/qubes/xdg
directory.

'qubes-desktop-file-install' options:
   --dir DIR                          Install desktop files to the DIR directory (default: <FILE>)
   --force                            Force overwrite of existing desktop files (default: False)
   --remove-show-in                   Remove the "OnlyShowIn" and "NotShowIn" entries from the desktop file (default: False)
   --remove-key KEY                   Remove the KEY key from the desktop files, if present
   --set-key (KEY VALUE)              Set the KEY key to VALUE
   --remove-only-show-in ENVIRONMENT  Remove ENVIRONMENT from the list of desktop environment where the desktop files should be displayed
   --add-only-show-in ENVIRONMENT     Add ENVIRONMENT to the list of desktop environment where the desktop files should be displayed
   --remove-not-show-in ENVIRONMENT   Remove ENVIRONMENT from the list of desktop environment where the desktop files should not be displayed
   --add-not-show-in ENVIRONMENT      Add ENVIRONMENT to the list of desktop environment where the desktop files should not be displayed
2015-08-07 09:15:30 -04:00
Jason Mehring
f95c3990ba debian: Add systemd drop-in support which include conditionals to prevent services from starting
Modified postinst to use drop-ins and removed old code that was using overrides
2015-08-04 10:32:29 -04:00
Jason Mehring
511b2f9339
debian: Added cups, system-config-printer to Recommends 2015-08-02 17:45:50 -04:00
Jason Mehring
a006fdff86
debian: remove cups/print-applet triggers 2015-08-02 17:45:45 -04:00
Jason Mehring
8d7d13fb17
debian: Change triggers to use interest-await (execute triggers after all packages installed) 2015-08-02 17:45:36 -04:00
Patrick Schleizer
9b05427596 removed iptables-persistent from Depends to improve usablity (avoid redundant debconf question) 2015-08-02 21:44:51 +02:00
Marek Marczykowski-Górecki
51d55c03dc
debian: fix permissions of /var/lib/qubes/dom0-updates
qubesos/qubes-issues#1029
2015-07-18 15:06:40 +02:00
Marek Marczykowski-Górecki
a122380624 version 3.0.13 2015-07-01 07:05:53 +02:00
Marek Marczykowski-Górecki
ea0615d4da version 3.0.12 2015-06-23 20:06:23 +02:00
Marek Marczykowski-Górecki
b368ffe5c6 fedora, debian: make sure that default locale is generated
Otherwise some GUI applications would not start.
2015-06-16 02:27:23 +02:00
Marek Marczykowski-Górecki
3fdb67ac2b dom0-updates: make the tool working on Debian
Restore support for older yum: no --downloadonly option, so use
yumdownloader.
Also add some a code to handle some Debian quirks - especially default
rpmdb location in user home...
2015-06-16 02:22:42 +02:00
Marek Marczykowski-Górecki
cdebf33cf6 version 3.0.11 2015-06-11 04:06:26 +02:00
Marek Marczykowski-Górecki
f05268bf59 debian: fix apt sources.list generation (missing debian version field)
Add Build-Depends: lsb-release, which is used for that.
2015-06-08 08:47:22 +02:00
Marek Marczykowski-Górecki
bd9a3bf515 version 3.0.10 2015-06-02 11:20:18 +02:00
Marek Marczykowski-Górecki
eb3e0c8c25 version 3.0.9 2015-05-15 03:27:58 +02:00
Marek Marczykowski-Górecki
4a7b355490 version 3.0.8 2015-04-28 12:51:48 +02:00
Marek Marczykowski-Górecki
32374123cd version 3.0.7 2015-04-25 02:36:55 +02:00
Jason Mehring
4373cda566 Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected-files.d 2015-04-25 02:36:43 +02:00
Jason Mehring
56b0685aaa whonix: Added protected-files file used to prevent scripts from modifying files that need to be protected
A file is created in /var/lib/qubes/protected-files.  Scripts can grep this file before modifying
        known files to be protected and skip any modifications if the file path is within protected-files.

        Usage Example:
            if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then

        Also cleaned up maintainer scripts removing unneeded systemd status functions and streamlined
        the enable/disable systemd unit files functions
2015-04-25 02:36:43 +02:00
Marek Marczykowski-Górecki
ab38410f5c debian: install qubes-download-dom0-updates.sh 2015-04-14 00:22:35 +02:00
Marek Marczykowski-Górecki
3768426306 version 3.0.6 2015-04-11 03:40:57 +02:00
Marek Marczykowski-Górecki
e8c9f010ad version 3.0.5 2015-04-07 14:58:36 +02:00
Marek Marczykowski-Górecki
2951e1ba02 version 3.0.4 2015-04-02 00:55:09 +02:00
Marek Marczykowski-Górecki
d41ae5bc7f debian: update NetworkManager configuration
Especially add unmanaged-devices, otherwise NM will break vif*
configuration.
2015-03-30 22:49:50 +02:00
Marek Marczykowski-Górecki
52d502bce2 debian: fix handling SysV units in disableSystemdUnits
systemctl is-enabled always reports "disabled" for them (actually not a
real "disabled", but and error, but exit code is the same). So simply
always disable the unit, it is no-op for already disabled ones.
BTW systemctl preset also do not work for them.
2015-03-30 21:46:01 +02:00
Marek Marczykowski-Górecki
b05fa062be version 3.0.3 2015-03-27 01:24:43 +01:00
Marek Marczykowski-Górecki
add158d8e7 version 3.0.2 2015-03-26 23:56:25 +01:00
Jason Mehring
da2b0cde16
Removed code that deleted original nautilus actions
dpkg/rpm should handle this automatically on upgrading package
2015-02-27 16:17:44 -05:00
Jason Mehring
6836420c3c
Removed nautilus-actions depend and replaced with nautilus-python
nautilus-actions was orphaned in fc21, so all nautilus context menus have
been re-written as nautilus-python extensions
2015-02-27 00:52:17 -05:00
Jason Mehring
de51e155f3
debian: Add extend-diff-ignore options to debian packager
This will ignore excluded deb, rpm, pkg and .git directories that were
tar'ed for the .orig.tar.gz debian upstream package file and will prevent
build errors
2015-02-19 19:56:23 -05:00
Marek Marczykowski-Górecki
3c67f98a9b debian: fix version number 2015-02-17 16:25:01 +01:00
Marek Marczykowski-Górecki
4947c0c53a version 3.0.1 2015-02-17 14:14:16 +01:00
Jason Mehring
567a045bcd
Make sure when user is added to qubes group that the group is appended
added -a option to usermod.
This will prevent other groups from being un-subscribed when qubes group is added
2015-02-13 15:00:54 -05:00
Jason Mehring
197fa604ed
debian: Remove unneeded patch file and README 2015-02-12 11:34:13 -05:00
Jason Mehring
51c94ccc2b
debian: Move creation of directories into debian.dirs configuration file 2015-02-12 11:29:00 -05:00
Jason Mehring
45cbeda244
debian: Revert depends back to use libxen-dev 2015-02-12 11:27:35 -05:00
Jason Mehring
6e3be531c5
Merge branch 'r3-templates' of github.com:nrgaway/core-agent-linux into r3-templates
Conflicts:
	debian/rules
2015-02-11 08:06:45 -05:00
Jason Mehring
2274e65a32 debian: Refactor Debian quilt packaging for xen
- Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian
- Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf
2015-02-11 08:02:55 -05:00
Jason Mehring
79650f0c4c debian: Converted debian package to a quilt package to allow patches
Applied patch to qrexec Makefile to prevent compile failure on warnings
  qrexec: Disable all warnings being treated as errors

  gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2  -c -o qrexec-agent-data.o qrexec-agent-data.c
  qrexec-agent-data.c: In function 'handle_remote_data':
  qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
                 status = *(unsigned int *)buf;
                 ^
  cc1: all warnings being treated as errors
  <builtin>: recipe for target 'qrexec-agent-data.o' failed
2015-02-11 08:02:55 -05:00
Jason Mehring
fc42561586 Add a qubes group and then add the user 'user' to the group
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions.  /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
2015-02-11 08:02:55 -05:00