Commit Graph

92 Commits

Author SHA1 Message Date
Matt McCutchen
377e0b4cd4 Switch to preset file for systemd units to disable. 2015-02-09 06:35:05 +01:00
HW42
dad5bfbd18 remove 'bashisms' or explicit use bash 2015-02-05 05:42:08 +01:00
Marek Marczykowski-Górecki
19a4c6d0dd network: support for not setting DNS and/or default gateway (v2)
This patch introduces two new qvm-services:
 - disable-default-route
 - disable-dns-server
Both disabled by default. You can enable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.

This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C7FB59.2020603%40openmailbox.org

Conflicts:
	network/setup-ip
	vm-init.d/qubes-core
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:52:31 +01:00
Marek Marczykowski-Górecki
efb79d5784 systemd: allow to start cron daemon (#909) 2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
4637735882 network: support for not setting DNS and/or default gateway
This patch introduces two new qvm-services:
 - set-default-route
 - set-dns-server
Both enabled by default. You can disable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.

This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C39656.3090303%40openmailbox.org

Conflicts:
	network/setup-ip
	vm-init.d/qubes-core
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:48:55 +01:00
Marek Marczykowski-Górecki
756293ec75 Fix disabling nm-applet when NM is disabled 2015-01-30 00:32:09 +01:00
Marek Marczykowski-Górecki
9130636c88 Merge branch 'debian'
Conflicts:
	misc/qubes-r2.list.in
	misc/qubes-trigger-sync-appmenus.sh
	network/30-qubes-external-ip
	network/qubes-firewall
	vm-systemd/network-proxy-setup.sh
	vm-systemd/prepare-dvm.sh
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski
d00d52fc31 dispvm: restart qubesdb at DispVM start
To connect to new qubesdb daemon in dom0.
2014-11-19 15:34:33 +01:00
Marek Marczykowski
1f04cf34cc systemd: fix qubes-service handling
qubesdb-list does show only list of paths, without values. Use
qubesdb-multiread instead. Path (argument) must have terminating '/' so
it will be cut of printed paths (service names only).
2014-11-19 15:34:33 +01:00
Marek Marczykowski
db35abadc8 Use Qubes DB instead of Xenstore 2014-11-19 15:34:33 +01:00
Marek Marczykowski
93ad711f4e load xen-gntalloc module required by libxenvchan 2014-11-19 15:34:32 +01:00
Jason Mehring
cc26e26be8 debian: apt-get needs to update first 2014-11-07 03:46:54 -05:00
Jason Mehring
96887ea1b8 debian: Add qubes-update-check for Debian 2014-11-07 03:30:45 -05:00
Marek Marczykowski-Górecki
c817bb0282 little fix for the official template
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
 nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
 /Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
 hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
 2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
 eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
 NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
 lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
 xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
 7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
 OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
 cXas4+wsl0+qXRk/PDOn
 =6kCH
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-3' into debian

Conflicts:
	debian/control
	Merged postinst scripts from hw42 and nrgaway
2014-11-05 04:35:23 +01:00
HW42
63e915f6d4 Tag for commit 5d68e2cc70
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
a4e4a6214b systemd: fix xenstore-ls path 2014-11-02 00:31:49 +01:00
Marek Marczykowski-Górecki
5d68e2cc70 Handle tabs in /etc/hosts 2014-10-27 22:39:25 +01:00
Marek Marczykowski-Górecki
15f3a1b8d0 debian: fix proxy setup 2014-10-24 00:45:39 +02:00
Marek Marczykowski-Górecki
a2e17ef244 systemd: fix 'service' path
On Fedora it is all the same because /sbin -> /usr/sbin symlink. But on
Debian it does matter.
2014-10-19 04:11:15 +02:00
HW42
a91dfdf48b fix xenstore-read path in network-proxy-setup.sh for debian 2014-10-01 06:51:58 +02:00
Marek Marczykowski-Górecki
4ee0de9fb8 updates-proxy-setup: support setting proxy for apt (#887) 2014-10-01 05:40:14 +02:00
HW42
434a794dda use sleep instead os usleep since it is more portable 2014-10-01 03:44:33 +02:00
Marek Marczykowski-Górecki
e83a91e3d3 debian: migrate to native systemd services 2014-09-30 00:54:33 +02:00
Marek Marczykowski-Górecki
240066fc23 Add missing u2mfn module load
Is loaded as part of gui-agent startup, but qrexec-agent also needs it
so eliminate race condition here.
2014-09-29 21:39:17 +02:00
Marek Marczykowski-Górecki
4bccdb0ba5 Use systemd mechanism for loading kernel modules (when available)
One more thing done in more generic way (not Fedora-specific).
2014-09-29 21:31:10 +02:00
HW42
0d0261d1c1 improve update of /etc/hosts
* use 127.0.1.1 under debian (since it's the default there)
 * also set the IPv6 loopback address (::1) since some tools tries to
   AAAA resolve the hostname (for example sendmail)
 * ensure proper /etc/hosts format through postinst-script (hostname as
   last entry)
2014-09-29 05:25:32 +02:00
HW42
4886411570 various patches for debian
this should enable debian based templates to be used as proxy/netvm
2014-09-29 05:25:24 +02:00
Marek Marczykowski-Górecki
2e4cdc2f8d Rename yum-proxy-setup service to updates-proxy-setup
Fedora is no longer the only supported distribution, so change the
service name to be more generic. Old name still supported for
compatibility.
2014-09-27 01:52:19 +02:00
Marek Marczykowski-Górecki
3f19c89301 Rename qubes-yum-proxy service to qubes-updates-proxy
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
2014-09-27 00:32:52 +02:00
Marek Marczykowski-Górecki
54755ac444 Avoid 100MB reserved space in private ext4 partition
The ext4 reserved space is necessary for root partitions, but in the
private.img data partition, it is wasted space (accessible only to root
processes), which means losing 100 MB of the default 2GB.

From mkfs.ext4 man page: "-m reserved-blocks-percentage Specify the
percentage of the filesystem blocks reserved for the super-user." ...
"The default percentage is 5%."
2014-09-05 22:42:14 +02:00
Marek Marczykowski-Górecki
1618e32993 dispvm: slow down "spinlock" while waiting for save/restore
When something go wrong, it will remain spinning indefinitely.
2014-08-02 23:44:48 +02:00
Marek Marczykowski-Górecki
90c84be5fb systemd: do not reexec when not necessary
Do not reexec systemd when running version is the same as installed
binary. Apparently reexec causes some race condifions, which result in
assertion fail in systemd.
2014-07-16 04:15:21 +02:00
Marek Marczykowski-Górecki
57f111a08d Do not start nm-applet at all when no NetworkManager running - update (#857)
Apparently nm-applet.desktop was changed upstream. It does no longer
contain OnlyShowIn, but NotShowIn.
2014-07-04 18:47:11 +02:00
Marek Marczykowski-Górecki
44aaa81042 Do not start nm-applet at all when no NetworkManager running (#857) 2014-05-30 22:44:50 +02:00
Marek Marczykowski-Górecki
f1a997c1c4 systemd: reexec systemd to ensure right version is running
SystemD version can differ from initramfs one (which is build in dom0
build environment), so reexec it at startup.

This fixes systemd-212 archlinux issue.
2014-04-23 01:50:21 +02:00
Marek Marczykowski-Górecki
6d3c73c741 systemd: relax qubes-sysinit dependencies
It doesn't need all local filesystems, only /, /run, /proc/xen and loaded
modules.
2014-04-23 01:32:31 +02:00
Marek Marczykowski-Górecki
0dd45655e3 init: remove rc.local-early reference
It can't work - there is no /rw mounted at this VM startup stage.
2014-03-28 05:12:48 +01:00
Marek Marczykowski-Górecki
9d618cac15 yum-proxy: automatically restart the service on failure 2014-02-21 13:30:07 +01:00
Marek Marczykowski-Górecki
c86581ace4 Revert "Hide nm-applet when NetworkManager is disabled"
This reverts commit 85f4e494e8.
This way isn't effective - the command is called too early.
2014-02-07 00:01:06 +01:00
Marek Marczykowski-Górecki
fc04408c7a systemd: disable ModemManager in non-NetVM
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
85f4e494e8 Hide nm-applet when NetworkManager is disabled
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
fd55d48126 Move meminfo-writer to linux-utils repo
It is common for both dom0 and VM.  So move to linux-specific repo (not
VM-specific).
2014-01-05 05:38:10 +01:00
Marek Marczykowski-Górecki
b3081dce07 systemd: disable additional unneeded services 2013-12-17 01:29:26 +01:00
Marek Marczykowski-Górecki
c04d4e4fea systemd: while disabling service, disable also its activators
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
2013-12-16 21:10:37 +01:00
Marek Marczykowski-Górecki
fabc72701c init: run resize2fs on /rw before mounting
In case of private.img was resized while the VM was powered off.
2013-11-21 03:36:56 +01:00
Marek Marczykowski
596a3ebd8e network: do not fail when eth0 doesn't exists
It can be perfectly right case for wireless-only netvm.
2013-08-13 00:40:13 +02:00
Marek Marczykowski
8c9433fc00 yum-proxy: use iptables-restore to set firewall rules
Simple iptables sometimes returns EBUSY.
2013-08-05 02:08:52 +02:00
Marek Marczykowski
44fab139f4 Add qrexec back, use qubes-utils libraries for common code 2013-03-20 06:23:44 +01:00
Marek Marczykowski
62a0002b7f The Underscores Revolution: dispvm script path 2013-03-14 04:30:22 +01:00
Marek Marczykowski
09050236bc The Underscores Revolution: adjust qrexec path 2013-03-14 04:29:19 +01:00