Commit Graph

417 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
dd8de797e3
Move network uplink setup to a separate service
Previously, network uplink (eth0) was configured in two places:
 - udev (asynchronously)
 - qubes-misc-post.service - at the very end of the boot process

This caused multiple issues:
1. Depending on udev event processing (non-deterministic), network
   uplink could be enabled too early, for example before setting up
   firewall.
2. Again depending on udev processing, it can be enabled quite late in
   the boot process, after network.target is up and services assume
   network already configured. This for example causes qubes-firewall to
   fail DNS queries.
3. If udev happen try to enable enable networking even earlier, it may
   happend before qubesdb-daemon is started, in which case network setup
   fill fail. For this case, there was network re-setup in
   qubes-misc-post service - much later in the boot.

Fix the above by placing network uplink setup in a dedicated
qubes-network-uplink@${INTERFACE}.service unit ordered after
network-pre.target and pulled in by udev based on vif device existence,
to handle also dynamic network attach/detach.
Then, create qubes-network-uplink.service unit waiting for appropriate
interface-specific unit (if one is expected!) and order it before
network.target.

QubesOS/qubes-issues#5576
2020-12-04 03:24:02 +01:00
Marek Marczykowski-Górecki
0caa7fcf75
network: stop IP forwarding before disabling firewall
Stop IP forwarding when stopping qubes-network service (which initially
enables it). This makes ordering against qubes-firewall safe - firewall
is applied before allowing IP forward and then is removed when IP
forward is already disabled.

Fixes QubesOS/qubes-issues#5599
2020-12-03 20:52:51 +01:00
Marek Marczykowski-Górecki
7f15690e43
Add a service to enable swap early - before fsck of the root filesystem
fsck may require significant amount of RAM, enable swap earlier to avoid
out of memory condition. Implement this as a separate service unit, not
a swap unit, because the latter requires udev running (implicit
dependency on dev-xvdc1.device) which is not the case before remounting
root filesystem read-write.

QubesOS/qubes-issues#6174
2020-11-03 05:18:57 +01:00
Marek Marczykowski-Górecki
75ffdf6a53
version 4.1.18 2020-10-31 05:39:07 +01:00
Marek Marczykowski-Górecki
d90f62f982
version 4.1.17 2020-10-10 05:13:44 +02:00
Marek Marczykowski-Górecki
748f254909
version 4.1.16 2020-09-17 14:37:05 +02:00
Marek Marczykowski-Górecki
e9466dd04f
Merge remote-tracking branch 'origin/pr/236'
* origin/pr/236:
  qvm-template: Add qubes.Template{Search,Download} files to the package.
  qubes.Template*: Add --refresh option and allow DNF cache to be used.
  qubes.Template*: Invoke curl with --silent.
  qubes.Template*: Change separator from : to | and include additional metadata.
  Fix shell quoting.
  Remove repofrompath.
  New qrexec calls for interacting with template repos.
2020-09-17 03:08:56 +02:00
Marek Marczykowski-Górecki
e729a8a8bc
debian: drop python2 in build deps
QubesOS/qubes-issues#5297
2020-09-16 16:40:07 +02:00
WillyPillow
e83408d601
qvm-template: Add qubes.Template{Search,Download} files to the package. 2020-08-25 11:11:24 +08:00
Marek Marczykowski-Górecki
a695902d68
version 4.1.15 2020-08-07 03:52:18 +02:00
Marek Marczykowski-Górecki
0f3e1ae8af
Merge remote-tracking branch 'origin/pr/184'
* origin/pr/184:
  Add services for paranoid backup restore mode
  qfile-unpacker: add option (-w) to wait for disk space before extracting
  tar2qfile: fix argument parser
  qfile-unpacker: add option for custom user and target directory
2020-08-07 03:01:25 +02:00
Marek Marczykowski-Górecki
cb4f06d464
Merge remote-tracking branch 'origin/pr/239'
* origin/pr/239:
  xendriverdomain: remove placeholder for sbinpath
  Fix regex in qubes-fix-nm-conf.sh
  Update travis
  xendriverdomain: remove Requires and After proc-xen.mount
  Drop legacy xen entry in fstab
2020-08-06 05:32:45 +02:00
Marek Marczykowski-Górecki
629f836177
debian: fix version detection for python3?-nautilus dependency
On buster and stretch use python-nautilus, but /etc/debian_version
contains numeric version, not a codename.

Reported by @0spinboson
2020-08-06 05:30:37 +02:00
Marek Marczykowski-Górecki
8066129445
Add services for paranoid backup restore mode
Add a pair of services:
1. qubes.RegisterBackupLocation - called by dom0, registers what backup
location (including both file and command options) can be accessed.
Registered location gets an ID returned to the caller. The location (and
its ID) is valid as long as the service call remains open.

2. qubes.RestoreById - called by restoring DispVM to retrieve the backup
content. The service expects location ID as an argument, and then list
of files/directories (separated with spaces) on the first line of stdin.
This is very similar to qubes.Restore service, with exception for the
archive location control.

QubesOS/qubes-issues#5310
2020-08-03 03:43:09 +02:00
Frédéric Pierret (fepitre)
8aea0d9aab
xendriverdomain: remove Requires and After proc-xen.mount 2020-07-26 23:26:00 +02:00
Marek Marczykowski-Górecki
e067812d57
Merge remote-tracking branch 'origin/pr/238'
(Dropped debian/changelog change on merge)
2020-07-26 21:31:32 +02:00
Krzysztof Burghardt
a4e6d1c811
Fix dependencies for Ubuntu 20.04 LTS (Focal Fossa) 2020-07-20 23:12:35 +02:00
Marek Marczykowski-Górecki
5db43b9534
version 4.1.14 2020-07-16 13:37:17 +02:00
Marek Marczykowski-Górecki
940b0f3646
Do not use legacy distutils.spawn
The whole distutils module is a legacy thing in python3. Specifically,
most of it is not installed in Debian by default (there is only
distutils.version). Depending on python3-distutils is problematic, as
it's availability varies between Debian versions.

Instead of fighting with special cases in dependencies, replace the
whole thing with non-legacy shutil.which() (available since Python 3.3).
2020-07-02 02:56:13 +02:00
Marek Marczykowski-Górecki
39e07f93f8
version 4.1.13 2020-06-29 06:29:35 +02:00
Frédéric Pierret (fepitre)
8c3d181266
debian: add 'rpm' as dependency
- clean Makefile
2020-06-19 19:15:52 +02:00
Frédéric Pierret (fepitre)
704930852c
Use DNF instead of YUM if exists 2020-06-19 17:14:08 +02:00
Marek Marczykowski-Górecki
464f8f6afe
Merge remote-tracking branch 'origin/pr/231'
* origin/pr/231:
  Fix missing dependency for managing Network-Manager in active user session

Fixes QubesOS/qubes-issues#5836
2020-05-27 04:01:31 +02:00
Marek Marczykowski-Górecki
905b745c6e
Merge remote-tracking branch 'origin/pr/230'
* origin/pr/230:
  debian: conditional python version dependencies
2020-05-27 03:59:46 +02:00
Frédéric Pierret (fepitre)
c12d9ce75c
Fix missing dependency for managing Network-Manager in active user session
QubesOS/qubes-issues#5836
2020-05-26 22:57:07 +02:00
Frédéric Pierret (fepitre)
74a97b7e6a
debian: conditional python version dependencies 2020-05-26 16:30:57 +02:00
Marek Marczykowski-Górecki
810fc59cac
version 4.1.12 2020-05-25 03:35:46 +02:00
Marek Marczykowski-Górecki
707d4cad8b
qubes.ShowInTerminal needs a graphical session running
This specifically fixes qvm-console-dispvm tool, which uses
qubes.ShowInTerminal to show the actual console. This service uses
xterm, so it needs X session running already.

Fixes QubesOS/qubes-issues#5805
2020-05-09 05:13:14 +02:00
Paweł Marczewski
969ec301d5
Override PAM config for su in RPM package
In Red Hat based distributions, there is no pam-configs like
mechanism (authselect seems too heavy and is not configured by
default), so instead, we replace the PAM file.

Enable su for users in the qubes group, same as in the Debian
package.
2020-05-07 17:01:02 +02:00
Paweł Marczewski
da2fa46551
Use pam-configs to override Debian PAM config
Instead of the old workaround that replaces the whole PAM config,
use Debian's framework (pam-configs) to add a rule for su. Enable it
for users in qubes group only.

PAM Config framework documentation:
  https://wiki.ubuntu.com/PAMConfigFrameworkSpec

Issue:
  QubesOS/qubes-issues#5799

Original PR this change is based on:
  QubesOS/qubes-core-agent-linux#171
2020-05-07 15:31:47 +02:00
Paweł Marczewski
e52f4f1341
Lock root password in passwordless-root package
See QubesOS/qubes-issues#5799.

Undo the change to empty password previously performed by that
package.
2020-05-06 18:03:19 +02:00
Paweł Marczewski
212df1d586
Enable root autologin on serial console
See QubesOS/qubes-issues#5799.

Use an option to agetty:
  https://wiki.archlinux.org/index.php/Getty#Automatic_login_to_virtual_console

The --login-pause causes agetty to wait for Enter key. This is
important, because otherwise the root session prevents systemd from
shutting down, and probably causes other side effect.
2020-05-06 17:56:55 +02:00
Marek Marczykowski-Górecki
f023afdaa0
version 4.1.11 2020-05-01 02:39:18 +02:00
Marek Marczykowski-Górecki
b8a39a7fe2
version 4.1.10 2020-03-01 03:42:33 +01:00
Marek Marczykowski-Górecki
2893b9d67c
version 4.1.9 2020-03-01 03:31:40 +01:00
Marek Marczykowski-Górecki
731a87f292
Adjust version of required qubes-gui-agent
The "qubes-sysinit: set GUI_OPTS in gui-agent-linux" commit breaks
gui-agent-linux lacking its counterpart. Express this in the package
metadata.

QubesOS/qubes-issues#5662
2020-03-01 03:11:11 +01:00
unman
af20dbc3db
Disable package caching in apt operations 2020-01-15 18:47:53 +00:00
Marek Marczykowski-Górecki
90f4100842
Merge remote-tracking branch 'origin/pr/212'
* origin/pr/212:
  Do not reference sudo group when removing package
2020-02-06 01:55:32 +01:00
Amadeusz Piotr Żołnowski
bc1e02d4d4
Install 50-qubes-mem-hotplug.rules in /lib/udev instead of /etc/udev 2020-02-05 00:12:23 +00:00
Amadeusz Piotr Żołnowski
f76b30008f
Merge app-defaults and sys-defaults to config-overrides 2020-02-05 00:12:22 +00:00
Amadeusz Piotr Żołnowski
dee84452aa
Move qubes-firewall from sbin to bin 2020-02-05 00:12:22 +00:00
Amadeusz Piotr Żołnowski
f5faa62876
Move qvm-console to core-admin-client repository 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
4de377bc3b
Split items in misc directory by topic 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
ec7ae0bf40
Remove no longer needed xenstore-watch and close-window 2020-02-04 23:59:08 +00:00
unman
165def228d
Do not reference sudo group when removing package 2020-02-03 03:46:35 +00:00
Marek Marczykowski-Górecki
076275c154
version 4.1.8 2020-01-28 21:44:36 +01:00
Pawel Marczewski
3a6e77aa43
Add /etc/qubes/applications override, use it for gnome-terminal
Used by qubes.StartApp so that we can override distribution-provided
.desktop files. The mechanism is introduced to run gnome-terminal
with --wait option, so that it's compatible with DispVMs.

Fixes QubesOS/qubes-issues#2581.
2020-01-27 14:05:55 +01:00
Pawel Marczewski
943f37b481
Add qubes-run-gnome-terminal utility that uses --wait 2020-01-27 12:11:48 +01:00
Pawel Marczewski
738548a8e4
Add qubes.VMExec call, for running a single command
With a VMExecGUI variant that waits for a session.

See QubesOS/qubes-issues#4850.
2020-01-24 18:44:45 +01:00
Marek Marczykowski-Górecki
c997008e2f
version 4.1.7 2020-01-17 05:12:04 +01:00