Commit Graph

1115 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
acb74e89e2 qubes-rpc: log service stderr to syslog instead of sending to dom0 (#842) 2014-05-05 05:22:06 +02:00
Marek Marczykowski-Górecki
969122cf4f suspend: fix dbus-send invocation 2014-05-01 01:10:57 +02:00
Marek Marczykowski-Górecki
dc88dc524c version 2.1.34 2014-04-23 03:14:59 +02:00
Marek Marczykowski-Górecki
15579d529e archlinux: do not fail mount /usr/lib/modules if already mounted 2014-04-23 03:14:28 +02:00
Marek Marczykowski-Górecki
5912ea4330 rpm: fix notification-daemon setup 2014-04-23 01:54:28 +02:00
Marek Marczykowski-Górecki
f1a997c1c4 systemd: reexec systemd to ensure right version is running
SystemD version can differ from initramfs one (which is build in dom0
build environment), so reexec it at startup.

This fixes systemd-212 archlinux issue.
2014-04-23 01:50:21 +02:00
Marek Marczykowski-Górecki
6d3c73c741 systemd: relax qubes-sysinit dependencies
It doesn't need all local filesystems, only /, /run, /proc/xen and loaded
modules.
2014-04-23 01:32:31 +02:00
Marek Marczykowski-Górecki
12080a42a2 rpm: do not disable abrt-applet autostart 2014-04-23 01:31:57 +02:00
Marek Marczykowski-Górecki
bd6ba19407 Enable compiler optimization. 2014-04-22 00:57:36 +02:00
Marek Marczykowski-Górecki
8018b9d3ee Fix compiler warnings.
Mostly harmless cases of warn_unused_result.
2014-04-22 00:56:52 +02:00
Marek Marczykowski-Górecki
0fad94a21f version 2.1.33 2014-04-15 04:11:13 +02:00
Marek Marczykowski-Górecki
efe7612fbf dom0-updates: confirm yum transaction (yum -y)
Otherwise yum waits for confirmation, without showing the prompt.
2014-04-15 04:09:53 +02:00
Marek Marczykowski-Górecki
7966e2d6c9 version 2.1.32 2014-04-10 04:16:28 +02:00
Marek Marczykowski-Górecki
3b55facb2e Update repo file for R2rc1 repo 2014-04-10 04:08:49 +02:00
Marek Marczykowski-Górecki
3558419612 version 2.1.31 2014-04-05 00:36:03 +02:00
Marek Marczykowski-Górecki
a4fc4822ef dom0-updates: use yum --downloadonly instead of yumdownloader
This better handles dependencies (especially of "Obsolete:" type).
Unfortunately yum install/upgrade checks if running as root. Because we
are only downloading packages, using local "system root" (--installroot
option) no real root access is requires, so use fakeroot to mute yum
error.
2014-03-28 06:52:31 +01:00
Marek Marczykowski-Górecki
0dd45655e3 init: remove rc.local-early reference
It can't work - there is no /rw mounted at this VM startup stage.
2014-03-28 05:12:48 +01:00
Marek Marczykowski-Górecki
e88b6e38be network: suppress NetworkManager from touching inter-vm interfaces (#774)
Those interfaces are configured by qubes scripts (based on xenstore data
filled by qubes core).
2014-03-28 02:57:12 +01:00
Marek Marczykowski-Górecki
4c3d5a46c2 firewall: replace deprecated "state" iptables module with "conntrack" 2014-03-28 02:56:43 +01:00
Marek Marczykowski-Górecki
f2ff044539 yum-proxy: fix iptables rules order
Add the rules at the beginning of chain, so before final REJECT rule.
2014-03-26 00:02:10 +01:00
Marek Marczykowski-Górecki
fe64539789 Implement "Move to VM" action (#725) 2014-03-24 05:19:16 +01:00
Marek Marczykowski-Górecki
4be9c7895a version 2.1.30 2014-03-10 01:04:11 +01:00
Marek Marczykowski-Górecki
226282bd90 rpm: enable notification-daemon
Without it explicitly enabled, notify-send (used by qubes-firewall) does
nothing.
2014-02-22 01:24:13 +01:00
Marek Marczykowski-Górecki
a19ef6d0db qubes-firewall: log errors to stderr -> syslog
Not only display as notifications (which may be easily missed).
2014-02-22 01:23:27 +01:00
Marek Marczykowski-Górecki
0d3ed747b4 suspend-prepare: call NM D-Bus interface directly
nmcli doesn't seem to have stable API, especially "nmcli nm sleep"
doesn't work anymore in Fedora 20.
2014-02-21 18:42:12 +01:00
Marek Marczykowski-Górecki
9d618cac15 yum-proxy: automatically restart the service on failure 2014-02-21 13:30:07 +01:00
Marek Marczykowski-Górecki
18ed540158 yum-proxy: fix stop command - iptables-restore do not accept -D
iptables-restore format accept only "-A" command, so remove the rules
with direct call to iptables
2014-02-21 13:28:49 +01:00
Marek Marczykowski-Górecki
98e5ffac8c version 2.1.29 2014-02-20 01:01:56 +01:00
Marek Marczykowski-Górecki
f8b1a6c562 qrexec: use proper unsigned type instead of muting compiler warning 2014-02-19 20:53:54 +01:00
Olivier MEDOC
3dcb434142 archlinux: move xinitrc bugfix to qubes-gui-agent 2014-02-16 21:17:39 +01:00
Olivier MEDOC
59ea1741dd archlinux: fixes for working user session 2014-02-16 21:13:53 +01:00
Marek Marczykowski-Górecki
c632f0d067 Add -Wextra -Werror to all C code 2014-02-16 11:34:22 +01:00
Olivier MEDOC
d931ba237e archlinux: ensure /lib/modules is mounted before xenfs using a systemd service
This systemd service is not disruptive to the boot process if it fails to mount /lib/modules (because it has been mounted before systemd switched the root directory to the real one).
The advantage is that it will boot /usr/lib/modules even if dracut doesn't handle root switch pre-hook, which is the case on archlinux.
It then allows booting an archlinux AppVM using an archlinux kernel.
2014-02-08 23:16:52 +01:00
Olivier MEDOC
6547577ce9 archlinux: fix bugs in added package install/remove commands 2014-02-08 23:16:00 +01:00
Olivier MEDOC
e0a00899cf archlinux: fixes in package uninstall trigger and disable additionnal qubes services 2014-02-08 23:15:14 +01:00
Olivier MEDOC
6757337bd3 archlinux: forgot to enable qubes-sysinit when installing package 2014-02-08 23:14:34 +01:00
Marek Marczykowski-Górecki
8acad1b78d rpm: disable (standard) pulseaudio autostart on its upgrade
Not only on initial template installation.
2014-02-08 10:22:28 +01:00
Marek Marczykowski-Górecki
8e38b36012 version 2.1.28 2014-02-07 05:50:49 +01:00
Marek Marczykowski-Górecki
3cc9d0f329 Merge branch 'appicons'
Conflicts:
	rpm_spec/core-vm.spec
2014-02-07 05:50:07 +01:00
Marek Marczykowski-Górecki
c0c914faab Merge remote-tracking branch 'woju/master' into appicons 2014-02-07 05:48:18 +01:00
Marek Marczykowski-Górecki
ededdf32ec rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
Note that R: will be generated automatically (on library name).
2014-02-07 05:36:22 +01:00
Marek Marczykowski-Górecki
75b1e24bab qubes-rpc, qrexec: register callbacks for qrexec-lib
Now qrexec-lib do not use exported symbols of particular names, but
explicitly registered callbacks.
2014-02-07 05:36:15 +01:00
Marek Marczykowski-Górecki
d660f260b8 Hide nm-applet when NetworkManager is disabled (retry)
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
2014-02-07 02:16:39 +01:00
Marek Marczykowski-Górecki
7d4c19fe23 rpm: fix rpmbuild warning about ghost files 2014-02-07 02:10:47 +01:00
Marek Marczykowski-Górecki
f54e44ac8f Fix compile warning 2014-02-07 02:10:13 +01:00
Marek Marczykowski-Górecki
e6b1769549 rpm: fix qfile-unpacker permissions
So rpmbuild will be able to create debuginfo and store stipped version.
2014-02-07 02:09:15 +01:00
Marek Marczykowski-Górecki
c86581ace4 Revert "Hide nm-applet when NetworkManager is disabled"
This reverts commit 85f4e494e8.
This way isn't effective - the command is called too early.
2014-02-07 00:01:06 +01:00
Marek Marczykowski-Górecki
58496dbac0 rpm: move serial.conf to /usr/share/qubes
It isn't executable file...
2014-02-06 23:56:18 +01:00
Marek Marczykowski-Górecki
06ced31ab5 rpm: typo fix in spec file
This is fix for commit 4d2094b16c.
2014-02-06 06:18:25 +01:00
Marek Marczykowski-Górecki
7953af970d backups: fix buffer overflow in tar2qfile
Buffer for directory headers history was too small. This can be
exploitable by some attacker capable of controlling backup stream, but
it isn't any security problem. We don't assume this part of backup
system to be trusted, the attacker can at most prevent user from
restoring some data, but will neither gain access to them, or compromise
any other Qubes component. This is equivalent to bug in any other tool
used in backup vm (like FTP client) and the Qubes backup system is
designed specifically to minimize impact of such bugs.
2014-02-05 15:16:42 +01:00