Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
703 Commits 1 Branch 0 Tags 6.4 MiB
574393410a
Commit Graph

157 Commits

Author SHA1 Message Date
Marek Marczykowski
f9c1c7e986 Revert "vm/spec: disable pam_systemd globally (#607)" (#626) 
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
 2012-07-16 12:49:41 +02:00
Marek Marczykowski
294e3c6369 vm: implement qubes.GetAppmenus to reduce code duplication 
As one-liner services are now real one-line, just do it.
 2012-07-15 02:26:09 +02:00
Marek Marczykowski
38bc4c6c7c vm: simplify qubes.VMShell service 
Now additional wrapper not required to skip cmdline argument
 2012-07-15 02:04:17 +02:00
Marek Marczykowski
5292944a73 vm: export SuspendPre and SuspendPost qrexec services (#617) 
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
 2012-07-13 14:40:52 +02:00
Marek Marczykowski
f26f6ba754 vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:21:44 +02:00
Marek Marczykowski
c05a3f0093 vm/systemd: disable additional useless services (#620) 
Most of them relay on direct network acces, which isn't true on Qubes.
 2012-07-12 03:54:41 +02:00
Marek Marczykowski
4f3f427e10 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:54:41 +02:00
Marek Marczykowski
accf5663ed vm/spec: disable pam_systemd only in trigger 
The %post part is unnecessary.
 2012-07-09 15:52:42 +02:00
Marek Marczykowski
f7a6645237 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:33:22 +02:00
Marek Marczykowski
9a5370dc85 vm/spec: disable pam_systemd globally (#607) 
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
 2012-07-05 01:31:32 +02:00
Marek Marczykowski
7d450b34d0 vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:36:22 +02:00
Marek Marczykowski
8877438c40 vm/spec: fix error messages 2012-06-26 03:31:28 +02:00
Marek Marczykowski
ed49fc9ce4 vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:30:06 +02:00
Marek Marczykowski
ffb8b0a09a vm: RPC service for NTP time sync (#603) 2012-06-22 22:22:57 +02:00
Marek Marczykowski
b4561e4453 vm: enable yum-qubes-hooks plugin (#592) 2012-06-08 00:34:11 +02:00
Marek Marczykowski
43416870fb vm/spec: create firmware symlink only when needed 
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
 2012-06-06 03:02:58 +02:00
Marek Marczykowski
48a08ab2f0 vm/spec: depend on ethtool _package_ 2012-06-06 03:02:58 +02:00
Marek Marczykowski
a1bebcd10d vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 19:28:59 +02:00
Marek Marczykowski
77e38afcd9 makefile: rename vchan Makefile to not conflict with windows build 2012-06-02 12:32:49 +02:00
Marek Marczykowski
4365b7b270 vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568) 
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
 2012-05-31 03:05:13 +02:00
Marek Marczykowski
81806796ca vm: qubes-yum-proxy service (#568) 
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
 2012-05-31 03:04:11 +02:00
Marek Marczykowski
181426c19d vm/spec: remove executable perm where not needed 2012-05-31 02:21:15 +02:00
Marek Marczykowski
651f202213 vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:45:00 +02:00
Marek Marczykowski
155467b65e vm: notify dom0 when updates available in VM (#475) 2012-05-01 01:14:04 +02:00
Marek Marczykowski
4401c3e525 vm/init.d: make firewall and netwatcher service consistent with systemd 2012-03-09 01:50:18 +01:00
Marek Marczykowski
c3ee25ef10 vm/mimeopen: save mimetype defaults for DispVM (#423) 2012-02-06 19:08:08 +01:00
Marek Marczykowski
431e350ffe vm/spec: fix file permissions 2012-02-06 12:58:02 +01:00
Marek Marczykowski
f3e187f672 vm/spec: do not complain about missing serial.conf 2012-01-30 14:22:35 +01:00
Marek Marczykowski
85e6704037 vm/network: symlink NetworkManager system-connection to /rw (#425) 
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
 2012-01-30 14:20:02 +01:00
Marek Marczykowski
5ec2c4c4bb vm/spec: hide diagnostics from systemctl 2012-01-18 17:24:04 +01:00
Marek Marczykowski
1a71d29cd4 vm: enable qubes-firewall (#424) 2012-01-18 13:37:31 +01:00
Marek Marczykowski
0e1278205c spec: fix build order 2012-01-15 17:36:22 +01:00
Marek Marczykowski
33f50950ec vm/systemd: enable ntpd and NetworkManager services 2012-01-14 01:40:54 +01:00
Marek Marczykowski
4a73aa5da6 vm/systemd: add some package requirements according to Fedora documentation 2012-01-14 01:40:10 +01:00
Marek Marczykowski
9129f74603 vm: disable some autostart applications 2012-01-14 01:39:43 +01:00
Marek Marczykowski
d3e1bf36bf vm: disable silent automatic update *installation* in FC15 (#415) 
Do not silently download and install updates, especially in NonUpdateableVM.
 2012-01-14 01:37:22 +01:00
Marek Marczykowski
5e0cde15de vm/init: introduce SystemD startup scripts 2012-01-10 12:10:16 +01:00
Marek Marczykowski
5573200c9d vm/spec: split SysV init scripts into separate subpackage 2012-01-10 12:09:09 +01:00
Marek Marczykowski
a25d3be356 vm/spec: add Obsoletes header for smooth upgrade 2012-01-10 11:23:27 +01:00
Marek Marczykowski
240d35259f vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
Marek Marczykowski
65b6675ca1 vm: disable cron also using systemctl 
This is needed for FC15
 2011-12-30 23:53:46 +01:00
Marek Marczykowski
324ad2aa0d vm/qvm-block: do not disable qubes block udev rules (#393) 2011-12-26 21:01:31 +01:00
Marek Marczykowski
fae04af662 vm/yum-repo: Use $releasever in repo definition 
Instead of multiple files with only release version different.
 2011-12-12 03:35:22 +01:00
Marek Marczykowski
f3a58eb19b vm/spec: more precise blacklisting updates of xorg (#381) 2011-12-05 13:50:07 +01:00
Marek Marczykowski
b6100594f5 dom0+vm/qvm-block: automatically detach device when physical dev removed (#226) 
This will work when device is unmounted. On mounted device backend will be
removed (after 3s timeout), but frontend will left in "closing" state - manual
'xl block-detach' will be needed.
 2011-09-30 10:42:56 +02:00
Marek Marczykowski
012dc63c53 dom0+vm: expose block devices info in xenstore (#226) 2011-09-29 13:56:06 +02:00
Marek Marczykowski
0b746bbf70 vm: minor fixes for Fedora 15 
1. create /var/run/qubes as /var/run is now on tmpfs
2. if system-d is present - use it to disable NetworkManager
 2011-09-27 01:37:09 +02:00
Marek Marczykowski
e09290b82b vm/spec: do not use chown in %install - it will not work as unprivileged user 2011-09-25 15:18:48 +02:00
Marek Marczykowski
bdf407b716 dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh 
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
 2011-09-15 00:18:56 +02:00
Joanna Rutkowska
ed19fc87f9 vm: update symlinks in Nautilus Scripts menu 
This is important for older templates that got upgraded to new core packages,
which renamed some of the tools by removing the '2' suffix.
 2011-09-14 19:32:47 +02:00