Commit Graph

2752 Commits

Author SHA1 Message Date
Amadeusz Piotr Żołnowski
dee84452aa
Move qubes-firewall from sbin to bin 2020-02-05 00:12:22 +00:00
Amadeusz Piotr Żołnowski
7a155ac077
Don't list /var/run/qubes in rpm files as it's dynamic dir 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
f5faa62876
Move qvm-console to core-admin-client repository 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
4de377bc3b
Split items in misc directory by topic 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
356c50035d
Remove dconfig-profile user as it is generated automatically
Arch, Deb package, RPM packages generate `/etc/dconf/profile/user`
rather than installing this one.
2020-02-04 23:59:08 +00:00
Amadeusz Piotr Żołnowski
ec7ae0bf40
Remove no longer needed xenstore-watch and close-window 2020-02-04 23:59:08 +00:00
unman
165def228d
Do not reference sudo group when removing package 2020-02-03 03:46:35 +00:00
Rusty Bird
686673e1fd
misc/qubes-run-gnome-terminal: slightly restrict pattern 2020-01-31 16:34:04 +00:00
Rusty Bird
9d9ef25b05
misc/qubes-run-gnome-terminal: avoid external utility (grep)
Shave off a few milliseconds.
2020-01-31 16:34:03 +00:00
Marek Marczykowski-Górecki
076275c154
version 4.1.8 2020-01-28 21:44:36 +01:00
Marek Marczykowski-Górecki
1e12b87086
Merge remote-tracking branch 'origin/pr/210'
* origin/pr/210:
  Add /etc/qubes/applications override, use it for gnome-terminal
  Add qubes-run-gnome-terminal utility that uses --wait
2020-01-28 21:44:23 +01:00
Marek Marczykowski-Górecki
1ae97ac2fc
travis: install also python xdg module 2020-01-28 04:22:12 +01:00
Marek Marczykowski-Górecki
44e041e271
travis: include PyGTK setup
Installing PyGTK requires actual GTK system package. The easiest way for
that is using system site-packages - and this means matching Python
version with the Travis environment (Ubuntu bionic).
2020-01-28 04:22:11 +01:00
Pawel Marczewski
3a6e77aa43
Add /etc/qubes/applications override, use it for gnome-terminal
Used by qubes.StartApp so that we can override distribution-provided
.desktop files. The mechanism is introduced to run gnome-terminal
with --wait option, so that it's compatible with DispVMs.

Fixes QubesOS/qubes-issues#2581.
2020-01-27 14:05:55 +01:00
Pawel Marczewski
943f37b481
Add qubes-run-gnome-terminal utility that uses --wait 2020-01-27 12:11:48 +01:00
Marek Marczykowski-Górecki
c7060bb97a
Merge remote-tracking branch 'origin/pr/209'
* origin/pr/209:
  firewall: drop INVALID state TCP packets
2020-01-27 05:37:28 +01:00
Marek Marczykowski-Górecki
142e220c7d
Merge remote-tracking branch 'origin/pr/208'
* origin/pr/208:
  Advertise qubes.VMExec support as a feature
  Install faster console scripts for Python code
  Add qubes.VMExec call, for running a single command
2020-01-27 05:36:02 +01:00
Pawel Marczewski
63d8065e4f
firewall: drop INVALID state TCP packets
Packets detected as INVALID are ignored by NAT, so if they are not
dropped, packets with internal source IPs can leak to the outside
network.

See:

https://bugzilla.netfilter.org/show_bug.cgi?id=693
http://www.smythies.com/~doug/network/iptables_notes/

Fixes QubesOS/qubes-issues#5596.
2020-01-24 19:01:00 +01:00
Pawel Marczewski
9db6e4e2cc
Advertise qubes.VMExec support as a feature 2020-01-24 18:45:17 +01:00
Pawel Marczewski
6fb58fdd9c
Install faster console scripts for Python code
Same as in qubes-core-admin.
2020-01-24 18:45:16 +01:00
Pawel Marczewski
738548a8e4
Add qubes.VMExec call, for running a single command
With a VMExecGUI variant that waits for a session.

See QubesOS/qubes-issues#4850.
2020-01-24 18:44:45 +01:00
Marek Marczykowski-Górecki
3c1de3b4f4
Merge remote-tracking branch 'origin/pr/207'
* origin/pr/207:
  qubes-run-terminal: use gnome-terminal --wait, if supported
2020-01-24 01:53:33 +01:00
Pawel Marczewski
6f4d6dc9bb
qubes-run-terminal: use gnome-terminal --wait, if supported
Fixes QubesOS/qubes-issues#4606.
2020-01-23 11:51:56 +01:00
Marek Marczykowski-Górecki
c997008e2f
version 4.1.7 2020-01-17 05:12:04 +01:00
AJ Jordan
52d1051137
Fix typo 2020-01-16 14:12:01 -05:00
Marek Marczykowski-Górecki
3adec4b952
Merge remote-tracking branch 'origin/pr/205'
* origin/pr/205:
  qubes-session-autostart: handle error when reading a directory
2020-01-16 04:25:00 +01:00
Marek Marczykowski-Górecki
d2087c5abf
Merge remote-tracking branch 'origin/pr/203'
* origin/pr/203:
  Added "QubesIncoming" shortcut to Nautilus
2020-01-16 04:24:07 +01:00
Marek Marczykowski-Górecki
f40c4ea9eb
Merge remote-tracking branch 'origin/pr/201'
* origin/pr/201:
  update_connected_ips: set iptables policy to drop while updating
  update_connected_ips: reload nftables using one command
  get_connected_ips: handle empty and missing keys, add tests
  update_connected_ips: correctly handle byte-string
  firewall: fix family / family_name
  qubes-firewall: correctly handle empty connected-ips list
  Update tests for anti-spoofing, add test for the method itself
  Update rule priorities for anti-spoofing
  Update firewall tests
  qubes-firewall: add anti-spoofing rules for connected machines
2020-01-16 04:22:03 +01:00
unman
af20dbc3db
Disable package caching in apt operations 2020-01-15 18:47:53 +00:00
Pawel Marczewski
22a309d154
qubes-session-autostart: handle error when reading a directory
Fixes QubesOS/qubes-issues#5043.
2020-01-15 11:20:21 +01:00
Frédéric Pierret (fepitre)
9d7a3f2cb9
qubes-sysinit: set GUI_OPTS in gui-agent-linux 2020-01-14 17:57:08 +01:00
Pawel Marczewski
e6eee9f4e0
update_connected_ips: set iptables policy to drop while updating 2020-01-14 11:46:23 +01:00
Pawel Marczewski
a12e72b89c
update_connected_ips: reload nftables using one command
Get rid of race condition between flushing the chains
and adding new rules.
2020-01-14 10:46:51 +01:00
Pawel Marczewski
4aace50313
get_connected_ips: handle empty and missing keys, add tests 2020-01-14 10:23:41 +01:00
Pawel Marczewski
e43fd2fc5a
update_connected_ips: correctly handle byte-string 2020-01-14 10:14:00 +01:00
Pawel Marczewski
39885a4329
firewall: fix family / family_name 2020-01-13 16:47:49 +01:00
Marta Marczykowska-Górecka
fd6e551ebe
Added "QubesIncoming" shortcut to Nautilus
A small script will add the QubesIncoming shortcut to Nautilus file pane
on the first use of qvm-copy to a given VM. The shortcut will not be recreated if
deleted.

fixes QubesOS/qubes-issues#2229
2020-01-13 16:45:41 +01:00
Pawel Marczewski
00fbb956b4
qubes-firewall: correctly handle empty connected-ips list 2020-01-13 14:43:05 +01:00
Frédéric Pierret (fepitre)
eac2e79483
travis: switch to dom0 Fedora 31
QubesOS/qubes-issues#5529
2020-01-11 11:38:27 +01:00
Pawel Marczewski
860a07166b
Update tests for anti-spoofing, add test for the method itself 2020-01-10 09:19:40 +01:00
Pawel Marczewski
cd19073d50
Update rule priorities for anti-spoofing 2020-01-10 09:19:32 +01:00
Pawel Marczewski
c1d8d7bce1
Update firewall tests 2020-01-09 18:42:14 +01:00
Pawel Marczewski
bfe31cfec8
qubes-firewall: add anti-spoofing rules for connected machines
qubes-firewall will now blacklist IP addresses from all connected
machines on non-vif* interfaces. This prevents spoofing source or
target address on packets going over an upstream link, even if
a VM in question is powered off at the moment.

Depends on QubesOS/qubes-core-admin#303 which makes admin maintain
the list of IPs in qubesdb.

Fixes QubesOS/qubes-issues#5540.
2020-01-09 18:25:08 +01:00
Marek Marczykowski-Górecki
cc68f165bc
Merge remote-tracking branch 'origin/pr/199'
* origin/pr/199:
  qubes.GetAppmenus: handle home directory properly in case of sudo
  Silence shellcheck
  GetAppmenus: ensure right app directories
2020-01-09 01:38:12 +01:00
Pawel Marczewski
418a5ec6e3
qubes.GetAppmenus: handle home directory properly in case of sudo 2020-01-08 17:05:32 +01:00
Pawel Marczewski
2df17a4790
Silence shellcheck
See https://github.com/koalaman/shellcheck/wiki/SC1090
2020-01-08 10:29:36 +01:00
Marek Marczykowski-Górecki
cf2c91bc79
Merge remote-tracking branch 'origin/pr/200'
* origin/pr/200:
  Make the file copy operation respect default_user
2020-01-08 02:21:59 +01:00
Pawel Marczewski
e78edba725
Make the file copy operation respect default_user
Previously, both file path and username were hardcoded.

Fixes QubesOS/qubes-issues#5385.
2020-01-07 16:54:19 +01:00
Pawel Marczewski
552b6de862
GetAppmenus: ensure right app directories
The script depends on XDG_DATA_DIRS environment variable
being set up correctly, which is not the case when it is
running under sudo. As a result, a post-install trigger
for apt could remove application entries from other sources
(Snap, Flatpak).

Fixes QubesOS/qubes-issues#5477.
2020-01-07 15:45:05 +01:00
Pawel Marczewski
03621e5792
StartApp: remove workaround for .desktop suffix
The workaround is no longer necessary, and it breaks when
the app name itself contains .desktop (such as org.telegram.desktop).

Fixes QubesOS/qubes-issues#5408.
2020-01-07 13:06:57 +01:00