Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,752 Commits 1 Branch 0 Tags 6.4 MiB
be2c9313a4
Commit Graph

1752 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
be2c9313a4
Merge remote-tracking branch 'qubesos/pr/15' 
* qubesos/pr/15:
  Fall back to gnome utilities if kdialog not present

Fixes QubesOS/qubes-issue#1429
 2016-06-01 22:56:24 +02:00
Marek Marczykowski-Górecki
520894e623
Prefer 'dnf' over 'yum' for template update 
QubesOS/qubes-issues#1282
 2016-06-01 05:10:40 +02:00
Marek Marczykowski-Górecki
07c442f534
dom0-updates: use dnf when available 
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).

This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.

Related to QubesOS/qubes-issues#1574
 2016-06-01 05:10:18 +02:00
unman
8471605e6d Fall back to gnome utilities if kdialog not present 2016-06-01 02:55:25 +01:00
Patrick Schleizer
3db93cdc87 fix indent 2016-05-19 21:12:16 +02:00
Marek Marczykowski-Górecki
2fa8c76eec
version 3.2.3 2016-05-18 23:43:23 +02:00
Marek Marczykowski-Górecki
7378ec326a
Update repository definitions for R3.2 2016-05-18 23:42:43 +02:00
Marek Marczykowski-Górecki
4cb4d656c4
Cleanup R3.1->R3.2 transitional package 2016-05-18 23:42:17 +02:00
Marek Marczykowski-Górecki
4c1ae75e35
version 3.2.2 2016-05-18 03:00:12 +02:00
Marek Marczykowski-Górecki
19921274e1
Implement qubes.OpenURL service instead of wrapping URLs in HTML 
This have many advantages:
 - prevent XSS (QubesOS/qubes-issues#1462)
 - use default browser instead of default HTML viewer
 - better qrexec policy control
 - easier to control where are opened files vs URLs

For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.

QubesOS/qubes-issues#1462
Fixes QubesOS/qubes-issues#1487
 2016-05-18 01:32:54 +02:00
Marek Marczykowski-Górecki
ff2678d2f5
qvm-open-in-vm: escape URL when wrapping it in HTML 
Thanks @v6ak for the report and solution.

Fixes QubesOS/qubes-issues#1462
 2016-05-17 22:06:41 +02:00
Marek Marczykowski-Górecki
817606a09d
Merge remote-tracking branch 'origin/pr/72' 
* origin/pr/72:
  systemd: order units checking for qubes-service after qubes-sysinit
 2016-05-17 21:16:02 +02:00
Marek Marczykowski-Górecki
5e08e2bc1d
systemd: order units checking for qubes-service after qubes-sysinit 
Files in /var/run/qubes-service are created by qubes-sysinit.service. So
defer that condition check after that service start.

Thanks @adrelanos for the report.

Fixes QubesOS/qubes-issues#1985
 2016-05-12 00:17:05 +02:00
Marek Marczykowski-Górecki
737922bf87
version 3.2.1 2016-05-05 00:05:13 +02:00
Patrick Schleizer
23bdcb90a7 minor debug xtrace output 2016-05-03 15:16:59 +02:00
Marek Marczykowski-Górecki
b553f5c7b4
Merge remote-tracking branch 'origin/pr/70' 
* origin/pr/70:
  fixed sh syntax error
 2016-05-01 21:12:02 +02:00
Patrick Schleizer
69780ef762 fixed sh syntax error 
https://forums.whonix.org/t/qvm-run-fails-in-whonix-vms

Thanks to entr0py for the bug report!
 2016-05-01 14:03:21 +02:00
Patrick Schleizer
d14203f1ac
fixed bind-dirs legacy import function 
https://phabricator.whonix.org/T501
 2016-04-29 23:44:18 +02:00
Marek Marczykowski-Górecki
4d015432ce
Remove obsolete policy files 
Qrexec policy is really stored in core-admin repo.
 2016-04-27 19:32:00 +02:00
Olivier MEDOC
ccb9a5b992 archlinux: fix remaining loginctl privilege issues with invalid pam.d configuration 2016-04-26 12:57:36 +02:00
Marek Marczykowski-Górecki
437680b731
Fix bind-dirs.sh path 2016-03-30 14:17:04 +02:00
Marek Marczykowski-Górecki
7b5f2b77d1
qubes-rpc: fix SVG icon scaling 
rsvg-convert doesn't scale the image. Do it with convert, only when
really needed. Don't upscale the icon after converting to raster
version.

Fixes QubesOS/qubes-issues#1884
 2016-03-29 17:25:31 +02:00
Marek Marczykowski-Górecki
1c251487fa
version 3.2.0 2016-03-29 14:41:34 +02:00
Marek Marczykowski-Górecki
00698173ed
network: run setup-ip only on xen frontend interfaces 
Fixes QubesOS/qubes-issues#1882
 2016-03-29 12:30:26 +02:00
Marek Marczykowski-Górecki
6e8f0e1a61
qrexec: add service argument support 
Fixes QubesOS/qubes-issues#1876
 2016-03-27 04:30:44 +02:00
Marek Marczykowski-Górecki
da2a4911a3
Merge remote-tracking branch 'qubesos/pr/13' 
* qubesos/pr/13:
  Remove exec in last line of qvm-copy-to-vm
 2016-03-21 14:24:01 +01:00
Marek Marczykowski-Górecki
1b0e604eca
Merge remote-tracking branch 'origin/pr/65' 
* origin/pr/65:
  minor indent
 2016-03-21 14:21:57 +01:00
Marek Marczykowski-Górecki
dc5a87f9b4
Merge remote-tracking branch 'origin/pr/64' 
* origin/pr/64:
  use 'true' rather than ':' for consistency
 2016-03-21 14:21:44 +01:00
Marek Marczykowski-Górecki
73beddf78e
qrexec: unify service environment preparation 
Always set QREXEC_AGENT_PID variable, setup SIGUSR1 handler. And do that
before starting child process to avoid race conditions.

Required for QubesOS/qubes-issues#
Fixes QubesOS/qubes-issues#1863
 2016-03-21 13:23:34 +01:00
Rusty Bird
428d8f09bf
Remove exec in last line of qvm-copy-to-vm 2016-03-21 11:51:29 +00:00
Patrick Schleizer
5a1ea4f5e5 minor indent 2016-03-19 16:26:29 +01:00
Patrick Schleizer
77d51a69ea use 'true' rather than ':' for consistency 2016-03-19 16:23:36 +01:00
Marek Marczykowski-Górecki
7301a898a1
qubes.SuspendPreAll and qubes.SuspendPostAll services 
Those services are called just before/after host suspend.

Thanks @adrelanos for help.
Fixes QubesOS/qubes-issues#1663
 2016-03-15 23:33:11 +01:00
Marek Marczykowski-Górecki
b1731c2768
rpm: Add bind-dirs.sh to spec file 2016-03-14 16:23:11 +01:00
Marek Marczykowski-Górecki
f7d7c6125e
Merge remote-tracking branch 'qubesos/pr/11' 
* qubesos/pr/11:
  Properly handle case of empty domain name.
  Use proper quoting around variables.
  Move usage information printing to separate function, and print usage to stderr; also added some spacing.
  Use proper space-expanded tabs, as per the coding guidelines.
 2016-03-14 16:19:28 +01:00
Marek Marczykowski-Górecki
d4b637e29d
Merge remote-tracking branch 'qubesos/pr/10' 
* qubesos/pr/10:
  Use && in qvm-move-to-vm
  qvm-move-to-vm: Use '--' before file arguments
  qvm-move-to-vm: Remove duplicated code
 2016-03-14 16:18:41 +01:00
Marek Marczykowski-Górecki
74625b1657
Merge remote-tracking branch 'origin/pr/58' 
* origin/pr/58:
  refactoring / code simplification
  fixed broken file copy for files in multi level directories
  also exit from bind-directories if file /var/run/qubes-service/qubes-dvm exists
  use symlink_level_max rather than hardcoding 10; comment
  run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh
  renamed:    bind-dirs -> bind-dirs.sh
  renamed:    misc/bind-dirs -> vm-systemd/bind-dirs
  work on bind-dirs
  work on bind-dirs
  work on bind-dirs https://phabricator.whonix.org/T414
 2016-03-14 16:14:10 +01:00
Marek Marczykowski-Górecki
7f686b1aae
Merge remote-tracking branch 'origin/pr/60' 
* origin/pr/60:
  do not start the Tor service inside Qubes TemplateVMs
 2016-03-14 16:11:44 +01:00
Marek Marczykowski-Górecki
574210c353
Merge remote-tracking branch 'origin/pr/63' 
* origin/pr/63:
  qrexec: hide timing debug messages in vm-file-editor
  qrexec: write service stderr to both syslog and caller
 2016-03-14 16:11:18 +01:00
Marek Marczykowski-Górecki
07ad58b511
Merge remote-tracking branch 'origin/pr/62' 
* origin/pr/62:
  disable systemd-timesyncd
 2016-03-14 16:10:50 +01:00
Marek Marczykowski-Górecki
8f1ec4ba1a
version 3.1.14 2016-03-07 13:47:01 +01:00
Marek Marczykowski-Górecki
fb9b3b62c0
network: use qubes-primary-dns QubesDB entry if present 
For a long time the DNS address was the same as default gateway. This is
still the case in R3.x, but using `qubes-gateway` configuration
parameter for it is misleading. It should be up to dom0 to provide DNS
address (whether the value is the same as gateway or not).

Fixes QubesOS/qubes-issues#1817
 2016-03-07 13:37:45 +01:00
Marek Marczykowski-Górecki
7c45985331
qrexec: hide timing debug messages in vm-file-editor 
Those are currently barely useful, since starting the application isn't
the biggest bottleneck of DispVM. And since stderr is now visible on
qvm-open-in-dvm output, not scare the user with it.
 2016-03-05 12:51:07 +01:00
Marek Marczykowski-Górecki
b267e5c305
qrexec: write service stderr to both syslog and caller 
In case of some services it makes much sense for caller to receive also
stderr in addition to stdout. For example:
 - qubes.VMShell (stderr required for salt-ssh over qrexec)
 - qubes.OpenInVM - especially when called to DispVM - otherwise
 diagnosing errors can be hard

And generally all sort of error reporting (the purpose of stderr). It
would ease debugging - instead of message "error occurred, check here and
there for more details", it could be "error occurred: the reason".

Fixes QubesOS/qubes-issues#1808
 2016-03-05 12:51:07 +01:00
Andrew
bc73cf1fe3 Properly handle case of empty domain name. 2016-02-19 18:19:59 +01:00
Andrew
561f588d1d Use proper quoting around variables. 2016-02-19 18:19:02 +01:00
Andrew
17d274ef48 Move usage information printing to separate function, and print usage to stderr; also added some spacing. 2016-02-19 18:17:40 +01:00
Andrew
63f3392ff5 Use proper space-expanded tabs, as per the coding guidelines. 2016-02-19 16:54:25 +01:00
Patrick Schleizer
83d0ae6df4 disable systemd-timesyncd 
fixes https://github.com/QubesOS/qubes-issues/issues/1754
 2016-02-19 02:34:08 +01:00
Rusty Bird
c730340039
Use && in qvm-move-to-vm 
&& is safer in case qvm-*copy*-to-vm is ever changed to call 'set +e'.
 2016-02-16 08:34:06 +00:00