Commit Graph

1101 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
3558419612 version 2.1.31 2014-04-05 00:36:03 +02:00
Marek Marczykowski-Górecki
a4fc4822ef dom0-updates: use yum --downloadonly instead of yumdownloader
This better handles dependencies (especially of "Obsolete:" type).
Unfortunately yum install/upgrade checks if running as root. Because we
are only downloading packages, using local "system root" (--installroot
option) no real root access is requires, so use fakeroot to mute yum
error.
2014-03-28 06:52:31 +01:00
Marek Marczykowski-Górecki
0dd45655e3 init: remove rc.local-early reference
It can't work - there is no /rw mounted at this VM startup stage.
2014-03-28 05:12:48 +01:00
Marek Marczykowski-Górecki
e88b6e38be network: suppress NetworkManager from touching inter-vm interfaces (#774)
Those interfaces are configured by qubes scripts (based on xenstore data
filled by qubes core).
2014-03-28 02:57:12 +01:00
Marek Marczykowski-Górecki
4c3d5a46c2 firewall: replace deprecated "state" iptables module with "conntrack" 2014-03-28 02:56:43 +01:00
Marek Marczykowski-Górecki
f2ff044539 yum-proxy: fix iptables rules order
Add the rules at the beginning of chain, so before final REJECT rule.
2014-03-26 00:02:10 +01:00
Marek Marczykowski-Górecki
fe64539789 Implement "Move to VM" action (#725) 2014-03-24 05:19:16 +01:00
Marek Marczykowski-Górecki
4be9c7895a version 2.1.30 2014-03-10 01:04:11 +01:00
Marek Marczykowski-Górecki
226282bd90 rpm: enable notification-daemon
Without it explicitly enabled, notify-send (used by qubes-firewall) does
nothing.
2014-02-22 01:24:13 +01:00
Marek Marczykowski-Górecki
a19ef6d0db qubes-firewall: log errors to stderr -> syslog
Not only display as notifications (which may be easily missed).
2014-02-22 01:23:27 +01:00
Marek Marczykowski-Górecki
0d3ed747b4 suspend-prepare: call NM D-Bus interface directly
nmcli doesn't seem to have stable API, especially "nmcli nm sleep"
doesn't work anymore in Fedora 20.
2014-02-21 18:42:12 +01:00
Marek Marczykowski-Górecki
9d618cac15 yum-proxy: automatically restart the service on failure 2014-02-21 13:30:07 +01:00
Marek Marczykowski-Górecki
18ed540158 yum-proxy: fix stop command - iptables-restore do not accept -D
iptables-restore format accept only "-A" command, so remove the rules
with direct call to iptables
2014-02-21 13:28:49 +01:00
Marek Marczykowski-Górecki
98e5ffac8c version 2.1.29 2014-02-20 01:01:56 +01:00
Marek Marczykowski-Górecki
f8b1a6c562 qrexec: use proper unsigned type instead of muting compiler warning 2014-02-19 20:53:54 +01:00
Olivier MEDOC
3dcb434142 archlinux: move xinitrc bugfix to qubes-gui-agent 2014-02-16 21:17:39 +01:00
Olivier MEDOC
59ea1741dd archlinux: fixes for working user session 2014-02-16 21:13:53 +01:00
Marek Marczykowski-Górecki
c632f0d067 Add -Wextra -Werror to all C code 2014-02-16 11:34:22 +01:00
Olivier MEDOC
d931ba237e archlinux: ensure /lib/modules is mounted before xenfs using a systemd service
This systemd service is not disruptive to the boot process if it fails to mount /lib/modules (because it has been mounted before systemd switched the root directory to the real one).
The advantage is that it will boot /usr/lib/modules even if dracut doesn't handle root switch pre-hook, which is the case on archlinux.
It then allows booting an archlinux AppVM using an archlinux kernel.
2014-02-08 23:16:52 +01:00
Olivier MEDOC
6547577ce9 archlinux: fix bugs in added package install/remove commands 2014-02-08 23:16:00 +01:00
Olivier MEDOC
e0a00899cf archlinux: fixes in package uninstall trigger and disable additionnal qubes services 2014-02-08 23:15:14 +01:00
Olivier MEDOC
6757337bd3 archlinux: forgot to enable qubes-sysinit when installing package 2014-02-08 23:14:34 +01:00
Marek Marczykowski-Górecki
8acad1b78d rpm: disable (standard) pulseaudio autostart on its upgrade
Not only on initial template installation.
2014-02-08 10:22:28 +01:00
Marek Marczykowski-Górecki
8e38b36012 version 2.1.28 2014-02-07 05:50:49 +01:00
Marek Marczykowski-Górecki
3cc9d0f329 Merge branch 'appicons'
Conflicts:
	rpm_spec/core-vm.spec
2014-02-07 05:50:07 +01:00
Marek Marczykowski-Górecki
c0c914faab Merge remote-tracking branch 'woju/master' into appicons 2014-02-07 05:48:18 +01:00
Marek Marczykowski-Górecki
ededdf32ec rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
Note that R: will be generated automatically (on library name).
2014-02-07 05:36:22 +01:00
Marek Marczykowski-Górecki
75b1e24bab qubes-rpc, qrexec: register callbacks for qrexec-lib
Now qrexec-lib do not use exported symbols of particular names, but
explicitly registered callbacks.
2014-02-07 05:36:15 +01:00
Marek Marczykowski-Górecki
d660f260b8 Hide nm-applet when NetworkManager is disabled (retry)
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
2014-02-07 02:16:39 +01:00
Marek Marczykowski-Górecki
7d4c19fe23 rpm: fix rpmbuild warning about ghost files 2014-02-07 02:10:47 +01:00
Marek Marczykowski-Górecki
f54e44ac8f Fix compile warning 2014-02-07 02:10:13 +01:00
Marek Marczykowski-Górecki
e6b1769549 rpm: fix qfile-unpacker permissions
So rpmbuild will be able to create debuginfo and store stipped version.
2014-02-07 02:09:15 +01:00
Marek Marczykowski-Górecki
c86581ace4 Revert "Hide nm-applet when NetworkManager is disabled"
This reverts commit 85f4e494e8.
This way isn't effective - the command is called too early.
2014-02-07 00:01:06 +01:00
Marek Marczykowski-Górecki
58496dbac0 rpm: move serial.conf to /usr/share/qubes
It isn't executable file...
2014-02-06 23:56:18 +01:00
Marek Marczykowski-Górecki
06ced31ab5 rpm: typo fix in spec file
This is fix for commit 4d2094b16c.
2014-02-06 06:18:25 +01:00
Marek Marczykowski-Górecki
7953af970d backups: fix buffer overflow in tar2qfile
Buffer for directory headers history was too small. This can be
exploitable by some attacker capable of controlling backup stream, but
it isn't any security problem. We don't assume this part of backup
system to be trusted, the attacker can at most prevent user from
restoring some data, but will neither gain access to them, or compromise
any other Qubes component. This is equivalent to bug in any other tool
used in backup vm (like FTP client) and the Qubes backup system is
designed specifically to minimize impact of such bugs.
2014-02-05 15:16:42 +01:00
Marek Marczykowski-Górecki
e9eb43e026 Merge branch 'fc20-queue' 2014-02-05 15:16:36 +01:00
Wojciech Zygmunt Porczyk
27632a0b3b qubes.GetImageRGBA: bugfixes
- when icon is not found in hicolor theme, search for in in other themes
- added -follow to find
2014-02-04 00:36:30 +01:00
Marek Marczykowski-Górecki
502c51d3f1 version 2.1.27 2014-02-02 13:38:07 +01:00
Marek Marczykowski-Górecki
4d2094b16c Do not unconditionally hide nm-appet in Fedora >= 20 (#774)
This is first step of #774 - when NetworkManager enabled, show nm-applet
icon. Still NetworkManager need some configuration to not break ProxyVM
eth0.
2014-02-02 13:37:00 +01:00
Marek Marczykowski-Górecki
c647862fc0 rpm: do not fail on non-existing /etc/init/serial.conf
This file is obsolete for a long time, so use it only if found in the
system (perhaps still useful in other distros).
2014-02-02 13:37:00 +01:00
Marek Marczykowski-Górecki
39eca94200 backups: fix timestamp in backup filename (once again...) 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
66b5d686f5 rpm: require gnome-packagekit-updater on Fedora 20+
gpk-update-viewer is no longer a part of gnome-packagekit package.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
0123719646 systemd: fix handling of .path units overrides 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
fc04408c7a systemd: disable ModemManager in non-NetVM
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
85f4e494e8 Hide nm-applet when NetworkManager is disabled
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
1e291bbdc6 backups: fix timestamp in backup filename (once again...) 2014-02-02 12:17:43 +01:00
Marek Marczykowski-Górecki
cac25cbe60 Merge remote-tracking branch 'woju/master' into appicons
Conflicts:
	Makefile
	rpm_spec/core-vm.spec
2014-01-31 02:12:06 +01:00
Wojciech Zygmunt Porczyk
453ab0f22c qubes.GetImageRGBA for appicons 2014-01-30 16:30:17 +01:00
Marek Marczykowski-Górecki
948555bdea systemd: fix handling of .path units overrides 2014-01-30 02:56:40 +01:00