Commit Graph

201 Commits

Author SHA1 Message Date
MB
3339df739d
Fall back to direct execution when dbus is not installed or running
I have been using this with a dbus-less Gentoo template since the original
change, and have tested recently on whonix-gw with dbus enabled and running.

(cherry picked from commit bf69335074b45157734b881cc14d54ea43e7902a)
2017-12-20 20:56:29 +01:00
Frédéric Pierret
c34a0a9e07
Fix UCA mistake and qvm-actions script 2017-12-12 22:12:48 +01:00
Frédéric Pierret
82656bb5df
Disable Thunar thumbnails 2017-11-18 13:19:41 +01:00
Frédéric Pierret
0fd109b8f1
Add support for Thunar Qubes VM tools 2017-11-18 13:19:40 +01:00
Nedyalko Andreev
5438e43ff6
Disable dnf plugins when downloading dom0 updates in sys-firewall
Since the qubes-download-dom0-updates script executes dnf with fakeroot, some dnf plugins like etckeeper break the update with "Permission denied" errors.
2017-10-28 06:34:51 +03:00
Marek Marczykowski-Górecki
5edd3b3f75
Merge branch 'fixes-20171019'
* fixes-20171019:
  debian: cleanup after splitting qubes-core-agent
  Fix removing temporary file after editing in (Disp)VM
  network: fix rules for network setup on new udev
  debian: disable timer-based apt-get
2017-10-19 16:51:12 +02:00
Marek Marczykowski-Górecki
128af0d191
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621
2017-10-19 15:03:06 +02:00
Marek Marczykowski-Górecki
d8a2b8c375
Add support for new root volume partition layout to qubes.ResizeDisk
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.

Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.

Fixes QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 19:53:48 +02:00
Nedyalko Andreev
fe15f1d96c
Simplify archlinux upgrade check 2017-10-06 15:01:57 +03:00
Nedyalko Andreev
a835b9b67d
Fix an incorrect grep usage in archlinux upgrade check 2017-10-04 18:16:17 +03:00
Tray Torrance
f28244ab47
Add archlinux support to upgrade checker
(cherry picked from commit 9d10ec617878b018274dd20800434b2d3d35add5)
2017-10-04 17:52:57 +03:00
Marek Marczykowski-Górecki
aad6fa6d19
Hint shellcheck where to look for sourced files, if in repository
This will ease running shellcheck from the repository.
2017-09-30 05:05:34 +02:00
Marek Marczykowski-Górecki
b42c1880b0
Few more shellcheck warnings fixes/ignores 2017-09-30 05:05:34 +02:00
Marek Marczykowski-Górecki
2ee73ecfe7
Fix shellcheck warnings in download-dom0-updates.sh 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
e95b6f8d03
Fix shellcheck warnings in block-snapshot script 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
d332a43f6a
centos: add package signing key, setup repository 2017-09-30 02:06:53 +02:00
Frédéric Pierret
cb2448f1ab
dnf-qubes-hooks: handle newer DNF >= 2.x 2017-09-24 12:33:30 +02:00
Marek Marczykowski-Górecki
49b70f037c
dom0-updates: do not modify yum.conf
Few reasons for this:
1. new templates use dnf to download packages, so yum.conf is unused
2. dom0 in Qubes 4.0 don't have this file at all (so sed fails here)
3. $OPTS already contains --setopt=reposdir=...

Fixes QubesOS/qubes-issues#2945
2017-09-03 15:35:58 +02:00
Marek Marczykowski-Górecki
24b363db31
grub: add console=tty0 to kernel cmdline
When there is only console=hvc0 (i.e. no output to emulated VGA) and
GRUB_TIMEOUT is set to 0, VM startup hangs. This may be very well some
race condition broken by either of console=tty0 or GRUB_TIMEOUT > 0, but
even in such a case, apply this as a workaround for now.
2017-07-05 12:52:43 +02:00
Marek Marczykowski-Górecki
2b9d49f960
Update grub configuration
This configuration isn't included twice - it's Debian post-installation
script of grub that copy settings to /etc/default/grub, which results in
parameters being duplicated. Leave it as is for now.

Add GRUB_TIMEOUT=0 for faster VM startup.

QubesOS/qubes-issues#2577
2017-06-21 07:04:26 +02:00
Marek Marczykowski-Górecki
f4be704ac0
Ship Qubes 4.0 repository definition and keys 2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
2a117548b6
Ship grub configuration
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.

QubesOS/qubes-issues#2577
2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
58d21f095f
Remove old vusb scripts
This is unused for a long time (since we've moved to USBIP).
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
7e608a8bb4
Remove DisposableVM savefile related files
In Qubes 4.0 we no longer use two-stage DisposableVM startup.
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
2b76373abc
Remove duplicated 'close' button from titlebar of gnome applications
Dom0 enforce decorations which already contain close button.

Thanks @dzklaim for the solution.
Fixes QubesOS/qubes-issues#2813
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
ce70887a57
Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00
Marek Marczykowski-Górecki
abf9a5aa43
Apply gschema overrides also to debian, rename according to guidelines
glib-compile-schemas recommend naming override files with nn_ prefix,
where nn is a number. Lets use 20, to allow both higher and lower
priority files.

QubesOS/qubes-issues#1108
2017-05-20 13:47:05 +02:00
Marek Marczykowski-Górecki
dc8047c3bb
dom0-updates: restructure the script to not update metadata twice
When `qubes-dom0-update --refresh` was called, the script checked
metadata twice - once to check updates availability, then to actually
download them. This two stage approach is needed only on Debian, when
--downloadonly option is not supported. Rearrange code accordingly.

Also, drop --doit option (ignore it), as the same (but more readable)
can be achieved with --check-only.
2017-05-20 03:49:13 +02:00
Andrew David Wong
cc7d3fc925
Update Xen bug count in sudoers comment
Closes QubesOS/qubes-issues#2480
2016-12-04 16:29:01 -08:00
Marek Marczykowski-Górecki
a9e7f91ca6
Fix detection of dom0 updates
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.

Fixes QubesOS/qubes-issues#2096
2016-12-04 22:37:17 +01:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Marek Marczykowski-Górecki
779414d216
Merge remote-tracking branch 'woju/master' into core3-devel
* woju/master:
  misc: add qvm-features-request
2016-08-17 21:28:37 +02:00
Marek Marczykowski-Górecki
76e12cae2d
Rename qubes.xdg python module to qubesxdg
Do not interfere with 'qubes' module.

QubesOS/qubes-issues#1813
2016-08-17 21:27:28 +02:00
Marek Marczykowski-Górecki
f4d53fb7e6
Include Qubes Master Key in the VM template
It is useful to verify other qubes-related keys.

Fixes QubesOS/qubes-issues#1614
2016-07-17 04:26:01 +02:00
Marek Marczykowski-Górecki
40d5f85b36
dom0-updates: fix cleaning downloaded packages 2016-07-15 11:27:35 +02:00
Marek Marczykowski-Górecki
6cf30bff29
Merge remote-tracking branch 'origin/pr/66'
* origin/pr/66:
  fixed qubes-core-agent upgrading double package manager lock

  Fixes QubesOS/qubes-issues#1889
2016-07-13 22:38:25 +02:00
Marek Marczykowski-Górecki
9aeecb91f3
dom0-updates: use dnf --best --allowerasing
Otherwise `dnf install` do not want to upgrade existing packages, or
upgrading other packages to satisfy dependencies.

Fixes QubesOS/qubes-issues#2100
2016-06-21 04:33:46 +02:00
Wojtek Porczyk
5261f936b2 misc: add qvm-features-request
This tool is used to request features from template.

QubesOS/qubes-issues#1637
2016-06-13 14:19:00 +02:00
Marek Marczykowski-Górecki
07c442f534
dom0-updates: use dnf when available
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).

This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.

Related to QubesOS/qubes-issues#1574
2016-06-01 05:10:18 +02:00
Marek Marczykowski-Górecki
7378ec326a
Update repository definitions for R3.2 2016-05-18 23:42:43 +02:00
Patrick Schleizer
cfb75f3cba
fixed qubes-core-agent upgrading double package manager lock
https://github.com/QubesOS/qubes-issues/issues/1889
2016-04-02 15:00:10 +00:00
Marek Marczykowski-Górecki
d4c238c45e
Unload USB controllers drivers in USB VM before going to sleep
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.

Fixes QubesOS/qubes-issues#1565
2016-01-11 19:34:10 +01:00
Marek Marczykowski-Górecki
c4ff490844 dom0-updates: add a message explaining yum deprecated warning
Thanks @axon-qubes for the idea.

Fixes QubesOS/qubes-issues#1574
2016-01-04 02:13:21 +01:00
Marek Marczykowski-Górecki
c46c1e4d2c
dom0-updates: fix reporting when no updates are available
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.

Fixes QubesOS/qubes-issues#1475
2015-12-26 04:43:23 +01:00
Marek Marczykowski-Górecki
2478cb5c05
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529
2015-12-23 02:04:26 +01:00
Marek Marczykowski-Górecki
8f0a024f6d
dnf: drop shebang, it isn't standalone script
QubesOS/qubes-issues#1529
2015-12-21 13:12:51 +01:00
Marek Marczykowski-Górecki
405c42658f
debian: add security-testing repository
Fixes QubesOS/qubes-issues#1522
2015-12-19 18:08:57 +01:00
Rusty Bird
3238eab85f repo description: updates-testing -> security-testing 2015-12-17 15:54:42 +00:00
Patrick Schleizer
7dc99ee662
Prevent services from being accidentally restarted by needrestart.
Because those services do not yet support being restarted.

Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.

See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)

Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
2015-11-20 16:35:06 +01:00