Commit Graph

538 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
164387426b
Bump qubes-utils version requirement
Those commits needs updated qubes-utils:
823954c qrexec: use #define for protocol-specified strings
5774c78 qfile-agent: move data handling code to libqubes-rpc-filecopy

QubesOS/qubes-issues#1324
QubesOS/qubes-issues#1392
2015-11-11 05:25:17 +01:00
Marek Marczykowski-Górecki
7cca1b23ee
Get rid of qubes-core-vm-kernel-placeholder
Since /lib/modules is not mounted read-only anymore (only a selected
subdirectory there), it is no longer required to prevent kernel package
installation. Even more - since PV Grub being supported, it makes sense
to have kernel installed in the VM.

QubesOS/qubes-issues#1354
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
ba28c9f140
fedora: do not require/use yum-plugin-post-transaction-actions in F>=22
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
b6cfcdcc6f
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
074309e6a3
dracut: disable hostonly mode
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.

QubesOS/qubes-issues#1354
2015-11-10 16:36:00 +01:00
Olivier MEDOC
0c33c73b8e dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking
Conflicts:
	Makefile
2015-11-07 19:12:30 +01:00
Olivier MEDOC
4b5332081e add DROPINS for org.cups.cupsd systemd files. 2015-11-06 19:36:52 +01:00
Marek Marczykowski-Górecki
c2596a0435
Setup updates proxy in dnf and PackageKit
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
2015-10-30 15:13:56 +01:00
Marek Marczykowski-Górecki
22365369d2
Require new enough qubes-utils package for updated libqrexec-utils
Required by 97a3793 "qrexec: implement buffered write to a child stdin"
2015-10-24 22:25:19 +02:00
Marek Marczykowski-Górecki
457578280b
rpm: remove duplicated entry 2015-10-24 20:54:17 +02:00
Marek Marczykowski-Górecki
92bec3173a
rpm: add /etc/sysctl.d/20_tcp_timestamps.conf
Missing part of previous commit.

QubesOS/qubes-issues#1344
2015-10-24 20:54:07 +02:00
Patrick Schleizer
f063b4a90f
Renamed qubes-mount-home to qubes-mount-dirs.
Renamed qubes-mount-home service and mount-home.sh script to qubes-mount-dirs service and mount-dirs.sh.
Because mount-home.sh also processed /rw/usrlocal.
preparation to fix the following issues:
- upstream bind-directories functionality to Qubes - https://phabricator.whonix.org/T414
- Bind mount /rw/usrlocal -> /usr/local instead of symlink - https://github.com/QubesOS/qubes-issues/issues/1150
- /bin/sync hangs forever in whonix-ws-dvm - https://github.com/QubesOS/qubes-issues/issues/1328
2015-10-15 20:57:43 +00:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
afb70cf040
Add missing R: dconf to hide nm-applet when not used
Without dconf, gsettings uses "memory" backend which isn't saved
anywhere and isn't shared across applications. This makes gsettings
pretty useless.

Fixes QubesOS/qubes-issues#1299
2015-10-10 16:23:47 +02:00
Marek Marczykowski-Górecki
7963fb91c7
systemd: actually enable qubes-random-seed service
QubesOS/qubes-issues#1311
2015-10-10 16:23:46 +02:00
Marek Marczykowski-Górecki
6c4831339c
network: use drop-ins for NetworkManager configuration (#1176)
Do not modify main /etc/NetworkManager/NetworkManager.conf as it would
cause conflicts during updates. Use
/etc/NetworkManager/conf.d/30-qubes.conf instead.
Also remove some dead code for dynamically generated parts (no longer
required to "blacklist" eth0 in VMs - we have proper connection
generated for it). It was commented out for some time already

Fixes QubesOS/qubes-issues#1176
2015-10-06 15:15:26 +02:00
Marek Marczykowski-Górecki
f2222a9b53
Cleanup R3.0->R3.1 transitional package
QubesOS/qubes-issues#1276
2015-10-05 19:06:21 +02:00
Marek Marczykowski-Górecki
8e497bffc0
Merge branch 'qubes-iptables'
Conflicts:
	debian/control
	rpm_spec/core-vm.spec

QubesOS/qubes-issues#1067
2015-10-05 01:47:01 +02:00
Marek Marczykowski-Górecki
2a39adfe0f
Enlarge /tmp and /dev/shm
Initial size of those tmpfs-mounted directories is calculated as 50% of
RAM at VM startup time. Which happen to be quite small number, like
150M. Having such small /tmp and/or /dev/shm apparently isn't enough for
some applications like Google chrome. So set the size statically at 1GB,
which would be the case for baremetal system with 2GB of RAM.

Fixes QubesOS/qubes-issues#1003
2015-10-04 23:07:10 +02:00
Marek Marczykowski-Górecki
c615afb88f
Merge remote-tracking branch 'origin/pr/28'
* origin/pr/28:
  qubes-rpc: fix icon selection using pyxdg and support SVG icons
  qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA

Conflicts:
	qubes-rpc/qubes.GetImageRGBA
	rpm_spec/core-vm.spec
2015-09-28 12:47:49 +02:00
Marek Marczykowski-Górecki
3552bc7e41
rpm: add dbus-python dependency
This package is required by lots of stuff in Fedora anyway, but this
doesn't mean that we can have broken dependencies.
2015-09-28 12:22:19 +02:00
qubesuser
7f9fdc8327 qubes-rpc: fix icon selection using pyxdg and support SVG icons 2015-09-06 22:02:27 +02:00
Marek Marczykowski-Górecki
c8ac55b179 Merge branch 'autostart-dropins'
Conflicts:
	misc/qubes-trigger-desktop-file-install

Fixes qubesos/qubes-issues#1151
2015-09-02 01:16:19 +02:00
qubesuser
2a15863ccb network: add vif-route-qubes-nat for IP address anonymization 2015-08-30 16:27:14 +02:00
Marek Marczykowski-Górecki
4703e3fca7
Remove dynamically generated autostart desktop files
qubesos/qubes-issues#1151
2015-08-27 22:08:04 +02:00
Marek Marczykowski-Górecki
3d06ce1ee9
Implement dropins for /etc/xdg/autostart (#1151)
Usage of _static_ files (dropins) to override some of autostart entries
(enable/disable them in appropriate VM types) is much simpler and less
error prone than automatic generators.

Handling code is implemented in qubes-session-autostart, which is called
from qubes-session.

qubesos/qubes-issues#1151
2015-08-27 22:08:00 +02:00
Marek Marczykowski-Górecki
d710970e4d
Move .desktop launching code to python moules so it can be reused 2015-08-27 22:07:59 +02:00
Jason Mehring
9644d86845
sudoers.d: Stops QT from using the MIT-SHM X11 Shared Memory Extension
Fedora now needs this sudoer rule.  Allows sudo to keep the `QT_X11_NO_MITSHM` ENV
variable which prevents MIT-SHM errors for Fedora and Debian when running a QT
application:

    `Defaults env_keep += "QT_X11_NO_MITSHM"`

A complementary commit has been made in gui-agent-linux:
    Commit: a02e54b71a9ee17f4b10558065a8fc9deaf69984)
    Author: Jason Mehring <nrgaway@gmail.com>
    Date:   Sat Aug 15 20:13:48 2015 -0400
2015-08-16 08:22:19 -04:00
Marek Marczykowski-Górecki
65e9e4c72c
network: use own iptables service instead of repurposing existing one
There were multiple problems with reusing existing one:
 - need to sync with upstream changes (configuration path etc)
 - conflicts resolution on updates
 - lack of iptables --wait, which causes firewall fail to load sometimes

QubesOS/qubes-issues#1067
2015-08-09 20:09:51 +02:00
Marek Marczykowski-Górecki
13c54badcb
Move /usr/share/qubes/xdg to /var/lib/qubes/xdg
No files in /usr should be modified during package runtime, `/var` is
for that. So move this data there.
2015-08-08 02:01:15 +02:00
Jason Mehring
edc9dd404d fedora: Use 'slider' org.mate.NotificationDaemon theme 2015-08-07 09:20:44 -04:00
Jason Mehring
b6c19fc2ef qubes-desktop-file-install: Manages xdg desktop entry files
qubes-desktop-file-install is called by qubes-triggers-desktop-file-install. It's
arguments are based on the Gnome desktop-install-file utility to allow it to be replaced
by same.  Currently the Gnome utility can not be used since it automatically validates
the .desktop entry files with no option to skip validation and will fail on some third
party .desktop files that are not formed properly.

A single trigger script is shared between Fedora, Debian.  This script is used by the
package managers triggers and will copy original .desktop files from `/etc/xdg/autostart`
to `/usr/share/qubes/xdg/autostart` and modify the OnlyShownIn / NotShownIn, etc.  The
original .desktop files are left untouched and left in place.

Qubes modifies the XDG_CONFIG_DIRS to first include the `/usr/share/qubes/xdg`
directory (XDG_CONFIG_DIRS=/usr/share/qubes/xdg:/etc/xdg).

If a package gets removed, it's desktop entry is also removed from the /usr/share/qubes/xdg
directory.

'qubes-desktop-file-install' options:
   --dir DIR                          Install desktop files to the DIR directory (default: <FILE>)
   --force                            Force overwrite of existing desktop files (default: False)
   --remove-show-in                   Remove the "OnlyShowIn" and "NotShowIn" entries from the desktop file (default: False)
   --remove-key KEY                   Remove the KEY key from the desktop files, if present
   --set-key (KEY VALUE)              Set the KEY key to VALUE
   --remove-only-show-in ENVIRONMENT  Remove ENVIRONMENT from the list of desktop environment where the desktop files should be displayed
   --add-only-show-in ENVIRONMENT     Add ENVIRONMENT to the list of desktop environment where the desktop files should be displayed
   --remove-not-show-in ENVIRONMENT   Remove ENVIRONMENT from the list of desktop environment where the desktop files should not be displayed
   --add-not-show-in ENVIRONMENT      Add ENVIRONMENT to the list of desktop environment where the desktop files should not be displayed
2015-08-07 09:15:30 -04:00
Marek Marczykowski-Górecki
e9e38c04a2
fedora: fix default locale generation
If /etc/locale/conf contains LANG="en_US.UTF-8" (with quotes), it was
improperly parsed.
2015-08-04 23:20:11 +02:00
Marek Marczykowski-Górecki
1ca8b51c03
fedora: simulate preset-all only on first install, not upgrade 2015-08-04 20:42:14 +02:00
Marek Marczykowski-Górecki
050bfe42db
fedora: do not own dropins directories
It may cause conflicts in the future
2015-08-04 18:49:02 +02:00
Jason Mehring
9c53ed7d47 fedora: Add systemd drop-in support which include conditionals to prevent services from starting
Modified core-vm.spec to use drop-ins and removed old code that was using overrides
2015-08-04 10:32:20 -04:00
Jason Mehring
cba9e8f5ca
Remove '.service' from systemd enable loop as unit_name already contains .service in name 2015-08-02 17:45:40 -04:00
Marek Marczykowski-Górecki
916824eb3f qubes-core-vm-kernel-placeholder 1.0-3 2015-07-08 06:09:12 +02:00
Marek Marczykowski-Górecki
3491c1401b kernel-placeholder: prevent xl2tpd from pulling kernel packages 2015-07-02 17:51:12 +02:00
Marek Marczykowski-Górecki
5176228abc fedora/systemd: fix service enabling code
Do not try to enable qubes-update-check.service, it is meant to be
started by qubes-update-check.timer (which is correctly enabled).
2015-06-26 19:57:44 +02:00
Marek Marczykowski-Górecki
3aca3f8c48 fedora: ensure that /etc/sysconfig/iptables exists (Fedora 20)
Even when iptables.service is configured to use different file, the
service would not start when there is no /etc/sysconfig/iptables. Fedora
20 package does not provide it.
2015-06-26 19:54:22 +02:00
Marek Marczykowski-Górecki
0382f84eae rpm: improve setting iptables rules
Instead of overriding /etc/sysconfig/ip{,6}tables, store qubes rules in
/etc/sysconfig/iptables.qubes and configure the service to use that file
instead. This will prevent conflict on that file and also handle upgrades.
2015-06-19 09:42:55 +02:00
Marek Marczykowski-Górecki
b368ffe5c6 fedora, debian: make sure that default locale is generated
Otherwise some GUI applications would not start.
2015-06-16 02:27:23 +02:00
Jason Mehring
0ccd2c9a98
Set a default locale if missing 2015-06-10 17:01:33 -04:00
Marek Marczykowski-Górecki
c454c9063d rpm: add missing dependencies
Fixes qubesos/qubes-issues#1002
2015-05-27 22:34:43 +02:00
Marek Marczykowski-Górecki
d922552198 rpm: ensure that all the services are enabled after upgrade
Especially when some new service was introduced in the meantime. For
example this happened between R2 and R3.x release.
2015-05-15 23:36:34 +02:00
Marek Marczykowski-Górecki
447bb4cd9c rpm: mark service files as configuration to not override user changes 2015-05-13 23:23:07 +02:00
Jason Mehring
4373cda566 Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected-files.d 2015-04-25 02:36:43 +02:00
Jason Mehring
56b0685aaa whonix: Added protected-files file used to prevent scripts from modifying files that need to be protected
A file is created in /var/lib/qubes/protected-files.  Scripts can grep this file before modifying
        known files to be protected and skip any modifications if the file path is within protected-files.

        Usage Example:
            if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then

        Also cleaned up maintainer scripts removing unneeded systemd status functions and streamlined
        the enable/disable systemd unit files functions
2015-04-25 02:36:43 +02:00
Marek Marczykowski-Górecki
0c0cb5f6b2 rpm: cleanup R2->R3.0 transitional package 2015-04-23 02:20:56 +02:00
Marek Marczykowski-Górecki
5fef29e1a4 rpm/systemd: do not use preset-all during package upgrade
This will probably break some user configuration. Do that only when
installing for the first time (during template build), during upgrade
set only those installed by this package instead of all.
2015-04-10 18:08:28 +02:00
Marek Marczykowski-Górecki
12e5300040 systemd: install overridden unit file for chronyd 2015-04-07 02:36:16 +02:00
Marek Marczykowski-Górecki
343ce1814c systemd: use presets to enable services, call preset-all
This way the services will be enabled/disabled regardless of its initial
state.
2015-04-07 02:30:59 +02:00
Marek Marczykowski-Górecki
0f67930d0e rpm: add missing BuildRequires: libX11-devel
misc/close-window.c requires it.
2015-03-30 21:43:16 +02:00
Marek Marczykowski-Górecki
7abc2c2779 fedora: override iptables configuration on initial installation
Otherwise Qubes-specific configuration will not be placed at all (in
Fedora 21, which provide some example iptables config).
2015-03-22 03:50:13 +01:00
Marek Marczykowski-Górecki
9a7b161c37 qrexec: move qrexec-client-vm to /usr/bin 2015-03-17 23:11:47 +01:00
Marek Marczykowski-Górecki
88d7ca7940 Move mounting /rw and /home to separate service
Many services depended on misc-post only because this was where /home
gets mounted. Move that to separate service, started earlier.
2015-03-04 01:52:18 +01:00
Jason Mehring
da2b0cde16
Removed code that deleted original nautilus actions
dpkg/rpm should handle this automatically on upgrading package
2015-02-27 16:17:44 -05:00
Jason Mehring
6836420c3c
Removed nautilus-actions depend and replaced with nautilus-python
nautilus-actions was orphaned in fc21, so all nautilus context menus have
been re-written as nautilus-python extensions
2015-02-27 00:52:17 -05:00
Marek Marczykowski-Górecki
f8db065a75 Merge remote-tracking branch 'nrgaway/r3-templates' 2015-02-17 04:58:04 +01:00
Marek Marczykowski-Górecki
700c240d37 qrexec: add simple "fork server" to spawn new processes inside user session
This process should be started from user session (most likely
qubes-session). New processes (of that user) will be created as
children of that session making logind and such crap happy. This should
also solve problems with EOF transmission (no additional "su" process)
and prevent loading all the environment multiple times.
2015-02-17 04:18:34 +01:00
Jason Mehring
567a045bcd
Make sure when user is added to qubes group that the group is appended
added -a option to usermod.
This will prevent other groups from being un-subscribed when qubes group is added
2015-02-13 15:00:54 -05:00
Jason Mehring
fc42561586 Add a qubes group and then add the user 'user' to the group
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions.  /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
2015-02-11 08:02:55 -05:00
Matt McCutchen
377e0b4cd4 Switch to preset file for systemd units to disable. 2015-02-09 06:35:05 +01:00
Marek Marczykowski-Górecki
ea47dfbd5d Merge remote-tracking branch 'woju/master' 2015-02-06 08:07:47 +01:00
Marek Marczykowski-Górecki
490176f180 rpm: add missing R: pygobject3-base 2015-02-05 01:19:33 +01:00
Wojtek Porczyk
591b95a81b spec: require linux-utils-3.0.1 2015-02-02 19:04:02 +01:00
Marek Marczykowski-Górecki
efb79d5784 systemd: allow to start cron daemon (#909) 2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
ab637395cb fedora: reload systemd only once 2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
5590445319 fedora: reduce code duplication in systemd triggers 2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
bc8a6a0a20 fedora: Fix iptables config installation one more time 2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
66620c1005 fedora: Fix iptables config install script 2015-01-30 00:45:04 +01:00
Jason Mehring
33d3a6c9ea fc21: iptables configurations conflict with fc21 yum package manager
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2015-01-30 00:43:31 +01:00
Marek Marczykowski-Górecki
9130636c88 Merge branch 'debian'
Conflicts:
	misc/qubes-r2.list.in
	misc/qubes-trigger-sync-appmenus.sh
	network/30-qubes-external-ip
	network/qubes-firewall
	vm-systemd/network-proxy-setup.sh
	vm-systemd/prepare-dvm.sh
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski-Górecki
9b71e6db8b Update repos and keys for Qubes R3 2014-11-20 17:01:10 +01:00
Marek Marczykowski
db35abadc8 Use Qubes DB instead of Xenstore 2014-11-19 15:34:33 +01:00
Marek Marczykowski
a3aab7dab2 rpm: fix typo 2014-11-19 15:34:33 +01:00
Marek Marczykowski
735531a9ba spec: get backend_vmm from env variable
There is no way to pass --define to yum-buildep, but we use VMM name for
required packages names.
2014-11-19 15:34:32 +01:00
Marek Marczykowski
94f54d6c9f spec: add dependencies on vchan package (both R: and BR:) 2014-11-19 15:34:32 +01:00
Marek Marczykowski-Górecki
c817bb0282 little fix for the official template
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
 nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
 /Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
 hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
 2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
 eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
 NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
 lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
 xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
 7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
 OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
 cXas4+wsl0+qXRk/PDOn
 =6kCH
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-3' into debian

Conflicts:
	debian/control
	Merged postinst scripts from hw42 and nrgaway
2014-11-05 04:35:23 +01:00
Marek Marczykowski-Górecki
e4e7176a16 Merge remote-tracking branch 'nrgaway/debian' into debian 2014-11-05 04:24:41 +01:00
HW42
63e915f6d4 Tag for commit 5d68e2cc70
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
aad0d4d57a Reenable imsettings service
It is required for some languages (Chinese for example).
2014-11-01 00:29:14 +01:00
Jason Mehring
3366af3f55 Change condition test to compare to a link "-L" 2014-10-31 01:56:19 -04:00
Marek Marczykowski-Górecki
0613a58961 Improve handling of .desktop files
Instead of directly using Exec= line, parse the file (at the launch
time) with Gio library. The main reason for this change is to handle
Terminal= option, but generally this approach should be more
bulletproof, especially when some fancy options are present in desktop
files.
2014-10-27 12:25:45 +01:00
Marek Marczykowski-Górecki
be266a00dd Include /rw in the package
On Fedora it was created in %post, but on Debian not. Unify it to simply
provide the directory as standard package content.
2014-10-19 04:38:16 +02:00
Marek Marczykowski-Górecki
7339dd1ece Introduce qubes.SetDateTime service for time synchronization
It would be called by qvm-sync-clock instead of 'date' directly. This
gives a lot of flexibility - VM can control whether it want to sync time
this way. For now slight corrections (+-2sec) are ignored to not cause
problems by frequent time changes. But it can be easily extended to
refuse time sync when some other mechanism is used.
2014-10-01 05:40:23 +02:00
Marek Marczykowski-Górecki
4bccdb0ba5 Use systemd mechanism for loading kernel modules (when available)
One more thing done in more generic way (not Fedora-specific).
2014-09-29 21:31:10 +02:00
HW42
0d0261d1c1 improve update of /etc/hosts
* use 127.0.1.1 under debian (since it's the default there)
 * also set the IPv6 loopback address (::1) since some tools tries to
   AAAA resolve the hostname (for example sendmail)
 * ensure proper /etc/hosts format through postinst-script (hostname as
   last entry)
2014-09-29 05:25:32 +02:00
Marek Marczykowski-Górecki
3f19c89301 Rename qubes-yum-proxy service to qubes-updates-proxy
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
2014-09-27 00:32:52 +02:00
Marek Marczykowski-Górecki
1e842c985d fedora: workaround slow system shutdown (#852)
It looks to be related to this report:
https://bugzilla.redhat.com/show_bug.cgi?id=1088619
Workaround idea was from comment 37.

The hanging process in Qubes VM is most likely dconf-service, but there
is a lot of possible causes. To start with a non-standard method of
accessing the X session (no real login manager, processes started by
qrexec-agent). So instead of wasting a lot of time on digging through
gnome services, simply shorten the stop timeout - the processes would be
killed anyway.
2014-09-24 14:17:24 +02:00
Marek Marczykowski-Górecki
6361ea4c95 rpm: mark config files with %config(noreplace) 2014-07-23 04:45:11 +02:00
Marek Marczykowski-Górecki
fd42d99803 dispvm: close all windows after apps prerun (#872)
Killing Xorg makes "unclean" termination of applications. Some apps
(Firefox) complains about that at next startup.
2014-07-04 18:51:02 +02:00
Marek Marczykowski-Górecki
eeb66ad8e9 rpm: enable/disable services when corresponding packages got installed
Otherwise when someone installed NetworkManager after qubes-core-vm (for
example in "minimal" template), it will not be configured correctly.
2014-07-04 18:48:35 +02:00
Marek Marczykowski-Górecki
25557fa158 rpm: enable haveged service by default (#673) 2014-07-04 12:00:54 +02:00
Marek Marczykowski-Górecki
0cf2a713b9 rpm: require generic "desktop-notification-daemon" not a specific one 2014-07-03 02:05:39 +02:00
Marek Marczykowski-Górecki
486b148a08 Configure only installed programs 2014-05-22 01:31:43 +02:00
Marek Marczykowski-Górecki
923af1c94b Hide nm-applet icon earlier (#857)
Since d660f260b8 icon is hidden during VM
startup for non-netvm. Because qubes-session handles tasks sequentially,
move that one earlier to not scary the user with ghost icon.
2014-05-15 01:27:31 +02:00
Marek Marczykowski-Górecki
fe69bba14b rpm: remove /lib/firmware/updates link
It is no longer needed and currently broke linux-firmware package
installation.
2014-05-12 00:37:22 +02:00
Wojciech Zygmunt Porczyk
40fcbdebaa misc: do not display file preview by default (#813) 2014-05-08 14:17:24 +02:00
Marek Marczykowski-Górecki
5912ea4330 rpm: fix notification-daemon setup 2014-04-23 01:54:28 +02:00
Marek Marczykowski-Górecki
12080a42a2 rpm: do not disable abrt-applet autostart 2014-04-23 01:31:57 +02:00
Marek Marczykowski-Górecki
3b55facb2e Update repo file for R2rc1 repo 2014-04-10 04:08:49 +02:00
Marek Marczykowski-Górecki
a4fc4822ef dom0-updates: use yum --downloadonly instead of yumdownloader
This better handles dependencies (especially of "Obsolete:" type).
Unfortunately yum install/upgrade checks if running as root. Because we
are only downloading packages, using local "system root" (--installroot
option) no real root access is requires, so use fakeroot to mute yum
error.
2014-03-28 06:52:31 +01:00
Marek Marczykowski-Górecki
fe64539789 Implement "Move to VM" action (#725) 2014-03-24 05:19:16 +01:00
Marek Marczykowski-Górecki
226282bd90 rpm: enable notification-daemon
Without it explicitly enabled, notify-send (used by qubes-firewall) does
nothing.
2014-02-22 01:24:13 +01:00
Marek Marczykowski-Górecki
8acad1b78d rpm: disable (standard) pulseaudio autostart on its upgrade
Not only on initial template installation.
2014-02-08 10:22:28 +01:00
Marek Marczykowski-Górecki
3cc9d0f329 Merge branch 'appicons'
Conflicts:
	rpm_spec/core-vm.spec
2014-02-07 05:50:07 +01:00
Marek Marczykowski-Górecki
ededdf32ec rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
Note that R: will be generated automatically (on library name).
2014-02-07 05:36:22 +01:00
Marek Marczykowski-Górecki
d660f260b8 Hide nm-applet when NetworkManager is disabled (retry)
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
2014-02-07 02:16:39 +01:00
Marek Marczykowski-Górecki
7d4c19fe23 rpm: fix rpmbuild warning about ghost files 2014-02-07 02:10:47 +01:00
Marek Marczykowski-Górecki
58496dbac0 rpm: move serial.conf to /usr/share/qubes
It isn't executable file...
2014-02-06 23:56:18 +01:00
Marek Marczykowski-Górecki
06ced31ab5 rpm: typo fix in spec file
This is fix for commit 4d2094b16c.
2014-02-06 06:18:25 +01:00
Marek Marczykowski-Górecki
4d2094b16c Do not unconditionally hide nm-appet in Fedora >= 20 (#774)
This is first step of #774 - when NetworkManager enabled, show nm-applet
icon. Still NetworkManager need some configuration to not break ProxyVM
eth0.
2014-02-02 13:37:00 +01:00
Marek Marczykowski-Górecki
c647862fc0 rpm: do not fail on non-existing /etc/init/serial.conf
This file is obsolete for a long time, so use it only if found in the
system (perhaps still useful in other distros).
2014-02-02 13:37:00 +01:00
Marek Marczykowski-Górecki
66b5d686f5 rpm: require gnome-packagekit-updater on Fedora 20+
gpk-update-viewer is no longer a part of gnome-packagekit package.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
0123719646 systemd: fix handling of .path units overrides 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
fc04408c7a systemd: disable ModemManager in non-NetVM
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
cac25cbe60 Merge remote-tracking branch 'woju/master' into appicons
Conflicts:
	Makefile
	rpm_spec/core-vm.spec
2014-01-31 02:12:06 +01:00
Wojciech Zygmunt Porczyk
453ab0f22c qubes.GetImageRGBA for appicons 2014-01-30 16:30:17 +01:00
Marek Marczykowski-Górecki
948555bdea systemd: fix handling of .path units overrides 2014-01-30 02:56:40 +01:00
Marek Marczykowski-Górecki
99708afc52 systemd: disable ModemManager in non-NetVM
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-01-30 02:56:30 +01:00
Marek Marczykowski-Górecki
9ea49e3f83 version 2.1.26 2014-01-22 15:17:41 +01:00
Marek Marczykowski-Górecki
361ab0b266 qubes-rpc: introduce services for browsing VM filesystem
For now used to select system backup inside of VM.
2014-01-13 05:07:23 +01:00
Marek Marczykowski-Górecki
fd55d48126 Move meminfo-writer to linux-utils repo
It is common for both dom0 and VM.  So move to linux-specific repo (not
VM-specific).
2014-01-05 05:38:10 +01:00
Marek Marczykowski-Górecki
0daaefb47f rpm: own /lib/modules only in Fedora >= 19
Previously it was owned by filesystem package.
2013-12-22 23:00:21 +01:00
Marek Marczykowski-Górecki
b3081dce07 systemd: disable additional unneeded services 2013-12-17 01:29:26 +01:00
Marek Marczykowski-Górecki
c04d4e4fea systemd: while disabling service, disable also its activators
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
2013-12-16 21:10:37 +01:00
Marek Marczykowski-Górecki
22929bb18f kernel-placeholder: provide kernel modules mountpoint
It is no longer part of 'filesystem' package in Fedora 19.
2013-12-15 05:36:02 +01:00
Marek Marczykowski-Górecki
7dd5a40218 rpm: kernel-placeholder provides kernel-modules-extra
Yet another package with kernel-related files already provided by dom0.
2013-12-13 04:40:20 +01:00
Marek Marczykowski-Górecki
3cc566f539 Split R2 yum repository for individual beta releases. 2013-12-06 13:02:22 +01:00
Marek Marczykowski-Górecki
41c701a1ac Revert "Do not start gnome-settings-daemon in AppVM"
This reverts commit 047a7a0b23.
Actually some g-s-d plugins are helpful, for example notification of low
disk space. Also we've already disabled keyboard plugin.
2013-12-01 02:25:51 +01:00
Marek Marczykowski-Górecki
8f840e10dc vm-file-editor: add override for mimeinfo *.png entry (#753)
MIME-info database contains multiple entries for *.png, namely image/png
and image/x-apple-ios-png. The later one doesn't have associated handler
program, but this one is selected by mimeopen tool.

Not sure how this tool should behave in case of multiple matches (IOW is
it a bug in File::MimeInfo perl module used by mimeopen).  Instead of
switching to different tool, which probably will break other files
(check #423), add override for this particular file type.
2013-11-14 21:38:27 +01:00
Marek Marczykowski-Górecki
639cb51414 Add qubes.{Backup,Restore} services, include them in rpm package 2013-11-09 19:01:57 +01:00
Marek Marczykowski-Górecki
047a7a0b23 Do not start gnome-settings-daemon in AppVM
It breaks keyboard layout - sets to own default.
2013-10-23 03:36:56 +02:00
Marek Marczykowski-Górecki
fd224c05a9 Fix for broken network after Fedora update (Fedora #974811)
This should be really done in NetworkManager package, but apparently not
done yet.
https://bugzilla.redhat.com/show_bug.cgi?id=974811
2013-10-11 13:10:49 +02:00
Marek Marczykowski-Górecki
1d41cb4c18 Add qubes.DetachPciDevice for live PCI detach (#708) 2013-09-01 01:28:07 +02:00
Marek Marczykowski-Górecki
099971dcd5 fedora: update spec and serial.conf to match /usr/sbin path 2013-08-14 03:53:40 +02:00
Marek Marczykowski
8c9433fc00 yum-proxy: use iptables-restore to set firewall rules
Simple iptables sometimes returns EBUSY.
2013-08-05 02:08:52 +02:00
Marek Marczykowski
6b8ebe6e2c spec: use make install-vm target in %install
Thanks to this all distributions will use the same code - no need to
manual synchronization.
2013-04-17 01:52:31 +02:00
Marek Marczykowski
06f1dfb70c spec: simplify %post logic for udev rules
Whitelist any rules file with qubes in name. This will prevent further
mistakes like forgetting about some script, or even not including script
for another package (like qubes-tor currently).
2013-03-26 02:41:18 +01:00
Marek Marczykowski
44fab139f4 Add qrexec back, use qubes-utils libraries for common code 2013-03-20 06:23:44 +01:00
Marek Marczykowski
9e3f844f32 Restore release number to 1 2013-03-19 12:03:30 +01:00
Marek Marczykowski
30ca124784 The Underscores Revolution: xenstore paths 2013-03-14 04:29:15 +01:00
Marek Marczykowski
7686fd5d92 The Underscores Revolution: RPC services 2013-03-14 04:25:31 +01:00
Marek Marczykowski
ecc812f350 The Underscores Revolution: filenames
Get rid of underscores in filenames, use dashes instead.
This is first part of cleanup in filenames.
"qubes_rpc" still untouched - will be in separate commit.
2013-03-14 01:07:49 +01:00
Marek Marczykowski
a88c122efa Move manpages here from separate repo 2013-03-12 17:10:49 +01:00
Marek Marczykowski
34b31c0f71 spec: don't touch sysv services in systemd package
Actually it can disable required services which have both sysv and
systemd-style startup scripts.
2013-03-09 03:19:41 +01:00
Marek Marczykowski
f06284d2ba spec: update dependencies 2013-03-07 05:16:09 +01:00
Marek Marczykowski
dffd7e0457 remove qubes-core-libs and qrexec leftovers
They are now in separate repository.
2013-03-07 05:09:13 +01:00
Marek Marczykowski
fb780d7fbc vm/systemd: disable avahi-daemon
Aparently this service have changed name, so make sure it will be disabled also
under new name.
2013-03-03 17:35:54 +01:00
Marek Marczykowski
b18d40fb08 vm: Use nautilus-actions to provide "Copy to other AppVM" etc nautilus commands
No more ugly symlink creation at VM startup, nautilus-actions have system-wide
dir (in opposite to nautilus-scripts).

Currently old symlinks are not cleaned up. Maybe it should, but leaving them
have one advantage: will not break existing users behavior.
2013-02-21 16:44:16 +01:00
Marek Marczykowski
14cb955efc vm/spec: mark some config files with %config(noreplace)
Do mark such critical files, which shouldn't be modified by the user.
2013-02-21 07:25:47 +01:00
Marek Marczykowski
58eeda8723 vm/spec: force legacy iptables services 2013-02-12 01:38:30 +01:00
Marek Marczykowski
f965c8fc99 vm: revert /etc/yum.conf exclude config
Upgrade of kernel is suppressed by qubes-vm-kernel-placeholder package.
Excluding xorg packages makes more problems than goods (e.g. unable to
install dummy driver, block fedora bugfixes).
2013-02-12 01:38:30 +01:00
Marek Marczykowski
979ce2014b vm/systemd: disable NetworkManager-wait-online when NM inactive 2013-02-12 01:38:30 +01:00
Marek Marczykowski
cab4689360 vm: require net-tools
Needed to setup network in VM
2013-02-12 01:38:30 +01:00
Marek Marczykowski
750859bdc8 vm: move polkit configs from qubes-gui-vm package 2013-02-12 01:38:29 +01:00
Marek Marczykowski
d13e1d4bfd vm/kernel-placeholder: update provided version
Some fc18 packages requires >3.5 kernel, so update kernel-placeholder
appropriate (according to newest available package in unstable
repository).
2013-02-12 01:38:29 +01:00
Olivier Medoc
63da3b15a0 vm/qubes_rpc: implement qubes.WaitForSession
RPC call will be used in vm.start function instead of the hardcoded echo > /tmp/qubes-session-waiter
2013-01-11 01:12:23 +01:00
Marek Marczykowski
50809a21c8 qubes-core-vm-kernel-placeholder 1.0-2 2013-01-04 13:23:48 +01:00
Marek Marczykowski
69edb3b029 vm/kernel-placeholder: provide xorg-x11-drv-nouveau to resolve deps problem 2013-01-04 13:23:20 +01:00
Marek Marczykowski
29d2b2e369 spec: generate proper debuginfo packages
%setup macro must be present in %prep to set variables required by
find-debuginfo script. Symlink is to place sources in nice
/usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core
(which can be ambiguous).
Additionally all packages need to have _builddir pointing at top src dir (in
core-dom0 it was dom0 subdir). And to cheat make about current dir (to have
%{name}-%{version} included in path) chdir must be done by shell, not make - so
can't use make -C.
2012-12-12 04:12:59 +01:00
Marek Marczykowski
fc89e48038 spec: do not build u2mfn not packaged in core-dom0 and core-vm
This is packages in core-libs, so build it only there.
2012-12-12 04:10:41 +01:00
Marek Marczykowski
63ede041d8 vm/spec: do not remote 50-qubes_misc.rules during installation 2012-11-22 08:22:52 +01:00
Marek Marczykowski
213380a7c3 vm: setup /dev/xen/evtchn permissions using udev rule
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
2012-11-22 00:51:18 +01:00
Marek Marczykowski
d5a2d9d054 vm: load dummy-hcd module to suppress libusb bug
libusb crashes when no USB controller is present, load dummy-hcd as workaround.
2012-11-19 17:52:16 +01:00
Marek Marczykowski
16afb1610e vm: remove qubes-upgrade-vm after upgrade 2012-11-15 21:38:39 +01:00
Marek Marczykowski
fe1f685b50 spec: extract core libs from qubes-core-vm
This libs are required by both dom0 and VM so it's better to have it
separately. Previously in VM it was separate package, but dom0 have them
embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build
qubes-gui-dom0. Now we do not build all packages for all distros (especially do
not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it
explicit which package is needed by which system.
2012-11-14 13:12:51 +01:00
Marek Marczykowski
e432f0e55c vm/spec: fix NotShowIn entries in autostart desktop files 2012-11-03 05:22:03 +01:00
Marek Marczykowski
65e068f68a vm/qvm-usb: include vusb-ctl in VM package 2012-10-23 05:45:47 +02:00
Alexandre Bezroutchko
7f7e9999f4 dvp/qvm-usb: converted installer scripts into RPM 2012-10-21 15:10:40 +02:00
Marek Marczykowski
4daa5f56ea Merge branch 'master-for-hvm' into hvm
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-sync-clock
2012-10-04 05:45:41 +02:00
Marek Marczykowski
949222f692 vm/spec: fix adding yum-proxy configuration
Do not add entry if already present.
2012-10-04 05:44:20 +02:00
Bruce A Downs
e2caaf0764 vm: Added 'most recently used' feature to 'copy to vm' dialog
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
2012-10-04 05:44:19 +02:00
Bruce A Downs
c2a049ef32 vm/spec: mod to core-vm.spec to add test for files
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
2012-10-04 05:44:19 +02:00
Marek Marczykowski
6345c4570a vm/iptables: block IPv6 traffic
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
da79d38e6f vm/spec: fix adding yum-proxy configuration
Do not add entry if already present.
2012-10-04 05:29:10 +02:00
Marek Marczykowski
0ea16ef21b dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
2012-08-18 21:17:07 +02:00
Marek Marczykowski
32405af775 vm/kernel-placeholder: simplify upgrade 2012-07-30 23:16:05 +02:00
Marek Marczykowski
077c74782c vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645)
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
2012-07-23 23:17:50 +02:00
Marek Marczykowski
c8f3f737f5 Revert "vm/spec: disable pam_systemd globally (#607)" (#626)
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
2012-07-16 13:36:08 +02:00
Marek Marczykowski
8129032c9e vm: implement qubes.GetAppmenus to reduce code duplication
As one-liner services are now real one-line, just do it.
2012-07-15 02:41:23 +02:00
Marek Marczykowski
55130c0dee vm: simplify qubes.VMShell service
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:41:23 +02:00
Marek Marczykowski
bec4afc919 vm: export SuspendPre and SuspendPost qrexec services (#617)
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:44:11 +02:00
Marek Marczykowski
3af500fc80 vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:22:44 +02:00
Marek Marczykowski
c336586fae vm/systemd: disable additional useless services (#620)
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:56:09 +02:00
Marek Marczykowski
654fb64a74 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:56:09 +02:00
Marek Marczykowski
5ee694f4d3 vm/spec: disable pam_systemd only in trigger
The %post part is unnecessary.
2012-07-09 15:54:33 +02:00
Marek Marczykowski
f0cdcdae34 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
0cd7a783d4 vm/spec: disable pam_systemd globally (#607)
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
2012-07-05 01:43:32 +02:00
Marek Marczykowski
9efee9324f vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
77ccf99b88 vm/spec: fix error messages 2012-06-26 03:43:36 +02:00
Marek Marczykowski
47e49d0fd6 vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
1fdaa847c4 vm: RPC service for NTP time sync (#603) 2012-06-23 00:37:47 +02:00
Marek Marczykowski
64a9c54ba6 vm: enable yum-qubes-hooks plugin (#592) 2012-06-11 22:35:44 +02:00
Marek Marczykowski
3e89b33209 vm/spec: create firmware symlink only when needed
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:00:05 +02:00
Marek Marczykowski
baf95fb765 vm/spec: depend on ethtool _package_ 2012-06-06 02:59:07 +02:00
Marek Marczykowski
06c4d57b60 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
55f99e23db makefile: rename vchan Makefile to not conflict with windows build 2012-06-05 21:21:53 +02:00
Marek Marczykowski
9930a89fb1 vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568)
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:11:44 +02:00
Marek Marczykowski
0430e5186b vm: qubes-yum-proxy service (#568)
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:11:43 +02:00
Marek Marczykowski
542cd42d04 vm/spec: remove executable perm where not needed 2012-05-31 03:11:43 +02:00
Marek Marczykowski
be05968bd1 vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:44:07 +02:00
Marek Marczykowski
bd8977c824 vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
4401c3e525 vm/init.d: make firewall and netwatcher service consistent with systemd 2012-03-09 01:50:18 +01:00
Marek Marczykowski
c3ee25ef10 vm/mimeopen: save mimetype defaults for DispVM (#423) 2012-02-06 19:08:08 +01:00
Marek Marczykowski
431e350ffe vm/spec: fix file permissions 2012-02-06 12:58:02 +01:00
Marek Marczykowski
f3e187f672 vm/spec: do not complain about missing serial.conf 2012-01-30 14:22:35 +01:00
Marek Marczykowski
85e6704037 vm/network: symlink NetworkManager system-connection to /rw (#425)
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
2012-01-30 14:20:02 +01:00
Marek Marczykowski
5ec2c4c4bb vm/spec: hide diagnostics from systemctl 2012-01-18 17:24:04 +01:00
Marek Marczykowski
1a71d29cd4 vm: enable qubes-firewall (#424) 2012-01-18 13:37:31 +01:00
Marek Marczykowski
0e1278205c spec: fix build order 2012-01-15 17:36:22 +01:00
Marek Marczykowski
33f50950ec vm/systemd: enable ntpd and NetworkManager services 2012-01-14 01:40:54 +01:00
Marek Marczykowski
4a73aa5da6 vm/systemd: add some package requirements according to Fedora documentation 2012-01-14 01:40:10 +01:00
Marek Marczykowski
9129f74603 vm: disable some autostart applications 2012-01-14 01:39:43 +01:00
Marek Marczykowski
d3e1bf36bf vm: disable silent automatic update *installation* in FC15 (#415)
Do not silently download and install updates, especially in NonUpdateableVM.
2012-01-14 01:37:22 +01:00
Marek Marczykowski
5e0cde15de vm/init: introduce SystemD startup scripts 2012-01-10 12:10:16 +01:00
Marek Marczykowski
5573200c9d vm/spec: split SysV init scripts into separate subpackage 2012-01-10 12:09:09 +01:00
Marek Marczykowski
a25d3be356 vm/spec: add Obsoletes header for smooth upgrade 2012-01-10 11:23:27 +01:00
Marek Marczykowski
240d35259f vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
Marek Marczykowski
65b6675ca1 vm: disable cron also using systemctl
This is needed for FC15
2011-12-30 23:53:46 +01:00
Marek Marczykowski
324ad2aa0d vm/qvm-block: do not disable qubes block udev rules (#393) 2011-12-26 21:01:31 +01:00
Marek Marczykowski
fae04af662 vm/yum-repo: Use $releasever in repo definition
Instead of multiple files with only release version different.
2011-12-12 03:35:22 +01:00
Marek Marczykowski
f3a58eb19b vm/spec: more precise blacklisting updates of xorg (#381) 2011-12-05 13:50:07 +01:00
Marek Marczykowski
b6100594f5 dom0+vm/qvm-block: automatically detach device when physical dev removed (#226)
This will work when device is unmounted. On mounted device backend will be
removed (after 3s timeout), but frontend will left in "closing" state - manual
'xl block-detach' will be needed.
2011-09-30 10:42:56 +02:00
Marek Marczykowski
012dc63c53 dom0+vm: expose block devices info in xenstore (#226) 2011-09-29 13:56:06 +02:00
Marek Marczykowski
0b746bbf70 vm: minor fixes for Fedora 15
1. create /var/run/qubes as /var/run is now on tmpfs
2. if system-d is present - use it to disable NetworkManager
2011-09-27 01:37:09 +02:00
Marek Marczykowski
e09290b82b vm/spec: do not use chown in %install - it will not work as unprivileged user 2011-09-25 15:18:48 +02:00
Marek Marczykowski
bdf407b716 dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
2011-09-15 00:18:56 +02:00
Joanna Rutkowska
ed19fc87f9 vm: update symlinks in Nautilus Scripts menu
This is important for older templates that got upgraded to new core packages,
which renamed some of the tools by removing the '2' suffix.
2011-09-14 19:32:47 +02:00
Marek Marczykowski
766183da60 vm: automatically online added memory
This is needed to increase memory size above initial value on pvops kernel.
Should not harm xenlinux version.
2011-09-06 01:12:21 +02:00
Marek Marczykowski
1642d97fa5 vm: get rid of "2" from qvm-* names (#340) 2011-09-03 17:12:24 +02:00
Rafal Wojtczuk
890030354d qvm-open-in-*: recognize when the parameter is an url
and wrap it in html meta refresh tag, so that it will be opened by
the default browser.
2011-08-29 17:27:48 +02:00
Rafal Wojtczuk
1a24c19702 qrexec: implement qvm-run command for AppVMs
It is build upon qrexec2, qubes.VMShell command. So, in order to e.g.
start firefox in a fresh dispVM, do
qvm-run '$dispvm' firefox http://www.qubes-os.org
2011-08-29 16:46:44 +02:00
Joanna Rutkowska
310c137f25 vm: Fix modules blacklisting 2011-07-30 11:30:21 +02:00
Joanna Rutkowska
9b515d41d6 vm: Blacklist unnecessary packge updates 2011-07-30 11:15:47 +02:00
Marek Marczykowski
f56a993b84 vm: move dom0-updates dir to core-appvm package (#198)
At core-commonvm installation stage "user" can no exists.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
382dafb6cd vm: Split updates check and download into separate scripts (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
f1321e0904 Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core 2011-07-09 16:52:54 +02:00
Marek Marczykowski
626bd1568a vm: fix udev rules for VM network hotplug 2011-07-09 16:52:51 +02:00
Rafal Wojtczuk
dc33f0c9a7 qrexec: adjust DispVM code to the new qrexec API
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b87da183ce qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
b5d30a9d54 qrexec: last two missing pieces of the new rpc infrastructure 2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
dde44ee6ef qrexec: add qrexec_client_vm.c 2011-07-05 11:03:31 +02:00
Marek Marczykowski
508a39cbb0 vm: Load evtchn module by script in /etc/sysconfig/modules 2011-07-02 19:11:15 +02:00
Marek Marczykowski
b6f036caf2 dom0+vm: Update VM kernel mechanism (#242)
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f564a4d143 dom0+vm: Tools for downloading dom0 update by VM (#198)
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
31f0308d45 dom0+vm: Trigger appmenus sync after yum transaction (#45), NEW QREXEC COMMAND
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
2011-06-12 01:46:24 +02:00
Marek Marczykowski
60b86de2ca vm: add -qubes suffix to xenstore-watch to not conflict with xen standard tool 2011-06-07 15:58:55 +02:00