Commit Graph

1755 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
2a589f2c20
updates-proxy: use separate directory for PID file
And also use systemd-tmpfiles for that directory creation.

Fixes QubesOS/qubes-issues#1401
2015-11-11 05:57:57 +01:00
Marek Marczykowski-Górecki
90b4398863
Merge remote-tracking branch 'origin/pr/43'
* origin/pr/43:
  preset disable tinyproxy by default
2015-11-11 05:27:52 +01:00
Marek Marczykowski-Górecki
164387426b
Bump qubes-utils version requirement
Those commits needs updated qubes-utils:
823954c qrexec: use #define for protocol-specified strings
5774c78 qfile-agent: move data handling code to libqubes-rpc-filecopy

QubesOS/qubes-issues#1324
QubesOS/qubes-issues#1392
2015-11-11 05:25:17 +01:00
Marek Marczykowski-Górecki
49c7473848
dom0-updates: do not use 'yum check-update -q'
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.

QubesOS/qubes-issues#1282
2015-11-11 05:22:26 +01:00
Marek Marczykowski-Górecki
3466f3df35
systemd: make sure that update check is started only after qrexec-agent 2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
7cca1b23ee
Get rid of qubes-core-vm-kernel-placeholder
Since /lib/modules is not mounted read-only anymore (only a selected
subdirectory there), it is no longer required to prevent kernel package
installation. Even more - since PV Grub being supported, it makes sense
to have kernel installed in the VM.

QubesOS/qubes-issues#1354
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
ba28c9f140
fedora: do not require/use yum-plugin-post-transaction-actions in F>=22
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
b6cfcdcc6f
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
f9c7394c2f
updates-proxy-setup: use temporary file for config snippet
Don't use ${CONF_PATH}.qubes, because it may override some existing
file, and is racy approach (even if not against user, but another script
instance).

QubesOS/qubes-issues#1282
2015-11-11 02:36:56 +01:00
Marek Marczykowski-Górecki
85793fa31f
dom0-updates: use yum-deprecated instead of dnf in all calls
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.

QubesOS/qubes-issues#1282
2015-11-11 02:36:55 +01:00
Patrick Schleizer
f32dccb5e3 preset disable tinyproxy by default
Fixes https://github.com/QubesOS/qubes-issues/issues/1401
2015-11-10 20:08:26 +00:00
Marek Marczykowski-Górecki
074309e6a3
dracut: disable hostonly mode
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.

QubesOS/qubes-issues#1354
2015-11-10 16:36:00 +01:00
Marek Marczykowski-Górecki
823954c7f6
qrexec: use #define for protocol-specified strings
And optimize strlen() calls.
Those defines are in qrexec.h (as the rest of qrexec protocol).
2015-11-08 22:06:54 +01:00
Marek Marczykowski-Górecki
b6d4f5afbf
qrexec: add some comments, minor improvement in readability 2015-11-08 21:59:30 +01:00
Marek Marczykowski-Górecki
1c41ca6284
Merge remote-tracking branch 'origin/pr/42'
* origin/pr/42:
  dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking
  dropins: make current systemd dropins specific to systemd-system in order to introduce dropins for systemd-user
  add DROPINS for org.cups.cupsd systemd files.
2015-11-07 23:52:08 +01:00
Olivier MEDOC
0c33c73b8e dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking
Conflicts:
	Makefile
2015-11-07 19:12:30 +01:00
Olivier MEDOC
ce4725523f dropins: make current systemd dropins specific to systemd-system in order to introduce dropins for systemd-user 2015-11-07 19:10:32 +01:00
Marek Marczykowski-Górecki
5102e4f7aa
fedora: Add skip_if_unavailable=False to Qubes repositories
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).

Do not set it for unstable repository, as it isn't critical one.

Fixes QubesOS/qubes-issues#1387
2015-11-07 00:57:38 +01:00
Olivier MEDOC
4b5332081e add DROPINS for org.cups.cupsd systemd files. 2015-11-06 19:36:52 +01:00
Marek Marczykowski-Górecki
d44c8acdeb
dom0-updates: prefer yum-deprecated over dnf
Some of the reasons:
 - dnf doesn't support --downloaddir option
 - dnf doesn't support `copy_local` repo option (used in automated tests
   only)
 - dnf is horribly slow, especially without cache fetched
 (https://bugzilla.redhat.com/show_bug.cgi?id=1227014)

This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.

QubesOS/qubes-issues#1282
2015-11-04 00:49:06 +01:00
Marek Marczykowski-Górecki
6752be9196
No longer disable auditd
On Fedora 22 console is trashed with a lot of messages without auditd
running.

QubesOS/qubes-issues#1282
2015-11-03 18:15:20 +01:00
yaqu
c63a9f6566
Replacing "sleep 365d" with "sleep inf"
To get endless sleep, `sleep inf` (or `sleep infinity`) can be used
instead of `sleep 365d`. Coreutils' sleep accepts any floating-point
number as an argument, which may be 'infinity', according to
`man strtod`.
2015-11-03 14:00:00 +01:00
Marek Marczykowski-Górecki
5774c7872c
qfile-agent: move data handling code to libqubes-rpc-filecopy
This makes the qfile packing code reusable, for example for some dom0
tool. Now qfile-agent.c is only an interface for underlying library.

QubesOS/qubes-issues#1324
2015-11-03 03:42:24 +01:00
Marek Marczykowski-Górecki
7bc6422f53
appmenus: ignore entries with NoDisplay=true
According to Desktop Entry Specification:
NoDisplay means "this application exists, but don't display it in the
menus". This can be useful to e.g. associate this application with MIME
types, so that it gets launched from a file manager (or other apps),
without having a menu entry for it (there are tons of good reasons
for this, including e.g. the netscape -remote, or kfmclient openURL kind
of stuff).

Apparently over half of desktop files in default Fedora template have
NoDisplay=true...

Fixes QubesOS/qubes-issues#1348
2015-11-03 00:48:26 +01:00
Marek Marczykowski-Górecki
8f99cb5759
Merge remote-tracking branch 'qubesos/pr/5'
* qubesos/pr/5:
  qfile-unpacker: Avoid data loss by checking for child errors

Fixes QubesOS/qubes-issues#1355
2015-11-02 21:27:02 +01:00
Marek Marczykowski-Górecki
b38ea60f00
backup: improve exit code reporting
Return some meaningful error code. Unfortunately the more meaningful
option (retrieving process exit code) can lead to false errors
(described in comment), but at least report exit code of tar2qfile.
2015-11-02 03:10:22 +01:00
Marek Marczykowski-Górecki
c704c35cd8
backup: fix handling backup filename with spaces
Fixes QubesOS/qubes-issues#1371
2015-11-02 02:53:12 +01:00
Marek Marczykowski-Górecki
c2596a0435
Setup updates proxy in dnf and PackageKit
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
2015-10-30 15:13:56 +01:00
Rusty Bird
4027decbaa
qfile-unpacker: Avoid data loss by checking for child errors
When qfile-unpacker's child encountered an error, it would display an
error message and exit(1), but the parent didn't inspect its status and
exited successfully.

That was unfortunate for qvm-move-to-vm: Even if the destination VM e.g.
didn't have enough free disk space, the RPC call would claim to succeed
anyway, so the file would be deleted from the source VM.
2015-10-30 09:23:45 +00:00
Marek Marczykowski-Górecki
1936e0f336
makefile: cleanup help message 2015-10-29 04:02:24 +01:00
Marek Marczykowski-Górecki
9d52b7d178
debian: install locales-all instead of custom locales generation
The custom way proved to be unreliable - for example does not survive
`locales` package upgrade. So settle on much more reliable way.

Fixes QubesOS/qubes-issues#1195
2015-10-27 00:23:20 +01:00
Marek Marczykowski-Górecki
22365369d2
Require new enough qubes-utils package for updated libqrexec-utils
Required by 97a3793 "qrexec: implement buffered write to a child stdin"
2015-10-24 22:25:19 +02:00
Marek Marczykowski-Górecki
28a65ac568
Merge remote-tracking branch 'qubesos/pr/4'
* qubesos/pr/4:
  Update qubes.sudoers
  Small language fixes
2015-10-24 21:06:29 +02:00
Patrick Schleizer
f2e6dc9391
cleanup /etc/apt/apt.conf.d/00notiy-hook on existing systems
00notiy-hook was renamed to 00notify-hook in
'debian: Renamed incorrect filename: 00notiy-hook -> 00notify-hook'
15f1df4947
but the old file was not removed.
(Files in /etc do not automatically get removed on Debian systems when these are removed from the package.)

This is an independent, but supporting fix for:
'Improved upgrade notifications sent to QVMM.'
- https://github.com/marmarek/qubes-core-agent-linux/pull/39
- https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906

Added debian/qubes-core-agent.maintscript.
2015-10-24 21:05:32 +02:00
Marek Marczykowski-Górecki
457578280b
rpm: remove duplicated entry 2015-10-24 20:54:17 +02:00
Marek Marczykowski-Górecki
92bec3173a
rpm: add /etc/sysctl.d/20_tcp_timestamps.conf
Missing part of previous commit.

QubesOS/qubes-issues#1344
2015-10-24 20:54:07 +02:00
Marek Marczykowski-Górecki
9b9ebe81d0
Merge remote-tracking branch 'origin/pr/38'
* origin/pr/38:
  disable leaking TCP timestamps by default

Fixes QubesOS/qubes-issues#1344
2015-10-24 20:53:56 +02:00
Marek Marczykowski-Górecki
116e337323
Merge remote-tracking branch 'origin/pr/37'
* origin/pr/37:
  archlinux: readd lines removed by error during merge
  archlinux: readd notification-daemon as a dependency
  archlinux: force running scripts with python2 even when /usr/bin/env is used
  archlinux: update packaging and install script to use systemd DROPINs
2015-10-24 20:47:43 +02:00
Marek Marczykowski-Górecki
97a3793345
qrexec: implement buffered write to a child stdin
Implement one of TODOs left in the code. Without this buffering, it may
happen that qrexec-agent will hang waiting on write(2) to the child
process, while that child will do the same (try to write something to
the qrexec-agent), without reading its stdin. This would end up in a
deadlock.

Fixes QubesOS/qubes-issues#1347
2015-10-24 20:35:36 +02:00
erihe251
de293f12d5 Update qubes.sudoers 2015-10-19 22:34:34 +02:00
erihe251
0f410ed2de Small language fixes 2015-10-19 21:52:41 +02:00
Patrick Schleizer
ba8337658e
disable leaking TCP timestamps by default
https://github.com/QubesOS/qubes-issues/issues/1344
2015-10-19 14:03:57 +00:00
Olivier MEDOC
2d4b86c020 archlinux: readd lines removed by error during merge 2015-10-18 11:11:45 +02:00
Olivier MEDOC
fcee020cf5 Merge branch 'master' of https://github.com/marmarek/qubes-core-agent-linux
Conflicts:
	archlinux/PKGBUILD.install
2015-10-18 10:56:18 +02:00
Olivier MEDOC
ead0b32a87 archlinux: readd notification-daemon as a dependency 2015-10-17 10:16:56 +02:00
Olivier MEDOC
705142e8a8 archlinux: force running scripts with python2 even when /usr/bin/env is used 2015-10-17 10:15:54 +02:00
Olivier MEDOC
9954cd82f1 archlinux: update packaging and install script to use systemd DROPINs 2015-10-16 14:34:15 +02:00
Patrick Schleizer
f063b4a90f
Renamed qubes-mount-home to qubes-mount-dirs.
Renamed qubes-mount-home service and mount-home.sh script to qubes-mount-dirs service and mount-dirs.sh.
Because mount-home.sh also processed /rw/usrlocal.
preparation to fix the following issues:
- upstream bind-directories functionality to Qubes - https://phabricator.whonix.org/T414
- Bind mount /rw/usrlocal -> /usr/local instead of symlink - https://github.com/QubesOS/qubes-issues/issues/1150
- /bin/sync hangs forever in whonix-ws-dvm - https://github.com/QubesOS/qubes-issues/issues/1328
2015-10-15 20:57:43 +00:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
ce443b2e18
network: forward TCP DNS queries
Fixes QubesOS/qubes-issues#1325
2015-10-12 01:28:05 +02:00