Even if update check fails for some reason (network problem, apt-get lock
being held etc), don't mark the service as failed. The update check
mechanism is designed this way to not worry about such single failures
- other VM(s) may still check and report updates availability.
FixesQubesOS/qubes-issues#1889
This doesn't help when xen update is installed after this one. So, deal
with it in xen %post itself.
This reverts commit f2257e1e3b.
QubesOS/qubes-issues#2141
* origin/pr/77:
archlinux: fix update-proxy-configs to use pacman.d drop-ins
archlinux: ensure repositories are the last pacman.d files included
archlinux: Setup default package repository
archlinux: switch to usage of pacman.d drop-ins
systemctl preset output lengthy warning when trying to operate on
non-existing unit. This preset action is meant to disable unit, so it's
even better it doesn't exists.
* qubesos/pr/18:
Enable xendriverdomain.service in 75-qubes-vm.preset
Remove 'if true' wrapper from 06a0d30d50
*Do* block until good random is available again
dvm, then xendriverdomain, then qrexec-agent
Network management software should order itself after network-pre.target
(man 7 systemd.special) so that other units can order themselves before
the *beginning* of network initialization. (qubes-misc-post too because
it calls setup-ip.)
Relevant for QubesOS/qubes-issues#2108
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).
This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.
Related to QubesOS/qubes-issues#1574
This have many advantages:
- prevent XSS (QubesOS/qubes-issues#1462)
- use default browser instead of default HTML viewer
- better qrexec policy control
- easier to control where are opened files vs URLs
For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.
QubesOS/qubes-issues#1462FixesQubesOS/qubes-issues#1487
Files in /var/run/qubes-service are created by qubes-sysinit.service. So
defer that condition check after that service start.
Thanks @adrelanos for the report.
FixesQubesOS/qubes-issues#1985