Commit Graph

461 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
f4be704ac0
Ship Qubes 4.0 repository definition and keys 2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
2a117548b6
Ship grub configuration
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.

QubesOS/qubes-issues#2577
2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
67f8e9e985
rpm,deb: fix dependencies
1. Cannot Recommend: nftables, as Debian jessie doesn't have it.
2. gsettings tool is in glib, not dconf
2017-06-10 23:15:22 +02:00
Marek Marczykowski-Górecki
7da4ed7d64
Switch qubes.UpdatesProxy to socat
- there are many netcat versions (openbsd, nmap, ...), which behave
 differently - especially while handling EOF
 - Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
   good)

QubesOS/qubes-issues#1854
2017-06-10 23:11:01 +02:00
Marek Marczykowski-Górecki
422f03e9ac
Add qubes.VMRootShell service
It is the same as qubes.VMShell - the actual difference is in qrexec
policy, which contains 'user=root' option.

QubesOS/qubes-issues#2572
2017-06-09 23:06:09 +02:00
Marek Marczykowski-Górecki
000a93e001
rpm,deb: split qrexec-agent into separate subpackage
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.

QubesOS/qubes-issues#2771
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
58d21f095f
Remove old vusb scripts
This is unused for a long time (since we've moved to USBIP).
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
32915fe126
deb,rpm: split passwordless root access configs into separate package
Make passwordless root access optional - ease integration qrexec
authorization for sudo.

QubesOS/qubes-issues#2695
2017-06-08 22:11:36 +02:00
Marek Marczykowski-Górecki
8af88d5e3a
rpm: drop dependency on desktop-notification-daemon
It should really be in template builder script, or better: meta-package.

QubesOS/qubes-issues#2572
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
db066888e1
Adjust dependencies for clean upgrade
When a file is moved to other package, the new package needs Replaces:
and Breaks: dependecies on old package. Otherwise dpkg will refuse to
change file ownership.

QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
c8e2c69145
rpm: integrate documentation into main package
QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
7e608a8bb4
Remove DisposableVM savefile related files
In Qubes 4.0 we no longer use two-stage DisposableVM startup.
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
3e7a45b4ac
Split network-related files to -networking and -network-manager packages
This will save a lot of dependencies if networking is not needed in VMs
based on given template. Thanks to updates proxy over qrexec, template
itself do not need to have network configured too.

QubesOS/qubes-issues#2771
2017-06-08 22:11:34 +02:00
Marek Marczykowski-Górecki
3940918c61
rpm: make file list more verbose to ease splitting the package
QubesOS/qubes-issues#2771
2017-06-07 10:15:27 +02:00
Marek Marczykowski-Górecki
72b9f389b2
Split dom0-updates handling into subpackage
In Fedora it makes little sense, but in Debian it allows to avoid a lot
of dependencies. So split in both, to keep it simple.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
f9fd7a1673
Rename qubes-nautilus to qubes-core-agent-nautilus
Again, this will make it easier to reason about package origin.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
029d207311
rpm: rename qubes-core-vm to qubes-core-agent
Rename it to match repository name and the same package in Debian.

QubesOS/qubes-issues#2771
2017-06-07 10:15:21 +02:00
Marek Marczykowski-Górecki
8694931665
Implement qubes.PostInstall service
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.

Fixes QubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
2017-05-26 05:25:30 +02:00
Marek Marczykowski-Górecki
b49ae50ad5
Implement qrexec-based connection to updates proxy
Configure package manager to use 127.0.0.1:8082 as proxy instead of
"magic" IP intercepted later. The listen on this port and whenever
new connection arrives, spawn qubes.UpdatesProxy service call (to
default target domain - subject to configuration in dom0) and connect
its stdin/out to the local TCP connection. This part use systemd.socket
unit in case of systemd, and ncat --exec otherwise.

On the other end - in target domain - simply pass stdin/out to updates
proxy (tinyproxy) running locally.

It's important to _not_ configure the same VM to both be updates proxy and
use it. In practice such configuration makes little sense - if VM can
access network (which is required to run updates proxy), package manager
can use it directly. Even if this network access is through some
VPN/Tor. If a single VM would be configured as both proxy provider and
proxy user, connection would loop back to itself. Because of this, proxy
connection redirection (to qrexec service) is disabled when the same VM
also run updates proxy.

Fixes QubesOS/qubes-issues#1854
2017-05-26 05:25:29 +02:00
Marek Marczykowski-Górecki
f9d6ff89bc
Rename qvm-run to qvm-run-vm
Avoid conflict with qvm-run from qubes-core-admin-client package.
2017-05-23 02:55:31 +02:00
Marek Marczykowski-Górecki
42bc93d8fd
Revert "fedora,debian: update python3-daemon dependency"
This reverts commit 7d8218a1d4.
Follow revert "firewall: switch to python 3"
2017-05-21 02:01:59 +02:00
Marek Marczykowski-Górecki
33da315e17
Revert "firewall: switch to python 3"
This reverts commit 5dfcf06ef4.

python3-daemon isn't widespread enough yet - for Debian jessie available
only in packports.

In addition to the revert itself, adjust packaging for this change
(mostly for Debian).
2017-05-21 02:01:47 +02:00
Marek Marczykowski-Górecki
5047fd9288
debian,fedora: split nautilus integration into separate package
This will allow to avoid a lot of dependencies on minimal template.

QubesOS/qubes-issues#2816
QubesOS/qubes-issues#2771
2017-05-21 01:52:23 +02:00
Marek Marczykowski-Górecki
89183e9944
Ask for target VM for file-copy in dom0
This way:
 - VM prompt do know VM list, the list may be filtered based on policy
 - source VM don't learn name of target VM

Fixes QubesOS/qubes-issues#910
2017-05-20 15:53:03 +02:00
Marek Marczykowski-Górecki
2b76373abc
Remove duplicated 'close' button from titlebar of gnome applications
Dom0 enforce decorations which already contain close button.

Thanks @dzklaim for the solution.
Fixes QubesOS/qubes-issues#2813
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
7d8218a1d4
fedora,debian: update python3-daemon dependency
qubes-firewall script now use python3.
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
ce70887a57
Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00
Marek Marczykowski-Górecki
abf9a5aa43
Apply gschema overrides also to debian, rename according to guidelines
glib-compile-schemas recommend naming override files with nn_ prefix,
where nn is a number. Lets use 20, to allow both higher and lower
priority files.

QubesOS/qubes-issues#1108
2017-05-20 13:47:05 +02:00
Marek Marczykowski-Górecki
5dfcf06ef4
firewall: switch to python 3 2017-05-20 13:20:08 +02:00
Marek Marczykowski-Górecki
22e261f909
Add qubes.StartApp service
A simple service to start application described in .desktop file.
This way, dom0 can completely ignore VM-originated Exec= entry.
2017-05-20 03:48:02 +02:00
Marek Marczykowski-Górecki
d6f305106c
rpm: don't "append" to not existing /etc/yum.conf
When /etc/yum.conf is not present (yum-deprecated not installed), don't
try to append to it. It would result in invalid configuration file -
without any section header, and break yum when installed later.
2017-05-15 03:09:45 +02:00
Marek Marczykowski-Górecki
ee0255b385
debian,fedora: drop gnome-packagekit from dependencies
We don't use it currently - xterm with console updater is used by
default.
2017-04-24 00:17:34 +02:00
Marek Marczykowski-Górecki
d8e568fa13
systemd: place user dropins in /usr/lib instead of /lib
On non-Fedora those are not equivalent. On Debian, user units in /lib
are not supported

Reported by @adrelanos
Fixes QubesOS/qubes-issues#2644
2017-02-21 01:37:24 +01:00
Manuel Amador (Rudd-O)
6ca10b42eb Initialize home_volatile for disposable VMs. 2016-11-13 21:20:46 +00:00
Marek Marczykowski-Górecki
1c42a06238
network: integrate vif-route-qubes-nat into vif-route-qubes
Since 'script' xenstore entry no longer allows passing arguments
(actually this always was a side effect, not intended behaviour), we
need to pass additional parameters some other way. Natural choice for
Qubes-specific script is to use QubesDB.
And since those parameters are passed some other way, it is no longer
necessary to keep it as separate script.

Fixes QubesOS/qubes-issues#1143
2016-10-31 00:40:32 +01:00
Marek Marczykowski-Górecki
3131bb6135
Merge remote-tracking branch 'origin/pr/24' into core3-devel
* origin/pr/24:
  network: add vif-route-qubes-nat for IP address anonymization
2016-10-29 14:42:50 +02:00
Manuel Amador (Rudd-O)
251ecbd529 Clean up specfile unit activation aspect.
Up until today, Qubes OS would insist on either masking or disabling
or activating units that should get their state properly changed
but only on first package install (when the template is built).

This commit adds the possibility of having two types of unit presets:

* Initial presets: these are only changed state during first package
  installs.
* Upgrade presets: these get their state changed during first
  package installs as well as during upgrades.

All the maintainer has to do is abide by the instructions in the
preset file.  Nothing else is necessary.

Namely, this allows users to enable SSHD on their templates or
standalone VMs and still keep it enabled even after the
qubes-core-vm-systemd package is upgraded.

Matt really wanted that, and so did I, so now we can do it!

:-)
2016-10-28 08:35:36 +00:00
Manuel Amador (Rudd-O)
d15696ebef Fix VM settings running while / is readonly. 2016-10-28 05:21:40 +00:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Marek Marczykowski-Górecki
e73d662bf1
Configure NetworkManager to keep /etc/resolv.conf as plain file
Do not use a symlink there, as it will be left after NetworkManager
shutdown - as a broken link then

Fixes QubesOS/qubes-issues#2320
Reported by Achim Patzner <noses@noses.com>
2016-09-15 01:26:35 +02:00
Marek Marczykowski-Górecki
2c8fe644f3
network: remove qubes-netwatcher
This tool/service is obsolete for a long time (it does nothing on R3.0
and later).
2016-09-12 05:58:26 +02:00
Marek Marczykowski-Górecki
ee0a292b21
network: rewrite qubes-firewall daemon
This rewrite is mainly to adopt new interface for Qubes 4.x.
Main changes:
 - change language from bash to python, introduce qubesagent python package
 - support both nftables (preferred) and iptables
 - new interface (https://qubes-os.org/doc/vm-interface/)
 - IPv6 support
 - unit tests included
 - nftables version support running along with other firewall loaded

Fixes QubesOS/qubes-issues#1815
QubesOS/qubes-issues#718
2016-09-12 05:22:53 +02:00
Marek Marczykowski-Górecki
b50cba3f2c
Add qubes.ResizeDisk service to adjust filesystem size
Do this using qubes rpc service, instead of calling resize2fs directly
by dom0.
2016-08-17 21:47:22 +02:00
Marek Marczykowski-Górecki
779414d216
Merge remote-tracking branch 'woju/master' into core3-devel
* woju/master:
  misc: add qvm-features-request
2016-08-17 21:28:37 +02:00
Marek Marczykowski-Górecki
76e12cae2d
Rename qubes.xdg python module to qubesxdg
Do not interfere with 'qubes' module.

QubesOS/qubes-issues#1813
2016-08-17 21:27:28 +02:00
HW42
7c15b9b0ea
systemd: remove obsolete symlinks with rm instead of systemctl
The systemctl in Debian unstable fails when trying to disable a removed
service. The manpage do not mention a switch to change this behaviour.
But it says:

  Note that this operation creates only the suggested symlinks for
  the units. While this command is the recommended way to manipulate
  the unit configuration directory, the administrator is free to make
  additional changes manually by placing or removing symlinks in the
  directory.

So a simple rm should be fine.
2016-07-28 21:54:50 +02:00
HW42
5ab7e80306
systemd: fix qubes-mount-home path in cleanup script 2016-07-28 21:54:38 +02:00
Marek Marczykowski-Górecki
ed434ad63f
systemd: include tor-disabling drop-ins in the package
QubesOS/qubes-issues#1625
2016-07-27 05:19:47 +02:00
Marek Marczykowski-Górecki
90be5be630
systemd: cleanup removed services
Fixes QubesOS/qubes-issues#2192
2016-07-27 05:19:46 +02:00
Marek Marczykowski-Górecki
f4d53fb7e6
Include Qubes Master Key in the VM template
It is useful to verify other qubes-related keys.

Fixes QubesOS/qubes-issues#1614
2016-07-17 04:26:01 +02:00
Marek Marczykowski-Górecki
65f0b26600
systemd: plug random seed loading into systemd-random-seed
Reuse its dependencies to make sure it is loaded early enough.

Reported by @adrelanos
Fixes QubesOS/qubes-issues#1761
2016-07-17 04:26:01 +02:00
Marek Marczykowski-Górecki
10cadc58a0
Revert "systemd: preset xendriverdomain on update"
This doesn't help when xen update is installed after this one. So, deal
with it in xen %post itself.
This reverts commit f2257e1e3b.

QubesOS/qubes-issues#2141
2016-07-16 01:37:12 +02:00
Marek Marczykowski-Górecki
4996dd7609
rpm: fix misleading systemd warnings during upgrade
systemctl preset output lengthy warning when trying to operate on
non-existing unit. This preset action is meant to disable unit, so it's
even better it doesn't exists.
2016-07-13 22:13:17 +02:00
Marek Marczykowski-Górecki
f2257e1e3b
systemd: preset xendriverdomain on update
Make sure it is enabled, regardless of update installation order.
2016-07-13 21:48:42 +02:00
Wojtek Porczyk
5261f936b2 misc: add qvm-features-request
This tool is used to request features from template.

QubesOS/qubes-issues#1637
2016-06-13 14:19:00 +02:00
Marek Marczykowski-Górecki
4cb4d656c4
Cleanup R3.1->R3.2 transitional package 2016-05-18 23:42:17 +02:00
Marek Marczykowski-Górecki
19921274e1
Implement qubes.OpenURL service instead of wrapping URLs in HTML
This have many advantages:
 - prevent XSS (QubesOS/qubes-issues#1462)
 - use default browser instead of default HTML viewer
 - better qrexec policy control
 - easier to control where are opened files vs URLs

For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.

QubesOS/qubes-issues#1462
Fixes QubesOS/qubes-issues#1487
2016-05-18 01:32:54 +02:00
Marek Marczykowski-Górecki
7301a898a1
qubes.SuspendPreAll and qubes.SuspendPostAll services
Those services are called just before/after host suspend.

Thanks @adrelanos for help.
Fixes QubesOS/qubes-issues#1663
2016-03-15 23:33:11 +01:00
Marek Marczykowski-Górecki
b1731c2768
rpm: Add bind-dirs.sh to spec file 2016-03-14 16:23:11 +01:00
Marek Marczykowski-Górecki
dca5265958
qubes-open: switch from mimeopen to xdg-open
xdg-open is more robust in choosing default application for particular
file type: it supports fallback if the preferred application isn't
working, and most importantly it support system-wide defaults
(/usr/share/applications/defaults.list,
 /usr/share/applications/mimeapps.list), so no "random" application is
chosen.

By default xdg-open tries to use environment-specific tool, like
gvfs-open - which isn't good for us, because many such tools do not wait
for editor/viewer termination. That would mean that DisposableVM would
be destroyed just after opening the file.
To avoid such effect, we set DE=generic.

Fixes QubesOS/qubes-issues#1621
2016-02-02 03:28:34 +01:00
Marek Marczykowski-Górecki
0211ea5d1d
Move opening file viewer/editor into separate shell script
No functional change.

This will make it easier to switch the tool (without recompiling
vm-file-editor), or even use differrent tools depending on some
conditions.

QubesOS/qubes-issues#1621
2016-02-01 12:17:15 +01:00
Marek Marczykowski-Górecki
d4c238c45e
Unload USB controllers drivers in USB VM before going to sleep
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.

Fixes QubesOS/qubes-issues#1565
2016-01-11 19:34:10 +01:00
Marek Marczykowski-Górecki
2478cb5c05
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529
2015-12-23 02:04:26 +01:00
Marek Marczykowski-Górecki
181c15f422
updates-proxy: explicitly block connection looping back to the proxy IP
Explicitly block something like "curl http://10.137.255.254:8082" and
return error page in this case. This error page is used in Whonix to
detect if the proxy is torrified. If not blocked, it may happen that
empty response is returned instead of error. See linked ticket for
details.

Fixes QubesOS/qubes-issues#1482
2015-12-04 14:57:07 +01:00
Marek Marczykowski-Górecki
a11897a1d0
Revert "network: use drop-ins for NetworkManager configuration (#1176)"
Apparently unmanaged devices are loaded only from main
NetworkManager.conf. Exactly the same line pasted (not typed!) to main
NetworkManager.conf works, but in
/etc/NetworkManager/conf.d/30-qubes.conf it doesn't.
BTW There was a typo in option name ("unmanaged_devices" instead of
"unmanaged-devices", but it wasn't the cause).

This reverts commit 6c4831339c.

QubesOS/qubes-issues#1176
2015-11-28 17:43:15 +01:00
Olivier MEDOC
fa081f1dd9 rpm_spec: declare InstallUpdateGUI qrexec_service 2015-11-17 09:46:16 +01:00
Marek Marczykowski-Górecki
69bb71bea0
updates-proxy: disable filtering at all
Since this proxy is used only when explicitly configured in application
(package manager), there is no point in worrying about user
_erroneously_ using web browser through this proxy. If the user really
want to access the network from some other application he/she can always
alter firewall rules for that.

Fixes QubesOS/qubes-issues#1188
2015-11-15 03:57:51 +01:00
Marek Marczykowski-Górecki
13c9149b6c
Use improved update-notify script also in Fedora
Among other things this also fixes build failure - those scripts were
installed but not listed in spec file.

Actual check doesn't perform 'apt-get update', so do that when running
"standalone" (not as a hook from 'apt-get').

QubesOS/qubes-issues#1066
2015-11-13 05:28:47 +01:00
Marek Marczykowski-Górecki
3324307ee2
Merge remote-tracking branch 'origin/pr/46'
* origin/pr/46:
  No longer start /etc/init.d/tinyproxy by default anymore.
2015-11-11 16:04:40 +01:00
Patrick Schleizer
5d6cf722a8
No longer start /etc/init.d/tinyproxy by default anymore.
But allow users to re-enable it through qubes-service framework.
/var/run/qubes-service/tinyproxy

Thanks to @marmarek for helping with this fix!

https://github.com/QubesOS/qubes-issues/issues/1401
2015-11-11 14:57:36 +00:00
Marek Marczykowski-Górecki
e2ab963a27
Minor improvements to packaging (based on rpmlint)
There is much more to fix, but lets start with low hanging fruits.
2015-11-11 15:19:43 +01:00
Marek Marczykowski-Górecki
2a589f2c20
updates-proxy: use separate directory for PID file
And also use systemd-tmpfiles for that directory creation.

Fixes QubesOS/qubes-issues#1401
2015-11-11 05:57:57 +01:00
Marek Marczykowski-Górecki
164387426b
Bump qubes-utils version requirement
Those commits needs updated qubes-utils:
823954c qrexec: use #define for protocol-specified strings
5774c78 qfile-agent: move data handling code to libqubes-rpc-filecopy

QubesOS/qubes-issues#1324
QubesOS/qubes-issues#1392
2015-11-11 05:25:17 +01:00
Marek Marczykowski-Górecki
7cca1b23ee
Get rid of qubes-core-vm-kernel-placeholder
Since /lib/modules is not mounted read-only anymore (only a selected
subdirectory there), it is no longer required to prevent kernel package
installation. Even more - since PV Grub being supported, it makes sense
to have kernel installed in the VM.

QubesOS/qubes-issues#1354
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
ba28c9f140
fedora: do not require/use yum-plugin-post-transaction-actions in F>=22
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
b6cfcdcc6f
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
074309e6a3
dracut: disable hostonly mode
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.

QubesOS/qubes-issues#1354
2015-11-10 16:36:00 +01:00
Olivier MEDOC
0c33c73b8e dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking
Conflicts:
	Makefile
2015-11-07 19:12:30 +01:00
Olivier MEDOC
4b5332081e add DROPINS for org.cups.cupsd systemd files. 2015-11-06 19:36:52 +01:00
Marek Marczykowski-Górecki
c2596a0435
Setup updates proxy in dnf and PackageKit
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
2015-10-30 15:13:56 +01:00
Marek Marczykowski-Górecki
22365369d2
Require new enough qubes-utils package for updated libqrexec-utils
Required by 97a3793 "qrexec: implement buffered write to a child stdin"
2015-10-24 22:25:19 +02:00
Marek Marczykowski-Górecki
457578280b
rpm: remove duplicated entry 2015-10-24 20:54:17 +02:00
Marek Marczykowski-Górecki
92bec3173a
rpm: add /etc/sysctl.d/20_tcp_timestamps.conf
Missing part of previous commit.

QubesOS/qubes-issues#1344
2015-10-24 20:54:07 +02:00
Patrick Schleizer
f063b4a90f
Renamed qubes-mount-home to qubes-mount-dirs.
Renamed qubes-mount-home service and mount-home.sh script to qubes-mount-dirs service and mount-dirs.sh.
Because mount-home.sh also processed /rw/usrlocal.
preparation to fix the following issues:
- upstream bind-directories functionality to Qubes - https://phabricator.whonix.org/T414
- Bind mount /rw/usrlocal -> /usr/local instead of symlink - https://github.com/QubesOS/qubes-issues/issues/1150
- /bin/sync hangs forever in whonix-ws-dvm - https://github.com/QubesOS/qubes-issues/issues/1328
2015-10-15 20:57:43 +00:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
afb70cf040
Add missing R: dconf to hide nm-applet when not used
Without dconf, gsettings uses "memory" backend which isn't saved
anywhere and isn't shared across applications. This makes gsettings
pretty useless.

Fixes QubesOS/qubes-issues#1299
2015-10-10 16:23:47 +02:00
Marek Marczykowski-Górecki
7963fb91c7
systemd: actually enable qubes-random-seed service
QubesOS/qubes-issues#1311
2015-10-10 16:23:46 +02:00
Marek Marczykowski-Górecki
6c4831339c
network: use drop-ins for NetworkManager configuration (#1176)
Do not modify main /etc/NetworkManager/NetworkManager.conf as it would
cause conflicts during updates. Use
/etc/NetworkManager/conf.d/30-qubes.conf instead.
Also remove some dead code for dynamically generated parts (no longer
required to "blacklist" eth0 in VMs - we have proper connection
generated for it). It was commented out for some time already

Fixes QubesOS/qubes-issues#1176
2015-10-06 15:15:26 +02:00
Marek Marczykowski-Górecki
f2222a9b53
Cleanup R3.0->R3.1 transitional package
QubesOS/qubes-issues#1276
2015-10-05 19:06:21 +02:00
Marek Marczykowski-Górecki
8e497bffc0
Merge branch 'qubes-iptables'
Conflicts:
	debian/control
	rpm_spec/core-vm.spec

QubesOS/qubes-issues#1067
2015-10-05 01:47:01 +02:00
Marek Marczykowski-Górecki
2a39adfe0f
Enlarge /tmp and /dev/shm
Initial size of those tmpfs-mounted directories is calculated as 50% of
RAM at VM startup time. Which happen to be quite small number, like
150M. Having such small /tmp and/or /dev/shm apparently isn't enough for
some applications like Google chrome. So set the size statically at 1GB,
which would be the case for baremetal system with 2GB of RAM.

Fixes QubesOS/qubes-issues#1003
2015-10-04 23:07:10 +02:00
Marek Marczykowski-Górecki
c615afb88f
Merge remote-tracking branch 'origin/pr/28'
* origin/pr/28:
  qubes-rpc: fix icon selection using pyxdg and support SVG icons
  qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA

Conflicts:
	qubes-rpc/qubes.GetImageRGBA
	rpm_spec/core-vm.spec
2015-09-28 12:47:49 +02:00
Marek Marczykowski-Górecki
3552bc7e41
rpm: add dbus-python dependency
This package is required by lots of stuff in Fedora anyway, but this
doesn't mean that we can have broken dependencies.
2015-09-28 12:22:19 +02:00
qubesuser
7f9fdc8327 qubes-rpc: fix icon selection using pyxdg and support SVG icons 2015-09-06 22:02:27 +02:00
Marek Marczykowski-Górecki
c8ac55b179 Merge branch 'autostart-dropins'
Conflicts:
	misc/qubes-trigger-desktop-file-install

Fixes qubesos/qubes-issues#1151
2015-09-02 01:16:19 +02:00
qubesuser
2a15863ccb network: add vif-route-qubes-nat for IP address anonymization 2015-08-30 16:27:14 +02:00
Marek Marczykowski-Górecki
4703e3fca7
Remove dynamically generated autostart desktop files
qubesos/qubes-issues#1151
2015-08-27 22:08:04 +02:00
Marek Marczykowski-Górecki
3d06ce1ee9
Implement dropins for /etc/xdg/autostart (#1151)
Usage of _static_ files (dropins) to override some of autostart entries
(enable/disable them in appropriate VM types) is much simpler and less
error prone than automatic generators.

Handling code is implemented in qubes-session-autostart, which is called
from qubes-session.

qubesos/qubes-issues#1151
2015-08-27 22:08:00 +02:00
Marek Marczykowski-Górecki
d710970e4d
Move .desktop launching code to python moules so it can be reused 2015-08-27 22:07:59 +02:00