Commit Graph

1821 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
7835f4da2b
version 3.1.9 2015-12-26 14:24:03 +01:00
Marek Marczykowski-Górecki
c46c1e4d2c
dom0-updates: fix reporting when no updates are available
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.

Fixes QubesOS/qubes-issues#1475
2015-12-26 04:43:23 +01:00
Patrick Schleizer
eb00e40bab
run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh 2015-12-25 12:30:36 +00:00
Patrick Schleizer
5a87313ea6
renamed: bind-dirs -> bind-dirs.sh 2015-12-25 12:30:35 +00:00
Patrick Schleizer
8f2a80982b
renamed: misc/bind-dirs -> vm-systemd/bind-dirs 2015-12-25 12:30:35 +00:00
Patrick Schleizer
bd647a8047
work on bind-dirs
https://phabricator.whonix.org/T414
2015-12-25 12:30:35 +00:00
Patrick Schleizer
8a5fc5f7d1
work on bind-dirs
https://phabricator.whonix.org/T414
2015-12-25 12:30:34 +00:00
Patrick Schleizer
d55cba0a45
work on bind-dirs
https://phabricator.whonix.org/T414
2015-12-25 12:30:34 +00:00
Marek Marczykowski-Górecki
2478cb5c05
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529
2015-12-23 02:04:26 +01:00
Marek Marczykowski-Górecki
8f0a024f6d
dnf: drop shebang, it isn't standalone script
QubesOS/qubes-issues#1529
2015-12-21 13:12:51 +01:00
Marek Marczykowski-Górecki
ba5041579a
version 3.1.8 2015-12-20 03:12:39 +01:00
Marek Marczykowski-Górecki
4e3076f0b6
updates-proxy: restart on network configuration change to reload DNS
Apparently tinyproxy does not notice /etc/resolv.conf change, so need to
be kicked to reload it.

Fixes QubesOS/qubes-issues#1530
2015-12-19 18:44:32 +01:00
Marek Marczykowski-Górecki
e7d4830434
Merge remote-tracking branch 'origin/pr/57'
* origin/pr/57:
  archlinux: ensure systemctl reset preset correctly (need to be started twice)
2015-12-19 18:21:27 +01:00
Marek Marczykowski-Górecki
405c42658f
debian: add security-testing repository
Fixes QubesOS/qubes-issues#1522
2015-12-19 18:08:57 +01:00
Marek Marczykowski-Górecki
b179d62860
Merge remote-tracking branch 'qubesos/pr/7' 2015-12-17 23:12:51 +01:00
Rusty Bird
3238eab85f repo description: updates-testing -> security-testing 2015-12-17 15:54:42 +00:00
Olivier MEDOC
1c09b88fae archlinux: ensure systemctl reset preset correctly (need to be started twice) 2015-12-15 16:20:03 +01:00
Marek Marczykowski-Górecki
6bed3bee69
Merge remote-tracking branch 'origin/pr/55' 2015-12-11 15:13:56 +01:00
Marek Marczykowski-Górecki
62c12bd1c6
Merge remote-tracking branch 'origin/pr/56' 2015-12-11 15:11:23 +01:00
Olivier MEDOC
33aa1782ca archlinux: remove quotes when checking system locales (in case it has been user defined) 2015-12-08 15:32:30 +01:00
Olivier MEDOC
7d2bc0c6bb archlinux: fix invalid systemd path in make install directive 2015-12-08 15:31:59 +01:00
Marek Marczykowski-Górecki
169c389339
open-in-vm: Fix path to mimeinfo database
There was missing "/mime" in entry for user home.

QubesOS/qubes-issues#1490
2015-12-05 13:49:25 +01:00
Marek Marczykowski-Górecki
8064682e9e
version 3.1.7 2015-12-04 15:32:14 +01:00
Marek Marczykowski-Górecki
181c15f422
updates-proxy: explicitly block connection looping back to the proxy IP
Explicitly block something like "curl http://10.137.255.254:8082" and
return error page in this case. This error page is used in Whonix to
detect if the proxy is torrified. If not blocked, it may happen that
empty response is returned instead of error. See linked ticket for
details.

Fixes QubesOS/qubes-issues#1482
2015-12-04 14:57:07 +01:00
MB
9c68afe14c [network-proxy-setup] Permit !CONFIG_MODuLES
* Check whether sysctl is accessible
* Check whether a key which exists when CONFIG_MODULES=y is not accessible

If true, CONFIG_MODULES=n, so ignore modprobe failure.
If false, fail.
2015-11-29 00:00:00 +00:00
Marek Marczykowski-Górecki
5aa0f32c78
version 3.1.6 2015-11-29 00:34:34 +01:00
Marek Marczykowski-Górecki
a11897a1d0
Revert "network: use drop-ins for NetworkManager configuration (#1176)"
Apparently unmanaged devices are loaded only from main
NetworkManager.conf. Exactly the same line pasted (not typed!) to main
NetworkManager.conf works, but in
/etc/NetworkManager/conf.d/30-qubes.conf it doesn't.
BTW There was a typo in option name ("unmanaged_devices" instead of
"unmanaged-devices", but it wasn't the cause).

This reverts commit 6c4831339c.

QubesOS/qubes-issues#1176
2015-11-28 17:43:15 +01:00
Marek Marczykowski-Górecki
8482fbbd13
version 3.1.5 2015-11-28 14:48:34 +01:00
Marek Marczykowski-Górecki
5157d9822e
backup: Use 'type' instead of 'which' to prevent unnecessary dependency
This fixes using minimal-template based VMs to store/retrieve backup.
2015-11-27 12:31:33 +01:00
Marek Marczykowski-Górecki
c99dca37ce
debian: update build-depends for split qubes-utils package
QubesOS/qubes-issues#1416
2015-11-26 22:26:50 +01:00
Marek Marczykowski-Górecki
d4cf78652c
debian: reformat Build-Depends:
QubesOS/qubes-issues#1416
2015-11-26 21:10:23 +01:00
Marek Marczykowski-Górecki
808b3ab660
Package needrestart config only for Debian
On Fedora there is no such package.
2015-11-24 06:18:36 +01:00
Marek Marczykowski-Górecki
2c076f3915
Merge remote-tracking branch 'origin/pr/53'
* origin/pr/53:
  Have qubes-sysinit create /var/run/qubes VM type files.
2015-11-23 16:19:20 +01:00
Marek Marczykowski-Górecki
c603f32d23
Merge remote-tracking branch 'origin/pr/51'
* origin/pr/51:
  Prevent services from being accidentally restarted by `needrestart`.
2015-11-23 16:18:42 +01:00
Marek Marczykowski-Górecki
308e4857bc
Merge remote-tracking branch 'origin/pr/50'
* origin/pr/50:
  archlinux: enforce minimum versionning of qubes-utils
  rpm_spec: declare InstallUpdateGUI qrexec_service
  updates-proxy: remove remaining traces of proxy filtering file from Makefile
2015-11-23 16:18:26 +01:00
Patrick Schleizer
e323d3f4bd
Have qubes-sysinit create /var/run/qubes VM type files.
- /var/run/qubes/this-is-appvm
- /var/run/qubes/this-is-netvm
- /var/run/qubes/this-is-proxyvm
- /var/run/qubes/this-is-templatevm

This is useful for checking ConditionPathExists from within systemd units.

(Came up in https://phabricator.whonix.org/T432#7206.)
2015-11-22 21:55:51 +00:00
Patrick Schleizer
7dc99ee662
Prevent services from being accidentally restarted by needrestart.
Because those services do not yet support being restarted.

Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.

See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)

Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
2015-11-20 16:35:06 +01:00
Olivier MEDOC
c70ee7049f archlinux: enforce minimum versionning of qubes-utils 2015-11-17 09:47:21 +01:00
Olivier MEDOC
fa081f1dd9 rpm_spec: declare InstallUpdateGUI qrexec_service 2015-11-17 09:46:16 +01:00
Olivier MEDOC
15c69f434b updates-proxy: remove remaining traces of proxy filtering file from Makefile 2015-11-17 09:45:15 +01:00
Patrick Schleizer
7a0286d58f clean up /etc/tinyproxy/filter-updates
https://github.com/QubesOS/qubes-issues/issues/1188
2015-11-15 12:31:32 +00:00
Marek Marczykowski-Górecki
b725c050c7
version 3.1.4 2015-11-15 04:29:30 +01:00
Marek Marczykowski-Górecki
fa8b05a83c
network: disable proxy_arp
Since both sides have proper routing tables set, it isn't required to
set it anymore.

Fixes QubesOS/qubes-issues#1421
2015-11-15 04:04:06 +01:00
Marek Marczykowski-Górecki
69bb71bea0
updates-proxy: disable filtering at all
Since this proxy is used only when explicitly configured in application
(package manager), there is no point in worrying about user
_erroneously_ using web browser through this proxy. If the user really
want to access the network from some other application he/she can always
alter firewall rules for that.

Fixes QubesOS/qubes-issues#1188
2015-11-15 03:57:51 +01:00
Marek Marczykowski-Górecki
5377dc50dc
Really fix update-proxy rules for debian security fixes repo
Reported by @adrelanos
Fixes QubesOS/qubes-issues#1422
2015-11-14 00:42:01 +01:00
Marek Marczykowski-Górecki
f0de6c5b16
Implement qubes.InstallUpdatesGUI qrexec service
It should be up to the VM what GUI tool is used for installing updates.
For now stick with console tools in xterm...

Fixes QubesOS/qubes-issues#1249
2015-11-13 05:32:44 +01:00
Marek Marczykowski-Górecki
13c9149b6c
Use improved update-notify script also in Fedora
Among other things this also fixes build failure - those scripts were
installed but not listed in spec file.

Actual check doesn't perform 'apt-get update', so do that when running
"standalone" (not as a hook from 'apt-get').

QubesOS/qubes-issues#1066
2015-11-13 05:28:47 +01:00
Marek Marczykowski-Górecki
d23f3d8ddb
network: let NetworkManager configure VM uplink, if enabled
Previously even if NetworkManager was enabled, our script manually
configured network parameters. This apparently have negative effects,
because NetworkManager tries to configure some things differently - for
example use metric 1024 for default gateway.

Fixes QubesOS/qubes-issues#1052
2015-11-13 04:26:23 +01:00
Marek Marczykowski-Górecki
3c7844d408
Merge remote-tracking branch 'origin/pr/48'
* origin/pr/48:
  Allow to provide customized DispVM home directly in the template VM

This allows to put a customized DispVM home directly in /home_volatile
in the template instead of placing it in the -dvm internal AppVM.

This significantly speeds up DispVM startup for large customized homes,
since none of the home data has to be copied out from saved_cows.tar to
volatile.img, and instead CoW is used.

It's not a very user friendly or discoverable solution, but it only
takes a few lines of code, and so seems a reasonable stopgap until a
much more complex solution with copy-on-write for the private.img is
written.
2015-11-13 03:06:55 +01:00
qubesuser
f380c346cf Allow to provide customized DispVM home directly in the template VM
This significantly speeds up DispVM creation for large customized
homes, since no data has to be copied, and instead CoW is used.
2015-11-12 15:33:01 +01:00