HW42
8a9d2378f6
debian: postinst: use dpkg-divert
...
dpkg-divert is not ideal for config files but should work better than
direct cp/mv.
2015-02-05 01:22:19 +01:00
HW42
4faece9e89
debian: postinst: use systemctl mask
2015-02-05 01:22:19 +01:00
HW42
d7fac08792
debian: fix for QSB #014 requires up to date qubes-utils
2015-02-05 01:22:19 +01:00
Marek Marczykowski-Górecki
490176f180
rpm: add missing R: pygobject3-base
2015-02-05 01:19:33 +01:00
Marek Marczykowski-Górecki
19a4c6d0dd
network: support for not setting DNS and/or default gateway (v2)
...
This patch introduces two new qvm-services:
- disable-default-route
- disable-dns-server
Both disabled by default. You can enable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.
This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C7FB59.2020603%40openmailbox.org
Conflicts:
network/setup-ip
vm-init.d/qubes-core
vm-systemd/qubes-sysinit.sh
2015-01-30 00:52:31 +01:00
Marek Marczykowski-Górecki
9f51c82666
filecopy: fallback to "open(..., 000)" method when /proc inaccessible
...
/proc is needed to link files opened with O_TMPFILE to the filesystem.
If not available, fallback to using permissions to block file access,
instead of failing the whole file copy.
2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
efb79d5784
systemd: allow to start cron daemon ( #909 )
2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
ab637395cb
fedora: reload systemd only once
2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
5590445319
fedora: reduce code duplication in systemd triggers
2015-01-30 00:48:56 +01:00
Olivier MEDOC
898f223cd4
archlinux: align with fedora changes related to imsettings
2015-01-30 00:48:56 +01:00
Olivier MEDOC
a94f1f4111
archlinux: fix new packaging requirements related to sbin, lib64, run ...
2015-01-30 00:48:55 +01:00
Marek Marczykowski-Górecki
4637735882
network: support for not setting DNS and/or default gateway
...
This patch introduces two new qvm-services:
- set-default-route
- set-dns-server
Both enabled by default. You can disable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.
This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C39656.3090303%40openmailbox.org
Conflicts:
network/setup-ip
vm-init.d/qubes-core
vm-systemd/qubes-sysinit.sh
2015-01-30 00:48:55 +01:00
HW42
13bca3d05f
don't ignore asprintf() return value
2015-01-30 00:45:05 +01:00
Marek Marczykowski-Górecki
bc8a6a0a20
fedora: Fix iptables config installation one more time
2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
66620c1005
fedora: Fix iptables config install script
2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
efc7d4d1f2
filecopy: prevent files/dirs movement outside incoming directory during transfer
...
Otherwise, when the user moves directory, which is still in transfer,
somewhere else, it could allow malicious source domain to escape chroot
and place a file in arbitrary location.
It looks like bind mount is just enough - simple rename fails with
EXDEV, so tools are forced to perform copy+delete, which is enough to
keep unpacker process away from new file location.
One inconvenient detail is that we must clean the mount after transfer
finishes, so root perms cannot be dropped completely. We keep separate
process for only that reason.
2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
50b536bee3
fedora: Add security-testing repo definition
...
Conflicts:
misc/qubes-r2.repo
2015-01-30 00:45:02 +01:00
Jason Mehring
546b4c7911
fc21: Remove left-over code comment
2015-01-30 00:43:31 +01:00
Jason Mehring
33d3a6c9ea
fc21: iptables configurations conflict with fc21 yum package manager
...
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2015-01-30 00:43:31 +01:00
Marek Marczykowski-Górecki
0be213200a
network: fix NM config preparation
...
The same variables are reused to configure downlink in ProxyVM, so
create NM config before they got overrided.
Conflicts:
network/setup-ip
2015-01-30 00:43:29 +01:00
Marek Marczykowski-Górecki
b3429b596d
network: set uplink configuration based on MAC (NetworkManager)
2015-01-30 00:39:37 +01:00
HW42
dbd19698b3
debian: remove unneeded acpid dependency
...
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
Conflicts:
debian/control
2015-01-30 00:39:35 +01:00
HW42
6f056486e0
debian: move not strictly required packages to Recommends-Section.
...
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
Conflicts:
debian/control
2015-01-30 00:38:07 +01:00
Marek Marczykowski-Górecki
5bd3080521
Update update-proxy rules for debian security fixes repo
...
The name can be "wheezy/updates".
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
a4ad010a45
debian: fix service name in postinst script
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
c3ef00303f
debian: remove obsolete code from postinst script
...
NetworkManager-dispatcher.service issue seems to be already fixed in
upstream package.
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
45e7cbb2ac
debian: add missing python-gi to dependencies
...
Required for qubes-desktop-run tool.
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
7476eb2f24
debian: fix generation of apt sources list file
...
Use codename, instead of release number.
Conflicts:
Makefile
2015-01-30 00:32:49 +01:00
Marek Marczykowski-Górecki
995c758d14
debian: create tinyproxy as system user
2015-01-30 00:32:09 +01:00
Marek Marczykowski-Górecki
756293ec75
Fix disabling nm-applet when NM is disabled
2015-01-30 00:32:09 +01:00
Marek Marczykowski-Górecki
9130636c88
Merge branch 'debian'
...
Conflicts:
misc/qubes-r2.list.in
misc/qubes-trigger-sync-appmenus.sh
network/30-qubes-external-ip
network/qubes-firewall
vm-systemd/network-proxy-setup.sh
vm-systemd/prepare-dvm.sh
vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski-Górecki
3a0ad108d4
version 3.0.0
2014-11-22 16:24:18 +01:00
Marek Marczykowski-Górecki
1f1a33be21
Disable R3 repos by default
2014-11-20 17:04:36 +01:00
Marek Marczykowski-Górecki
9b71e6db8b
Update repos and keys for Qubes R3
2014-11-20 17:01:10 +01:00
Marek Marczykowski-Górecki
48685938ff
qrexec: register exec function
...
Update for shared libqrexec.so API (instead of statically linked one).
2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
17350f6f69
Use xenstore.h instead of xs.h
2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
b13844afe1
qrexec: new protocol - direct data vchan connections
2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
d84381b87f
code style: replace tabs with spaces
2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
b8588c4856
qrexec: remove dom0 targets from makefile
2014-11-19 15:34:33 +01:00
Marek Marczykowski
d00d52fc31
dispvm: restart qubesdb at DispVM start
...
To connect to new qubesdb daemon in dom0.
2014-11-19 15:34:33 +01:00
Marek Marczykowski
1f04cf34cc
systemd: fix qubes-service handling
...
qubesdb-list does show only list of paths, without values. Use
qubesdb-multiread instead. Path (argument) must have terminating '/' so
it will be cut of printed paths (service names only).
2014-11-19 15:34:33 +01:00
Marek Marczykowski
db35abadc8
Use Qubes DB instead of Xenstore
2014-11-19 15:34:33 +01:00
Marek Marczykowski
a3aab7dab2
rpm: fix typo
2014-11-19 15:34:33 +01:00
Marek Marczykowski
735531a9ba
spec: get backend_vmm from env variable
...
There is no way to pass --define to yum-buildep, but we use VMM name for
required packages names.
2014-11-19 15:34:32 +01:00
Marek Marczykowski
93ad711f4e
load xen-gntalloc module required by libxenvchan
2014-11-19 15:34:32 +01:00
Marek Marczykowski
94f54d6c9f
spec: add dependencies on vchan package (both R: and BR:)
2014-11-19 15:34:32 +01:00
Marek Marczykowski
95839ddab5
Update for new vchan API
2014-11-19 15:34:32 +01:00
Marek Marczykowski-Górecki
ea4eef7de8
network: fix indentation
2014-11-13 23:19:34 +01:00
Jason Mehring
599fad53a2
Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian
2014-11-12 03:41:41 -05:00
Jason Mehring
160bf82583
Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian
2014-11-12 03:40:29 -05:00