Commit Graph

85 Commits

Author SHA1 Message Date
Demi Marie Obenour
bf443ef6e6
Merge commit 'b15ff53bc6dee36cecf28413554fb7c856ae0517' into usr-lib-merge 2020-12-17 17:43:38 -05:00
Marek Marczykowski-Górecki
dd8de797e3
Move network uplink setup to a separate service
Previously, network uplink (eth0) was configured in two places:
 - udev (asynchronously)
 - qubes-misc-post.service - at the very end of the boot process

This caused multiple issues:
1. Depending on udev event processing (non-deterministic), network
   uplink could be enabled too early, for example before setting up
   firewall.
2. Again depending on udev processing, it can be enabled quite late in
   the boot process, after network.target is up and services assume
   network already configured. This for example causes qubes-firewall to
   fail DNS queries.
3. If udev happen try to enable enable networking even earlier, it may
   happend before qubesdb-daemon is started, in which case network setup
   fill fail. For this case, there was network re-setup in
   qubes-misc-post service - much later in the boot.

Fix the above by placing network uplink setup in a dedicated
qubes-network-uplink@${INTERFACE}.service unit ordered after
network-pre.target and pulled in by udev based on vif device existence,
to handle also dynamic network attach/detach.
Then, create qubes-network-uplink.service unit waiting for appropriate
interface-specific unit (if one is expected!) and order it before
network.target.

QubesOS/qubes-issues#5576
2020-12-04 03:24:02 +01:00
Marek Marczykowski-Górecki
0caa7fcf75
network: stop IP forwarding before disabling firewall
Stop IP forwarding when stopping qubes-network service (which initially
enables it). This makes ordering against qubes-firewall safe - firewall
is applied before allowing IP forward and then is removed when IP
forward is already disabled.

Fixes QubesOS/qubes-issues#5599
2020-12-03 20:52:51 +01:00
Demi Marie Obenour
57b30d3af6
Use /usr/lib instead of /lib 2020-12-02 11:21:53 -05:00
Demi Marie Obenour
5e0d1cd1d8
qubes.ShowInTerminal requires socat 2020-11-24 17:38:14 -05:00
Marek Marczykowski-Górecki
7f15690e43
Add a service to enable swap early - before fsck of the root filesystem
fsck may require significant amount of RAM, enable swap earlier to avoid
out of memory condition. Implement this as a separate service unit, not
a swap unit, because the latter requires udev running (implicit
dependency on dev-xvdc1.device) which is not the case before remounting
root filesystem read-write.

QubesOS/qubes-issues#6174
2020-11-03 05:18:57 +01:00
Frédéric Pierret (fepitre)
c16fb05d2d
dnf-plugin: restrict to only version provided by plateform-python
Fix multiple indentations
2020-10-30 10:46:56 +01:00
Marek Marczykowski-Górecki
e9466dd04f
Merge remote-tracking branch 'origin/pr/236'
* origin/pr/236:
  qvm-template: Add qubes.Template{Search,Download} files to the package.
  qubes.Template*: Add --refresh option and allow DNF cache to be used.
  qubes.Template*: Invoke curl with --silent.
  qubes.Template*: Change separator from : to | and include additional metadata.
  Fix shell quoting.
  Remove repofrompath.
  New qrexec calls for interacting with template repos.
2020-09-17 03:08:56 +02:00
Marek Marczykowski-Górecki
5bb125fa67
Merge remote-tracking branch 'origin/pr/244'
* origin/pr/244:
  spec: don't build sysvinit for Fedora and CentOS
2020-09-17 02:48:28 +02:00
Marek Marczykowski-Górecki
87135138ac
Revert "rpm: do not build qubes-core-agent-sysvinit package"
This reverts commit 408bccdd5c.
2020-09-17 02:47:51 +02:00
Marek Marczykowski-Górecki
408bccdd5c
rpm: do not build qubes-core-agent-sysvinit package
Since no currently supported distribution needs it, skip the build by
default. If necessary, can be enabled by adjusting %with_sysvinit macro
in the spec.
2020-09-16 16:14:02 +02:00
Frédéric Pierret (fepitre)
562b871188
spec: don't build sysvinit for Fedora and CentOS 2020-08-28 13:48:18 +02:00
WillyPillow
e83408d601
qvm-template: Add qubes.Template{Search,Download} files to the package. 2020-08-25 11:11:24 +08:00
Marek Marczykowski-Górecki
0f3e1ae8af
Merge remote-tracking branch 'origin/pr/184'
* origin/pr/184:
  Add services for paranoid backup restore mode
  qfile-unpacker: add option (-w) to wait for disk space before extracting
  tar2qfile: fix argument parser
  qfile-unpacker: add option for custom user and target directory
2020-08-07 03:01:25 +02:00
Marek Marczykowski-Górecki
8066129445
Add services for paranoid backup restore mode
Add a pair of services:
1. qubes.RegisterBackupLocation - called by dom0, registers what backup
location (including both file and command options) can be accessed.
Registered location gets an ID returned to the caller. The location (and
its ID) is valid as long as the service call remains open.

2. qubes.RestoreById - called by restoring DispVM to retrieve the backup
content. The service expects location ID as an argument, and then list
of files/directories (separated with spaces) on the first line of stdin.
This is very similar to qubes.Restore service, with exception for the
archive location control.

QubesOS/qubes-issues#5310
2020-08-03 03:43:09 +02:00
Frédéric Pierret (fepitre)
8aea0d9aab
xendriverdomain: remove Requires and After proc-xen.mount 2020-07-26 23:26:00 +02:00
Marek Marczykowski-Górecki
464f8f6afe
Merge remote-tracking branch 'origin/pr/231'
* origin/pr/231:
  Fix missing dependency for managing Network-Manager in active user session

Fixes QubesOS/qubes-issues#5836
2020-05-27 04:01:31 +02:00
Frédéric Pierret (fepitre)
c12d9ce75c
Fix missing dependency for managing Network-Manager in active user session
QubesOS/qubes-issues#5836
2020-05-26 22:57:07 +02:00
Marta Marczykowska-Górecka
fee9626dc9
Added a qubes-open-file-manager.desktop file
To be used by GUI tools to provide a convenient 'open file manager' shortcut.

references QubesOS/qubes-issues#5170
2020-05-15 14:04:51 +02:00
Marek Marczykowski-Górecki
707d4cad8b
qubes.ShowInTerminal needs a graphical session running
This specifically fixes qvm-console-dispvm tool, which uses
qubes.ShowInTerminal to show the actual console. This service uses
xterm, so it needs X session running already.

Fixes QubesOS/qubes-issues#5805
2020-05-09 05:13:14 +02:00
Paweł Marczewski
969ec301d5
Override PAM config for su in RPM package
In Red Hat based distributions, there is no pam-configs like
mechanism (authselect seems too heavy and is not configured by
default), so instead, we replace the PAM file.

Enable su for users in the qubes group, same as in the Debian
package.
2020-05-07 17:01:02 +02:00
Paweł Marczewski
e52f4f1341
Lock root password in passwordless-root package
See QubesOS/qubes-issues#5799.

Undo the change to empty password previously performed by that
package.
2020-05-06 18:03:19 +02:00
Paweł Marczewski
212df1d586
Enable root autologin on serial console
See QubesOS/qubes-issues#5799.

Use an option to agetty:
  https://wiki.archlinux.org/index.php/Getty#Automatic_login_to_virtual_console

The --login-pause causes agetty to wait for Enter key. This is
important, because otherwise the root session prevents systemd from
shutting down, and probably causes other side effect.
2020-05-06 17:56:55 +02:00
Marek Marczykowski-Górecki
1eb1b8e2cd
Merge remote-tracking branch 'origin/pr/223'
* origin/pr/223:
  spec: add 'parted' dependency
  spec: fix missing python3 gi module
2020-03-01 03:32:43 +01:00
Marek Marczykowski-Górecki
731a87f292
Adjust version of required qubes-gui-agent
The "qubes-sysinit: set GUI_OPTS in gui-agent-linux" commit breaks
gui-agent-linux lacking its counterpart. Express this in the package
metadata.

QubesOS/qubes-issues#5662
2020-03-01 03:11:11 +01:00
Frédéric Pierret (fepitre)
b8ca3e2c59
spec: add 'parted' dependency 2020-02-20 17:47:43 +01:00
Frédéric Pierret (fepitre)
2ef0641996
spec: fix missing python3 gi module
QubesOS/qubes-issues#5289
2020-02-20 17:20:38 +01:00
Frédéric Pierret (fepitre)
024c040a4b
spec: replace python3 by python%{python3_pkgversion} 2020-02-06 17:54:06 +01:00
Amadeusz Piotr Żołnowski
bc1e02d4d4
Install 50-qubes-mem-hotplug.rules in /lib/udev instead of /etc/udev 2020-02-05 00:12:23 +00:00
Amadeusz Piotr Żołnowski
f76b30008f
Merge app-defaults and sys-defaults to config-overrides 2020-02-05 00:12:22 +00:00
Amadeusz Piotr Żołnowski
dee84452aa
Move qubes-firewall from sbin to bin 2020-02-05 00:12:22 +00:00
Amadeusz Piotr Żołnowski
7a155ac077
Don't list /var/run/qubes in rpm files as it's dynamic dir 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
f5faa62876
Move qvm-console to core-admin-client repository 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
4de377bc3b
Split items in misc directory by topic 2020-02-04 23:59:09 +00:00
Amadeusz Piotr Żołnowski
ec7ae0bf40
Remove no longer needed xenstore-watch and close-window 2020-02-04 23:59:08 +00:00
Pawel Marczewski
3a6e77aa43
Add /etc/qubes/applications override, use it for gnome-terminal
Used by qubes.StartApp so that we can override distribution-provided
.desktop files. The mechanism is introduced to run gnome-terminal
with --wait option, so that it's compatible with DispVMs.

Fixes QubesOS/qubes-issues#2581.
2020-01-27 14:05:55 +01:00
Pawel Marczewski
943f37b481
Add qubes-run-gnome-terminal utility that uses --wait 2020-01-27 12:11:48 +01:00
Pawel Marczewski
738548a8e4
Add qubes.VMExec call, for running a single command
With a VMExecGUI variant that waits for a session.

See QubesOS/qubes-issues#4850.
2020-01-24 18:44:45 +01:00
Marta Marczykowska-Górecka
fd6e551ebe
Added "QubesIncoming" shortcut to Nautilus
A small script will add the QubesIncoming shortcut to Nautilus file pane
on the first use of qvm-copy to a given VM. The shortcut will not be recreated if
deleted.

fixes QubesOS/qubes-issues#2229
2020-01-13 16:45:41 +01:00
Marek Marczykowski-Górecki
e43e262b2d
Merge remote-tracking branch 'origin/pr/188'
* origin/pr/188:
  Use built-in rules in qubes-rpc makefile
  Ignore build result: tar2qfile
  Remove no longer needed xorg-preload-apps.conf
  Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
2019-10-21 00:45:47 +02:00
Amadeusz Piotr Żołnowski
6b0179c107
Remove no longer needed xorg-preload-apps.conf 2019-10-20 09:12:07 +01:00
Amadeusz Piotr Żołnowski
3152c609a9
Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
qubes-rpc has its own Makefile that's responsible for building some
executables. The root Makefile was installing qubes-rpc files. To make
qubes-rpc a bit more indepdent from core-agent root Makefile and to ease
potential maintainer work on packaging qubes-rpc separately, the
installation has been moved to qubes-rpc Makefile. Moreover that should
make the Makefiles easier to read and maintain.
2019-10-20 09:12:07 +01:00
Marek Marczykowski-Górecki
e024b195bc
rpm: switch deps to python3-setuptools on CentOS too
Since qubesagent module is py3 completely, switch dependency on CentOS
too.

Fixes QubesOS/qubes-issues#5290
2019-09-24 22:58:48 +02:00
Marek Marczykowski-Górecki
a899adb69e
Convert qubesagent module to python3
This and all files using it.

QubesOS/qubes-issues#5297
2019-09-19 04:57:55 +02:00
Frédéric Pierret (fepitre)
0bb7463d8b
Require python setuptools
QubesOS/qubes-issues#5290
2019-09-08 10:38:28 +02:00
Frédéric Pierret (fepitre)
310af146d5
Update python2 dependencies to python3 and clean deprecated requirements
QubesOS/qubes-issues#5289
QubesOS/qubes-issues#5297
2019-09-08 10:38:25 +02:00
Marek Marczykowski-Górecki
b3d3c2c98c
Disable boot.automount which is created by systemd automatically
systemd-gpt-auto-generator creates boot.automount for existing ESP
partition. But Qubes templates have only placeholder ESP there, with no
even filesystem created. Disable it with drop-in file, until it will
become used.

Fixes QubesOS/qubes-issues#5261
2019-08-20 16:37:23 +02:00
Frédéric Pierret (fepitre)
3c1381c29b
Add qvm-connect-tool to ease creating ad-hoc connections 2019-08-08 15:48:44 +02:00
Frédéric Pierret (fepitre)
e27296da3c
Allow creating TCP sockets between qubes
QubesOS/qubes-issues#2148
2019-08-08 15:48:37 +02:00
Frédéric Pierret (fepitre)
865948db88
yum-plugin-hooks: package only for CentOS 7 2019-08-07 12:07:45 +02:00