Commit Graph

1272 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
bc8a6a0a20 fedora: Fix iptables config installation one more time 2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
66620c1005 fedora: Fix iptables config install script 2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
efc7d4d1f2 filecopy: prevent files/dirs movement outside incoming directory during transfer
Otherwise, when the user moves directory, which is still in transfer,
somewhere else, it could allow malicious source domain to escape chroot
and place a file in arbitrary location.

It looks like bind mount is just enough - simple rename fails with
EXDEV, so tools are forced to perform copy+delete, which is enough to
keep unpacker process away from new file location.

One inconvenient detail is that we must clean the mount after transfer
finishes, so root perms cannot be dropped completely. We keep separate
process for only that reason.
2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
50b536bee3 fedora: Add security-testing repo definition
Conflicts:
	misc/qubes-r2.repo
2015-01-30 00:45:02 +01:00
Jason Mehring
546b4c7911 fc21: Remove left-over code comment 2015-01-30 00:43:31 +01:00
Jason Mehring
33d3a6c9ea fc21: iptables configurations conflict with fc21 yum package manager
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2015-01-30 00:43:31 +01:00
Marek Marczykowski-Górecki
0be213200a network: fix NM config preparation
The same variables are reused to configure downlink in ProxyVM, so
create NM config before they got overrided.

Conflicts:
	network/setup-ip
2015-01-30 00:43:29 +01:00
Marek Marczykowski-Górecki
b3429b596d network: set uplink configuration based on MAC (NetworkManager) 2015-01-30 00:39:37 +01:00
HW42
dbd19698b3 debian: remove unneeded acpid dependency
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ

Conflicts:
	debian/control
2015-01-30 00:39:35 +01:00
HW42
6f056486e0 debian: move not strictly required packages to Recommends-Section.
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ

Conflicts:
	debian/control
2015-01-30 00:38:07 +01:00
Marek Marczykowski-Górecki
5bd3080521 Update update-proxy rules for debian security fixes repo
The name can be "wheezy/updates".
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
a4ad010a45 debian: fix service name in postinst script 2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
c3ef00303f debian: remove obsolete code from postinst script
NetworkManager-dispatcher.service issue seems to be already fixed in
upstream package.
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
45e7cbb2ac debian: add missing python-gi to dependencies
Required for qubes-desktop-run tool.
2015-01-30 00:32:56 +01:00
Marek Marczykowski-Górecki
7476eb2f24 debian: fix generation of apt sources list file
Use codename, instead of release number.

Conflicts:
	Makefile
2015-01-30 00:32:49 +01:00
Marek Marczykowski-Górecki
995c758d14 debian: create tinyproxy as system user 2015-01-30 00:32:09 +01:00
Marek Marczykowski-Górecki
756293ec75 Fix disabling nm-applet when NM is disabled 2015-01-30 00:32:09 +01:00
Marek Marczykowski-Górecki
9130636c88 Merge branch 'debian'
Conflicts:
	misc/qubes-r2.list.in
	misc/qubes-trigger-sync-appmenus.sh
	network/30-qubes-external-ip
	network/qubes-firewall
	vm-systemd/network-proxy-setup.sh
	vm-systemd/prepare-dvm.sh
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski-Górecki
3a0ad108d4 version 3.0.0 2014-11-22 16:24:18 +01:00
Marek Marczykowski-Górecki
1f1a33be21 Disable R3 repos by default 2014-11-20 17:04:36 +01:00
Marek Marczykowski-Górecki
9b71e6db8b Update repos and keys for Qubes R3 2014-11-20 17:01:10 +01:00
Marek Marczykowski-Górecki
48685938ff qrexec: register exec function
Update for shared libqrexec.so API (instead of statically linked one).
2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
17350f6f69 Use xenstore.h instead of xs.h 2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
b13844afe1 qrexec: new protocol - direct data vchan connections 2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
d84381b87f code style: replace tabs with spaces 2014-11-19 15:34:34 +01:00
Marek Marczykowski-Górecki
b8588c4856 qrexec: remove dom0 targets from makefile 2014-11-19 15:34:33 +01:00
Marek Marczykowski
d00d52fc31 dispvm: restart qubesdb at DispVM start
To connect to new qubesdb daemon in dom0.
2014-11-19 15:34:33 +01:00
Marek Marczykowski
1f04cf34cc systemd: fix qubes-service handling
qubesdb-list does show only list of paths, without values. Use
qubesdb-multiread instead. Path (argument) must have terminating '/' so
it will be cut of printed paths (service names only).
2014-11-19 15:34:33 +01:00
Marek Marczykowski
db35abadc8 Use Qubes DB instead of Xenstore 2014-11-19 15:34:33 +01:00
Marek Marczykowski
a3aab7dab2 rpm: fix typo 2014-11-19 15:34:33 +01:00
Marek Marczykowski
735531a9ba spec: get backend_vmm from env variable
There is no way to pass --define to yum-buildep, but we use VMM name for
required packages names.
2014-11-19 15:34:32 +01:00
Marek Marczykowski
93ad711f4e load xen-gntalloc module required by libxenvchan 2014-11-19 15:34:32 +01:00
Marek Marczykowski
94f54d6c9f spec: add dependencies on vchan package (both R: and BR:) 2014-11-19 15:34:32 +01:00
Marek Marczykowski
95839ddab5 Update for new vchan API 2014-11-19 15:34:32 +01:00
Marek Marczykowski-Górecki
ea4eef7de8 network: fix indentation 2014-11-13 23:19:34 +01:00
Jason Mehring
599fad53a2 Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian 2014-11-12 03:41:41 -05:00
Jason Mehring
160bf82583 Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian 2014-11-12 03:40:29 -05:00
Jason Mehring
4420df01ea debian: Don't display systemd info in chroot since systemd show does not work in chroot 2014-11-12 03:39:17 -05:00
Marek Marczykowski-Górecki
4f89980137 Merge remote-tracking branch 'nrgaway/debian' into debian 2014-11-11 23:06:45 +01:00
Jason Mehring
848c53adc2 debian: Updated tinyproxy filter rules 2014-11-11 13:38:26 -05:00
Marek Marczykowski-Górecki
9bb9e8d9e5 Fix compile flags order (-lX11 moved to the end) 2014-11-11 01:22:26 +01:00
Jason Mehring
da6f6bd22b debian: Wrong variable name was used to create /usr/share/qubes/xdg/autostart 2014-11-09 13:27:38 -05:00
Jason Mehring
51cac340ca debian: Added functionality to move desktop entry config files to /usr/share/qubes/xdg/autostart to preserve originals
Added trigger for new notify agent; removed trigger for old one
2014-11-09 12:58:57 -05:00
Jason Mehring
ef50c0d7b6 debian: Add new notification agent depends; remove other 2014-11-09 12:58:48 -05:00
Marek Marczykowski-Górecki
427decd793 network: fix NM uplink config permissions
Otherwise NM will not use the file.
2014-11-09 05:35:07 +01:00
Marek Marczykowski-Górecki
7027633e80 network: do not use ifcfg-rh NM plugin
Apparently eth0 in ProxyVM can be configured using plain keyfile plugin,
which is present on all distributions.
2014-11-09 05:31:22 +01:00
Jason Mehring
cadb102781 debian: More depends for debian as netvm and some configuration tweaks.
Jessie base loads as netvm; wheezy base giving bad window error when trying to start nm-applet
Fixed qt MIT-SHM graphics issue
2014-11-08 02:58:07 -05:00
Jason Mehring
1f93dc0a60 debian: Added more error reporting to track down any missing dependancies
Prints various systemd messages when a unit fails to enable/disable/start/stop
Fixed issue with alternate NetworkManager* systemd files not being placed
Removed 'basename -s' since -s option not supported in wheezy
2014-11-07 22:52:32 -05:00
Jason Mehring
afcff2ca4b debian: removed commented out depends 2014-11-07 18:29:05 -05:00
Jason Mehring
9e065d6d9c debian: Added all other outstanding triggers contained in rpm_spec as well as triggers if other packages get installed at a later date the configurations will run on them 2014-11-07 18:28:04 -05:00