Marek Marczykowski
8129032c9e
vm: implement qubes.GetAppmenus to reduce code duplication
...
As one-liner services are now real one-line, just do it.
2012-07-15 02:41:23 +02:00
Marek Marczykowski
55130c0dee
vm: simplify qubes.VMShell service
...
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:41:23 +02:00
Marek Marczykowski
bec4afc919
vm: export SuspendPre and SuspendPost qrexec services ( #617 )
...
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:44:11 +02:00
Marek Marczykowski
3af500fc80
vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package ( #620 )
2012-07-12 14:22:44 +02:00
Marek Marczykowski
c336586fae
vm/systemd: disable additional useless services ( #620 )
...
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:56:09 +02:00
Marek Marczykowski
654fb64a74
vm/spec: remove dupplicated commnds, suppress error message
2012-07-12 03:56:09 +02:00
Marek Marczykowski
5ee694f4d3
vm/spec: disable pam_systemd only in trigger
...
The %post part is unnecessary.
2012-07-09 15:54:33 +02:00
Marek Marczykowski
f0cdcdae34
vm: disable D-Bus activation of NetworkManager ( #610 )
2012-07-05 01:43:32 +02:00
Marek Marczykowski
0cd7a783d4
vm/spec: disable pam_systemd globally ( #607 )
...
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
2012-07-05 01:43:32 +02:00
Marek Marczykowski
9efee9324f
vm/spec: fix enabling NetworkManager SystemD service
2012-06-26 03:43:36 +02:00
Marek Marczykowski
77ccf99b88
vm/spec: fix error messages
2012-06-26 03:43:36 +02:00
Marek Marczykowski
47e49d0fd6
vm/spec: fix enabling of qubes-firewall SysV service
2012-06-26 03:43:36 +02:00
Marek Marczykowski
1fdaa847c4
vm: RPC service for NTP time sync ( #603 )
2012-06-23 00:37:47 +02:00
Marek Marczykowski
64a9c54ba6
vm: enable yum-qubes-hooks plugin ( #592 )
2012-06-11 22:35:44 +02:00
Marek Marczykowski
3e89b33209
vm/spec: create firmware symlink only when needed
...
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:00:05 +02:00
Marek Marczykowski
baf95fb765
vm/spec: depend on ethtool _package_
2012-06-06 02:59:07 +02:00
Marek Marczykowski
06c4d57b60
vm: yum plugin to notify dom0 about installed updates ( #592 )
2012-06-05 21:21:53 +02:00
Marek Marczykowski
55f99e23db
makefile: rename vchan Makefile to not conflict with windows build
2012-06-05 21:21:53 +02:00
Marek Marczykowski
9930a89fb1
vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy ( #568 )
...
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
- usage of non-standard repos with some exotic file layout, which will be
blocked by the proxy
- usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)
This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:11:44 +02:00
Marek Marczykowski
0430e5186b
vm: qubes-yum-proxy service ( #568 )
...
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).
It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:11:43 +02:00
Marek Marczykowski
542cd42d04
vm/spec: remove executable perm where not needed
2012-05-31 03:11:43 +02:00
Marek Marczykowski
be05968bd1
vm/spec: fix /etc/hosts if it was broken by previous version
2012-05-08 23:44:07 +02:00
Marek Marczykowski
bd8977c824
vm: notify dom0 when updates available in VM ( #475 )
2012-05-02 00:09:00 +02:00
Marek Marczykowski
4401c3e525
vm/init.d: make firewall and netwatcher service consistent with systemd
2012-03-09 01:50:18 +01:00
Marek Marczykowski
c3ee25ef10
vm/mimeopen: save mimetype defaults for DispVM ( #423 )
2012-02-06 19:08:08 +01:00
Marek Marczykowski
431e350ffe
vm/spec: fix file permissions
2012-02-06 12:58:02 +01:00
Marek Marczykowski
f3e187f672
vm/spec: do not complain about missing serial.conf
2012-01-30 14:22:35 +01:00
Marek Marczykowski
85e6704037
vm/network: symlink NetworkManager system-connection to /rw ( #425 )
...
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
2012-01-30 14:20:02 +01:00
Marek Marczykowski
5ec2c4c4bb
vm/spec: hide diagnostics from systemctl
2012-01-18 17:24:04 +01:00
Marek Marczykowski
1a71d29cd4
vm: enable qubes-firewall ( #424 )
2012-01-18 13:37:31 +01:00
Marek Marczykowski
0e1278205c
spec: fix build order
2012-01-15 17:36:22 +01:00
Marek Marczykowski
33f50950ec
vm/systemd: enable ntpd and NetworkManager services
2012-01-14 01:40:54 +01:00
Marek Marczykowski
4a73aa5da6
vm/systemd: add some package requirements according to Fedora documentation
2012-01-14 01:40:10 +01:00
Marek Marczykowski
9129f74603
vm: disable some autostart applications
2012-01-14 01:39:43 +01:00
Marek Marczykowski
d3e1bf36bf
vm: disable silent automatic update *installation* in FC15 ( #415 )
...
Do not silently download and install updates, especially in NonUpdateableVM.
2012-01-14 01:37:22 +01:00
Marek Marczykowski
5e0cde15de
vm/init: introduce SystemD startup scripts
2012-01-10 12:10:16 +01:00
Marek Marczykowski
5573200c9d
vm/spec: split SysV init scripts into separate subpackage
2012-01-10 12:09:09 +01:00
Marek Marczykowski
a25d3be356
vm/spec: add Obsoletes header for smooth upgrade
2012-01-10 11:23:27 +01:00
Marek Marczykowski
240d35259f
vm(+dom0): major rearrage VM files in repo; merge core-*vm packages
2012-01-06 21:31:12 +01:00
Marek Marczykowski
65b6675ca1
vm: disable cron also using systemctl
...
This is needed for FC15
2011-12-30 23:53:46 +01:00
Marek Marczykowski
324ad2aa0d
vm/qvm-block: do not disable qubes block udev rules ( #393 )
2011-12-26 21:01:31 +01:00
Marek Marczykowski
fae04af662
vm/yum-repo: Use $releasever in repo definition
...
Instead of multiple files with only release version different.
2011-12-12 03:35:22 +01:00
Marek Marczykowski
f3a58eb19b
vm/spec: more precise blacklisting updates of xorg ( #381 )
2011-12-05 13:50:07 +01:00
Marek Marczykowski
b6100594f5
dom0+vm/qvm-block: automatically detach device when physical dev removed ( #226 )
...
This will work when device is unmounted. On mounted device backend will be
removed (after 3s timeout), but frontend will left in "closing" state - manual
'xl block-detach' will be needed.
2011-09-30 10:42:56 +02:00
Marek Marczykowski
012dc63c53
dom0+vm: expose block devices info in xenstore ( #226 )
2011-09-29 13:56:06 +02:00
Marek Marczykowski
0b746bbf70
vm: minor fixes for Fedora 15
...
1. create /var/run/qubes as /var/run is now on tmpfs
2. if system-d is present - use it to disable NetworkManager
2011-09-27 01:37:09 +02:00
Marek Marczykowski
e09290b82b
vm/spec: do not use chown in %install - it will not work as unprivileged user
2011-09-25 15:18:48 +02:00
Marek Marczykowski
bdf407b716
dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh
...
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
2011-09-15 00:18:56 +02:00
Joanna Rutkowska
ed19fc87f9
vm: update symlinks in Nautilus Scripts menu
...
This is important for older templates that got upgraded to new core packages,
which renamed some of the tools by removing the '2' suffix.
2011-09-14 19:32:47 +02:00
Marek Marczykowski
766183da60
vm: automatically online added memory
...
This is needed to increase memory size above initial value on pvops kernel.
Should not harm xenlinux version.
2011-09-06 01:12:21 +02:00
Marek Marczykowski
1642d97fa5
vm: get rid of "2" from qvm-* names ( #340 )
2011-09-03 17:12:24 +02:00
Rafal Wojtczuk
890030354d
qvm-open-in-*: recognize when the parameter is an url
...
and wrap it in html meta refresh tag, so that it will be opened by
the default browser.
2011-08-29 17:27:48 +02:00
Rafal Wojtczuk
1a24c19702
qrexec: implement qvm-run command for AppVMs
...
It is build upon qrexec2, qubes.VMShell command. So, in order to e.g.
start firefox in a fresh dispVM, do
qvm-run '$dispvm' firefox http://www.qubes-os.org
2011-08-29 16:46:44 +02:00
Joanna Rutkowska
310c137f25
vm: Fix modules blacklisting
2011-07-30 11:30:21 +02:00
Joanna Rutkowska
9b515d41d6
vm: Blacklist unnecessary packge updates
2011-07-30 11:15:47 +02:00
Marek Marczykowski
f56a993b84
vm: move dom0-updates dir to core-appvm package ( #198 )
...
At core-commonvm installation stage "user" can no exists.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
382dafb6cd
vm: Split updates check and download into separate scripts ( #198 )
2011-07-17 01:20:13 +02:00
Marek Marczykowski
f1321e0904
Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core
2011-07-09 16:52:54 +02:00
Marek Marczykowski
626bd1568a
vm: fix udev rules for VM network hotplug
2011-07-09 16:52:51 +02:00
Rafal Wojtczuk
dc33f0c9a7
qrexec: adjust DispVM code to the new qrexec API
...
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b87da183ce
qrexec: adjust intervm file copy code to the new qrexec API
2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
b5d30a9d54
qrexec: last two missing pieces of the new rpc infrastructure
2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
dde44ee6ef
qrexec: add qrexec_client_vm.c
2011-07-05 11:03:31 +02:00
Marek Marczykowski
508a39cbb0
vm: Load evtchn module by script in /etc/sysconfig/modules
2011-07-02 19:11:15 +02:00
Marek Marczykowski
b6f036caf2
dom0+vm: Update VM kernel mechanism ( #242 )
...
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel
For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f564a4d143
dom0+vm: Tools for downloading dom0 update by VM ( #198 )
...
Mainly 4 parts:
- scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
- VM script for downloading updates (qubes_download_dom0_updates.sh)
- qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
- qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer
Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
31f0308d45
dom0+vm: Trigger appmenus sync after yum transaction ( #45 ), NEW QREXEC COMMAND
...
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
2011-06-12 01:46:24 +02:00
Marek Marczykowski
60b86de2ca
vm: add -qubes suffix to xenstore-watch to not conflict with xen standard tool
2011-06-07 15:58:55 +02:00
Marek Marczykowski
868fd1f431
vm: Remove root password to allow easy escalation from UI application ( #202 )
...
Ex. gpk-application needs this to work properly while running from user. When
root password is set - polkit-daemon asks for it (according to polkit setting).
2011-05-12 19:15:24 +02:00
Marek Marczykowski
59071d87b9
Revert "Run nm-applet as normal user"
...
This reverts commit 2f5b6e6582e71630193d0098d4cc60db019e1e9b.
Dbus policy hacking not needed any more. ConsoleKit session is correctly started.
2011-04-29 02:32:55 +02:00
Marek Marczykowski
59da079f22
Configure VM network iface on attach (not only on boot) ( #190 )
2011-04-23 02:31:54 +02:00
Tomasz Sterna
705a66af63
We do not want to have StandaloneVM and UtilityVM types.
2011-04-20 00:56:58 +02:00
Tomasz Sterna
611914da15
Disable unnecessary Upstart, Init and XDG Autostart serices. #209
...
Move unneded /etc/init/*.conf services to /etc/init/*.conf.disabled.
Start CUPS only in AppVM and UtilityVM.
Start XDG Autostart applications only in domains that makes sense for them.
2011-04-19 00:11:45 +02:00
Marek Marczykowski
d821bef43b
Create ~/.local/share dir, as gnote requires it.
2011-04-10 22:12:04 +02:00
Marek Marczykowski
e2b31f8298
Run nm-applet as normal user
...
Configuration for D-Bus policy and PolicyKit to allow this.
2011-04-07 14:11:00 +02:00
Marek Marczykowski
9ed7721fc4
Disable gpk-update-icon autostart
2011-04-07 12:40:19 +02:00
Marek Marczykowski
0cf1658c65
Revert password removal for root and user
...
It will require some additional work with ConsoleKit...
2011-04-07 12:39:10 +02:00
Marek Marczykowski
a4b724fdab
Remove passwords prompts for user and root ( #202 )
2011-04-06 23:04:42 +02:00
Joanna Rutkowska
44cfc0d2ef
Use different repo files depending on %{dist} tag ( #197 )
2011-04-06 13:59:43 +02:00
Joanna Rutkowska
21e0c9d3f7
commonvm: Update repo info, use local RPM keys
2011-04-04 11:27:48 +02:00
Joanna Rutkowska
7465a697a6
Add qvm-copy-to-vm2.gnome to core-appvm rpm
2011-03-31 13:35:36 +02:00
Joanna Rutkowska
b488ab0055
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-03-31 13:30:05 +02:00
Marek Marczykowski
267331bab6
Stop only NM on suspend. ( #146 )
...
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
2011-03-31 00:19:41 +02:00
Joanna Rutkowska
0eea01812c
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-30 17:37:49 +02:00
Rafal Wojtczuk
2be3267726
Implemented console qvm-copy-to-vm
...
It waits for the copy to finish, and is capable of killer
progress indicator.
2011-03-30 17:25:57 +02:00
Rafal Wojtczuk
0e7bd73d22
Renamed qvm-copy-to-vm2 to qvm-trigger-copy-to-vm
...
The new name describes the task of the script better.
2011-03-30 16:48:48 +02:00
Rafal Wojtczuk
1eee3cc505
core-appvm.spec: create /home/user/.gnome2/nautilus-scripts
...
And symlinks in it that will be visible in "scripts" context
menu of nautilus.
2011-03-30 12:37:47 +02:00
Joanna Rutkowska
994899e6af
Add BuildRequires: xen-devel
2011-03-29 11:02:29 +02:00
Rafal Wojtczuk
3ed985d220
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge
2011-03-28 17:28:24 +02:00
Tomasz Sterna
4b3d17c15a
Create needed NetworkManager.conf in netvm. #94
...
Also fixed qubes_fix_nm_conf.sh script.
2011-03-26 11:33:04 +01:00
Marek Marczykowski
6c2a6d4d4d
Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core
2011-03-24 16:43:13 -04:00
Rafal Wojtczuk
81257fff75
Removed obsolete code, in appvm.
2011-03-24 17:13:21 +01:00
Joanna Rutkowska
d472c82c18
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-24 11:51:43 +01:00
Rafal Wojtczuk
bf4b128fba
Create a separate package with libraries.
2011-03-24 11:39:44 +01:00
Joanna Rutkowska
6de5f11e41
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-24 10:17:15 +01:00
Rafal Wojtczuk
8da0ae3918
One more build order fix.
2011-03-24 10:03:39 +01:00
Rafal Wojtczuk
a45b9b4835
Enable build on non-appvm.
2011-03-23 17:47:35 +01:00
Joanna Rutkowska
452cb48b1f
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-03-23 17:15:15 +01:00
Rafal Wojtczuk
3cd2af60f5
Move libs and /var/run/qubes out of qubes-netvm
...
They are already in core-appvm package.
2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
6a5262be42
move qrexec_agent out of core-netvm.spec
...
It is already in core-appvm.
2011-03-23 11:46:53 +01:00