Commit Graph

2743 Commits

Author SHA1 Message Date
Peter Gerber
a8b29c3fa6 passwordless-root: policykit: restrict access to group qubes
Without this restriction system users can start processes with
root privileges:

  $ sudo -u mail systemd-run --pipe -q id
  uid=0(root) gid=0(root) groups=0(root)
2020-09-13 14:16:07 +00:00
herypt
9271763a6f
Advertise apparmor support 2020-09-02 14:37:25 +02:00
Frédéric Pierret (fepitre)
562b871188
spec: don't build sysvinit for Fedora and CentOS 2020-08-28 13:48:18 +02:00
Artur Puzio
21864ab563
Skip IGD when unbinding device drivers on suspend 2020-08-25 17:08:38 +02:00
WillyPillow
e83408d601
qvm-template: Add qubes.Template{Search,Download} files to the package. 2020-08-25 11:11:24 +08:00
Frédéric Pierret (fepitre)
60ed2c0a1b
Workaround for gpg not resolving key servers used behing proxy
See QubesOS/qubes-issues#6013
2020-08-22 22:55:33 +02:00
Marek Marczykowski-Górecki
a695902d68
version 4.1.15 2020-08-07 03:52:18 +02:00
Marek Marczykowski-Górecki
0f3e1ae8af
Merge remote-tracking branch 'origin/pr/184'
* origin/pr/184:
  Add services for paranoid backup restore mode
  qfile-unpacker: add option (-w) to wait for disk space before extracting
  tar2qfile: fix argument parser
  qfile-unpacker: add option for custom user and target directory
2020-08-07 03:01:25 +02:00
Marek Marczykowski-Górecki
cb4f06d464
Merge remote-tracking branch 'origin/pr/239'
* origin/pr/239:
  xendriverdomain: remove placeholder for sbinpath
  Fix regex in qubes-fix-nm-conf.sh
  Update travis
  xendriverdomain: remove Requires and After proc-xen.mount
  Drop legacy xen entry in fstab
2020-08-06 05:32:45 +02:00
Marek Marczykowski-Górecki
629f836177
debian: fix version detection for python3?-nautilus dependency
On buster and stretch use python-nautilus, but /etc/debian_version
contains numeric version, not a codename.

Reported by @0spinboson
2020-08-06 05:30:37 +02:00
Marek Marczykowski-Górecki
497dd8d50d
Merge remote-tracking branch 'origin/pr/242'
* origin/pr/242:
  tinyproxy: support rsync for Gentoo
2020-08-06 05:23:13 +02:00
Frédéric Pierret (fepitre)
239ea3d04b
tinyproxy: support rsync for Gentoo 2020-08-04 12:24:09 +02:00
Ivan Kardykov
e5041783a5
Fix open path in qubes-open-file-manager.desktop
Looks like desktop entries doesn`t allow environment variables in Exec string.
qubes.StartApp+qubes-open-file-manager-dom0[1782]: gio: file:///home/user/$HOME: Error when getting information for file “/home/user/$HOME”: No such file or directory

switching to '.' resolve it.
2020-08-04 12:40:02 +03:00
Frédéric Pierret (fepitre)
b804cfb270
xendriverdomain: remove placeholder for sbinpath 2020-08-03 13:18:26 +02:00
Marek Marczykowski-Górecki
8066129445
Add services for paranoid backup restore mode
Add a pair of services:
1. qubes.RegisterBackupLocation - called by dom0, registers what backup
location (including both file and command options) can be accessed.
Registered location gets an ID returned to the caller. The location (and
its ID) is valid as long as the service call remains open.

2. qubes.RestoreById - called by restoring DispVM to retrieve the backup
content. The service expects location ID as an argument, and then list
of files/directories (separated with spaces) on the first line of stdin.
This is very similar to qubes.Restore service, with exception for the
archive location control.

QubesOS/qubes-issues#5310
2020-08-03 03:43:09 +02:00
Marek Marczykowski-Górecki
7c261f45da
qfile-unpacker: add option (-w) to wait for disk space before extracting
Add -w MARGIN option to always leave at least MARGIN bytes of free
space.

QubesOS/qubes-issues#4791
2020-08-03 03:25:37 +02:00
Marek Marczykowski-Górecki
13eef467bf
tar2qfile: fix argument parser
There is only one input, other arguments are files/directories to
extract. There is no need for a loop.
2020-08-03 03:25:36 +02:00
Marek Marczykowski-Górecki
cee32d4f90
qfile-unpacker: add option for custom user and target directory
QubesOS/qubes-issues#930
2020-08-03 03:25:36 +02:00
WillyPillow
b0edd5f209 qubes.Template*: Add --refresh option and allow DNF cache to be used. 2020-07-29 20:02:47 +08:00
WillyPillow
9bedf50786 qubes.Template*: Invoke curl with --silent. 2020-07-29 20:02:42 +08:00
WillyPillow
686d0d3c12 qubes.Template*: Change separator from : to | and include additional metadata. 2020-07-29 20:02:36 +08:00
Frédéric Pierret (fepitre)
91bce584a2
Fix regex in qubes-fix-nm-conf.sh 2020-07-28 16:02:34 +02:00
Frédéric Pierret (fepitre)
856e46c3fc
Update travis 2020-07-26 23:27:31 +02:00
Frédéric Pierret (fepitre)
8aea0d9aab
xendriverdomain: remove Requires and After proc-xen.mount 2020-07-26 23:26:00 +02:00
Marek Marczykowski-Górecki
d0b699c59f
Merge remote-tracking branch 'origin/pr/240'
* origin/pr/240:
  package-managers: handle Gentoo
2020-07-26 21:39:04 +02:00
Marek Marczykowski-Górecki
e067812d57
Merge remote-tracking branch 'origin/pr/238'
(Dropped debian/changelog change on merge)
2020-07-26 21:31:32 +02:00
Frédéric Pierret (fepitre)
76142139a0
package-managers: handle Gentoo 2020-07-26 14:31:05 +02:00
Frédéric Pierret (fepitre)
e660c4a05f
Drop legacy xen entry in fstab 2020-07-26 14:30:33 +02:00
Krzysztof Burghardt
a4e6d1c811
Fix dependencies for Ubuntu 20.04 LTS (Focal Fossa) 2020-07-20 23:12:35 +02:00
Marek Marczykowski-Górecki
5db43b9534
version 4.1.14 2020-07-16 13:37:17 +02:00
Frédéric Pierret (fepitre)
a6c5e6094c
update-proxy-configs: handle Portage(Gentoo) 2020-07-14 11:41:37 +02:00
WillyPillow
e91f2eb6f4
Fix shell quoting. 2020-07-04 01:11:53 +08:00
WillyPillow
1d65c5ee01
Remove repofrompath. 2020-07-04 01:10:24 +08:00
WillyPillow
d1f27749a9
New qrexec calls for interacting with template repos.
See <https://gist.github.com/WillyPillow/b8a643ddbd9235a97bc187e6e44b16e4> for details.
2020-07-03 02:22:04 +08:00
Marek Marczykowski-Górecki
940b0f3646
Do not use legacy distutils.spawn
The whole distutils module is a legacy thing in python3. Specifically,
most of it is not installed in Debian by default (there is only
distutils.version). Depending on python3-distutils is problematic, as
it's availability varies between Debian versions.

Instead of fighting with special cases in dependencies, replace the
whole thing with non-legacy shutil.which() (available since Python 3.3).
2020-07-02 02:56:13 +02:00
Marek Marczykowski-Górecki
39e07f93f8
version 4.1.13 2020-06-29 06:29:35 +02:00
Marek Marczykowski-Górecki
587ac3b3a1
dnf: update for DNF 4+ API
Correctly extract packages from transaction items:
 - old (pre DNF 4): iterate over item.installs()
 - new (DNF 4+): item.pkg

The old DNF is not supported anymore, so do not care about it.
2020-06-27 05:37:55 +02:00
Marek Marczykowski-Górecki
3f728df888
Revert "Fix updates notification on Fedora 29"
The https://bugzilla.redhat.com/1650446 is fixed for enough time already
(included in all supported distributions). The workaround for the bug
have two issues:
 - may download repository metadata again
 - ignores various settings, including proxy, which breaks it in
   TemplateVM

This reverts commit 8d7313b928.
2020-06-27 05:35:19 +02:00
Marek Marczykowski-Górecki
630d94f5b2
Merge remote-tracking branch 'origin/pr/233'
* origin/pr/233:
  fixed qubes.GetAppmenus ignoring some correct .desktop files
2020-06-20 15:21:24 +02:00
Frédéric Pierret (fepitre)
8c3d181266
debian: add 'rpm' as dependency
- clean Makefile
2020-06-19 19:15:52 +02:00
Frédéric Pierret (fepitre)
704930852c
Use DNF instead of YUM if exists 2020-06-19 17:14:08 +02:00
Marta Marczykowska-Górecka
6e724f76f0
fixed qubes.GetAppmenus ignoring some correct .desktop files
.desktop files can have spaces around '=' symbols; previously
GetAppmenus discarded such files.

references QubesOS/qubes-issues#5692
2020-06-03 18:27:34 +02:00
Marek Marczykowski-Górecki
464f8f6afe
Merge remote-tracking branch 'origin/pr/231'
* origin/pr/231:
  Fix missing dependency for managing Network-Manager in active user session

Fixes QubesOS/qubes-issues#5836
2020-05-27 04:01:31 +02:00
Marek Marczykowski-Górecki
905b745c6e
Merge remote-tracking branch 'origin/pr/230'
* origin/pr/230:
  debian: conditional python version dependencies
2020-05-27 03:59:46 +02:00
Frédéric Pierret (fepitre)
c12d9ce75c
Fix missing dependency for managing Network-Manager in active user session
QubesOS/qubes-issues#5836
2020-05-26 22:57:07 +02:00
Frédéric Pierret (fepitre)
74a97b7e6a
debian: conditional python version dependencies 2020-05-26 16:30:57 +02:00
Marek Marczykowski-Górecki
810fc59cac
version 4.1.12 2020-05-25 03:35:46 +02:00
Marta Marczykowska-Górecka
fee9626dc9
Added a qubes-open-file-manager.desktop file
To be used by GUI tools to provide a convenient 'open file manager' shortcut.

references QubesOS/qubes-issues#5170
2020-05-15 14:04:51 +02:00
Marek Marczykowski-Górecki
707d4cad8b
qubes.ShowInTerminal needs a graphical session running
This specifically fixes qvm-console-dispvm tool, which uses
qubes.ShowInTerminal to show the actual console. This service uses
xterm, so it needs X session running already.

Fixes QubesOS/qubes-issues#5805
2020-05-09 05:13:14 +02:00
Marek Marczykowski-Górecki
bb1a6eb62e
Merge remote-tracking branch 'origin/pr/228'
* origin/pr/228:
  Override PAM config for su in RPM package
  Use pam-configs to override Debian PAM config
  Lock root password in passwordless-root package
  Enable root autologin on serial console
2020-05-09 05:10:55 +02:00