Jason Mehring
33d3a6c9ea
fc21: iptables configurations conflict with fc21 yum package manager
...
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2015-01-30 00:43:31 +01:00
Marek Marczykowski-Górecki
9130636c88
Merge branch 'debian'
...
Conflicts:
misc/qubes-r2.list.in
misc/qubes-trigger-sync-appmenus.sh
network/30-qubes-external-ip
network/qubes-firewall
vm-systemd/network-proxy-setup.sh
vm-systemd/prepare-dvm.sh
vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski-Górecki
9b71e6db8b
Update repos and keys for Qubes R3
2014-11-20 17:01:10 +01:00
Marek Marczykowski
db35abadc8
Use Qubes DB instead of Xenstore
2014-11-19 15:34:33 +01:00
Marek Marczykowski
a3aab7dab2
rpm: fix typo
2014-11-19 15:34:33 +01:00
Marek Marczykowski
735531a9ba
spec: get backend_vmm from env variable
...
There is no way to pass --define to yum-buildep, but we use VMM name for
required packages names.
2014-11-19 15:34:32 +01:00
Marek Marczykowski
94f54d6c9f
spec: add dependencies on vchan package (both R: and BR:)
2014-11-19 15:34:32 +01:00
Marek Marczykowski-Górecki
c817bb0282
little fix for the official template
...
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
/Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
cXas4+wsl0+qXRk/PDOn
=6kCH
-----END PGP SIGNATURE-----
Merge tag 'hw42_debian-systemd-3' into debian
Conflicts:
debian/control
Merged postinst scripts from hw42 and nrgaway
2014-11-05 04:35:23 +01:00
Marek Marczykowski-Górecki
e4e7176a16
Merge remote-tracking branch 'nrgaway/debian' into debian
2014-11-05 04:24:41 +01:00
HW42
63e915f6d4
Tag for commit 5d68e2cc70
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
+hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
+zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
BJkmYBjqgnjCsQFUBMnn
=shGW
-----END PGP SIGNATURE-----
Merge tag 'mm_5d68e2cc' into debian-systemd
Tag for commit 5d68e2cc70
Conflicts:
Makefile
debian/rules
network/qubes-firewall
vm-systemd/misc-post.sh
vm-systemd/qubes-sysinit.sh
2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
aad0d4d57a
Reenable imsettings service
...
It is required for some languages (Chinese for example).
2014-11-01 00:29:14 +01:00
Jason Mehring
3366af3f55
Change condition test to compare to a link "-L"
2014-10-31 01:56:19 -04:00
Marek Marczykowski-Górecki
0613a58961
Improve handling of .desktop files
...
Instead of directly using Exec= line, parse the file (at the launch
time) with Gio library. The main reason for this change is to handle
Terminal= option, but generally this approach should be more
bulletproof, especially when some fancy options are present in desktop
files.
2014-10-27 12:25:45 +01:00
Marek Marczykowski-Górecki
be266a00dd
Include /rw in the package
...
On Fedora it was created in %post, but on Debian not. Unify it to simply
provide the directory as standard package content.
2014-10-19 04:38:16 +02:00
Marek Marczykowski-Górecki
7339dd1ece
Introduce qubes.SetDateTime service for time synchronization
...
It would be called by qvm-sync-clock instead of 'date' directly. This
gives a lot of flexibility - VM can control whether it want to sync time
this way. For now slight corrections (+-2sec) are ignored to not cause
problems by frequent time changes. But it can be easily extended to
refuse time sync when some other mechanism is used.
2014-10-01 05:40:23 +02:00
Marek Marczykowski-Górecki
4bccdb0ba5
Use systemd mechanism for loading kernel modules (when available)
...
One more thing done in more generic way (not Fedora-specific).
2014-09-29 21:31:10 +02:00
HW42
0d0261d1c1
improve update of /etc/hosts
...
* use 127.0.1.1 under debian (since it's the default there)
* also set the IPv6 loopback address (::1) since some tools tries to
AAAA resolve the hostname (for example sendmail)
* ensure proper /etc/hosts format through postinst-script (hostname as
last entry)
2014-09-29 05:25:32 +02:00
Marek Marczykowski-Górecki
3f19c89301
Rename qubes-yum-proxy service to qubes-updates-proxy
...
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
2014-09-27 00:32:52 +02:00
Marek Marczykowski-Górecki
1e842c985d
fedora: workaround slow system shutdown ( #852 )
...
It looks to be related to this report:
https://bugzilla.redhat.com/show_bug.cgi?id=1088619
Workaround idea was from comment 37.
The hanging process in Qubes VM is most likely dconf-service, but there
is a lot of possible causes. To start with a non-standard method of
accessing the X session (no real login manager, processes started by
qrexec-agent). So instead of wasting a lot of time on digging through
gnome services, simply shorten the stop timeout - the processes would be
killed anyway.
2014-09-24 14:17:24 +02:00
Marek Marczykowski-Górecki
6361ea4c95
rpm: mark config files with %config(noreplace)
2014-07-23 04:45:11 +02:00
Marek Marczykowski-Górecki
fd42d99803
dispvm: close all windows after apps prerun ( #872 )
...
Killing Xorg makes "unclean" termination of applications. Some apps
(Firefox) complains about that at next startup.
2014-07-04 18:51:02 +02:00
Marek Marczykowski-Górecki
eeb66ad8e9
rpm: enable/disable services when corresponding packages got installed
...
Otherwise when someone installed NetworkManager after qubes-core-vm (for
example in "minimal" template), it will not be configured correctly.
2014-07-04 18:48:35 +02:00
Marek Marczykowski-Górecki
25557fa158
rpm: enable haveged service by default ( #673 )
2014-07-04 12:00:54 +02:00
Marek Marczykowski-Górecki
0cf2a713b9
rpm: require generic "desktop-notification-daemon" not a specific one
2014-07-03 02:05:39 +02:00
Marek Marczykowski-Górecki
486b148a08
Configure only installed programs
2014-05-22 01:31:43 +02:00
Marek Marczykowski-Górecki
923af1c94b
Hide nm-applet icon earlier ( #857 )
...
Since d660f260b8
icon is hidden during VM
startup for non-netvm. Because qubes-session handles tasks sequentially,
move that one earlier to not scary the user with ghost icon.
2014-05-15 01:27:31 +02:00
Marek Marczykowski-Górecki
fe69bba14b
rpm: remove /lib/firmware/updates link
...
It is no longer needed and currently broke linux-firmware package
installation.
2014-05-12 00:37:22 +02:00
Wojciech Zygmunt Porczyk
40fcbdebaa
misc: do not display file preview by default ( #813 )
2014-05-08 14:17:24 +02:00
Marek Marczykowski-Górecki
5912ea4330
rpm: fix notification-daemon setup
2014-04-23 01:54:28 +02:00
Marek Marczykowski-Górecki
12080a42a2
rpm: do not disable abrt-applet autostart
2014-04-23 01:31:57 +02:00
Marek Marczykowski-Górecki
3b55facb2e
Update repo file for R2rc1 repo
2014-04-10 04:08:49 +02:00
Marek Marczykowski-Górecki
a4fc4822ef
dom0-updates: use yum --downloadonly instead of yumdownloader
...
This better handles dependencies (especially of "Obsolete:" type).
Unfortunately yum install/upgrade checks if running as root. Because we
are only downloading packages, using local "system root" (--installroot
option) no real root access is requires, so use fakeroot to mute yum
error.
2014-03-28 06:52:31 +01:00
Marek Marczykowski-Górecki
fe64539789
Implement "Move to VM" action ( #725 )
2014-03-24 05:19:16 +01:00
Marek Marczykowski-Górecki
226282bd90
rpm: enable notification-daemon
...
Without it explicitly enabled, notify-send (used by qubes-firewall) does
nothing.
2014-02-22 01:24:13 +01:00
Marek Marczykowski-Górecki
8acad1b78d
rpm: disable (standard) pulseaudio autostart on its upgrade
...
Not only on initial template installation.
2014-02-08 10:22:28 +01:00
Marek Marczykowski-Górecki
3cc9d0f329
Merge branch 'appicons'
...
Conflicts:
rpm_spec/core-vm.spec
2014-02-07 05:50:07 +01:00
Marek Marczykowski-Górecki
ededdf32ec
rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
...
Note that R: will be generated automatically (on library name).
2014-02-07 05:36:22 +01:00
Marek Marczykowski-Górecki
d660f260b8
Hide nm-applet when NetworkManager is disabled (retry)
...
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
2014-02-07 02:16:39 +01:00
Marek Marczykowski-Górecki
7d4c19fe23
rpm: fix rpmbuild warning about ghost files
2014-02-07 02:10:47 +01:00
Marek Marczykowski-Górecki
58496dbac0
rpm: move serial.conf to /usr/share/qubes
...
It isn't executable file...
2014-02-06 23:56:18 +01:00
Marek Marczykowski-Górecki
06ced31ab5
rpm: typo fix in spec file
...
This is fix for commit 4d2094b16c
.
2014-02-06 06:18:25 +01:00
Marek Marczykowski-Górecki
4d2094b16c
Do not unconditionally hide nm-appet in Fedora >= 20 ( #774 )
...
This is first step of #774 - when NetworkManager enabled, show nm-applet
icon. Still NetworkManager need some configuration to not break ProxyVM
eth0.
2014-02-02 13:37:00 +01:00
Marek Marczykowski-Górecki
c647862fc0
rpm: do not fail on non-existing /etc/init/serial.conf
...
This file is obsolete for a long time, so use it only if found in the
system (perhaps still useful in other distros).
2014-02-02 13:37:00 +01:00
Marek Marczykowski-Górecki
66b5d686f5
rpm: require gnome-packagekit-updater on Fedora 20+
...
gpk-update-viewer is no longer a part of gnome-packagekit package.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
0123719646
systemd: fix handling of .path units overrides
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
fc04408c7a
systemd: disable ModemManager in non-NetVM
...
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
cac25cbe60
Merge remote-tracking branch 'woju/master' into appicons
...
Conflicts:
Makefile
rpm_spec/core-vm.spec
2014-01-31 02:12:06 +01:00
Wojciech Zygmunt Porczyk
453ab0f22c
qubes.GetImageRGBA for appicons
2014-01-30 16:30:17 +01:00
Marek Marczykowski-Górecki
948555bdea
systemd: fix handling of .path units overrides
2014-01-30 02:56:40 +01:00
Marek Marczykowski-Górecki
99708afc52
systemd: disable ModemManager in non-NetVM
...
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-01-30 02:56:30 +01:00
Marek Marczykowski-Górecki
9ea49e3f83
version 2.1.26
2014-01-22 15:17:41 +01:00
Marek Marczykowski-Górecki
361ab0b266
qubes-rpc: introduce services for browsing VM filesystem
...
For now used to select system backup inside of VM.
2014-01-13 05:07:23 +01:00
Marek Marczykowski-Górecki
fd55d48126
Move meminfo-writer to linux-utils repo
...
It is common for both dom0 and VM. So move to linux-specific repo (not
VM-specific).
2014-01-05 05:38:10 +01:00
Marek Marczykowski-Górecki
0daaefb47f
rpm: own /lib/modules only in Fedora >= 19
...
Previously it was owned by filesystem package.
2013-12-22 23:00:21 +01:00
Marek Marczykowski-Górecki
b3081dce07
systemd: disable additional unneeded services
2013-12-17 01:29:26 +01:00
Marek Marczykowski-Górecki
c04d4e4fea
systemd: while disabling service, disable also its activators
...
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
2013-12-16 21:10:37 +01:00
Marek Marczykowski-Górecki
22929bb18f
kernel-placeholder: provide kernel modules mountpoint
...
It is no longer part of 'filesystem' package in Fedora 19.
2013-12-15 05:36:02 +01:00
Marek Marczykowski-Górecki
7dd5a40218
rpm: kernel-placeholder provides kernel-modules-extra
...
Yet another package with kernel-related files already provided by dom0.
2013-12-13 04:40:20 +01:00
Marek Marczykowski-Górecki
3cc566f539
Split R2 yum repository for individual beta releases.
2013-12-06 13:02:22 +01:00
Marek Marczykowski-Górecki
41c701a1ac
Revert "Do not start gnome-settings-daemon in AppVM"
...
This reverts commit 047a7a0b23
.
Actually some g-s-d plugins are helpful, for example notification of low
disk space. Also we've already disabled keyboard plugin.
2013-12-01 02:25:51 +01:00
Marek Marczykowski-Górecki
8f840e10dc
vm-file-editor: add override for mimeinfo *.png entry ( #753 )
...
MIME-info database contains multiple entries for *.png, namely image/png
and image/x-apple-ios-png. The later one doesn't have associated handler
program, but this one is selected by mimeopen tool.
Not sure how this tool should behave in case of multiple matches (IOW is
it a bug in File::MimeInfo perl module used by mimeopen). Instead of
switching to different tool, which probably will break other files
(check #423 ), add override for this particular file type.
2013-11-14 21:38:27 +01:00
Marek Marczykowski-Górecki
639cb51414
Add qubes.{Backup,Restore} services, include them in rpm package
2013-11-09 19:01:57 +01:00
Marek Marczykowski-Górecki
047a7a0b23
Do not start gnome-settings-daemon in AppVM
...
It breaks keyboard layout - sets to own default.
2013-10-23 03:36:56 +02:00
Marek Marczykowski-Górecki
fd224c05a9
Fix for broken network after Fedora update (Fedora #974811 )
...
This should be really done in NetworkManager package, but apparently not
done yet.
https://bugzilla.redhat.com/show_bug.cgi?id=974811
2013-10-11 13:10:49 +02:00
Marek Marczykowski-Górecki
1d41cb4c18
Add qubes.DetachPciDevice for live PCI detach ( #708 )
2013-09-01 01:28:07 +02:00
Marek Marczykowski-Górecki
099971dcd5
fedora: update spec and serial.conf to match /usr/sbin path
2013-08-14 03:53:40 +02:00
Marek Marczykowski
8c9433fc00
yum-proxy: use iptables-restore to set firewall rules
...
Simple iptables sometimes returns EBUSY.
2013-08-05 02:08:52 +02:00
Marek Marczykowski
6b8ebe6e2c
spec: use make install-vm target in %install
...
Thanks to this all distributions will use the same code - no need to
manual synchronization.
2013-04-17 01:52:31 +02:00
Marek Marczykowski
06f1dfb70c
spec: simplify %post logic for udev rules
...
Whitelist any rules file with qubes in name. This will prevent further
mistakes like forgetting about some script, or even not including script
for another package (like qubes-tor currently).
2013-03-26 02:41:18 +01:00
Marek Marczykowski
44fab139f4
Add qrexec back, use qubes-utils libraries for common code
2013-03-20 06:23:44 +01:00
Marek Marczykowski
9e3f844f32
Restore release number to 1
2013-03-19 12:03:30 +01:00
Marek Marczykowski
30ca124784
The Underscores Revolution: xenstore paths
2013-03-14 04:29:15 +01:00
Marek Marczykowski
7686fd5d92
The Underscores Revolution: RPC services
2013-03-14 04:25:31 +01:00
Marek Marczykowski
ecc812f350
The Underscores Revolution: filenames
...
Get rid of underscores in filenames, use dashes instead.
This is first part of cleanup in filenames.
"qubes_rpc" still untouched - will be in separate commit.
2013-03-14 01:07:49 +01:00
Marek Marczykowski
a88c122efa
Move manpages here from separate repo
2013-03-12 17:10:49 +01:00
Marek Marczykowski
34b31c0f71
spec: don't touch sysv services in systemd package
...
Actually it can disable required services which have both sysv and
systemd-style startup scripts.
2013-03-09 03:19:41 +01:00
Marek Marczykowski
f06284d2ba
spec: update dependencies
2013-03-07 05:16:09 +01:00
Marek Marczykowski
dffd7e0457
remove qubes-core-libs and qrexec leftovers
...
They are now in separate repository.
2013-03-07 05:09:13 +01:00
Marek Marczykowski
fb780d7fbc
vm/systemd: disable avahi-daemon
...
Aparently this service have changed name, so make sure it will be disabled also
under new name.
2013-03-03 17:35:54 +01:00
Marek Marczykowski
b18d40fb08
vm: Use nautilus-actions to provide "Copy to other AppVM" etc nautilus commands
...
No more ugly symlink creation at VM startup, nautilus-actions have system-wide
dir (in opposite to nautilus-scripts).
Currently old symlinks are not cleaned up. Maybe it should, but leaving them
have one advantage: will not break existing users behavior.
2013-02-21 16:44:16 +01:00
Marek Marczykowski
14cb955efc
vm/spec: mark some config files with %config(noreplace)
...
Do mark such critical files, which shouldn't be modified by the user.
2013-02-21 07:25:47 +01:00
Marek Marczykowski
58eeda8723
vm/spec: force legacy iptables services
2013-02-12 01:38:30 +01:00
Marek Marczykowski
f965c8fc99
vm: revert /etc/yum.conf exclude config
...
Upgrade of kernel is suppressed by qubes-vm-kernel-placeholder package.
Excluding xorg packages makes more problems than goods (e.g. unable to
install dummy driver, block fedora bugfixes).
2013-02-12 01:38:30 +01:00
Marek Marczykowski
979ce2014b
vm/systemd: disable NetworkManager-wait-online when NM inactive
2013-02-12 01:38:30 +01:00
Marek Marczykowski
cab4689360
vm: require net-tools
...
Needed to setup network in VM
2013-02-12 01:38:30 +01:00
Marek Marczykowski
750859bdc8
vm: move polkit configs from qubes-gui-vm package
2013-02-12 01:38:29 +01:00
Marek Marczykowski
d13e1d4bfd
vm/kernel-placeholder: update provided version
...
Some fc18 packages requires >3.5 kernel, so update kernel-placeholder
appropriate (according to newest available package in unstable
repository).
2013-02-12 01:38:29 +01:00
Olivier Medoc
63da3b15a0
vm/qubes_rpc: implement qubes.WaitForSession
...
RPC call will be used in vm.start function instead of the hardcoded echo > /tmp/qubes-session-waiter
2013-01-11 01:12:23 +01:00
Marek Marczykowski
50809a21c8
qubes-core-vm-kernel-placeholder 1.0-2
2013-01-04 13:23:48 +01:00
Marek Marczykowski
69edb3b029
vm/kernel-placeholder: provide xorg-x11-drv-nouveau to resolve deps problem
2013-01-04 13:23:20 +01:00
Marek Marczykowski
29d2b2e369
spec: generate proper debuginfo packages
...
%setup macro must be present in %prep to set variables required by
find-debuginfo script. Symlink is to place sources in nice
/usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core
(which can be ambiguous).
Additionally all packages need to have _builddir pointing at top src dir (in
core-dom0 it was dom0 subdir). And to cheat make about current dir (to have
%{name}-%{version} included in path) chdir must be done by shell, not make - so
can't use make -C.
2012-12-12 04:12:59 +01:00
Marek Marczykowski
fc89e48038
spec: do not build u2mfn not packaged in core-dom0 and core-vm
...
This is packages in core-libs, so build it only there.
2012-12-12 04:10:41 +01:00
Marek Marczykowski
63ede041d8
vm/spec: do not remote 50-qubes_misc.rules during installation
2012-11-22 08:22:52 +01:00
Marek Marczykowski
213380a7c3
vm: setup /dev/xen/evtchn permissions using udev rule
...
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
2012-11-22 00:51:18 +01:00
Marek Marczykowski
d5a2d9d054
vm: load dummy-hcd module to suppress libusb bug
...
libusb crashes when no USB controller is present, load dummy-hcd as workaround.
2012-11-19 17:52:16 +01:00
Marek Marczykowski
16afb1610e
vm: remove qubes-upgrade-vm after upgrade
2012-11-15 21:38:39 +01:00
Marek Marczykowski
fe1f685b50
spec: extract core libs from qubes-core-vm
...
This libs are required by both dom0 and VM so it's better to have it
separately. Previously in VM it was separate package, but dom0 have them
embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build
qubes-gui-dom0. Now we do not build all packages for all distros (especially do
not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it
explicit which package is needed by which system.
2012-11-14 13:12:51 +01:00
Marek Marczykowski
e432f0e55c
vm/spec: fix NotShowIn entries in autostart desktop files
2012-11-03 05:22:03 +01:00
Marek Marczykowski
65e068f68a
vm/qvm-usb: include vusb-ctl in VM package
2012-10-23 05:45:47 +02:00
Alexandre Bezroutchko
7f7e9999f4
dvp/qvm-usb: converted installer scripts into RPM
2012-10-21 15:10:40 +02:00
Marek Marczykowski
4daa5f56ea
Merge branch 'master-for-hvm' into hvm
...
Conflicts:
dom0/qvm-core/qubes.py
dom0/qvm-tools/qvm-sync-clock
2012-10-04 05:45:41 +02:00
Marek Marczykowski
949222f692
vm/spec: fix adding yum-proxy configuration
...
Do not add entry if already present.
2012-10-04 05:44:20 +02:00
Bruce A Downs
e2caaf0764
vm: Added 'most recently used' feature to 'copy to vm' dialog
...
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
2012-10-04 05:44:19 +02:00
Bruce A Downs
c2a049ef32
vm/spec: mod to core-vm.spec to add test for files
...
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
2012-10-04 05:44:19 +02:00
Marek Marczykowski
6345c4570a
vm/iptables: block IPv6 traffic
...
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
da79d38e6f
vm/spec: fix adding yum-proxy configuration
...
Do not add entry if already present.
2012-10-04 05:29:10 +02:00
Marek Marczykowski
0ea16ef21b
dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot
...
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
2012-08-18 21:17:07 +02:00
Marek Marczykowski
32405af775
vm/kernel-placeholder: simplify upgrade
2012-07-30 23:16:05 +02:00
Marek Marczykowski
077c74782c
vm: kernel-placeholder package to inhibit real kernel pkg in VM ( #645 )
...
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
2012-07-23 23:17:50 +02:00
Marek Marczykowski
c8f3f737f5
Revert "vm/spec: disable pam_systemd globally ( #607 )" ( #626 )
...
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626 ).
Conflicts:
rpm_spec/core-vm.spec
2012-07-16 13:36:08 +02:00
Marek Marczykowski
8129032c9e
vm: implement qubes.GetAppmenus to reduce code duplication
...
As one-liner services are now real one-line, just do it.
2012-07-15 02:41:23 +02:00
Marek Marczykowski
55130c0dee
vm: simplify qubes.VMShell service
...
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:41:23 +02:00
Marek Marczykowski
bec4afc919
vm: export SuspendPre and SuspendPost qrexec services ( #617 )
...
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:44:11 +02:00
Marek Marczykowski
3af500fc80
vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package ( #620 )
2012-07-12 14:22:44 +02:00
Marek Marczykowski
c336586fae
vm/systemd: disable additional useless services ( #620 )
...
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:56:09 +02:00
Marek Marczykowski
654fb64a74
vm/spec: remove dupplicated commnds, suppress error message
2012-07-12 03:56:09 +02:00
Marek Marczykowski
5ee694f4d3
vm/spec: disable pam_systemd only in trigger
...
The %post part is unnecessary.
2012-07-09 15:54:33 +02:00
Marek Marczykowski
f0cdcdae34
vm: disable D-Bus activation of NetworkManager ( #610 )
2012-07-05 01:43:32 +02:00
Marek Marczykowski
0cd7a783d4
vm/spec: disable pam_systemd globally ( #607 )
...
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
2012-07-05 01:43:32 +02:00
Marek Marczykowski
9efee9324f
vm/spec: fix enabling NetworkManager SystemD service
2012-06-26 03:43:36 +02:00
Marek Marczykowski
77ccf99b88
vm/spec: fix error messages
2012-06-26 03:43:36 +02:00
Marek Marczykowski
47e49d0fd6
vm/spec: fix enabling of qubes-firewall SysV service
2012-06-26 03:43:36 +02:00
Marek Marczykowski
1fdaa847c4
vm: RPC service for NTP time sync ( #603 )
2012-06-23 00:37:47 +02:00
Marek Marczykowski
64a9c54ba6
vm: enable yum-qubes-hooks plugin ( #592 )
2012-06-11 22:35:44 +02:00
Marek Marczykowski
3e89b33209
vm/spec: create firmware symlink only when needed
...
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:00:05 +02:00
Marek Marczykowski
baf95fb765
vm/spec: depend on ethtool _package_
2012-06-06 02:59:07 +02:00
Marek Marczykowski
06c4d57b60
vm: yum plugin to notify dom0 about installed updates ( #592 )
2012-06-05 21:21:53 +02:00
Marek Marczykowski
55f99e23db
makefile: rename vchan Makefile to not conflict with windows build
2012-06-05 21:21:53 +02:00
Marek Marczykowski
9930a89fb1
vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy ( #568 )
...
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
- usage of non-standard repos with some exotic file layout, which will be
blocked by the proxy
- usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)
This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:11:44 +02:00
Marek Marczykowski
0430e5186b
vm: qubes-yum-proxy service ( #568 )
...
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).
It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:11:43 +02:00
Marek Marczykowski
542cd42d04
vm/spec: remove executable perm where not needed
2012-05-31 03:11:43 +02:00
Marek Marczykowski
be05968bd1
vm/spec: fix /etc/hosts if it was broken by previous version
2012-05-08 23:44:07 +02:00
Marek Marczykowski
bd8977c824
vm: notify dom0 when updates available in VM ( #475 )
2012-05-02 00:09:00 +02:00
Marek Marczykowski
4401c3e525
vm/init.d: make firewall and netwatcher service consistent with systemd
2012-03-09 01:50:18 +01:00
Marek Marczykowski
c3ee25ef10
vm/mimeopen: save mimetype defaults for DispVM ( #423 )
2012-02-06 19:08:08 +01:00
Marek Marczykowski
431e350ffe
vm/spec: fix file permissions
2012-02-06 12:58:02 +01:00
Marek Marczykowski
f3e187f672
vm/spec: do not complain about missing serial.conf
2012-01-30 14:22:35 +01:00
Marek Marczykowski
85e6704037
vm/network: symlink NetworkManager system-connection to /rw ( #425 )
...
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
2012-01-30 14:20:02 +01:00
Marek Marczykowski
5ec2c4c4bb
vm/spec: hide diagnostics from systemctl
2012-01-18 17:24:04 +01:00
Marek Marczykowski
1a71d29cd4
vm: enable qubes-firewall ( #424 )
2012-01-18 13:37:31 +01:00
Marek Marczykowski
0e1278205c
spec: fix build order
2012-01-15 17:36:22 +01:00
Marek Marczykowski
33f50950ec
vm/systemd: enable ntpd and NetworkManager services
2012-01-14 01:40:54 +01:00
Marek Marczykowski
4a73aa5da6
vm/systemd: add some package requirements according to Fedora documentation
2012-01-14 01:40:10 +01:00
Marek Marczykowski
9129f74603
vm: disable some autostart applications
2012-01-14 01:39:43 +01:00
Marek Marczykowski
d3e1bf36bf
vm: disable silent automatic update *installation* in FC15 ( #415 )
...
Do not silently download and install updates, especially in NonUpdateableVM.
2012-01-14 01:37:22 +01:00
Marek Marczykowski
5e0cde15de
vm/init: introduce SystemD startup scripts
2012-01-10 12:10:16 +01:00
Marek Marczykowski
5573200c9d
vm/spec: split SysV init scripts into separate subpackage
2012-01-10 12:09:09 +01:00
Marek Marczykowski
a25d3be356
vm/spec: add Obsoletes header for smooth upgrade
2012-01-10 11:23:27 +01:00
Marek Marczykowski
240d35259f
vm(+dom0): major rearrage VM files in repo; merge core-*vm packages
2012-01-06 21:31:12 +01:00
Marek Marczykowski
65b6675ca1
vm: disable cron also using systemctl
...
This is needed for FC15
2011-12-30 23:53:46 +01:00
Marek Marczykowski
324ad2aa0d
vm/qvm-block: do not disable qubes block udev rules ( #393 )
2011-12-26 21:01:31 +01:00
Marek Marczykowski
fae04af662
vm/yum-repo: Use $releasever in repo definition
...
Instead of multiple files with only release version different.
2011-12-12 03:35:22 +01:00
Marek Marczykowski
f3a58eb19b
vm/spec: more precise blacklisting updates of xorg ( #381 )
2011-12-05 13:50:07 +01:00
Marek Marczykowski
b6100594f5
dom0+vm/qvm-block: automatically detach device when physical dev removed ( #226 )
...
This will work when device is unmounted. On mounted device backend will be
removed (after 3s timeout), but frontend will left in "closing" state - manual
'xl block-detach' will be needed.
2011-09-30 10:42:56 +02:00
Marek Marczykowski
012dc63c53
dom0+vm: expose block devices info in xenstore ( #226 )
2011-09-29 13:56:06 +02:00
Marek Marczykowski
0b746bbf70
vm: minor fixes for Fedora 15
...
1. create /var/run/qubes as /var/run is now on tmpfs
2. if system-d is present - use it to disable NetworkManager
2011-09-27 01:37:09 +02:00
Marek Marczykowski
e09290b82b
vm/spec: do not use chown in %install - it will not work as unprivileged user
2011-09-25 15:18:48 +02:00
Marek Marczykowski
bdf407b716
dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh
...
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
2011-09-15 00:18:56 +02:00
Joanna Rutkowska
ed19fc87f9
vm: update symlinks in Nautilus Scripts menu
...
This is important for older templates that got upgraded to new core packages,
which renamed some of the tools by removing the '2' suffix.
2011-09-14 19:32:47 +02:00
Marek Marczykowski
766183da60
vm: automatically online added memory
...
This is needed to increase memory size above initial value on pvops kernel.
Should not harm xenlinux version.
2011-09-06 01:12:21 +02:00
Marek Marczykowski
1642d97fa5
vm: get rid of "2" from qvm-* names ( #340 )
2011-09-03 17:12:24 +02:00
Rafal Wojtczuk
890030354d
qvm-open-in-*: recognize when the parameter is an url
...
and wrap it in html meta refresh tag, so that it will be opened by
the default browser.
2011-08-29 17:27:48 +02:00
Rafal Wojtczuk
1a24c19702
qrexec: implement qvm-run command for AppVMs
...
It is build upon qrexec2, qubes.VMShell command. So, in order to e.g.
start firefox in a fresh dispVM, do
qvm-run '$dispvm' firefox http://www.qubes-os.org
2011-08-29 16:46:44 +02:00
Joanna Rutkowska
310c137f25
vm: Fix modules blacklisting
2011-07-30 11:30:21 +02:00
Joanna Rutkowska
9b515d41d6
vm: Blacklist unnecessary packge updates
2011-07-30 11:15:47 +02:00
Marek Marczykowski
f56a993b84
vm: move dom0-updates dir to core-appvm package ( #198 )
...
At core-commonvm installation stage "user" can no exists.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
382dafb6cd
vm: Split updates check and download into separate scripts ( #198 )
2011-07-17 01:20:13 +02:00
Marek Marczykowski
f1321e0904
Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core
2011-07-09 16:52:54 +02:00
Marek Marczykowski
626bd1568a
vm: fix udev rules for VM network hotplug
2011-07-09 16:52:51 +02:00
Rafal Wojtczuk
dc33f0c9a7
qrexec: adjust DispVM code to the new qrexec API
...
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b87da183ce
qrexec: adjust intervm file copy code to the new qrexec API
2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
b5d30a9d54
qrexec: last two missing pieces of the new rpc infrastructure
2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
dde44ee6ef
qrexec: add qrexec_client_vm.c
2011-07-05 11:03:31 +02:00
Marek Marczykowski
508a39cbb0
vm: Load evtchn module by script in /etc/sysconfig/modules
2011-07-02 19:11:15 +02:00
Marek Marczykowski
b6f036caf2
dom0+vm: Update VM kernel mechanism ( #242 )
...
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel
For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f564a4d143
dom0+vm: Tools for downloading dom0 update by VM ( #198 )
...
Mainly 4 parts:
- scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
- VM script for downloading updates (qubes_download_dom0_updates.sh)
- qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
- qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer
Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
31f0308d45
dom0+vm: Trigger appmenus sync after yum transaction ( #45 ), NEW QREXEC COMMAND
...
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
2011-06-12 01:46:24 +02:00
Marek Marczykowski
60b86de2ca
vm: add -qubes suffix to xenstore-watch to not conflict with xen standard tool
2011-06-07 15:58:55 +02:00
Marek Marczykowski
868fd1f431
vm: Remove root password to allow easy escalation from UI application ( #202 )
...
Ex. gpk-application needs this to work properly while running from user. When
root password is set - polkit-daemon asks for it (according to polkit setting).
2011-05-12 19:15:24 +02:00
Marek Marczykowski
59071d87b9
Revert "Run nm-applet as normal user"
...
This reverts commit 2f5b6e6582e71630193d0098d4cc60db019e1e9b.
Dbus policy hacking not needed any more. ConsoleKit session is correctly started.
2011-04-29 02:32:55 +02:00
Marek Marczykowski
59da079f22
Configure VM network iface on attach (not only on boot) ( #190 )
2011-04-23 02:31:54 +02:00
Tomasz Sterna
705a66af63
We do not want to have StandaloneVM and UtilityVM types.
2011-04-20 00:56:58 +02:00
Tomasz Sterna
611914da15
Disable unnecessary Upstart, Init and XDG Autostart serices. #209
...
Move unneded /etc/init/*.conf services to /etc/init/*.conf.disabled.
Start CUPS only in AppVM and UtilityVM.
Start XDG Autostart applications only in domains that makes sense for them.
2011-04-19 00:11:45 +02:00
Marek Marczykowski
d821bef43b
Create ~/.local/share dir, as gnote requires it.
2011-04-10 22:12:04 +02:00
Marek Marczykowski
e2b31f8298
Run nm-applet as normal user
...
Configuration for D-Bus policy and PolicyKit to allow this.
2011-04-07 14:11:00 +02:00
Marek Marczykowski
9ed7721fc4
Disable gpk-update-icon autostart
2011-04-07 12:40:19 +02:00
Marek Marczykowski
0cf1658c65
Revert password removal for root and user
...
It will require some additional work with ConsoleKit...
2011-04-07 12:39:10 +02:00
Marek Marczykowski
a4b724fdab
Remove passwords prompts for user and root ( #202 )
2011-04-06 23:04:42 +02:00
Joanna Rutkowska
44cfc0d2ef
Use different repo files depending on %{dist} tag ( #197 )
2011-04-06 13:59:43 +02:00
Joanna Rutkowska
21e0c9d3f7
commonvm: Update repo info, use local RPM keys
2011-04-04 11:27:48 +02:00
Joanna Rutkowska
7465a697a6
Add qvm-copy-to-vm2.gnome to core-appvm rpm
2011-03-31 13:35:36 +02:00
Joanna Rutkowska
b488ab0055
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-03-31 13:30:05 +02:00
Marek Marczykowski
267331bab6
Stop only NM on suspend. ( #146 )
...
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
2011-03-31 00:19:41 +02:00
Joanna Rutkowska
0eea01812c
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-30 17:37:49 +02:00
Rafal Wojtczuk
2be3267726
Implemented console qvm-copy-to-vm
...
It waits for the copy to finish, and is capable of killer
progress indicator.
2011-03-30 17:25:57 +02:00
Rafal Wojtczuk
0e7bd73d22
Renamed qvm-copy-to-vm2 to qvm-trigger-copy-to-vm
...
The new name describes the task of the script better.
2011-03-30 16:48:48 +02:00
Rafal Wojtczuk
1eee3cc505
core-appvm.spec: create /home/user/.gnome2/nautilus-scripts
...
And symlinks in it that will be visible in "scripts" context
menu of nautilus.
2011-03-30 12:37:47 +02:00
Joanna Rutkowska
994899e6af
Add BuildRequires: xen-devel
2011-03-29 11:02:29 +02:00
Rafal Wojtczuk
3ed985d220
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge
2011-03-28 17:28:24 +02:00
Tomasz Sterna
4b3d17c15a
Create needed NetworkManager.conf in netvm. #94
...
Also fixed qubes_fix_nm_conf.sh script.
2011-03-26 11:33:04 +01:00
Marek Marczykowski
6c2a6d4d4d
Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core
2011-03-24 16:43:13 -04:00
Rafal Wojtczuk
81257fff75
Removed obsolete code, in appvm.
2011-03-24 17:13:21 +01:00
Joanna Rutkowska
d472c82c18
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-24 11:51:43 +01:00
Rafal Wojtczuk
bf4b128fba
Create a separate package with libraries.
2011-03-24 11:39:44 +01:00
Joanna Rutkowska
6de5f11e41
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-24 10:17:15 +01:00
Rafal Wojtczuk
8da0ae3918
One more build order fix.
2011-03-24 10:03:39 +01:00
Rafal Wojtczuk
a45b9b4835
Enable build on non-appvm.
2011-03-23 17:47:35 +01:00
Joanna Rutkowska
452cb48b1f
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-23 17:15:15 +01:00
Rafal Wojtczuk
3cd2af60f5
Move libs and /var/run/qubes out of qubes-netvm
...
They are already in core-appvm package.
2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
6a5262be42
move qrexec_agent out of core-netvm.spec
...
It is already in core-appvm.
2011-03-23 11:46:53 +01:00
Rafal Wojtczuk
dfb499c025
Merge branch 'blockless' into spring-merge
...
Conflicts:
appvm/Makefile
appvm/qubes_core
netvm/qubes_core
rpm_spec/core-appvm.spec
rpm_spec/core-netvm.spec
2011-03-21 13:54:35 +01:00
Joanna Rutkowska
9b42f11084
Tag RPMs with dist info
2011-03-16 19:14:42 +01:00
Rafal Wojtczuk
d50a7063bf
Package qvm-copy-to-vm2*, too.
2011-03-16 16:47:32 +01:00
Marek Marczykowski
f25afe989c
Move xenstore-watch for VM from AppVM to common. Add to core-common.spec
2011-03-16 11:41:18 +01:00
Marek Marczykowski
00ff62767a
Do not try to disable 'reboot' service
2011-03-16 11:41:18 +01:00
Marek Marczykowski
809e1db247
Drop forced fedora version from requires
2011-03-16 11:41:18 +01:00
Marek Marczykowski
41367c5f39
Move xenstore-watch for VM from AppVM to common. Add to core-common.spec
2011-03-15 19:47:26 +01:00
Rafal Wojtczuk
31c7a7a1c9
Added qfile-unpacker and qfile-daemon
2011-03-15 16:43:43 +01:00
Rafal Wojtczuk
b459bcbca0
Package qfile-agent-dvm, too.
2011-03-15 16:19:42 +01:00
Rafal Wojtczuk
17fb4614e7
Added qfile-agent
2011-03-15 16:07:00 +01:00
Rafal Wojtczuk
c52d8b54d5
Added new qvm-open-in-dvm, aka qvm-open-in-dvm2
...
Small, childless bash script.
2011-03-14 11:25:18 +01:00
Marek Marczykowski
94209336ae
Register VM services also on update
2011-03-11 23:42:49 +01:00
Marek Marczykowski
a0a6bdf7d8
Add qubes_netwatcher to proxyvm spec
2011-03-11 23:33:15 +01:00
Marek Marczykowski
4c0849890c
NetVM, AppVM, ProxyVM from single template - VM side (missing files...)
2011-03-11 01:42:42 +01:00
Marek Marczykowski
c87b15ba2a
NetVM, AppVM, ProxyVM from single template - VM side
...
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it
Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Rafal Wojtczuk
7342404846
Added dvm_file_editor.
...
It works with qrexec - reads/writes data from stdin/stdout.
2011-03-10 16:50:40 +01:00
Marek Marczykowski
67b6217308
Add 30-qubes_external_ip to netvm.spec
2011-03-10 16:09:37 +01:00
Marek Marczykowski
382b90c543
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
...
Conflicts:
dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Rafal Wojtczuk
9f3fcc862a
Implemented mechanism to trigger predefined execution in dom0.
...
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
2011-03-10 15:41:31 +01:00
Tomasz Sterna
76bf222dd2
Added FirewallVM related VM scripts
2011-03-09 20:50:13 +01:00
Rafal Wojtczuk
06c0bd007c
Moved vchan and u2mfn code to core.
2011-03-08 12:24:47 +01:00
Marek Marczykowski
dc5b65c23d
Add BR to core-appvm.spec
2011-03-06 14:06:24 +01:00
Rafal Wojtczuk
f3428531a8
qrexec* tools, initial version
2011-03-04 16:32:58 +01:00
Joanna Rutkowska
60b0eb28e8
Merge branch 'ticket4' of git://qubes-os.org/rafal/core
2010-09-17 17:30:36 +02:00
Rafal Wojtczuk
2c23edd1ee
Require NetworkManager >= 0.8.1-1
...
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
2010-09-17 15:16:01 +02:00
Joanna Rutkowska
1328cce87e
core-appvm.spec: create 'user' user in %pre instead of in %post
...
... otherwsie rpm -i throws an error when trying to set permissions for
/home_volatile/user, as the user 'user' doesn't exist when the %files section
is being processed during rpm install (if this is a first install of the rpm).
2010-09-15 15:33:09 +02:00
Joanna Rutkowska
2a6356a6dd
Merge branch 'qmemman' of git://qubes-os.org/rafal/core
2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
f810fbb547
Tell Network Manager to keep hands off vif interfaces
...
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
23e11f5f6f
Switch to routed VM network (instead of bridging)
...
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
c0f47663c8
Unify dom0 and netvm sysconfig/iptables
...
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
7ff498c43b
qmemman: make meminfo-writer a C program
2010-09-03 16:23:09 +02:00
Rafal Wojtczuk
ea58a5e299
Memory management across VMs, first release
2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
a646ad46b1
Pathnames cleanup
...
Move internal scripts to /usr/lib/qubes plus a couple of similar.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
c518538f59
DVM: execute user script before save
...
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
1baf862455
add qvm-dvm.desktop to rpm files section
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
ea9f0f12f9
qvm-dvm.desktop entry
2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
0d05b0ffe9
core-appvm requires mimeopen now
2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
db8962f748
dvm: appvm side code
2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
0a11679afb
Quick VM restore support
2010-07-21 12:56:21 +02:00
Joanna Rutkowska
f8c4f5ddc5
netvm spec: do not create user in %post
...
We don't need user account in netvm, do we?
2010-06-18 01:54:38 +02:00
Joanna Rutkowska
c5803483b4
appvm spec: do not attempt to remove HWADDR from ifcfg-eth0
...
Again, this is important when installing on an image created using yum --instalroot, in which
case there will be no ifcfg file. Besides, seems like we don't need it anymore, do we?
2010-06-18 01:53:48 +02:00
Joanna Rutkowska
89d01e6b1b
appvm: create /home/user in core-appvm %post
...
This is needed when the template image is created using yum --installroot, rather
than regular installation process.
2010-06-18 01:52:01 +02:00
Joanna Rutkowska
39a0f5f7e7
appvm, netvm spec: be quite in %post
2010-06-18 01:50:43 +02:00
Joanna Rutkowska
f03fcef295
Require F13 in VM
2010-06-18 01:48:56 +02:00
Joanna Rutkowska
fc65789263
appvm,netvm spec: Fix [ -e fstab ] conditional in %pre
2010-06-18 01:48:18 +02:00
Joanna Rutkowska
0f07b7c7e1
Fix serial console on VM to work on F13 (REQUIRES F13)
2010-06-18 01:45:27 +02:00
Joanna Rutkowska
5b5de14bc0
Make dom0, appvm, netvm use different qubes.repo
2010-06-18 01:41:10 +02:00
Joanna Rutkowska
0fd30a3eac
Remove dom0-cleanup.spec
2010-06-15 12:21:24 +02:00
Joanna Rutkowska
ed4fbda53e
rpm specs: %post cleanup
...
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
2010-06-15 00:02:48 +02:00
Rafal Wojtczuk
68919b0d37
Install qubes_{setup_dnat_to_ns,nmhook} from common/
2010-05-31 13:17:04 +02:00
Rafal Wojtczuk
e9f3414ef6
Lock out root and user passwords; provide passwordless login on the serial console
2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
940cae99d6
Add qubes.repo to all qubes-core-* rpms.
2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
046802948f
Turn on IP forwarding in sysctl.conf
2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
952d2f1d8e
Get rid of dnsmasq in netvm.
...
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).
Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.
Restrict FORWARD.
2010-05-30 15:45:35 +02:00
Rafal Wojtczuk
e1efcf60b3
Allow user in VM to mount /dev/xvdi; so that we can do
...
...block-attach... something vfat-formatted...xvdi
in dom0.
2010-05-13 15:23:31 +02:00
Joanna Rutkowska
349a2d0c15
Initial public commit.
...
(c) 2010 Invisible Things Lab
Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00