fsck may require significant amount of RAM, enable swap earlier to avoid
out of memory condition. Implement this as a separate service unit, not
a swap unit, because the latter requires udev running (implicit
dependency on dev-xvdc1.device) which is not the case before remounting
root filesystem read-write.
QubesOS/qubes-issues#6174
* origin/pr/236:
qvm-template: Add qubes.Template{Search,Download} files to the package.
qubes.Template*: Add --refresh option and allow DNF cache to be used.
qubes.Template*: Invoke curl with --silent.
qubes.Template*: Change separator from : to | and include additional metadata.
Fix shell quoting.
Remove repofrompath.
New qrexec calls for interacting with template repos.
* origin/pr/184:
Add services for paranoid backup restore mode
qfile-unpacker: add option (-w) to wait for disk space before extracting
tar2qfile: fix argument parser
qfile-unpacker: add option for custom user and target directory
Add a pair of services:
1. qubes.RegisterBackupLocation - called by dom0, registers what backup
location (including both file and command options) can be accessed.
Registered location gets an ID returned to the caller. The location (and
its ID) is valid as long as the service call remains open.
2. qubes.RestoreById - called by restoring DispVM to retrieve the backup
content. The service expects location ID as an argument, and then list
of files/directories (separated with spaces) on the first line of stdin.
This is very similar to qubes.Restore service, with exception for the
archive location control.
QubesOS/qubes-issues#5310
This specifically fixes qvm-console-dispvm tool, which uses
qubes.ShowInTerminal to show the actual console. This service uses
xterm, so it needs X session running already.
FixesQubesOS/qubes-issues#5805
Used by qubes.StartApp so that we can override distribution-provided
.desktop files. The mechanism is introduced to run gnome-terminal
with --wait option, so that it's compatible with DispVMs.
FixesQubesOS/qubes-issues#2581.
* origin/pr/188:
Use built-in rules in qubes-rpc makefile
Ignore build result: tar2qfile
Remove no longer needed xorg-preload-apps.conf
Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
systemd-gpt-auto-generator creates boot.automount for existing ESP
partition. But Qubes templates have only placeholder ESP there, with no
even filesystem created. Disable it with drop-in file, until it will
become used.
FixesQubesOS/qubes-issues#5261
The /etc/dconf/profile/user file in some distributions is part of dconf
package, in some not. There are even cases where it changes between
package versions (Fedora 27 don't have it, but Fedora 28 do).
Also, base Debian Stretch don't have it, but Kali Linux based on it do.
To avoid overly complex dependency handling, create the file dynamically
on package installation if it's missing in that particular case. The
file content is canonical:
user-db:user
system-db:local
FixesQubesOS/qubes-issues#3834
Since we have proper python package, use it instead of hacky one-file
package. This will ease installation and packaging, including switching
to python3.
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.
Solution by @alyssais, thanks!
FixesQubesOS/qubes-issues#3108
* fixes-20171019:
debian: cleanup after splitting qubes-core-agent
Fix removing temporary file after editing in (Disp)VM
network: fix rules for network setup on new udev
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).
It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).
So, disable this feature completely.
The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.
FixesQubesOS/qubes-issues#2621
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.
Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.
FixesQubesOS/qubes-issues#3173QubesOS/qubes-issues#3143
Default `ask` policy ignore target domain specified by the caller, so it
doesn't make sense to specify one. Provide convenient wrappers not
needing one. Do not change behaviour of existing tools for compatibility
reasons.
FixesQubesOS/qubes-issues#3141
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )
Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)
fixesQubesOS/qubes-issues#1230
It isn't really needed. It was used to workaround libusb bug (causing
crash when the system does not have any USB controller), but since we
use HVM now which do have some USB controllers it isn't needed anymore.
Also, it is not available in stock Fedora kernels.
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.
QubesOS/qubes-issues#2577
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.
QubesOS/qubes-issues#2771
