The whole distutils module is a legacy thing in python3. Specifically,
most of it is not installed in Debian by default (there is only
distutils.version). Depending on python3-distutils is problematic, as
it's availability varies between Debian versions.
Instead of fighting with special cases in dependencies, replace the
whole thing with non-legacy shutil.which() (available since Python 3.3).
The "qubes-sysinit: set GUI_OPTS in gui-agent-linux" commit breaks
gui-agent-linux lacking its counterpart. Express this in the package
metadata.
QubesOS/qubes-issues#5662
It is needed by the startup scripts to create fs on fresh private image.
Otherwise /rw (and thus /home) isn't mounted and user applications fail
to start.
FixesQubesOS/qubes-issues#4671
Base qubes-core-agent package have common files used by various
subpackages. It is important to update them at the same time, otherwise
for example python stubs in /usr/bin/* (like qubes-firewall) will not
match actual python modules.
FixesQubesOS/qubes-issues#4499
Make sure that qubesdb is configured (including service start) before
executing postinst of qubes-core-agent package, which will communicate
with qubesdb service.
FixesQubesOS/qubes-issues#3951
Some applications complains if compiled version of dconf database is
missing ("dconf-WARNING **: unable to open file '/etc/dconf/db/local':
Failed to open file '/etc/dconf/db/local': open() failed: No such file
or directory; expect degraded performance").
There is only one entry in that database, but generate its binary
version anyway to avoid that warning message.
The dconf call is already included in package scripts, now only make
sure the utility is really installed.
QubesOS/qubes-issues#1951
Instead of calling 'su' to switch the user, use own implementation of
this. Thanks to PAM it's pretty simple. The main reason is to have
control over process waiting for session termination (to call
pam_close_sesion/pam_end). Especially we don't want it to keep std* fds
open, which would prevent qrexec-agent from receiving EOF when one of
them will be closed.
Also, this will preserve QREXEC_AGENT_PID environment variable.
FixesQubesOS/qubes-issues#2851
- there are many netcat versions (openbsd, nmap, ...), which behave
differently - especially while handling EOF
- Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
good)
QubesOS/qubes-issues#1854
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.
QubesOS/qubes-issues#2771
When a file is moved to other package, the new package needs Replaces:
and Breaks: dependecies on old package. Otherwise dpkg will refuse to
change file ownership.
QubesOS/qubes-issues#2771
This will save a lot of dependencies if networking is not needed in VMs
based on given template. Thanks to updates proxy over qrexec, template
itself do not need to have network configured too.
QubesOS/qubes-issues#2771
In Fedora it makes little sense, but in Debian it allows to avoid a lot
of dependencies. So split in both, to keep it simple.
QubesOS/qubes-issues#2771
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.
FixesQubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
This reverts commit 5dfcf06ef4.
python3-daemon isn't widespread enough yet - for Debian jessie available
only in packports.
In addition to the revert itself, adjust packaging for this change
(mostly for Debian).
This way:
- VM prompt do know VM list, the list may be filtered based on policy
- source VM don't learn name of target VM
FixesQubesOS/qubes-issues#910
This rewrite is mainly to adopt new interface for Qubes 4.x.
Main changes:
- change language from bash to python, introduce qubesagent python package
- support both nftables (preferred) and iptables
- new interface (https://qubes-os.org/doc/vm-interface/)
- IPv6 support
- unit tests included
- nftables version support running along with other firewall loaded
FixesQubesOS/qubes-issues#1815QubesOS/qubes-issues#718
xdg-open is more robust in choosing default application for particular
file type: it supports fallback if the preferred application isn't
working, and most importantly it support system-wide defaults
(/usr/share/applications/defaults.list,
/usr/share/applications/mimeapps.list), so no "random" application is
chosen.
By default xdg-open tries to use environment-specific tool, like
gvfs-open - which isn't good for us, because many such tools do not wait
for editor/viewer termination. That would mean that DisposableVM would
be destroyed just after opening the file.
To avoid such effect, we set DE=generic.
FixesQubesOS/qubes-issues#1621