Commit Graph

2486 Commits

Author SHA1 Message Date
Pawel Marczewski
943f37b481
Add qubes-run-gnome-terminal utility that uses --wait 2020-01-27 12:11:48 +01:00
Marek Marczykowski-Górecki
c7060bb97a
Merge remote-tracking branch 'origin/pr/209'
* origin/pr/209:
  firewall: drop INVALID state TCP packets
2020-01-27 05:37:28 +01:00
Marek Marczykowski-Górecki
142e220c7d
Merge remote-tracking branch 'origin/pr/208'
* origin/pr/208:
  Advertise qubes.VMExec support as a feature
  Install faster console scripts for Python code
  Add qubes.VMExec call, for running a single command
2020-01-27 05:36:02 +01:00
Pawel Marczewski
63d8065e4f
firewall: drop INVALID state TCP packets
Packets detected as INVALID are ignored by NAT, so if they are not
dropped, packets with internal source IPs can leak to the outside
network.

See:

https://bugzilla.netfilter.org/show_bug.cgi?id=693
http://www.smythies.com/~doug/network/iptables_notes/

Fixes QubesOS/qubes-issues#5596.
2020-01-24 19:01:00 +01:00
Pawel Marczewski
9db6e4e2cc
Advertise qubes.VMExec support as a feature 2020-01-24 18:45:17 +01:00
Pawel Marczewski
6fb58fdd9c
Install faster console scripts for Python code
Same as in qubes-core-admin.
2020-01-24 18:45:16 +01:00
Pawel Marczewski
738548a8e4
Add qubes.VMExec call, for running a single command
With a VMExecGUI variant that waits for a session.

See QubesOS/qubes-issues#4850.
2020-01-24 18:44:45 +01:00
Marek Marczykowski-Górecki
3c1de3b4f4
Merge remote-tracking branch 'origin/pr/207'
* origin/pr/207:
  qubes-run-terminal: use gnome-terminal --wait, if supported
2020-01-24 01:53:33 +01:00
Pawel Marczewski
6f4d6dc9bb
qubes-run-terminal: use gnome-terminal --wait, if supported
Fixes QubesOS/qubes-issues#4606.
2020-01-23 11:51:56 +01:00
Marek Marczykowski-Górecki
c997008e2f
version 4.1.7 2020-01-17 05:12:04 +01:00
AJ Jordan
52d1051137
Fix typo 2020-01-16 14:12:01 -05:00
Marek Marczykowski-Górecki
3adec4b952
Merge remote-tracking branch 'origin/pr/205'
* origin/pr/205:
  qubes-session-autostart: handle error when reading a directory
2020-01-16 04:25:00 +01:00
Marek Marczykowski-Górecki
d2087c5abf
Merge remote-tracking branch 'origin/pr/203'
* origin/pr/203:
  Added "QubesIncoming" shortcut to Nautilus
2020-01-16 04:24:07 +01:00
Marek Marczykowski-Górecki
f40c4ea9eb
Merge remote-tracking branch 'origin/pr/201'
* origin/pr/201:
  update_connected_ips: set iptables policy to drop while updating
  update_connected_ips: reload nftables using one command
  get_connected_ips: handle empty and missing keys, add tests
  update_connected_ips: correctly handle byte-string
  firewall: fix family / family_name
  qubes-firewall: correctly handle empty connected-ips list
  Update tests for anti-spoofing, add test for the method itself
  Update rule priorities for anti-spoofing
  Update firewall tests
  qubes-firewall: add anti-spoofing rules for connected machines
2020-01-16 04:22:03 +01:00
Pawel Marczewski
22a309d154
qubes-session-autostart: handle error when reading a directory
Fixes QubesOS/qubes-issues#5043.
2020-01-15 11:20:21 +01:00
Pawel Marczewski
e6eee9f4e0
update_connected_ips: set iptables policy to drop while updating 2020-01-14 11:46:23 +01:00
Pawel Marczewski
a12e72b89c
update_connected_ips: reload nftables using one command
Get rid of race condition between flushing the chains
and adding new rules.
2020-01-14 10:46:51 +01:00
Pawel Marczewski
4aace50313
get_connected_ips: handle empty and missing keys, add tests 2020-01-14 10:23:41 +01:00
Pawel Marczewski
e43fd2fc5a
update_connected_ips: correctly handle byte-string 2020-01-14 10:14:00 +01:00
Pawel Marczewski
39885a4329
firewall: fix family / family_name 2020-01-13 16:47:49 +01:00
Marta Marczykowska-Górecka
fd6e551ebe
Added "QubesIncoming" shortcut to Nautilus
A small script will add the QubesIncoming shortcut to Nautilus file pane
on the first use of qvm-copy to a given VM. The shortcut will not be recreated if
deleted.

fixes QubesOS/qubes-issues#2229
2020-01-13 16:45:41 +01:00
Pawel Marczewski
00fbb956b4
qubes-firewall: correctly handle empty connected-ips list 2020-01-13 14:43:05 +01:00
Frédéric Pierret (fepitre)
eac2e79483
travis: switch to dom0 Fedora 31
QubesOS/qubes-issues#5529
2020-01-11 11:38:27 +01:00
Pawel Marczewski
860a07166b
Update tests for anti-spoofing, add test for the method itself 2020-01-10 09:19:40 +01:00
Pawel Marczewski
cd19073d50
Update rule priorities for anti-spoofing 2020-01-10 09:19:32 +01:00
Pawel Marczewski
c1d8d7bce1
Update firewall tests 2020-01-09 18:42:14 +01:00
Pawel Marczewski
bfe31cfec8
qubes-firewall: add anti-spoofing rules for connected machines
qubes-firewall will now blacklist IP addresses from all connected
machines on non-vif* interfaces. This prevents spoofing source or
target address on packets going over an upstream link, even if
a VM in question is powered off at the moment.

Depends on QubesOS/qubes-core-admin#303 which makes admin maintain
the list of IPs in qubesdb.

Fixes QubesOS/qubes-issues#5540.
2020-01-09 18:25:08 +01:00
Marek Marczykowski-Górecki
cc68f165bc
Merge remote-tracking branch 'origin/pr/199'
* origin/pr/199:
  qubes.GetAppmenus: handle home directory properly in case of sudo
  Silence shellcheck
  GetAppmenus: ensure right app directories
2020-01-09 01:38:12 +01:00
Pawel Marczewski
418a5ec6e3
qubes.GetAppmenus: handle home directory properly in case of sudo 2020-01-08 17:05:32 +01:00
Pawel Marczewski
2df17a4790
Silence shellcheck
See https://github.com/koalaman/shellcheck/wiki/SC1090
2020-01-08 10:29:36 +01:00
Marek Marczykowski-Górecki
cf2c91bc79
Merge remote-tracking branch 'origin/pr/200'
* origin/pr/200:
  Make the file copy operation respect default_user
2020-01-08 02:21:59 +01:00
Pawel Marczewski
e78edba725
Make the file copy operation respect default_user
Previously, both file path and username were hardcoded.

Fixes QubesOS/qubes-issues#5385.
2020-01-07 16:54:19 +01:00
Pawel Marczewski
552b6de862
GetAppmenus: ensure right app directories
The script depends on XDG_DATA_DIRS environment variable
being set up correctly, which is not the case when it is
running under sudo. As a result, a post-install trigger
for apt could remove application entries from other sources
(Snap, Flatpak).

Fixes QubesOS/qubes-issues#5477.
2020-01-07 15:45:05 +01:00
Pawel Marczewski
03621e5792
StartApp: remove workaround for .desktop suffix
The workaround is no longer necessary, and it breaks when
the app name itself contains .desktop (such as org.telegram.desktop).

Fixes QubesOS/qubes-issues#5408.
2020-01-07 13:06:57 +01:00
Patrick Schleizer
b20373213d
console=hvc0 must be last
https://github.com/QubesOS/qubes-issues/issues/5490#issuecomment-562263712
2019-12-07 16:56:53 +00:00
Marek Marczykowski-Górecki
1b28fcd4f1
Do not load u2mfn module anymore
It isn't used in Qubes R4.1 anymore

QubesOS/qubes-issues#4280
2019-12-03 13:55:49 +01:00
Jonas DOREL
281d1a5776
Mention Update Proxy in configuration
This makes it easier to understand why this configuration is present.
2019-12-01 13:41:54 +01:00
Marek Marczykowski-Górecki
a279b08e3f
version 4.1.6 2019-11-13 06:06:40 +01:00
Marek Marczykowski-Górecki
01aa61521b
Merge remote-tracking branch 'origin/pr/192'
* origin/pr/192:
  vm-file-editor: drop old wait-for-session mechanism
  qubes.WaitForSession: refactor by waiting for qrexec-fork-server socket
2019-11-13 05:43:55 +01:00
Frédéric Pierret (fepitre)
71ef524dec
vm-file-editor: drop old wait-for-session mechanism 2019-11-11 16:08:28 +01:00
Otto Sabart
b9d3e87438
archlinux: fix proxy setting in XferCommand
Starting from pacman v5.2.0 there is a problem with updating/installing
new packages:

$ pacman -Sy
...
debug: running command: ALL_PROXY=http://127.0.0.1:8082/ /usr/bin/curl -C - -f https://gluttony.sin.cvut.cz/arch/core/os/x86_64/core.db > /var/lib/pacman/sync/core.db.part
warning: running XferCommand: fork failed!
...

The problem is caused by change in pacman "run XferCommand via exec" [0].


Refs.:
- [0] https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee
- [1] https://github.com/QubesOS/qubes-issues/issues/5443
2019-11-04 10:18:20 +01:00
Frédéric Pierret (fepitre)
a44e73900e
qubes.WaitForSession: refactor by waiting for qrexec-fork-server socket 2019-11-02 23:11:32 +01:00
Amadeusz Piotr Żołnowski
8c8666451e
Install qubes-rpc files in Archlinux 2019-10-21 23:00:51 +01:00
Amadeusz Piotr Żołnowski
c104d73a85
Don't clean tilda files in qubes-rpc
These are not created by build system, but by some editors. Developers
should deal with extra files created by theirs editors outside of build
files.
2019-10-21 22:45:36 +01:00
Marek Marczykowski-Górecki
e43e262b2d
Merge remote-tracking branch 'origin/pr/188'
* origin/pr/188:
  Use built-in rules in qubes-rpc makefile
  Ignore build result: tar2qfile
  Remove no longer needed xorg-preload-apps.conf
  Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
2019-10-21 00:45:47 +02:00
Amadeusz Piotr Żołnowski
863c7e130f
Use built-in rules in qubes-rpc makefile
That allows a build system to customize compiler and linker and pass
extra flags to these.

Remove `-g` as default flag and enable it only when `DEBUG` variable is
set.
2019-10-20 09:12:08 +01:00
Amadeusz Piotr Żołnowski
e98d9332fa
Ignore build result: tar2qfile 2019-10-20 09:12:08 +01:00
Amadeusz Piotr Żołnowski
6b0179c107
Remove no longer needed xorg-preload-apps.conf 2019-10-20 09:12:07 +01:00
Amadeusz Piotr Żołnowski
3152c609a9
Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
qubes-rpc has its own Makefile that's responsible for building some
executables. The root Makefile was installing qubes-rpc files. To make
qubes-rpc a bit more indepdent from core-agent root Makefile and to ease
potential maintainer work on packaging qubes-rpc separately, the
installation has been moved to qubes-rpc Makefile. Moreover that should
make the Makefiles easier to read and maintain.
2019-10-20 09:12:07 +01:00
Marek Marczykowski-Górecki
22246c5fdf
Merge remote-tracking branch 'origin/pr/189'
* origin/pr/189:
  travis: switch to bionic
2019-10-20 01:47:39 +02:00