* origin/pr/201:
update_connected_ips: set iptables policy to drop while updating
update_connected_ips: reload nftables using one command
get_connected_ips: handle empty and missing keys, add tests
update_connected_ips: correctly handle byte-string
firewall: fix family / family_name
qubes-firewall: correctly handle empty connected-ips list
Update tests for anti-spoofing, add test for the method itself
Update rule priorities for anti-spoofing
Update firewall tests
qubes-firewall: add anti-spoofing rules for connected machines
A small script will add the QubesIncoming shortcut to Nautilus file pane
on the first use of qvm-copy to a given VM. The shortcut will not be recreated if
deleted.
fixesQubesOS/qubes-issues#2229
qubes-firewall will now blacklist IP addresses from all connected
machines on non-vif* interfaces. This prevents spoofing source or
target address on packets going over an upstream link, even if
a VM in question is powered off at the moment.
Depends on QubesOS/qubes-core-admin#303 which makes admin maintain
the list of IPs in qubesdb.
FixesQubesOS/qubes-issues#5540.
The script depends on XDG_DATA_DIRS environment variable
being set up correctly, which is not the case when it is
running under sudo. As a result, a post-install trigger
for apt could remove application entries from other sources
(Snap, Flatpak).
FixesQubesOS/qubes-issues#5477.
The workaround is no longer necessary, and it breaks when
the app name itself contains .desktop (such as org.telegram.desktop).
FixesQubesOS/qubes-issues#5408.
* origin/pr/188:
Use built-in rules in qubes-rpc makefile
Ignore build result: tar2qfile
Remove no longer needed xorg-preload-apps.conf
Move qubes-rpc installation from the root Makefile to qubes-rpc Makefile
That allows a build system to customize compiler and linker and pass
extra flags to these.
Remove `-g` as default flag and enable it only when `DEBUG` variable is
set.
qubes-rpc has its own Makefile that's responsible for building some
executables. The root Makefile was installing qubes-rpc files. To make
qubes-rpc a bit more indepdent from core-agent root Makefile and to ease
potential maintainer work on packaging qubes-rpc separately, the
installation has been moved to qubes-rpc Makefile. Moreover that should
make the Makefiles easier to read and maintain.
* fc31:
rpm: switch deps to python3-setuptools on CentOS too
debian: switch to python3
Use spaces in xdg-icon script
Convert other scripts to python3
Convert qubesagent module to python3
Minor codestyle fix in qubesadmin/firewall.py
Require python setuptools
Update python2 dependencies to python3 and clean deprecated requirements
Detect if IPv6 is disabled in the kernel (like it is in Whonix Gateway)
and skip setting IPv6 in that case. Otherwise 'ip' call would fail and
since the script is with 'set -e', it would interrupt setting IPv4 too.
Log error message in that case anyway.
FixesQubesOS/qubes-issues#5110
partprobe triggers reloading partition table, but apparently it isn't
guaranteed udev re-create device nodes at the time it finishes. This may lead
to /dev/mapper/dmroot pointing to nowhere. Fix this by calling udevadm settle
after reloading partition table.
