Commit Graph

2552 Commits

Author SHA1 Message Date
Olivier MEDOC
5971cdd5bc archlinux: restore setup of pam.d/su-l
qubes-gui agent calls su-l instead of initializing its own pam
session such as qrexec.
pam.d/su-l qubes specific configuration must be restored to ensure
that the user login session is properly initialized:
https://github.com/QubesOS/qubes-issues/issues/3185
2017-10-25 15:03:16 +02:00
Olivier MEDOC
0f3084ff2a archlinux: remove python3 dependency 2017-10-23 20:23:51 +02:00
Olivier MEDOC
26659d4e51 archlinux: ensure [options] section is present in all pacman drop-ins
Create an empty [options] dropin by default or pacman will fail
when no dropin is present
2017-10-23 20:22:04 +02:00
Olivier MEDOC
5fdcb19685 archlinux: enforce usage of python2 in all scripts 2017-10-23 20:16:27 +02:00
Olivier MEDOC
a9898d576e Makefile: avoid using python interpreter as a static name 2017-10-23 19:53:25 +02:00
Olivier MEDOC
5e4ca2ac74 archlinux: create user 'user' using bash by default instead of zsh
The bash/zsh bug should not be present anymore in Qubes 4.0
as discussed in the issue 2888.
(https://github.com/QubesOS/qubes-issues/issues/2888)
2017-10-23 09:35:24 +02:00
Olivier MEDOC
0b15761d69 archlinux: ship pam.d/qrexec as a replacement of using su 2017-10-23 08:09:34 +02:00
Olivier MEDOC
0bf69ebc24 archlinux: do not mess with locales in post-install script
Locales must be setup properly in the template.
2017-10-23 07:53:23 +02:00
Olivier MEDOC
6b68397f6f archlinux: remove pam configuration for su and su-l
The related bug should have been fixed in issue #2903
(https://github.com/QubesOS/qubes-issues/issues/2903)
2017-10-23 07:49:10 +02:00
Olivier MEDOC
f65ab12c46 archlinux: remove deprecated setup of pam since v4.0.3
PAM is now used directly instead of calling su
2017-10-22 21:43:47 +02:00
Nedyalko Andreev
2a006b6c09 Add the 4.0 repo to the PKGBUILD sources list 2017-10-22 21:35:50 +02:00
Nedyalko Andreev
7770a69030 Restore the binary pacman repo and update it for QubesOS 4.0 2017-10-22 21:35:43 +02:00
Nedyalko Andreev
607096eed6 Fix the makefile for archlinux - SBINDIR is already /usr/bin 2017-10-22 21:35:01 +02:00
Nedyalko Andreev
ed15bc157e Update the arch PKGBUILD script for QubesOS 4.0 2017-10-22 21:34:55 +02:00
Marek Marczykowski-Górecki
92682903ad
version 4.0.12 2017-10-19 17:28:27 +02:00
Marek Marczykowski-Górecki
5edd3b3f75
Merge branch 'fixes-20171019'
* fixes-20171019:
  debian: cleanup after splitting qubes-core-agent
  Fix removing temporary file after editing in (Disp)VM
  network: fix rules for network setup on new udev
  debian: disable timer-based apt-get
2017-10-19 16:51:12 +02:00
Marek Marczykowski-Górecki
e327da019d
debian: cleanup after splitting qubes-core-agent
Displacement of /etc/pam.d/su was moved to
qubes-core-agent-passwordless-root, fix upgrade path.
2017-10-19 16:18:23 +02:00
Marek Marczykowski-Górecki
e2789ca2d7
Fix removing temporary file after editing in (Disp)VM
Fix removing the file - do not free its filename just before unlink call
(scheduled with atexit function).
At the same time, place the temporary file in a unique directory,
making it possible to edit multiple files with the same name at once.
Remove that directory at exit too.

Fixes QubesOS/qubes-issues#3112
2017-10-19 16:18:01 +02:00
Marek Marczykowski-Górecki
2068299126
network: fix rules for network setup on new udev
New udev have `DRIVERS` matcher, instead of `ENV{ID_NET_DRIVER}`. Add
appropriate rule to the file. Without it, network was working
incidentally, because there is a fallback in qubes-misc-post.service,
but dynamic network change was broken.

This applies at least to Debian stretch.

Fixes QubesOS/qubes-issues#3192
2017-10-19 15:10:31 +02:00
Marek Marczykowski-Górecki
128af0d191
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621
2017-10-19 15:03:06 +02:00
Marek Marczykowski-Górecki
1ed6e614ab
Resize root filesystem at VM startup if needed
Check if root device was enlarged while domain was powered off and
resize the filesystem in such a case.

QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 21:02:15 +02:00
Marek Marczykowski-Górecki
d8a2b8c375
Add support for new root volume partition layout to qubes.ResizeDisk
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.

Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.

Fixes QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 19:53:48 +02:00
Marek Marczykowski-Górecki
d84886d477
version 4.0.11 2017-10-07 02:35:42 +02:00
Marek Marczykowski-Górecki
579701d48c
Merge branch 'fixes-20171002'
* fixes-20171002:
  qubes.ResizeDisk: handle dmroot being a symlink
  qrexec: use user shell instead of hardcoded /bin/sh
  qrexec: code style fix - use spaces for indentation
  Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
2017-10-07 01:47:39 +02:00
Nedyalko Andreev
fe15f1d96c
Simplify archlinux upgrade check 2017-10-06 15:01:57 +03:00
Nedyalko Andreev
a835b9b67d
Fix an incorrect grep usage in archlinux upgrade check 2017-10-04 18:16:17 +03:00
Tray Torrance
f28244ab47
Add archlinux support to upgrade checker
(cherry picked from commit 9d10ec617878b018274dd20800434b2d3d35add5)
2017-10-04 17:52:57 +03:00
Marek Marczykowski-Górecki
5daf11bf97
version 4.0.10 2017-10-04 15:19:35 +02:00
Marek Marczykowski-Górecki
26e29bc386
Merge remote-tracking branch 'qubesos/pr/56'
* qubesos/pr/56:
  archlinux: add correct section to qubes-noupgrade.conf
2017-10-03 03:21:55 +02:00
Nedyalko Andreev
c71609df19
Fix the previous shellcheck-related "fixes" again
(cherry picked from commit 8c06c1eabd8f36d307f5956b5fea8d3bbcbb317f)
2017-10-03 03:21:01 +02:00
Nedyalko Andreev
42676bafb8
Fix the install script after the shellcheck "fixes"
(cherry picked from commit 6d28d4dfaf0632477321248cdb07b31fcb31ffb2)
2017-10-03 03:21:00 +02:00
Nedyalko Andreev
74ce135461
Fix indentation and shellcheck issues for archlinux
(cherry picked from commit 60ee036f04d5f22d1a3a694586f219f5b6ce30a1)
2017-10-03 03:20:55 +02:00
Nedyalko Andreev
ace824d505
Disable Oliver's binary pacman repo by default
Currently building the package fails with an error 'qubes-r3.2: key "2043E7ACC1833B9C" is unknown'.
This also harmonizes the code with the current documentation: https://www.qubes-os.org/doc/templates/archlinux/#binary-packages-activation

(cherry picked from commit 5662d7e5fe7f5236a2623f725b7e0f908d26631f)
2017-10-03 03:18:37 +02:00
Nedyalko Andreev
0705b6c898
Fix the archlinux package, use correct DROPIN dirs
Without this change the package builds successfully but there is a
file conflict error when installing it.

(cherry picked from commit 4f26267796fa856d1e3a2883494b7cc09221b2e9)
2017-10-03 03:18:36 +02:00
Marek Marczykowski-Górecki
a59ac1b4f9
qubes.ResizeDisk: handle dmroot being a symlink
In non-template-based-VMs it can be just a symlink (depending on
initramfs version).
2017-10-02 19:42:00 +02:00
Marek Marczykowski-Górecki
6bf395022a
qrexec: use user shell instead of hardcoded /bin/sh
Fixes QubesOS/qubes-issues#3139
2017-10-02 05:14:50 +02:00
Marek Marczykowski-Górecki
1497b3b05b
qrexec: code style fix - use spaces for indentation 2017-10-02 05:14:49 +02:00
Marek Marczykowski-Górecki
486f17ec2d
Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
Default `ask` policy ignore target domain specified by the caller, so it
doesn't make sense to specify one. Provide convenient wrappers not
needing one. Do not change behaviour of existing tools for compatibility
reasons.

Fixes QubesOS/qubes-issues#3141
2017-10-02 05:14:49 +02:00
Marek Marczykowski-Górecki
9c61ea0dcd
travis: add shellcheck call for all scripts in the repository
Scripts are detected by shebang, not an ideal approach, but should be
good enough.
2017-09-30 05:05:34 +02:00
Marek Marczykowski-Górecki
aad6fa6d19
Hint shellcheck where to look for sourced files, if in repository
This will ease running shellcheck from the repository.
2017-09-30 05:05:34 +02:00
Marek Marczykowski-Górecki
b42c1880b0
Few more shellcheck warnings fixes/ignores 2017-09-30 05:05:34 +02:00
Marek Marczykowski-Górecki
2ee73ecfe7
Fix shellcheck warnings in download-dom0-updates.sh 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
e95b6f8d03
Fix shellcheck warnings in block-snapshot script 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
f16753c67b
debian: fix shellcheck warnings in debian packaging 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
8bb152f76e
init: fix issues found by shellcheck in init scripts
Most of them are missing quotes, `` -> $(), and -o/-a usage in
conditions. Also add few directives disabling checks where were too
verbose.
2017-09-30 04:49:21 +02:00
Marek Marczykowski-Górecki
9c839d789f
qubes-rpc: fix issues found by shellcheck
Most of them are missing quotes, `` -> $(), and -o/-a usage in
conditions. Also add few directives disabling checks where were too
verbose.
2017-09-30 04:45:31 +02:00
Marek Marczykowski-Górecki
bb220ce2eb
network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
Marek Marczykowski-Górecki
d332a43f6a
centos: add package signing key, setup repository 2017-09-30 02:06:53 +02:00
Jussi Timperi
6a22519c62
archlinux: add correct section to qubes-noupgrade.conf
Some libalpm based tools fail to correctly parse config files without
sections.
2017-09-28 01:34:22 +03:00
Marek Marczykowski-Górecki
a7ef5726ed
version 4.0.9 2017-09-26 23:09:45 +02:00