Olivier MEDOC
0159cd6a77
archlinux: fix pacman.d dropin not activated if pacman.conf does not already contains qubes markers
2017-01-29 15:27:14 +01:00
Olivier MEDOC
8ba584dfb0
Makefile: enforce mode 750 for directories /etc/sudoers.d and /etc/polkit-1/rules.d
2017-01-29 15:01:01 +01:00
Olivier MEDOC
98b4f1f265
archlinux: fix bash syntax errors
2017-01-29 14:34:50 +01:00
Olivier MEDOC
8584290295
archlinux: update installer script to use systemd preset file
2017-01-29 13:55:35 +01:00
Olivier MEDOC
9890ed191a
archlinux: fix lsb_release missing
2017-01-28 21:20:20 +01:00
Lorenzo
f3a44bdd74
Merge branch 'master' of github.com:lorenzog/qubes-core-agent-linux
2017-01-14 22:21:45 +00:00
Lorenzo
f4af5f320a
Shut down after update only if it's a template.
...
As per discussion in
https://github.com/QubesOS/qubes-issues/issues/2555#issuecomment-271415169
Signed-off-by: Lorenzo <lorenzo.grespan@gmail.com>
2017-01-14 22:20:51 +00:00
Lorenzo
ffefce9e25
Shut down after update only if it's a template.
...
As per discussion in
https://github.com/QubesOS/qubes-issues/issues/2555#issuecomment-271415169
2017-01-14 13:11:27 +00:00
Marek Marczykowski-Górecki
41cd218660
travis: drop debootstrap workaround
...
Move to qubes-builder
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2017-01-10 12:12:44 +01:00
Marek Marczykowski-Górecki
bb71ddd8cd
Merge remote-tracking branch 'origin/pr/86'
...
* origin/pr/86:
archlinux: fix community repositories URL
2017-01-04 23:13:57 +01:00
Marek Marczykowski-Górecki
12231dab4a
Merge remote-tracking branch 'origin/pr/85'
...
* origin/pr/85:
comment
2017-01-04 23:13:24 +01:00
Olivier MEDOC
d8599d45ba
archlinux: fix community repositories URL
2016-12-28 09:00:38 +01:00
Marek Marczykowski-Górecki
63e02a1340
Merge remote-tracking branch 'qubesos/pr/32'
...
* qubesos/pr/32:
Copied needed sources to build root
2016-12-25 20:44:17 +01:00
Nicklaus McClendon
d1faba7d03
Copied needed sources to build root
2016-12-25 13:33:39 -05:00
Patrick Schleizer
3cc1a855dc
comment
2016-12-21 00:15:12 +01:00
Andrew David Wong
cc7d3fc925
Update Xen bug count in sudoers comment
...
Closes QubesOS/qubes-issues#2480
2016-12-04 16:29:01 -08:00
Marek Marczykowski-Górecki
fb8c356216
version 3.2.15
2016-12-04 22:39:01 +01:00
Marek Marczykowski-Górecki
a9e7f91ca6
Fix detection of dom0 updates
...
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.
Fixes QubesOS/qubes-issues#2096
2016-12-04 22:37:17 +01:00
Marek Marczykowski-Górecki
bb53619d3d
version 3.2.14
2016-12-04 21:57:10 +01:00
Marek Marczykowski-Górecki
7c18322ffa
Merge remote-tracking branch 'qubesos/pr/27'
...
* qubesos/pr/27:
v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
2016-12-04 21:56:11 +01:00
Marek Marczykowski-Górecki
09870c7d80
travis: drop debootstrap workaround
...
Move to qubes-builder
2016-12-04 21:28:13 +01:00
Rusty Bird
0d243250f2
v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
...
Fixes QubesOS/qubes-issues#2472 from commit
3f600d03fa
2016-12-04 16:50:59 +00:00
Marek Marczykowski-Górecki
41e3d591ef
Merge remote-tracking branch 'qubesos/pr/25'
...
* qubesos/pr/25:
Add systemd override for haveged in xenial and stretch. (#2161 ) Reenable haveged.service after debian package installation
Fixes QubesOS/qubes-issues#2161
2016-11-28 15:02:32 +01:00
Marek Marczykowski-Górecki
938d184ef4
version 3.2.13
2016-11-18 01:59:25 +01:00
Marek Marczykowski-Górecki
a69acdabbf
Merge remote-tracking branch 'qubesos/pr/24'
...
* qubesos/pr/24:
Initialize home_volatile for disposable VMs.
2016-11-17 09:33:02 +01:00
Marek Marczykowski-Górecki
dbcd3e5f0a
Write random seed directly to /dev/urandom
...
Don't store it in some variable, as may contain non-ASCII or control
characters (or starts with '-').
2016-11-17 09:30:49 +01:00
Marek Marczykowski-Górecki
cc2fb303cb
Merge remote-tracking branch 'origin/pr/84'
...
* origin/pr/84:
fix reload_random_seed error handling
2016-11-17 09:30:14 +01:00
unman
58febd6d20
Add systemd override for haveged in xenial and stretch. ( #2161 )
...
Reenable haveged.service after debian package installation
2016-11-14 02:33:20 +00:00
Patrick Schleizer
b1f418ca76
fix reload_random_seed error handling
...
https://github.com/QubesOS/qubes-core-agent-linux/pull/21#pullrequestreview-8302473
2016-11-13 23:37:49 +01:00
Manuel Amador (Rudd-O)
6ca10b42eb
Initialize home_volatile for disposable VMs.
2016-11-13 21:20:46 +00:00
Marek Marczykowski-Górecki
3050852cbb
Prefer powerpill to update Archlinux VM
...
This is the recommended way to connect through update proxy.
2016-11-12 22:30:37 +01:00
Marek Marczykowski-Górecki
6ba1d2ff78
Ask to shutdown the template after performing update
...
Fixes QubesOS/qubes-issues#2431
2016-11-12 22:27:20 +01:00
Marek Marczykowski-Górecki
7fa4115aba
Refactor qubes.InstallUpdatesGUI to reduce code duplication
...
QubesOS/qubes-issues#2431
2016-11-12 22:21:42 +01:00
Jean-Philippe Ouellet
0fb3e503d3
Keep Makefile DRY
2016-11-10 06:49:01 -05:00
Marek Marczykowski-Górecki
24b726a3bf
network: use /32 netmask on internal IPs in NAT providing namespace
...
Use /32 inside network namespace too. Otherwise inter-VM traffic is
broken - as all VMs seems to be in a single /24 subnet, but in fact are
not.
QubesOS/qubes-issues#1143
2016-11-01 00:22:19 +01:00
Marek Marczykowski-Górecki
c8213ea55a
network: properly handle DNS addresses in vif-qubes-nat.sh
...
Core3 no longer reuse netvm own IP for primary DNS. At the same time,
disable dropping traffic to netvm itself because it breaks DNS (as one
of blocked things). This allows VM to learn real netvm IP, but:
- this mechanism is not intended to avoid detection from already
compromised VM, only about unintentional leaks
- this can be prevented using vif-qubes-nat.sh on the netvm itself (so
it will also have hidden its own IP)
QubesOS/qubes-issues#1143
2016-11-01 00:22:08 +01:00
Marek Marczykowski-Górecki
c75b6519c5
network: keep the same MAC on vif interfaces
...
Even when it's veth pair into network namespace doing NAT.
QubesOS/qubes-issues#1143
2016-11-01 00:13:47 +01:00
Marek Marczykowski-Górecki
1c42a06238
network: integrate vif-route-qubes-nat into vif-route-qubes
...
Since 'script' xenstore entry no longer allows passing arguments
(actually this always was a side effect, not intended behaviour), we
need to pass additional parameters some other way. Natural choice for
Qubes-specific script is to use QubesDB.
And since those parameters are passed some other way, it is no longer
necessary to keep it as separate script.
Fixes QubesOS/qubes-issues#1143
2016-10-31 00:40:32 +01:00
Marek Marczykowski-Górecki
696a0918d5
Revert "network: disable proxy_arp"
...
Proxy ARP apparently is still needed for HVMs.
This reverts commit fa8b05a83c
.
Fixes QubesOS/qubes-issues#1421
2016-10-30 20:42:00 +01:00
Marek Marczykowski-Górecki
938af2c7fd
network: change vif-route-qubes-nat parameters
...
Keep "main" IP (the one in xenstore) as the one seen by the netvm, and
pass the "fake" one (the one seen by the VM) as script parameter.
Fixes QubesOS/qubes-issues#1143
2016-10-29 22:28:57 +02:00
Marek Marczykowski-Górecki
be86c7da1f
network: reformat vif-route-qubes-nat
...
Use 4-space indentation, remove trailing spaces. No functional change.
2016-10-29 14:45:36 +02:00
Marek Marczykowski-Górecki
3131bb6135
Merge remote-tracking branch 'origin/pr/24' into core3-devel
...
* origin/pr/24:
network: add vif-route-qubes-nat for IP address anonymization
2016-10-29 14:42:50 +02:00
Marek Marczykowski-Górecki
a6658bc329
Merge remote-tracking branch 'qubesos/pr/22'
...
* qubesos/pr/22:
Invert logic of SKIP_SIGNING.
2016-10-28 14:10:18 +02:00
Marek Marczykowski-Górecki
f47fe7cd76
Merge remote-tracking branch 'qubesos/pr/21'
...
* qubesos/pr/21:
Clean up specfile unit activation aspect.
Fix VM settings running while / is readonly.
Invert logic of systemd_version_changed.
2016-10-28 14:09:50 +02:00
Manuel Amador (Rudd-O)
251ecbd529
Clean up specfile unit activation aspect.
...
Up until today, Qubes OS would insist on either masking or disabling
or activating units that should get their state properly changed
but only on first package install (when the template is built).
This commit adds the possibility of having two types of unit presets:
* Initial presets: these are only changed state during first package
installs.
* Upgrade presets: these get their state changed during first
package installs as well as during upgrades.
All the maintainer has to do is abide by the instructions in the
preset file. Nothing else is necessary.
Namely, this allows users to enable SSHD on their templates or
standalone VMs and still keep it enabled even after the
qubes-core-vm-systemd package is upgraded.
Matt really wanted that, and so did I, so now we can do it!
:-)
2016-10-28 08:35:36 +00:00
Manuel Amador (Rudd-O)
6189801cff
Invert logic of SKIP_SIGNING.
2016-10-28 05:22:39 +00:00
Manuel Amador (Rudd-O)
d15696ebef
Fix VM settings running while / is readonly.
2016-10-28 05:21:40 +00:00
Manuel Amador (Rudd-O)
60adadff73
Invert logic of systemd_version_changed.
2016-10-28 05:02:53 +00:00
Marek Marczykowski-Górecki
014a706113
Merge remote-tracking branch 'qubesos/pr/21'
...
* qubesos/pr/21:
Better private.img size management.
Clean up early initialization and setup of /rw
2016-10-27 01:32:25 +02:00
Manuel Amador (Rudd-O)
40db82a79f
Better private.img size management.
2016-10-26 12:59:50 +00:00