Commit Graph

2723 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
fed30c1da7
Add dependency on e2fsprogs
It is needed by the startup scripts to create fs on fresh private image.
Otherwise /rw (and thus /home) isn't mounted and user applications fail
to start.

Fixes QubesOS/qubes-issues#4671
2019-01-08 18:14:06 +01:00
Marek Marczykowski-Górecki
b47a61adcf
Make shellcheck happy 2018-12-15 23:45:34 +01:00
Marek Marczykowski-Górecki
b026524ec4
travis: disable "Prefer explicit escaping" shellcheck warning
People are used to using single backslash in grep (grep "\(xxx\)" etc)
and similar context, lets not make it confusing everywhere.
2018-12-15 23:21:10 +01:00
Marek Marczykowski-Górecki
f5ecf46362
travis: switch to xenial
QubesOS/qubes-issues#4613
2018-12-15 17:08:20 +01:00
Bo Rydberg
c9ec752923
Update spelling in setup-rw.sh 2018-12-14 17:07:28 +01:00
Marek Marczykowski-Górecki
7d7f6a3e69
version 4.0.40 2018-12-08 22:44:06 +01:00
Marek Marczykowski-Górecki
1b48bb1af8
Merge branch 'qrexec-notify'
* qrexec-notify:
  qrexec: add startup notification
2018-12-08 22:21:57 +01:00
Marek Marczykowski-Górecki
426f322c58
qrexec: add startup notification
Avoid race conditions with services ordered shortly after qrexec start.
Make systemd know when qrexec-agent is really ready to serve.

Fixes QubesOS/qubes-issues#3985
2018-12-08 12:32:56 +01:00
AJ Jordan
30137c76a4
Add XTerm as a dependency
Qubes Manager's update button fails in strange ways without it.
2018-12-07 01:10:34 -05:00
Marek Marczykowski-Górecki
8216e40007
Merge remote-tracking branch 'origin/pr/141'
* origin/pr/141:
  is_protected_file: if no config dir is present, assume the file is _not_ protected
  /rw/config
  Fix logic bug.
  Allow per-VM protected file list
2018-12-06 17:28:45 +01:00
Marek Marczykowski-Górecki
8ce95f0db1
is_protected_file: if no config dir is present, assume the file is _not_ protected 2018-12-06 14:44:42 +01:00
Marek Marczykowski-Górecki
8d7313b928
Fix updates notification on Fedora 29
Workaround for https://bugzilla.redhat.com/1650446
This caused not clearing updates-available flag after installing updates
in the template.

Fixes QubesOS/qubes-issues#2009
2018-12-05 06:26:25 +01:00
Marek Marczykowski-Górecki
bb28efe628
Fix updates checking on Fedora with dnf
yum wrapper may not be installed anymore

QubesOS/qubes-issues#2009
2018-12-05 05:48:00 +01:00
Marek Marczykowski-Górecki
8995993816
code style fix 2018-12-05 05:46:51 +01:00
Marek Marczykowski-Górecki
d92204e094
Merge remote-tracking branch 'origin/pr/145'
* origin/pr/145:
  Rephrase comment
2018-12-02 16:10:20 +01:00
AJ Jordan
235d44e632
Add quotes to placate ShellCheck 2018-12-01 19:30:07 -05:00
AJ Jordan
0f3b4985c3
Correct size_margin for rootfs resizes
See
https://github.com/QubesOS/qubes-core-agent-linux/pull/146#discussion_r238080117
for details; but tl;dr:

* Journal size is 64M
* Inode table is 256 bytes * 643376 inodes allocated = ~157M
* Reserved GDT blocks take up 1024 blocks * 4096 byte block size = 4M
* Fixed-size parts of the filesystem probably take up another MB or
  two

These actually adds up to more than the 222M number used in this
commit. But it seems _about_ right, so just Ship It(tm).
2018-12-01 18:46:46 -05:00
AJ Jordan
c05310f61c
Revert "Fix root volume size comparison"
This reverts commit 8000e76d43, because
as @marmarek pointed out, the original was correct and I totally
misread. The check in question is checking whether to _abort_, not
whether to continue. So we want to check if the block device size is
_less_ than the filesystem + margin, not more.

Reopens QubesOS/qubes-issues#4553
2018-12-01 16:19:56 -05:00
AJ Jordan
737a65e5e7
Rename variable to be more clear 2018-12-01 00:01:04 -05:00
AJ Jordan
ce78625bec
Remove weird spaces from script output 2018-12-01 00:01:02 -05:00
AJ Jordan
8000e76d43
Fix root volume size comparison
Fixes QubesOS/qubes-issues#4553
2018-12-01 00:00:57 -05:00
AJ Jordan
98a6b60a49
Remove unnecessary quotes 2018-11-30 23:56:13 -05:00
AJ Jordan
bc6c729a82
Simplify block number calculation 2018-11-30 23:46:09 -05:00
AJ Jordan
b85c1cec75
Rephrase comment 2018-11-28 23:25:09 -05:00
Marek Marczykowski-Górecki
4036e50604
version 4.0.39 2018-11-21 03:06:24 +01:00
Rudd-O
03883ece96
/rw/config 2018-11-15 19:08:46 +00:00
Marek Marczykowski-Górecki
c227b8672b
rpm: drop useless circular dependency
qubes-core-agent depends on -qrexec, there is no need for the opposite
dependency. In fact one of the reasons for the package split was to
allow installing just -qrexec package.
2018-11-13 03:44:56 +01:00
Marek Marczykowski-Górecki
3fe42d4a27
rpm, deb: add strict version dependency between qubes-core-agent-* pkgs
Base qubes-core-agent package have common files used by various
subpackages. It is important to update them at the same time, otherwise
for example python stubs in /usr/bin/* (like qubes-firewall) will not
match actual python modules.

Fixes QubesOS/qubes-issues#4499
2018-11-13 03:42:24 +01:00
unman
afaf88f153
make iproute2 a dependency for Debian core-networking 2018-11-08 13:29:33 +00:00
Marek Marczykowski-Górecki
2ab738deb6
version 4.0.38 2018-10-29 01:32:11 +01:00
Rudd-O
3b93db99f8
Fix logic bug. 2018-10-24 08:00:20 +00:00
Rudd-O
1ecb680b44
Allow per-VM protected file list
Hopefully this can be pushed as an update for Qubes 3.2 as well?
2018-10-24 07:32:19 +00:00
Marek Marczykowski-Górecki
914c96c1f1
Merge branch 'advertise-services'
* advertise-services:
  archlinux: no longer need to mangle shebang for python scripts
  Make shebang explicit /usr/bin/python2 where it's still there
  Tell dom0 that VM is running Linux
2018-10-24 01:41:30 +02:00
Marek Marczykowski-Górecki
e8ef22b546
archlinux: no longer need to mangle shebang for python scripts
It's patched to python2 (where applicable) in the original sources.
2018-10-24 00:26:38 +02:00
Marek Marczykowski-Górecki
3b0f80e19f
Make shebang explicit /usr/bin/python2 where it's still there
Both Archlinux and Fedora 29 have guidelines to point explicitly at
/usr/bin/python2 where it expect python2.

Also, do not use env.

Fixes QubesOS/qubes-issues#4027
2018-10-24 00:24:50 +02:00
Marek Marczykowski-Górecki
adfe87ed06
Tell dom0 that VM is running Linux 2018-10-23 23:32:35 +02:00
Marek Marczykowski-Górecki
f604d76ed4
Merge remote-tracking branch 'origin/pr/140'
* origin/pr/140:
  spec: require 'hostname' as newer Fedora as moved out the dependency of initscripts into its network subpackage
2018-10-23 23:21:14 +02:00
Marek Marczykowski-Górecki
8b3e6b0069
Merge remote-tracking branch 'origin/pr/139'
* origin/pr/139:
  Remove qubes-core-agent Debian dependency on xserver Mark xserver, xinit and x11-xserver-utils as Recommends

Fixes QubesOS/qubes-issues#4202
2018-10-23 23:17:59 +02:00
Marek Marczykowski-Górecki
18dde5e877
Advertise supported qubes-services
List everything that can be enabled/disabled with qvm-service.

QubesOS/qubes-issues#4402
2018-10-23 11:02:24 +02:00
Marek Marczykowski-Górecki
d285cbf349
Do not force /bin/sh for /etc/qubes-rpc/qubes.GetAppmenus
Call it as normal executable instead of forcing it through /bin/sh.
Especially when now it have bash shebang.

Fixes QubesOS/qubes-issues#4417
2018-10-22 16:25:51 +02:00
Frédéric Pierret
bf42fe0aef spec: require 'hostname' as newer Fedora as moved out the dependency of initscripts into its network subpackage 2018-10-22 14:44:55 +02:00
unman
9114a3b92d
Remove qubes-core-agent Debian dependency on xserver
Mark xserver, xinit and x11-xserver-utils as Recommends
2018-10-21 13:30:24 +00:00
Marek Marczykowski-Górecki
e3db225aab
vif-route-qubes: \n -> \\n
Make shellcheck happy.
2018-10-15 06:20:32 +02:00
Marek Marczykowski-Górecki
336754426b
Fix iptables-restore race condition in vif-route-qubes
In rare cases when vif-route-qubes is called simultaneously with some
other iptables-restore instance, it fails because of missing --wait (and
recent iptables-restore defaults to aborting instead of waiting
for lock). That other call may be from qubes-firewall or user script.

Related to QubesOS/qubes-issues#3665
2018-10-15 06:20:25 +02:00
Marek Marczykowski-Górecki
5ff462004a
debian: don't create orig.tar.gz manually
Rely on builder-debian doing it. This way it will be reproducible.

QubesOS/qubes-issues#2775
2018-10-13 03:33:18 +02:00
Marek Marczykowski-Górecki
eef5d4a3bb
version 4.0.37 2018-10-10 02:44:11 +02:00
Marek Marczykowski-Górecki
fae277bca0
Merge remote-tracking branch 'origin/pr/137'
* origin/pr/137:
  Voice informational messages in bind-dirs.sh
2018-10-10 00:01:15 +02:00
Marek Marczykowski-Górecki
eb8395dac5
travis: add fc29 2018-10-09 14:54:34 +02:00
Marek Marczykowski-Górecki
0c5b52f467
rpm: fix building on fc29
- add BR: gcc
 - name python2 macros explicitly

QubesOS/qubes-issues#4223
2018-10-09 06:15:48 +02:00
Marek Marczykowski-Górecki
d1f55ffeb8
appmenus: send only persistent appmenus entries, use $XDG_DATA_*
It may be useful to create AppVM-specific menu entries in AppVM itself.
It may be an application installed there (in /usr/local, or using snap
QubesOS/qubes-issues#2766), but it may be also some user custom
shortcut.
To support this, dom0 will accept menu entries also from
TemplateBasedVMs. But to avoid duplicates, qubes.GetAppmenus service
should send only menu entries actually stored in that VM, not inherited
from its template. To distingush them, first check what type of
persistence this VM has (from qubesdb-read /qubes-vm-persistence). If
it's rw-only, send only entries stored on /rw.

To make it more robust, use $XDG_DATA_DIRS and $XDG_DATA_HOME to
discover directories, instead of looking only for
/usr/{,local/}share/applications. This makes snap and flatpak handled
for free.

Fixes QubesOS/qubes-issues#4152
2018-10-09 06:06:58 +02:00