Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,211 Commits 1 Branch 0 Tags 6.4 MiB
36b1793739
Commit Graph

79 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
c817bb0282 little fix for the official template 
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
 nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
 /Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
 hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
 2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
 eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
 NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
 lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
 xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
 7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
 OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
 cXas4+wsl0+qXRk/PDOn
 =6kCH
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-3' into debian

Conflicts:
	debian/control
	Merged postinst scripts from hw42 and nrgaway
 2014-11-05 04:35:23 +01:00
HW42
63e915f6d4 Tag for commit 5d68e2cc70 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
 2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
a4e4a6214b systemd: fix xenstore-ls path 2014-11-02 00:31:49 +01:00
Marek Marczykowski-Górecki
5d68e2cc70 Handle tabs in /etc/hosts 2014-10-27 22:39:25 +01:00
Marek Marczykowski-Górecki
15f3a1b8d0 debian: fix proxy setup 2014-10-24 00:45:39 +02:00
Marek Marczykowski-Górecki
a2e17ef244 systemd: fix 'service' path 
On Fedora it is all the same because /sbin -> /usr/sbin symlink. But on
Debian it does matter.
 2014-10-19 04:11:15 +02:00
HW42
a91dfdf48b fix xenstore-read path in network-proxy-setup.sh for debian 2014-10-01 06:51:58 +02:00
Marek Marczykowski-Górecki
4ee0de9fb8 updates-proxy-setup: support setting proxy for apt (#887) 2014-10-01 05:40:14 +02:00
HW42
434a794dda use sleep instead os usleep since it is more portable 2014-10-01 03:44:33 +02:00
Marek Marczykowski-Górecki
e83a91e3d3 debian: migrate to native systemd services 2014-09-30 00:54:33 +02:00
Marek Marczykowski-Górecki
240066fc23 Add missing u2mfn module load 
Is loaded as part of gui-agent startup, but qrexec-agent also needs it
so eliminate race condition here.
 2014-09-29 21:39:17 +02:00
Marek Marczykowski-Górecki
4bccdb0ba5 Use systemd mechanism for loading kernel modules (when available) 
One more thing done in more generic way (not Fedora-specific).
 2014-09-29 21:31:10 +02:00
HW42
0d0261d1c1 improve update of /etc/hosts 
* use 127.0.1.1 under debian (since it's the default there)
 * also set the IPv6 loopback address (::1) since some tools tries to
   AAAA resolve the hostname (for example sendmail)
 * ensure proper /etc/hosts format through postinst-script (hostname as
   last entry)
 2014-09-29 05:25:32 +02:00
HW42
4886411570 various patches for debian 
this should enable debian based templates to be used as proxy/netvm
 2014-09-29 05:25:24 +02:00
Marek Marczykowski-Górecki
2e4cdc2f8d Rename yum-proxy-setup service to updates-proxy-setup 
Fedora is no longer the only supported distribution, so change the
service name to be more generic. Old name still supported for
compatibility.
 2014-09-27 01:52:19 +02:00
Marek Marczykowski-Górecki
3f19c89301 Rename qubes-yum-proxy service to qubes-updates-proxy 
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
 2014-09-27 00:32:52 +02:00
Marek Marczykowski-Górecki
54755ac444 Avoid 100MB reserved space in private ext4 partition 
The ext4 reserved space is necessary for root partitions, but in the
private.img data partition, it is wasted space (accessible only to root
processes), which means losing 100 MB of the default 2GB.

From mkfs.ext4 man page: "-m reserved-blocks-percentage Specify the
percentage of the filesystem blocks reserved for the super-user." ...
"The default percentage is 5%."
 2014-09-05 22:42:14 +02:00
Marek Marczykowski-Górecki
1618e32993 dispvm: slow down "spinlock" while waiting for save/restore 
When something go wrong, it will remain spinning indefinitely.
 2014-08-02 23:44:48 +02:00
Marek Marczykowski-Górecki
90c84be5fb systemd: do not reexec when not necessary 
Do not reexec systemd when running version is the same as installed
binary. Apparently reexec causes some race condifions, which result in
assertion fail in systemd.
 2014-07-16 04:15:21 +02:00
Marek Marczykowski-Górecki
57f111a08d Do not start nm-applet at all when no NetworkManager running - update (#857) 
Apparently nm-applet.desktop was changed upstream. It does no longer
contain OnlyShowIn, but NotShowIn.
 2014-07-04 18:47:11 +02:00
Marek Marczykowski-Górecki
44aaa81042 Do not start nm-applet at all when no NetworkManager running (#857) 2014-05-30 22:44:50 +02:00
Marek Marczykowski-Górecki
f1a997c1c4 systemd: reexec systemd to ensure right version is running 
SystemD version can differ from initramfs one (which is build in dom0
build environment), so reexec it at startup.

This fixes systemd-212 archlinux issue.
 2014-04-23 01:50:21 +02:00
Marek Marczykowski-Górecki
6d3c73c741 systemd: relax qubes-sysinit dependencies 
It doesn't need all local filesystems, only /, /run, /proc/xen and loaded
modules.
 2014-04-23 01:32:31 +02:00
Marek Marczykowski-Górecki
0dd45655e3 init: remove rc.local-early reference 
It can't work - there is no /rw mounted at this VM startup stage.
 2014-03-28 05:12:48 +01:00
Marek Marczykowski-Górecki
9d618cac15 yum-proxy: automatically restart the service on failure 2014-02-21 13:30:07 +01:00
Marek Marczykowski-Górecki
c86581ace4 Revert "Hide nm-applet when NetworkManager is disabled" 
This reverts commit 85f4e494e8.
This way isn't effective - the command is called too early.
 2014-02-07 00:01:06 +01:00
Marek Marczykowski-Górecki
fc04408c7a systemd: disable ModemManager in non-NetVM 
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
85f4e494e8 Hide nm-applet when NetworkManager is disabled 
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
fd55d48126 Move meminfo-writer to linux-utils repo 
It is common for both dom0 and VM.  So move to linux-specific repo (not
VM-specific).
 2014-01-05 05:38:10 +01:00
Marek Marczykowski-Górecki
b3081dce07 systemd: disable additional unneeded services 2013-12-17 01:29:26 +01:00
Marek Marczykowski-Górecki
c04d4e4fea systemd: while disabling service, disable also its activators 
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
 2013-12-16 21:10:37 +01:00
Marek Marczykowski-Górecki
fabc72701c init: run resize2fs on /rw before mounting 
In case of private.img was resized while the VM was powered off.
 2013-11-21 03:36:56 +01:00
Marek Marczykowski
596a3ebd8e network: do not fail when eth0 doesn't exists 
It can be perfectly right case for wireless-only netvm.
 2013-08-13 00:40:13 +02:00
Marek Marczykowski
8c9433fc00 yum-proxy: use iptables-restore to set firewall rules 
Simple iptables sometimes returns EBUSY.
 2013-08-05 02:08:52 +02:00
Marek Marczykowski
44fab139f4 Add qrexec back, use qubes-utils libraries for common code 2013-03-20 06:23:44 +01:00
Marek Marczykowski
62a0002b7f The Underscores Revolution: dispvm script path 2013-03-14 04:30:22 +01:00
Marek Marczykowski
09050236bc The Underscores Revolution: adjust qrexec path 2013-03-14 04:29:19 +01:00
Marek Marczykowski
30ca124784 The Underscores Revolution: xenstore paths 2013-03-14 04:29:15 +01:00
Marek Marczykowski
ecc812f350 The Underscores Revolution: filenames 
Get rid of underscores in filenames, use dashes instead.
This is first part of cleanup in filenames.
"qubes_rpc" still untouched - will be in separate commit.
 2013-03-14 01:07:49 +01:00
Marek Marczykowski
dffd7e0457 remove qubes-core-libs and qrexec leftovers 
They are now in separate repository.
 2013-03-07 05:09:13 +01:00
Marek Marczykowski
b18d40fb08 vm: Use nautilus-actions to provide "Copy to other AppVM" etc nautilus commands 
No more ugly symlink creation at VM startup, nautilus-actions have system-wide
dir (in opposite to nautilus-scripts).

Currently old symlinks are not cleaned up. Maybe it should, but leaving them
have one advantage: will not break existing users behavior.
 2013-02-21 16:44:16 +01:00
Marek Marczykowski
979ce2014b vm/systemd: disable NetworkManager-wait-online when NM inactive 2013-02-12 01:38:30 +01:00
Marek Marczykowski
afa09b5d80 vm/systemd: break dependency loop 
qubes-misc-post provides /rw/home, required by NetworkManager, so do not
try start it after network.target
 2013-02-12 01:38:29 +01:00
Marek Marczykowski
fb2881b0a7 vm/systemd: change Names= to Alias= 
As recommended by systemd manual page.
 2013-02-12 01:38:29 +01:00
Marek Marczykowski
970203b956 vm/systemd: start misc-post after network 
This will ensure that /rw/config/rc.local is called after applying default
iptables rules, so it can safely modify it without the risk to be overridden
later by default ones.
 2013-01-11 23:49:46 +01:00
Marek Marczykowski
213380a7c3 vm: setup /dev/xen/evtchn permissions using udev rule 
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
 2012-11-22 00:51:18 +01:00
Marek Marczykowski
a26b3e7016 vm/core: use mount --bind instead of symlink for /home 
Many applications doesn't like /home as symlink ($HOME differs from real
location).
 2012-11-16 14:03:36 +01:00
Marek Marczykowski
ef2a3092ac vm/dispvm: use of user-provided DispVM settings (#651) 
When /rw/home/user/.qubes-dispvm-customized is present use /rw/home/user
instead of default /etc/dispvm-dotfiles.tbz. Also make sure that /rw will not
remain mounted during DispVM creation.
 2012-11-12 13:44:10 +01:00
Marek Marczykowski
aa1babada1 vm: setup device permission to allow non-root vchan servers 
This will allow to start pulseaudio as normal user and get rid of preloaded
library.
 2012-11-03 05:22:03 +01:00
Marek Marczykowski
e0780538f6 vm/systemd: force exit status 0 in qubes-sysinit 
If /rw/config/rc.local-early does not exits, exit status is incorrectly 1.
 2012-10-15 02:33:36 +02:00