Commit Graph

2759 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
6a8835bcc2
Update IP address in tests 2021-05-30 01:22:09 +02:00
Marek Marczykowski-Górecki
cb25cce9e5
Make shellcheck happy
It is intentional that the outer shell do not expand "$0".
2021-05-24 04:48:32 +02:00
Marek Marczykowski-Górecki
40c81566e7
Merge remote-tracking branch 'origin/pr/311'
* origin/pr/311:
  Properly handle CentOS Stream
2021-05-24 04:16:41 +02:00
Marek Marczykowski-Górecki
65f4a69ee7
Merge remote-tracking branch 'origin/pr/308'
* origin/pr/308:
  Change language for qvm-copy in KDE
2021-05-24 04:06:13 +02:00
Marek Marczykowski-Górecki
b93959080c
Merge remote-tracking branch 'origin/pr/307'
* origin/pr/307:
  Add progress bar to Thunar actions
2021-05-24 04:05:38 +02:00
Marek Marczykowski-Górecki
4550cae932
Merge remote-tracking branch 'origin/pr/306'
* origin/pr/306:
  Fix Thunar icons
2021-05-24 04:03:46 +02:00
Marek Marczykowski-Górecki
c1c4ed1790
Merge remote-tracking branch 'origin/pr/301'
* origin/pr/301:
  qvm-features-request: ensure qrexec agent is started
  dnf plugin: don't try to execute qrexec if service is not running
2021-05-24 03:54:07 +02:00
Marek Marczykowski-Górecki
cda826ca14
Merge remote-tracking branch 'origin/pr/302'
* origin/pr/302:
  Update qvm-open-in-dvm.rst
2021-05-24 03:52:52 +02:00
Marek Marczykowski-Górecki
98543f541a
Merge remote-tracking branch 'origin/pr/304'
* origin/pr/304:
  fix #6562. qvm-open-in-vm: wait EOF when handling URL
2021-05-24 03:52:31 +02:00
Frédéric Pierret (fepitre)
47a35cb836
Properly handle CentOS Stream 2021-05-18 18:46:12 +02:00
unman
678012c61b
Change language for qvm-copy in KDE 2021-05-17 13:53:28 +00:00
herypt
df928ba7cb
Add progress bar to Thunar actions 2021-05-16 17:39:01 +02:00
herypt
3d8b36125e
Fix Thunar icons 2021-05-16 12:32:32 +02:00
Neowutran
9e8815335d
fix #6562. qvm-open-in-vm: wait EOF when handling URL 2021-05-14 21:07:51 +02:00
ddevz
4f3af914b5
Update qvm-open-in-dvm.rst 2021-05-13 12:31:31 -05:00
Frédéric Pierret (fepitre)
5805941daf
qvm-features-request: ensure qrexec agent is started
Prevents:

Traceback (most recent call last):
  File "/usr/bin/qvm-features-request", line 81, in <module>
    sys.exit(main())
  File "/usr/bin/qvm-features-request", line 78, in main
    stdin=devnull, stdout=devnull)
  File "/usr/lib/python3.7/subprocess.py", line 347, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['qrexec-client-vm', 'dom0', 'qubes.FeaturesRequest']' returned non-zero exit status 127.

and

Traceback (most recent call last):
  File "/usr/bin/qvm-features-request", line 81, in <module>
    sys.exit(main())
  File "/usr/bin/qvm-features-request", line 70, in main
    qdb = qubesdb.QubesDB()
qubesdb.Error: (2, 'No such file or directory')

Fixes QubesOS/qubes-issues#4469
2021-05-07 11:40:45 +02:00
Frédéric Pierret (fepitre)
a8ab8d4eff
dnf plugin: don't try to execute qrexec if service is not running
Needed for QubesOS/qubes-issues#4867
2021-05-05 11:19:21 +02:00
Neowutran
b1d8302b2b
fix #6346: quit loop only when the original process is terminated 2021-04-29 19:23:10 +02:00
Marek Marczykowski-Górecki
6b959262f8
version 4.1.25 2021-03-30 21:36:07 +02:00
Marek Marczykowski-Górecki
8306013cbf
network: enable MAC randomization for wifi connections by default
We do have NetworkManager new enough to handle this feature already.
Enable both scan MAC address randomization, and also connection mac
address randomization. The later do in a "stable" way - preserving the
same MAC _for a connection_, until reboot. This is a safe tradeoff
between full random, which breaks some captive portals. The stable MAC
is generated separate for each connection, so it also prevents
correlation of the same machine between different networks.

Do not enable it for wired connections, as those are less often used at
random untrusted localizations, but also more often it's desired to
get the same IP address each time (having random MAC would make it much
harder).

QubesOS/qubes-issues#938
2021-03-27 18:10:05 +01:00
Markus Fenske
78c37a7536
Fix typo in qvm_copy_nautilus.py 2021-03-14 15:14:37 +01:00
Marek Marczykowski-Górecki
3299112227
version 4.1.24 2021-02-13 14:53:18 +01:00
Marek Marczykowski-Górecki
dfcf870f5d
Merge branch 'fixes20210209' 2021-02-13 12:30:31 +01:00
Marek Marczykowski-Górecki
40fe209ea8
Merge remote-tracking branch 'origin/pr/294'
* origin/pr/294:
  remove trailing whitespaces; remove dest_vm argument
  keep qvm-copy-to-vm but with deprecated note
  addresses https://github.com/QubesOS/qubes-issues/issues/6374
2021-02-13 12:30:03 +01:00
Marek Marczykowski-Górecki
30f6c496bc
Remove haveged service override
It was needed for Debian stretch only.
2021-02-10 22:31:10 +01:00
Marek Marczykowski-Górecki
0e04298dfc
Start xfce4-notifyd when installed
It doesn't support bus-activation as the others notification daemons.
2021-02-09 20:24:51 +01:00
Chris P
0a40fd1939
remove trailing whitespaces; remove dest_vm argument 2021-02-04 12:47:09 +01:00
Marek Marczykowski-Górecki
a37427af5d
version 4.1.23 2021-02-02 16:26:09 +01:00
Marek Marczykowski-Górecki
dd57250747
Merge remote-tracking branch 'origin/pr/292'
* origin/pr/292:
  Avoid passing dom0-provided options to ‘dnf clean’
2021-02-02 04:30:15 +01:00
ravachol
ddbfcac7e2
keep qvm-copy-to-vm but with deprecated note 2021-01-30 17:41:14 +01:00
Christian Poeschl
84569bcdc5
addresses https://github.com/QubesOS/qubes-issues/issues/6374 2021-01-30 17:32:55 +01:00
Demi Marie Obenour
919dc49000
Avoid passing dom0-provided options to ‘dnf clean’
They are useless and can cause errors.
2021-01-28 16:36:33 -05:00
Marek Marczykowski-Górecki
936dacff65
Merge remote-tracking branch 'origin/pr/291'
* origin/pr/291:
  Install grub.qubes on Arch
2021-01-27 06:06:57 +01:00
Frédéric Pierret (fepitre)
bf7d580622
package-managers: improve DIST detection 2021-01-25 21:48:51 +01:00
Demi Marie Obenour
84101a426b
Merge commit '9801dd7d1625a5e4e4b7049a9571a0309a4406dd' into install-grub-arch 2021-01-13 13:49:04 -05:00
Demi Marie Obenour
d5ab91f54a
Install grub.qubes on Arch
This is necessary for in-VM kernels to work.
2021-01-12 19:36:18 -05:00
Demi Marie Obenour
9801dd7d16
Merge commit '1aa3893f440ce3c30f13ec1165090acbb23af7ad' 2021-01-11 12:47:54 -05:00
Demi Marie Obenour
188ea74993
sudo isn’t always built with SELinux support
Red Hat- and Debian- derived distributions support SELinux, and so their
sudo packages are built with SELinux support.  However, other
distributions (notably Arch) build sudo without SELinux.  Such sudo
builds will fail to parse the `ROLE=unconfined_r TYPE=unconfined_t`
string added in 0fac1aa45c.  They *can*
parse `role=unconfined_r, type=unconfined_t` in `Defaults`, but that
causes problems on some Fedora 33 systems if SELinux is turned off and
the root account is locked.

To solve both of these problems at once, we install a different
`/etc/sudoers.d/qubes` file depending on the distribution.  As a
heuristic, we use the presents of `/etc/redhat-release` or
`/etc/debian_version`.  If either is present, sudo probably supports
SELinux, and we should include the corresponding entries.  If both are
missing, then we shouldn’t risk it.  The `qubes.sudoers` file in the git
repository includes the full file (with SELinux); we use `sed` to strip
the SELinux portion when needed.
2021-01-11 04:23:38 -05:00
Marek Marczykowski-Górecki
1aa3893f44
version 4.1.22 2021-01-10 03:14:13 +01:00
Marek Marczykowski-Górecki
165551fe36
Merge remote-tracking branch 'origin/pr/287'
* origin/pr/287:
  qubes-early-vm-config.service: Wants=network-pre.target
2021-01-10 03:13:47 +01:00
Marek Marczykowski-Górecki
a28a381469
rpm: order -systemd post script after -networking
qubes-core-agent-networking package brings in new systemd units, which
needs to be enabled. Standard %systemd_post macro handles it only on
initial installation, but not on update. The function that handle
updates is in %post of qubes-core-agent-systemd package. To avoid
duplication, simply enforce proper installation order, instead of
modifying %post of qubes-core-agent-networking package.

OrderWithRequires influences only ordering, but does not introduce
actual dependency, so it's still possible to not install
qubes-core-agent-networking package.

Fixes 0e0c229 "rpm: enable qubes-network-uplink.service on install"
2021-01-09 05:18:14 +01:00
Rusty Bird
882c1ec6b5
qubes-early-vm-config.service: Wants=network-pre.target
The unit on the Before= side of network-pre.target also has to pull it
in as a dependency:

https://www.freedesktop.org/software/systemd/man/systemd.special.html#network-pre.target

Fixes QubesOS/qubes-issues#5570
2021-01-08 10:24:39 +00:00
Marek Marczykowski-Górecki
ab9627caf0
version 4.1.21 2021-01-08 05:40:50 +01:00
Marek Marczykowski-Górecki
0fac1aa45c
Fix sudo SELinux settings
By settinf Defaults role/type parameters, sudo starts asking for
password when called as root. It isn't clear why this happens, but
rollback that change. Instead, set ROLE/TYPE just for the rule for the
'qubes' group, which already has NOPASSWD option.

Fixes 3bcc1c3 "“sudo” must remove SELinux restrictions"
2021-01-08 05:21:19 +01:00
Marek Marczykowski-Górecki
4dfd0a4278
version 4.1.20 2021-01-05 20:51:04 +01:00
Olivier MEDOC
17d828dcea
archlinux: pin PKGBUILD to python3.X major version as new python version will break the API
(cherry picked from commit 1fae41332219ba22d3e0bc2bfc73abea10f5bb97)
2021-01-05 20:50:49 +01:00
Marek Marczykowski-Górecki
0e0c22910b
rpm: enable qubes-network-uplink.service on install 2021-01-04 20:25:54 +01:00
Marek Marczykowski-Górecki
244fca8f66
network: skip calling setup-ip from network-manager-prepare-conf-dir
The setup-ip script requires extra parameters (action and interface) not
only env variables. Since NetworkManager service is already ordered
after qubes-network-uplink.service, the setup-ip already did its job at
this time - remove the call instead of fixing it.
2021-01-03 22:36:08 +01:00
Marek Marczykowski-Górecki
932727b3df
version 4.1.19 2021-01-03 06:38:51 +01:00
Marek Marczykowski-Górecki
e71edb8584
Merge branch 'network-wait-fix'
* network-wait-fix:
  Increase upgrades-status-notify verbosity
  network: fix waiting for VM network uplink
2021-01-03 06:11:48 +01:00