Commit Graph

2135 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
d4c238c45e
Unload USB controllers drivers in USB VM before going to sleep
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.

Fixes QubesOS/qubes-issues#1565
2016-01-11 19:34:10 +01:00
Patrick Schleizer
f4d367a6a7
refactoring / code simplification
Thanks to @marmarek for the suggestion!
2016-01-08 00:36:26 +00:00
Patrick Schleizer
e9fca8fb9f
fixed broken file copy for files in multi level directories
Thanks to @marmarek for the report and help fixing!
2016-01-07 21:19:52 +00:00
Marek Marczykowski-Górecki
b36146961f
version 3.1.11 2016-01-07 05:52:36 +01:00
Marek Marczykowski-Górecki
0e062ff31e
Fix time sync service
It is expected to not output anything on stdout. Especially remote end
may be already terminated, so writing there would result in EPIPE.

Fixes QubesOS/qubes-issues#1592
2016-01-07 05:06:39 +01:00
Patrick Schleizer
184f49dbbd
also exit from bind-directories if file /var/run/qubes-service/qubes-dvm exists
Thanks to @marmarek for the suggestion!

https://github.com/QubesOS/qubes-issues/issues/1328#issuecomment-169483029
2016-01-06 23:08:33 +00:00
Patrick Schleizer
7e8649f8c7
use symlink_level_max rather than hardcoding 10; comment 2016-01-06 20:46:38 +00:00
Marek Marczykowski-Górecki
bd68fb973b
Merge remote-tracking branch 'origin/pr/59'
* origin/pr/59:
  archlinux: Added python{2,3} as dependency. Solved python22 bug.
2016-01-06 02:29:21 +01:00
Marek Marczykowski-Górecki
c4ff490844 dom0-updates: add a message explaining yum deprecated warning
Thanks @axon-qubes for the idea.

Fixes QubesOS/qubes-issues#1574
2016-01-04 02:13:21 +01:00
Marek Marczykowski-Górecki
89d5f8990f
version 3.1.10 2015-12-31 02:58:29 +01:00
Marek Marczykowski-Górecki
5a04fb34ed debian: add missing python-gtk2 dependency
qvm-mru-entry requires it.

Fixes QubesOS/qubes-issues#1567
2015-12-30 15:16:23 +01:00
Marek Marczykowski-Górecki
b9e51f9ab3 network: use more strict policy about incoming traffic
Do not allow ICMP from uplink VM (or the outside world). Also do not
send ICMP icmp-host-prohibited to the uplink.

Fixes QubesOS/qubes-issues#1346
2015-12-30 02:09:23 +01:00
noname
8ab866f827 archlinux: Added python{2,3} as dependency. Solved python22 bug. 2015-12-27 20:24:25 +01:00
Marek Marczykowski-Górecki
7835f4da2b
version 3.1.9 2015-12-26 14:24:03 +01:00
Marek Marczykowski-Górecki
c46c1e4d2c
dom0-updates: fix reporting when no updates are available
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.

Fixes QubesOS/qubes-issues#1475
2015-12-26 04:43:23 +01:00
Patrick Schleizer
eb00e40bab
run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh 2015-12-25 12:30:36 +00:00
Patrick Schleizer
5a87313ea6
renamed: bind-dirs -> bind-dirs.sh 2015-12-25 12:30:35 +00:00
Patrick Schleizer
8f2a80982b
renamed: misc/bind-dirs -> vm-systemd/bind-dirs 2015-12-25 12:30:35 +00:00
Patrick Schleizer
bd647a8047
work on bind-dirs
https://phabricator.whonix.org/T414
2015-12-25 12:30:35 +00:00
Patrick Schleizer
8a5fc5f7d1
work on bind-dirs
https://phabricator.whonix.org/T414
2015-12-25 12:30:34 +00:00
Patrick Schleizer
d55cba0a45
work on bind-dirs
https://phabricator.whonix.org/T414
2015-12-25 12:30:34 +00:00
Marek Marczykowski-Górecki
2478cb5c05
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529
2015-12-23 02:04:26 +01:00
Marek Marczykowski-Górecki
8f0a024f6d
dnf: drop shebang, it isn't standalone script
QubesOS/qubes-issues#1529
2015-12-21 13:12:51 +01:00
Marek Marczykowski-Górecki
ba5041579a
version 3.1.8 2015-12-20 03:12:39 +01:00
Marek Marczykowski-Górecki
4e3076f0b6
updates-proxy: restart on network configuration change to reload DNS
Apparently tinyproxy does not notice /etc/resolv.conf change, so need to
be kicked to reload it.

Fixes QubesOS/qubes-issues#1530
2015-12-19 18:44:32 +01:00
Marek Marczykowski-Górecki
e7d4830434
Merge remote-tracking branch 'origin/pr/57'
* origin/pr/57:
  archlinux: ensure systemctl reset preset correctly (need to be started twice)
2015-12-19 18:21:27 +01:00
Marek Marczykowski-Górecki
405c42658f
debian: add security-testing repository
Fixes QubesOS/qubes-issues#1522
2015-12-19 18:08:57 +01:00
Marek Marczykowski-Górecki
b179d62860
Merge remote-tracking branch 'qubesos/pr/7' 2015-12-17 23:12:51 +01:00
Rusty Bird
3238eab85f repo description: updates-testing -> security-testing 2015-12-17 15:54:42 +00:00
Olivier MEDOC
1c09b88fae archlinux: ensure systemctl reset preset correctly (need to be started twice) 2015-12-15 16:20:03 +01:00
Marek Marczykowski-Górecki
6bed3bee69
Merge remote-tracking branch 'origin/pr/55' 2015-12-11 15:13:56 +01:00
Marek Marczykowski-Górecki
62c12bd1c6
Merge remote-tracking branch 'origin/pr/56' 2015-12-11 15:11:23 +01:00
Olivier MEDOC
33aa1782ca archlinux: remove quotes when checking system locales (in case it has been user defined) 2015-12-08 15:32:30 +01:00
Olivier MEDOC
7d2bc0c6bb archlinux: fix invalid systemd path in make install directive 2015-12-08 15:31:59 +01:00
Marek Marczykowski-Górecki
169c389339
open-in-vm: Fix path to mimeinfo database
There was missing "/mime" in entry for user home.

QubesOS/qubes-issues#1490
2015-12-05 13:49:25 +01:00
Marek Marczykowski-Górecki
8064682e9e
version 3.1.7 2015-12-04 15:32:14 +01:00
Marek Marczykowski-Górecki
181c15f422
updates-proxy: explicitly block connection looping back to the proxy IP
Explicitly block something like "curl http://10.137.255.254:8082" and
return error page in this case. This error page is used in Whonix to
detect if the proxy is torrified. If not blocked, it may happen that
empty response is returned instead of error. See linked ticket for
details.

Fixes QubesOS/qubes-issues#1482
2015-12-04 14:57:07 +01:00
MB
9c68afe14c [network-proxy-setup] Permit !CONFIG_MODuLES
* Check whether sysctl is accessible
* Check whether a key which exists when CONFIG_MODULES=y is not accessible

If true, CONFIG_MODULES=n, so ignore modprobe failure.
If false, fail.
2015-11-29 00:00:00 +00:00
Marek Marczykowski-Górecki
5aa0f32c78
version 3.1.6 2015-11-29 00:34:34 +01:00
Marek Marczykowski-Górecki
a11897a1d0
Revert "network: use drop-ins for NetworkManager configuration (#1176)"
Apparently unmanaged devices are loaded only from main
NetworkManager.conf. Exactly the same line pasted (not typed!) to main
NetworkManager.conf works, but in
/etc/NetworkManager/conf.d/30-qubes.conf it doesn't.
BTW There was a typo in option name ("unmanaged_devices" instead of
"unmanaged-devices", but it wasn't the cause).

This reverts commit 6c4831339c.

QubesOS/qubes-issues#1176
2015-11-28 17:43:15 +01:00
Marek Marczykowski-Górecki
8482fbbd13
version 3.1.5 2015-11-28 14:48:34 +01:00
Marek Marczykowski-Górecki
5157d9822e
backup: Use 'type' instead of 'which' to prevent unnecessary dependency
This fixes using minimal-template based VMs to store/retrieve backup.
2015-11-27 12:31:33 +01:00
Marek Marczykowski-Górecki
c99dca37ce
debian: update build-depends for split qubes-utils package
QubesOS/qubes-issues#1416
2015-11-26 22:26:50 +01:00
Marek Marczykowski-Górecki
d4cf78652c
debian: reformat Build-Depends:
QubesOS/qubes-issues#1416
2015-11-26 21:10:23 +01:00
Marek Marczykowski-Górecki
808b3ab660
Package needrestart config only for Debian
On Fedora there is no such package.
2015-11-24 06:18:36 +01:00
Marek Marczykowski-Górecki
2c076f3915
Merge remote-tracking branch 'origin/pr/53'
* origin/pr/53:
  Have qubes-sysinit create /var/run/qubes VM type files.
2015-11-23 16:19:20 +01:00
Marek Marczykowski-Górecki
c603f32d23
Merge remote-tracking branch 'origin/pr/51'
* origin/pr/51:
  Prevent services from being accidentally restarted by `needrestart`.
2015-11-23 16:18:42 +01:00
Marek Marczykowski-Górecki
308e4857bc
Merge remote-tracking branch 'origin/pr/50'
* origin/pr/50:
  archlinux: enforce minimum versionning of qubes-utils
  rpm_spec: declare InstallUpdateGUI qrexec_service
  updates-proxy: remove remaining traces of proxy filtering file from Makefile
2015-11-23 16:18:26 +01:00
Patrick Schleizer
e323d3f4bd
Have qubes-sysinit create /var/run/qubes VM type files.
- /var/run/qubes/this-is-appvm
- /var/run/qubes/this-is-netvm
- /var/run/qubes/this-is-proxyvm
- /var/run/qubes/this-is-templatevm

This is useful for checking ConditionPathExists from within systemd units.

(Came up in https://phabricator.whonix.org/T432#7206.)
2015-11-22 21:55:51 +00:00
Patrick Schleizer
7dc99ee662
Prevent services from being accidentally restarted by needrestart.
Because those services do not yet support being restarted.

Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.

See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)

Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
2015-11-20 16:35:06 +01:00