Commit Graph

269 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
8306013cbf
network: enable MAC randomization for wifi connections by default
We do have NetworkManager new enough to handle this feature already.
Enable both scan MAC address randomization, and also connection mac
address randomization. The later do in a "stable" way - preserving the
same MAC _for a connection_, until reboot. This is a safe tradeoff
between full random, which breaks some captive portals. The stable MAC
is generated separate for each connection, so it also prevents
correlation of the same machine between different networks.

Do not enable it for wired connections, as those are less often used at
random untrusted localizations, but also more often it's desired to
get the same IP address each time (having random MAC would make it much
harder).

QubesOS/qubes-issues#938
2021-03-27 18:10:05 +01:00
Marek Marczykowski-Górecki
30f6c496bc
Remove haveged service override
It was needed for Debian stretch only.
2021-02-10 22:31:10 +01:00
Marek Marczykowski-Górecki
7f15690e43
Add a service to enable swap early - before fsck of the root filesystem
fsck may require significant amount of RAM, enable swap earlier to avoid
out of memory condition. Implement this as a separate service unit, not
a swap unit, because the latter requires udev running (implicit
dependency on dev-xvdc1.device) which is not the case before remounting
root filesystem read-write.

QubesOS/qubes-issues#6174
2020-11-03 05:18:57 +01:00
Marek Marczykowski-Górecki
87135138ac
Revert "rpm: do not build qubes-core-agent-sysvinit package"
This reverts commit 408bccdd5c.
2020-09-17 02:47:51 +02:00
Marek Marczykowski-Górecki
408bccdd5c
rpm: do not build qubes-core-agent-sysvinit package
Since no currently supported distribution needs it, skip the build by
default. If necessary, can be enabled by adjusting %with_sysvinit macro
in the spec.
2020-09-16 16:14:02 +02:00
Frédéric Pierret (fepitre)
8aea0d9aab
xendriverdomain: remove Requires and After proc-xen.mount 2020-07-26 23:26:00 +02:00
Frédéric Pierret (fepitre)
8c3d181266
debian: add 'rpm' as dependency
- clean Makefile
2020-06-19 19:15:52 +02:00
Paweł Marczewski
212df1d586
Enable root autologin on serial console
See QubesOS/qubes-issues#5799.

Use an option to agetty:
  https://wiki.archlinux.org/index.php/Getty#Automatic_login_to_virtual_console

The --login-pause causes agetty to wait for Enter key. This is
important, because otherwise the root session prevents systemd from
shutting down, and probably causes other side effect.
2020-05-06 17:56:55 +02:00
Amadeusz Piotr Żołnowski
dee84452aa
Move qubes-firewall from sbin to bin 2020-02-05 00:12:22 +00:00
Amadeusz Piotr Żołnowski
4de377bc3b
Split items in misc directory by topic 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
ec7ae0bf40
Remove no longer needed xenstore-watch and close-window 2020-02-04 23:59:08 +00:00
Pawel Marczewski
3a6e77aa43
Add /etc/qubes/applications override, use it for gnome-terminal
Used by qubes.StartApp so that we can override distribution-provided
.desktop files. The mechanism is introduced to run gnome-terminal
with --wait option, so that it's compatible with DispVMs.

Fixes QubesOS/qubes-issues#2581.
2020-01-27 14:05:55 +01:00
Pawel Marczewski
943f37b481
Add qubes-run-gnome-terminal utility that uses --wait 2020-01-27 12:11:48 +01:00
Marek Marczykowski-Górecki
e43e262b2d
Merge remote-tracking branch 'origin/pr/188'
* origin/pr/188:
  Use built-in rules in qubes-rpc makefile
  Ignore build result: tar2qfile
  Remove no longer needed xorg-preload-apps.conf
  Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
2019-10-21 00:45:47 +02:00
Amadeusz Piotr Żołnowski
6b0179c107
Remove no longer needed xorg-preload-apps.conf 2019-10-20 09:12:07 +01:00
Amadeusz Piotr Żołnowski
3152c609a9
Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
qubes-rpc has its own Makefile that's responsible for building some
executables. The root Makefile was installing qubes-rpc files. To make
qubes-rpc a bit more indepdent from core-agent root Makefile and to ease
potential maintainer work on packaging qubes-rpc separately, the
installation has been moved to qubes-rpc Makefile. Moreover that should
make the Makefiles easier to read and maintain.
2019-10-20 09:12:07 +01:00
Marek Marczykowski-Górecki
3c47a7890f
Merge branch 'fc31'
* fc31:
  rpm: switch deps to python3-setuptools on CentOS too
  debian: switch to python3
  Use spaces in xdg-icon script
  Convert other scripts to python3
  Convert qubesagent module to python3
  Minor codestyle fix in qubesadmin/firewall.py
  Require python setuptools
  Update python2 dependencies to python3 and clean deprecated requirements
2019-10-06 07:00:10 +02:00
Marek Marczykowski-Górecki
a899adb69e
Convert qubesagent module to python3
This and all files using it.

QubesOS/qubes-issues#5297
2019-09-19 04:57:55 +02:00
Marta Marczykowska-Górecka
dffe0b2f1a
Make qvm-copy/move[-to-vm] one script
Instead of two scripts calling one another, now it's
only one script, with added variable names inside for clarity.
Also hopefully finally fixes the help messages for good.

fixes QubesOS/qubes-issues#4058
2019-09-09 22:03:48 +02:00
Marek Marczykowski-Górecki
b3d3c2c98c
Disable boot.automount which is created by systemd automatically
systemd-gpt-auto-generator creates boot.automount for existing ESP
partition. But Qubes templates have only placeholder ESP there, with no
even filesystem created. Disable it with drop-in file, until it will
become used.

Fixes QubesOS/qubes-issues#5261
2019-08-20 16:37:23 +02:00
Frédéric Pierret (fepitre)
3c1381c29b
Add qvm-connect-tool to ease creating ad-hoc connections 2019-08-08 15:48:44 +02:00
Frédéric Pierret (fepitre)
e27296da3c
Allow creating TCP sockets between qubes
QubesOS/qubes-issues#2148
2019-08-08 15:48:37 +02:00
Frédéric Pierret (fepitre)
865948db88
yum-plugin-hooks: package only for CentOS 7 2019-08-07 12:07:45 +02:00
Marek Marczykowski-Górecki
08a853b960
Merge branch 'remove-qrexec'
* remove-qrexec:
  travis: update for R4.1
  Remove qrexec-agent related files
2019-06-06 23:20:11 +02:00
Frédéric Pierret (fepitre)
2b2752f936
Rename and fix from Marek's comments 2019-05-07 15:01:34 +02:00
Frédéric Pierret (fepitre)
4324dc1564
Add admin.vm.TerminalDispVM qubes-rpc 2019-05-05 17:59:44 +02:00
Frédéric Pierret (fepitre)
71989cf72d
Rename qvm-showterminal to qvm-terminal and add print_usage 2019-04-30 17:23:25 +02:00
Frédéric Pierret (fepitre)
95e2d11e61
Add qvm-showterminal 2019-04-30 11:42:38 +02:00
Frédéric Pierret (fepitre)
0fd8da62b6
Handle tinyproxy path changed in upstream
Related commit 8d0ea71486
Fixes QubesOS/qubes-issues#4973 and QubesOS/qubes-issues#4929
2019-04-16 11:41:44 +02:00
Marek Marczykowski-Górecki
20285bc6c2
Remove qrexec-agent related files
Move it to the core-qrexec repository.

QubesOS/qubes-issues#4955
2019-04-08 18:22:38 +02:00
Marek Marczykowski-Górecki
75dd034ceb
Add qubes version to marker-vm file
QubesOS/qubes-issues#1963
2019-02-11 19:28:35 +01:00
Marek Marczykowski-Górecki
d4fa357faa
Introduce /usr/share/qubes/marker-vm
Make it easy for packages to detect Qubes VM.

Fixes QubesOS/qubes-issues#1963
2019-01-18 23:21:18 +01:00
Marek Marczykowski-Górecki
e29a678c5d
Fix qubes-run-terminal.desktop permissions
Should be 644, not 755

Fixes QubesOS/qubes-issues#4329
2018-09-28 18:51:57 +02:00
Marek Marczykowski-Górecki
8c22b3dc39
Slightly simplify @DIST@ substitution in repository definition 2018-09-02 07:35:20 +02:00
fepitre
5cb6cc8ebc
Handle CentOS vm repo 2018-09-01 15:49:11 +02:00
Rusty Bird
ff77c78ecc
Unify qvm-{copy,move}-to-vm.{gnome,kde} and fix some bugs
- Symlink the other three tools to qvm-copy-to-vm.gnome, use the same
  code where possible, and select differing behavior based on invoked
  name (like the CLI tools). This brings qvm-move-to-vm.kde up to date
  for R4.0 (bugfix on 89183e9).

- Get rid of a window focus race between zenity/kdialog and the
  qubes.Filecopy dom0 permission dialog: Only launch the GUI after the
  first line has been read from qfile-agent.

- Avoid visual glitches (e.g. for a non-existing file) by special-casing
  a no-op progress function for $SIZE == 0.

- Pass -- separator between 'rm -rf' and the files to be removed, in
  case someone or something ever invokes the tool on relative file names
  starting with a dash.

- Pass -b (implies --apparent-size) and -s to du, to simplify percentage
  calculation and to avoid unnecessary output.
2018-07-25 12:44:53 +00:00
Marek Marczykowski-Górecki
ad15312599
Fix make clean
Remove also .coverage file.
2018-05-02 04:48:51 +02:00
Marek Marczykowski-Górecki
23250f84b2
Create /etc/dconf/profile/user dynamically, if not present
The /etc/dconf/profile/user file in some distributions is part of dconf
package, in some not. There are even cases where it changes between
package versions (Fedora 27 don't have it, but Fedora 28 do).
Also, base Debian Stretch don't have it, but Kali Linux based on it do.

To avoid overly complex dependency handling, create the file dynamically
on package installation if it's missing in that particular case. The
file content is canonical:

    user-db:user
    system-db:local

Fixes QubesOS/qubes-issues#3834
2018-05-02 02:57:37 +02:00
Marek Marczykowski-Górecki
d25ecb4e40
Fix packaging: 'user' group, BACKEND_VMM var
- BACKEND_VMM may not be available as env variable (mock build), provide
it explicitly
- 'user' group may not exists at package build time, set it at package
installation
2018-05-01 17:34:52 +02:00
Marek Marczykowski-Górecki
c29cc4c270
centos: exclude only dconf user profile, keep dpi config 2018-05-01 15:17:39 +02:00
Marek Marczykowski-Górecki
c278d56bea
Update gitignore and make clean target
Debian build require clean sources (make clean must return the sources
to the state from before build).
2018-04-20 16:27:26 +02:00
Marek Marczykowski-Górecki
a33c7e10ba
Merge remote-tracking branch 'qubesos/pr/105'
* qubesos/pr/105:
  Add misc/qubes-run-terminal to launch any available terminal emulator
2018-04-06 02:06:16 +02:00
Marek Marczykowski-Górecki
15c740d95e
Fix shell calls in Makefile 2018-04-02 23:19:01 +02:00
Marek Marczykowski-Górecki
4a7c668549
Move 'qubesxdg' into qubesagent python package
Since we have proper python package, use it instead of hacky one-file
package. This will ease installation and packaging, including switching
to python3.
2018-04-02 23:19:01 +02:00
Davíð Steinn Geirsson
d6d8d25345
Add misc/qubes-run-terminal to launch any available terminal emulator 2018-03-28 13:23:35 +00:00
unman
aa95ccc48f
Add missing services in Ubuntu templates. 2018-03-19 17:32:10 +00:00
Marek Marczykowski-Górecki
ddbd24a815
Merge remote-tracking branch 'qubesos/pr/97'
* qubesos/pr/97:
  centos: fix conflict with dconf
2018-02-22 21:32:49 +01:00
Frédéric Pierret
39cb5888f8
centos: fix conflict with dconf 2018-02-21 19:12:57 +01:00
Marek Marczykowski-Górecki
f38e204aa7
Drop Fedora < 22 support
yum actions no longer relevant
2018-02-13 17:04:59 +01:00
Marek Marczykowski-Górecki
c142e20baa
Do not sync VM time with clockvm if it's set to network time sync
When VM is set to synchronize the time with the network, to not sync its
time with clockvm.
Besides not having sense, in default configuration it will lead to
loopback qrexec connection (sys-net -> sys-net), which will hang.

QubesOS/qubes-issues#3333
2018-02-13 04:23:08 +01:00