Commit Graph

98 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
940b0f3646
Do not use legacy distutils.spawn
The whole distutils module is a legacy thing in python3. Specifically,
most of it is not installed in Debian by default (there is only
distutils.version). Depending on python3-distutils is problematic, as
it's availability varies between Debian versions.

Instead of fighting with special cases in dependencies, replace the
whole thing with non-legacy shutil.which() (available since Python 3.3).
2020-07-02 02:56:13 +02:00
Frédéric Pierret (fepitre)
8c3d181266
debian: add 'rpm' as dependency
- clean Makefile
2020-06-19 19:15:52 +02:00
Frédéric Pierret (fepitre)
704930852c
Use DNF instead of YUM if exists 2020-06-19 17:14:08 +02:00
Marek Marczykowski-Górecki
464f8f6afe
Merge remote-tracking branch 'origin/pr/231'
* origin/pr/231:
  Fix missing dependency for managing Network-Manager in active user session

Fixes QubesOS/qubes-issues#5836
2020-05-27 04:01:31 +02:00
Frédéric Pierret (fepitre)
c12d9ce75c
Fix missing dependency for managing Network-Manager in active user session
QubesOS/qubes-issues#5836
2020-05-26 22:57:07 +02:00
Frédéric Pierret (fepitre)
74a97b7e6a
debian: conditional python version dependencies 2020-05-26 16:30:57 +02:00
Paweł Marczewski
da2fa46551
Use pam-configs to override Debian PAM config
Instead of the old workaround that replaces the whole PAM config,
use Debian's framework (pam-configs) to add a rule for su. Enable it
for users in qubes group only.

PAM Config framework documentation:
  https://wiki.ubuntu.com/PAMConfigFrameworkSpec

Issue:
  QubesOS/qubes-issues#5799

Original PR this change is based on:
  QubesOS/qubes-core-agent-linux#171
2020-05-07 15:31:47 +02:00
Marek Marczykowski-Górecki
731a87f292
Adjust version of required qubes-gui-agent
The "qubes-sysinit: set GUI_OPTS in gui-agent-linux" commit breaks
gui-agent-linux lacking its counterpart. Express this in the package
metadata.

QubesOS/qubes-issues#5662
2020-03-01 03:11:11 +01:00
Marek Marczykowski-Górecki
bee2e9667c
debian: switch to python3
QubesOS/qubes-issues#5297
2019-09-19 04:57:56 +02:00
Marek Marczykowski-Górecki
a899adb69e
Convert qubesagent module to python3
This and all files using it.

QubesOS/qubes-issues#5297
2019-09-19 04:57:55 +02:00
Marek Marczykowski-Górecki
ba8cad58c9
debian: depend on xen-utils-guest
Workaround for https://bugs.debian.org/922033
2019-08-11 04:38:36 +02:00
Marek Marczykowski-Górecki
4cc9ae5a1d
rpm,deb: add Conflicts: qubes-gui-agent < 4.1.0
This version will not work with qubes-gui-agent not supporting -d
option.

QubesOS/qubes-issues#2619
2019-06-08 05:36:40 +02:00
Marek Marczykowski-Górecki
20285bc6c2
Remove qrexec-agent related files
Move it to the core-qrexec repository.

QubesOS/qubes-issues#4955
2019-04-08 18:22:38 +02:00
Lunar
0b34737665
Add apt-transport-https dependency 2019-01-19 11:32:11 -06:00
Marek Marczykowski-Górecki
fed30c1da7
Add dependency on e2fsprogs
It is needed by the startup scripts to create fs on fresh private image.
Otherwise /rw (and thus /home) isn't mounted and user applications fail
to start.

Fixes QubesOS/qubes-issues#4671
2019-01-08 18:14:06 +01:00
AJ Jordan
30137c76a4
Add XTerm as a dependency
Qubes Manager's update button fails in strange ways without it.
2018-12-07 01:10:34 -05:00
Marek Marczykowski-Górecki
3fe42d4a27
rpm, deb: add strict version dependency between qubes-core-agent-* pkgs
Base qubes-core-agent package have common files used by various
subpackages. It is important to update them at the same time, otherwise
for example python stubs in /usr/bin/* (like qubes-firewall) will not
match actual python modules.

Fixes QubesOS/qubes-issues#4499
2018-11-13 03:42:24 +01:00
unman
afaf88f153
make iproute2 a dependency for Debian core-networking 2018-11-08 13:29:33 +00:00
unman
9114a3b92d
Remove qubes-core-agent Debian dependency on xserver
Mark xserver, xinit and x11-xserver-utils as Recommends
2018-10-21 13:30:24 +00:00
Marek Marczykowski-Górecki
a715797589
debian: add Depends: qubesdb-vm
Make sure that qubesdb is configured (including service start) before
executing postinst of qubes-core-agent package, which will communicate
with qubesdb service.

Fixes QubesOS/qubes-issues#3951
2018-06-13 16:58:35 +02:00
Marek Marczykowski-Górecki
4329eab307
Require dconf utility to (re)build /etc/dconf/db/local
Some applications complains if compiled version of dconf database is
missing ("dconf-WARNING **: unable to open file '/etc/dconf/db/local':
Failed to open file '/etc/dconf/db/local': open() failed: No such file
or directory; expect degraded performance").
There is only one entry in that database, but generate its binary
version anyway to avoid that warning message.

The dconf call is already included in package scripts, now only make
sure the utility is really installed.

QubesOS/qubes-issues#1951
2018-05-02 03:02:07 +02:00
Frédéric Pierret
3dc294f3bb
Add debian package support 2017-11-22 13:06:51 +01:00
Marek Marczykowski-Górecki
3af55c5cb3
qrexec: use PAM directly instead of calling su to setup the session
Instead of calling 'su' to switch the user, use own implementation of
this. Thanks to PAM it's pretty simple. The main reason is to have
control over process waiting for session termination (to call
pam_close_sesion/pam_end). Especially we don't want it to keep std* fds
open, which would prevent qrexec-agent from receiving EOF when one of
them will be closed.
Also, this will preserve QREXEC_AGENT_PID environment variable.

Fixes QubesOS/qubes-issues#2851
2017-07-05 02:17:43 +02:00
Marek Marczykowski-Górecki
6c34571b66
Merge remote-tracking branch 'qubesos/pr/46'
* qubesos/pr/46:
  Enable build for Zesty
2017-07-04 13:39:06 +02:00
Marek Marczykowski-Górecki
cfbd50a936
debian: install man pages
Man pages were installed only in RPM package...
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
67f8e9e985
rpm,deb: fix dependencies
1. Cannot Recommend: nftables, as Debian jessie doesn't have it.
2. gsettings tool is in glib, not dconf
2017-06-10 23:15:22 +02:00
Marek Marczykowski-Górecki
7da4ed7d64
Switch qubes.UpdatesProxy to socat
- there are many netcat versions (openbsd, nmap, ...), which behave
 differently - especially while handling EOF
 - Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
   good)

QubesOS/qubes-issues#1854
2017-06-10 23:11:01 +02:00
Marek Marczykowski-Górecki
a06b5b4d61
debian: drop explicit dependency on sudo
qubes-core-agent itself do not require sudo to work.

QubesOS/qubes-issues#2572
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
000a93e001
rpm,deb: split qrexec-agent into separate subpackage
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.

QubesOS/qubes-issues#2771
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
2337d26a3e
debian: update basic metadata of package 2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
32915fe126
deb,rpm: split passwordless root access configs into separate package
Make passwordless root access optional - ease integration qrexec
authorization for sudo.

QubesOS/qubes-issues#2695
2017-06-08 22:11:36 +02:00
Marek Marczykowski-Górecki
db066888e1
Adjust dependencies for clean upgrade
When a file is moved to other package, the new package needs Replaces:
and Breaks: dependecies on old package. Otherwise dpkg will refuse to
change file ownership.

QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
3e7a45b4ac
Split network-related files to -networking and -network-manager packages
This will save a lot of dependencies if networking is not needed in VMs
based on given template. Thanks to updates proxy over qrexec, template
itself do not need to have network configured too.

QubesOS/qubes-issues#2771
2017-06-08 22:11:34 +02:00
Marek Marczykowski-Górecki
72b9f389b2
Split dom0-updates handling into subpackage
In Fedora it makes little sense, but in Debian it allows to avoid a lot
of dependencies. So split in both, to keep it simple.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
f9fd7a1673
Rename qubes-nautilus to qubes-core-agent-nautilus
Again, this will make it easier to reason about package origin.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
8694931665
Implement qubes.PostInstall service
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.

Fixes QubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
2017-05-26 05:25:30 +02:00
unman
b445ebce50
Enable build for Zesty 2017-05-23 23:59:41 +01:00
Marek Marczykowski-Górecki
8e505c5b0e
debian: add missing Build-Depends: python-setuptools 2017-05-22 17:06:02 +02:00
Marek Marczykowski-Górecki
42bc93d8fd
Revert "fedora,debian: update python3-daemon dependency"
This reverts commit 7d8218a1d4.
Follow revert "firewall: switch to python 3"
2017-05-21 02:01:59 +02:00
Marek Marczykowski-Górecki
33da315e17
Revert "firewall: switch to python 3"
This reverts commit 5dfcf06ef4.

python3-daemon isn't widespread enough yet - for Debian jessie available
only in packports.

In addition to the revert itself, adjust packaging for this change
(mostly for Debian).
2017-05-21 02:01:47 +02:00
Marek Marczykowski-Górecki
5047fd9288
debian,fedora: split nautilus integration into separate package
This will allow to avoid a lot of dependencies on minimal template.

QubesOS/qubes-issues#2816
QubesOS/qubes-issues#2771
2017-05-21 01:52:23 +02:00
Marek Marczykowski-Górecki
89183e9944
Ask for target VM for file-copy in dom0
This way:
 - VM prompt do know VM list, the list may be filtered based on policy
 - source VM don't learn name of target VM

Fixes QubesOS/qubes-issues#910
2017-05-20 15:53:03 +02:00
Marek Marczykowski-Górecki
7d8218a1d4
fedora,debian: update python3-daemon dependency
qubes-firewall script now use python3.
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
ce70887a57
Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00
Marek Marczykowski-Górecki
5dfcf06ef4
firewall: switch to python 3 2017-05-20 13:20:08 +02:00
Marek Marczykowski-Górecki
ee0255b385
debian,fedora: drop gnome-packagekit from dependencies
We don't use it currently - xterm with console updater is used by
default.
2017-04-24 00:17:34 +02:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
Marek Marczykowski-Górecki
ee0a292b21
network: rewrite qubes-firewall daemon
This rewrite is mainly to adopt new interface for Qubes 4.x.
Main changes:
 - change language from bash to python, introduce qubesagent python package
 - support both nftables (preferred) and iptables
 - new interface (https://qubes-os.org/doc/vm-interface/)
 - IPv6 support
 - unit tests included
 - nftables version support running along with other firewall loaded

Fixes QubesOS/qubes-issues#1815
QubesOS/qubes-issues#718
2016-09-12 05:22:53 +02:00
Marek Marczykowski-Górecki
762189a0ae
debian: add missing pkg-config build depends 2016-06-05 22:32:54 +02:00
Marek Marczykowski-Górecki
dca5265958
qubes-open: switch from mimeopen to xdg-open
xdg-open is more robust in choosing default application for particular
file type: it supports fallback if the preferred application isn't
working, and most importantly it support system-wide defaults
(/usr/share/applications/defaults.list,
 /usr/share/applications/mimeapps.list), so no "random" application is
chosen.

By default xdg-open tries to use environment-specific tool, like
gvfs-open - which isn't good for us, because many such tools do not wait
for editor/viewer termination. That would mean that DisposableVM would
be destroyed just after opening the file.
To avoid such effect, we set DE=generic.

Fixes QubesOS/qubes-issues#1621
2016-02-02 03:28:34 +01:00