A file is created in /var/lib/qubes/protected-files. Scripts can grep this file before modifying
known files to be protected and skip any modifications if the file path is within protected-files.
Usage Example:
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
Also cleaned up maintainer scripts removing unneeded systemd status functions and streamlined
the enable/disable systemd unit files functions
systemctl is-enabled always reports "disabled" for them (actually not a
real "disabled", but and error, but exit code is the same). So simply
always disable the unit, it is no-op for already disabled ones.
BTW systemctl preset also do not work for them.
This will ignore excluded deb, rpm, pkg and .git directories that were
tar'ed for the .orig.tar.gz debian upstream package file and will prevent
build errors
- Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian
- Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf
Applied patch to qrexec Makefile to prevent compile failure on warnings
qrexec: Disable all warnings being treated as errors
gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c
qrexec-agent-data.c: In function 'handle_remote_data':
qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
status = *(unsigned int *)buf;
^
cc1: all warnings being treated as errors
<builtin>: recipe for target 'qrexec-agent-data.o' failed
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
Applied patch to qrexec Makefile to prevent compile failure on warnings
qrexec: Disable all warnings being treated as errors
gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c
qrexec-agent-data.c: In function 'handle_remote_data':
qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
status = *(unsigned int *)buf;
^
cc1: all warnings being treated as errors
<builtin>: recipe for target 'qrexec-agent-data.o' failed
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
Generate user-groups via -U instead of explicit via groupadd. This also
fix the problem that the tinyproxy group were not gererated as
"system"-group.
Also suppress unneeded output of the existence test.
Starting services in the postinst script doesn't make much sense since
the package is normally installed in the template. In addition the start
can fail when executed through a trigger.
/etc/iptables/rules.* are already part of the packet.
The removed code has never done something in debian (since
/etc/iptables/rules.* already exists).
