Few reasons for this:
1. new templates use dnf to download packages, so yum.conf is unused
2. dom0 in Qubes 4.0 don't have this file at all (so sed fails here)
3. $OPTS already contains --setopt=reposdir=...
FixesQubesOS/qubes-issues#2945
When there is only console=hvc0 (i.e. no output to emulated VGA) and
GRUB_TIMEOUT is set to 0, VM startup hangs. This may be very well some
race condition broken by either of console=tty0 or GRUB_TIMEOUT > 0, but
even in such a case, apply this as a workaround for now.
This configuration isn't included twice - it's Debian post-installation
script of grub that copy settings to /etc/default/grub, which results in
parameters being duplicated. Leave it as is for now.
Add GRUB_TIMEOUT=0 for faster VM startup.
QubesOS/qubes-issues#2577
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.
QubesOS/qubes-issues#2577
glib-compile-schemas recommend naming override files with nn_ prefix,
where nn is a number. Lets use 20, to allow both higher and lower
priority files.
QubesOS/qubes-issues#1108
When `qubes-dom0-update --refresh` was called, the script checked
metadata twice - once to check updates availability, then to actually
download them. This two stage approach is needed only on Debian, when
--downloadonly option is not supported. Rearrange code accordingly.
Also, drop --doit option (ignore it), as the same (but more readable)
can be achieved with --check-only.
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.
FixesQubesOS/qubes-issues#2096
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).
This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.
Related to QubesOS/qubes-issues#1574
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.
FixesQubesOS/qubes-issues#1565
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.
FixesQubesOS/qubes-issues#1475
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.
FixesQubesOS/qubes-issues#1529
Because those services do not yet support being restarted.
Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.
See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)
Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared.
No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.)
No longer clear upgrade notification in QVMM on arbitrary package installation.
Check if upgrades have been actually installed before clearing the notifications.
https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.
QubesOS/qubes-issues#1282
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.
QubesOS/qubes-issues#1282
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.
QubesOS/qubes-issues#1354
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).
Do not set it for unstable repository, as it isn't critical one.
FixesQubesOS/qubes-issues#1387
Some of the reasons:
- dnf doesn't support --downloaddir option
- dnf doesn't support `copy_local` repo option (used in automated tests
only)
- dnf is horribly slow, especially without cache fetched
(https://bugzilla.redhat.com/show_bug.cgi?id=1227014)
This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.
QubesOS/qubes-issues#1282
Initial size of those tmpfs-mounted directories is calculated as 50% of
RAM at VM startup time. Which happen to be quite small number, like
150M. Having such small /tmp and/or /dev/shm apparently isn't enough for
some applications like Google chrome. So set the size statically at 1GB,
which would be the case for baremetal system with 2GB of RAM.
FixesQubesOS/qubes-issues#1003
* origin/pr/31:
Fixed /etc/pam.d/su.qubes. (Moved line 'auth sufficient pam_permit.so' up. May not be low '@include' lines.)
- Prevent 'su -' from asking for password in Debian [based] templates. Thanks to @unman and @marmarek for suggesting the fix! Fixes https://github.com/QubesOS/qubes-issues/issues/1128. - Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.
Conflicts:
debian/control
Thanks to @unman and @marmarek for suggesting the fix!
Fixes https://github.com/QubesOS/qubes-issues/issues/1128.
- Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.
Gio.DesktopAppInfo.get_boolean was introduced in glib 2.36. Instead of
crashing simply do not support DBusActivatable there. There is no such
application in default Debian wheezy template anyway.
Usage of _static_ files (dropins) to override some of autostart entries
(enable/disable them in appropriate VM types) is much simpler and less
error prone than automatic generators.
Handling code is implemented in qubes-session-autostart, which is called
from qubes-session.
qubesos/qubes-issues#1151
qubes-desktop-file-install is called by qubes-triggers-desktop-file-install. It's
arguments are based on the Gnome desktop-install-file utility to allow it to be replaced
by same. Currently the Gnome utility can not be used since it automatically validates
the .desktop entry files with no option to skip validation and will fail on some third
party .desktop files that are not formed properly.
A single trigger script is shared between Fedora, Debian. This script is used by the
package managers triggers and will copy original .desktop files from `/etc/xdg/autostart`
to `/usr/share/qubes/xdg/autostart` and modify the OnlyShownIn / NotShownIn, etc. The
original .desktop files are left untouched and left in place.
Qubes modifies the XDG_CONFIG_DIRS to first include the `/usr/share/qubes/xdg`
directory (XDG_CONFIG_DIRS=/usr/share/qubes/xdg:/etc/xdg).
If a package gets removed, it's desktop entry is also removed from the /usr/share/qubes/xdg
directory.
'qubes-desktop-file-install' options:
--dir DIR Install desktop files to the DIR directory (default: <FILE>)
--force Force overwrite of existing desktop files (default: False)
--remove-show-in Remove the "OnlyShowIn" and "NotShowIn" entries from the desktop file (default: False)
--remove-key KEY Remove the KEY key from the desktop files, if present
--set-key (KEY VALUE) Set the KEY key to VALUE
--remove-only-show-in ENVIRONMENT Remove ENVIRONMENT from the list of desktop environment where the desktop files should be displayed
--add-only-show-in ENVIRONMENT Add ENVIRONMENT to the list of desktop environment where the desktop files should be displayed
--remove-not-show-in ENVIRONMENT Remove ENVIRONMENT from the list of desktop environment where the desktop files should not be displayed
--add-not-show-in ENVIRONMENT Add ENVIRONMENT to the list of desktop environment where the desktop files should not be displayed
Restore support for older yum: no --downloadonly option, so use
yumdownloader.
Also add some a code to handle some Debian quirks - especially default
rpmdb location in user home...
Apparently it doesn't help much with DispVM startup time, but causes a
lot of problems when such app do not close in time (either can be killed
forcibly and will complain about it at next run, or will spontaneously
show itself when DispVM is started).
Instead of directly using Exec= line, parse the file (at the launch
time) with Gio library. The main reason for this change is to handle
Terminal= option, but generally this approach should be more
bulletproof, especially when some fancy options are present in desktop
files.
It looks to be related to this report:
https://bugzilla.redhat.com/show_bug.cgi?id=1088619
Workaround idea was from comment 37.
The hanging process in Qubes VM is most likely dconf-service, but there
is a lot of possible causes. To start with a non-standard method of
accessing the X session (no real login manager, processes started by
qrexec-agent). So instead of wasting a lot of time on digging through
gnome services, simply shorten the stop timeout - the processes would be
killed anyway.
This better handles dependencies (especially of "Obsolete:" type).
Unfortunately yum install/upgrade checks if running as root. Because we
are only downloading packages, using local "system root" (--installroot
option) no real root access is requires, so use fakeroot to mute yum
error.
MIME-info database contains multiple entries for *.png, namely image/png
and image/x-apple-ios-png. The later one doesn't have associated handler
program, but this one is selected by mimeopen tool.
Not sure how this tool should behave in case of multiple matches (IOW is
it a bug in File::MimeInfo perl module used by mimeopen). Instead of
switching to different tool, which probably will break other files
(check #423), add override for this particular file type.
Get rid of underscores in filenames, use dashes instead.
This is first part of cleanup in filenames.
"qubes_rpc" still untouched - will be in separate commit.
This, in conjunction with support in xen-blkfront/back, shrinks private.img in
dom0 with every removed file in VM. So no longer manual cleaning unused space
with some dd + cp trickery.
No more ugly symlink creation at VM startup, nautilus-actions have system-wide
dir (in opposite to nautilus-scripts).
Currently old symlinks are not cleaned up. Maybe it should, but leaving them
have one advantage: will not break existing users behavior.
Get rid of ugly embedding username into commandline. This will make much easier
avoid hardcoding username in dom0 code.
Currently dom0 is free of hardcoded "user" username ("root" still is used).
When /rw/home/user/.qubes-dispvm-customized is present use /rw/home/user
instead of default /etc/dispvm-dotfiles.tbz. Also make sure that /rw will not
remain mounted during DispVM creation.
