Commit Graph

385 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
3d65517886
version 4.0.43 2019-03-08 03:07:40 +01:00
Marek Marczykowski-Górecki
45d3b8d159
version 4.0.42 2019-02-21 05:12:59 +01:00
Marek Marczykowski-Górecki
3b538df5d0
Merge remote-tracking branch 'origin/pr/151'
* origin/pr/151:
  Introduce /usr/share/qubes/marker-vm
2019-02-11 14:59:04 +01:00
Marek Marczykowski-Górecki
6ac171a238
Merge remote-tracking branch 'origin/pr/150'
* origin/pr/150:
  Add apt-transport-https dependency
  Switch to HTTPS
2019-02-11 14:58:31 +01:00
Lunar
0b34737665
Add apt-transport-https dependency 2019-01-19 11:32:11 -06:00
Marek Marczykowski-Górecki
d4fa357faa
Introduce /usr/share/qubes/marker-vm
Make it easy for packages to detect Qubes VM.

Fixes QubesOS/qubes-issues#1963
2019-01-18 23:21:18 +01:00
Marek Marczykowski-Górecki
6799aad15e
debian: make ShellCheck happy 2019-01-15 21:10:27 +01:00
Marek Marczykowski-Górecki
81a5b2cc3a
version 4.0.41 2019-01-09 16:15:57 +01:00
Marek Marczykowski-Górecki
fed30c1da7
Add dependency on e2fsprogs
It is needed by the startup scripts to create fs on fresh private image.
Otherwise /rw (and thus /home) isn't mounted and user applications fail
to start.

Fixes QubesOS/qubes-issues#4671
2019-01-08 18:14:06 +01:00
Marek Marczykowski-Górecki
7d7f6a3e69
version 4.0.40 2018-12-08 22:44:06 +01:00
AJ Jordan
30137c76a4
Add XTerm as a dependency
Qubes Manager's update button fails in strange ways without it.
2018-12-07 01:10:34 -05:00
Marek Marczykowski-Górecki
4036e50604
version 4.0.39 2018-11-21 03:06:24 +01:00
Marek Marczykowski-Górecki
3fe42d4a27
rpm, deb: add strict version dependency between qubes-core-agent-* pkgs
Base qubes-core-agent package have common files used by various
subpackages. It is important to update them at the same time, otherwise
for example python stubs in /usr/bin/* (like qubes-firewall) will not
match actual python modules.

Fixes QubesOS/qubes-issues#4499
2018-11-13 03:42:24 +01:00
unman
afaf88f153
make iproute2 a dependency for Debian core-networking 2018-11-08 13:29:33 +00:00
Marek Marczykowski-Górecki
2ab738deb6
version 4.0.38 2018-10-29 01:32:11 +01:00
unman
9114a3b92d
Remove qubes-core-agent Debian dependency on xserver
Mark xserver, xinit and x11-xserver-utils as Recommends
2018-10-21 13:30:24 +00:00
Marek Marczykowski-Górecki
eef5d4a3bb
version 4.0.37 2018-10-10 02:44:11 +02:00
Marek Marczykowski-Górecki
e92236e8e6
version 4.0.36 2018-09-13 14:32:02 +02:00
Marek Marczykowski-Górecki
000d7890f8
version 4.0.35 2018-09-12 04:04:14 +02:00
Marek Marczykowski-Górecki
d0159deccf
version 4.0.34 2018-09-03 11:17:14 +02:00
Marek Marczykowski-Górecki
43fba4e94a
debian: do not add user to sudo group, lock root account
The qubes-core-agent-passwordless-root package ships sudo configuration,
adding to sudo group isn't needed.

Basically revert all changes made by qubes-core-agent-passwordless-root
installation.

Fixes QubesOS/qubes-issues#4015
2018-09-02 07:05:06 +02:00
unman
35d12fd68d
Remove user from sudo group on removing passwordless-root. 2018-08-23 12:53:44 +00:00
Marek Marczykowski-Górecki
7ea331960d
version 4.0.33 2018-07-17 11:37:35 +02:00
Marek Marczykowski-Górecki
f4c10d47da
Convert /usr/local from a symlink to a mount point on upgrade
Fixes QubesOS/qubes-issues#1150
2018-07-11 15:27:34 +02:00
Marek Marczykowski-Górecki
ec251da5d8
version 4.0.32 2018-07-08 03:48:51 +02:00
Marek Marczykowski-Górecki
8569829889
version 4.0.31 2018-06-15 14:32:23 +02:00
Marek Marczykowski-Górecki
a715797589
debian: add Depends: qubesdb-vm
Make sure that qubesdb is configured (including service start) before
executing postinst of qubes-core-agent package, which will communicate
with qubesdb service.

Fixes QubesOS/qubes-issues#3951
2018-06-13 16:58:35 +02:00
Marek Marczykowski-Górecki
b397821e41
version 4.0.30 2018-06-05 01:39:04 +02:00
Marek Marczykowski-Górecki
f49e3415a8
version 4.0.29 2018-05-29 00:40:11 +02:00
Marek Marczykowski-Górecki
6a088a3992
version 4.0.28 2018-05-10 12:21:39 +02:00
Marek Marczykowski-Górecki
df5722e880
version 4.0.27 2018-05-02 05:05:33 +02:00
Marek Marczykowski-Górecki
4329eab307
Require dconf utility to (re)build /etc/dconf/db/local
Some applications complains if compiled version of dconf database is
missing ("dconf-WARNING **: unable to open file '/etc/dconf/db/local':
Failed to open file '/etc/dconf/db/local': open() failed: No such file
or directory; expect degraded performance").
There is only one entry in that database, but generate its binary
version anyway to avoid that warning message.

The dconf call is already included in package scripts, now only make
sure the utility is really installed.

QubesOS/qubes-issues#1951
2018-05-02 03:02:07 +02:00
Marek Marczykowski-Górecki
23250f84b2
Create /etc/dconf/profile/user dynamically, if not present
The /etc/dconf/profile/user file in some distributions is part of dconf
package, in some not. There are even cases where it changes between
package versions (Fedora 27 don't have it, but Fedora 28 do).
Also, base Debian Stretch don't have it, but Kali Linux based on it do.

To avoid overly complex dependency handling, create the file dynamically
on package installation if it's missing in that particular case. The
file content is canonical:

    user-db:user
    system-db:local

Fixes QubesOS/qubes-issues#3834
2018-05-02 02:57:37 +02:00
Marek Marczykowski-Górecki
d25ecb4e40
Fix packaging: 'user' group, BACKEND_VMM var
- BACKEND_VMM may not be available as env variable (mock build), provide
it explicitly
- 'user' group may not exists at package build time, set it at package
installation
2018-05-01 17:34:52 +02:00
Marek Marczykowski-Górecki
d698e7878f
version 4.0.26 2018-04-22 00:29:02 +02:00
Marek Marczykowski-Górecki
481c6602b0
version 4.0.25 2018-04-21 15:10:20 +02:00
Marek Marczykowski-Górecki
a33c7e10ba
Merge remote-tracking branch 'qubesos/pr/105'
* qubesos/pr/105:
  Add misc/qubes-run-terminal to launch any available terminal emulator
2018-04-06 02:06:16 +02:00
Marek Marczykowski-Górecki
4a7c668549
Move 'qubesxdg' into qubesagent python package
Since we have proper python package, use it instead of hacky one-file
package. This will ease installation and packaging, including switching
to python3.
2018-04-02 23:19:01 +02:00
Davíð Steinn Geirsson
d6d8d25345
Add misc/qubes-run-terminal to launch any available terminal emulator 2018-03-28 13:23:35 +00:00
Marek Marczykowski-Górecki
24c875030e
debian: don't call dconf if it isn't installed
The dconf package isn't required by qubes-core-agent - the package ships
a configuration for it, useful if user have it installed for other
reasons. Don't try to rebuild dconf database if dconf isn't installed -
avoid misleading error message.

Fixes QubesOS/qubes-issues#3492
2018-03-13 17:10:40 +01:00
Marek Marczykowski-Górecki
0186d1c8c4
version 4.0.24 2018-02-27 15:17:51 +01:00
Marek Marczykowski-Górecki
eacd069bf4
Merge remote-tracking branch 'qubesos/pr/93'
* qubesos/pr/93:
  Call qubes.PostInstall service to notify dom0 about all apps/features
  Drop Fedora < 22 support
2018-02-22 21:28:32 +01:00
Marek Marczykowski-Górecki
bcd0e4935a
version 4.0.23 2018-02-22 12:43:55 +01:00
Marek Marczykowski-Górecki
d7957e8baa
version 4.0.22 2018-02-20 01:04:55 +01:00
Marek Marczykowski-Górecki
3ddd687286
Call qubes.PostInstall service to notify dom0 about all apps/features
Update dom0 about all applications installed, not only desktop files for
them. Update also supported features and other things advertised
initially at template installation.

Fixes QubesOS/qubes-issues#3579
2018-02-13 17:05:42 +01:00
Marek Marczykowski-Górecki
4a27d9e3fd
version 4.0.21 2018-02-13 04:56:43 +01:00
Marek Marczykowski-Górecki
c6cdbf87b0
version 4.0.20 2018-01-29 21:57:11 +01:00
Marek Marczykowski-Górecki
94e885275c
version 4.0.19 2018-01-24 01:46:25 +01:00
Marek Marczykowski-Górecki
0459ba6970
version 4.0.18 2018-01-23 14:17:05 +01:00
Marek Marczykowski-Górecki
977f41276b
version 4.0.17 2018-01-18 19:30:32 +01:00
Rusty Bird
ce1f0af216
Set 'wait-for-session=1' for 'qubes.VMShell+WaitForSession'
This is intended to be used for DispVMs for which only a single RPC call
can be made before they are destroyed.

Fixes QubesOS/qubes-issues#3012
2018-01-14 19:20:58 +00:00
Marek Marczykowski-Górecki
1b774f9a87
version 4.0.16 2018-01-12 06:18:51 +01:00
Marek Marczykowski-Górecki
7ecb74ae3b
Disable automatic scaling in GNOME/GTK applications
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.

Solution by @alyssais, thanks!
Fixes QubesOS/qubes-issues#3108
2018-01-12 06:00:18 +01:00
Marek Marczykowski-Górecki
d4f6eb1f4a
Install KDE actions for KDE5
Fixes QubesOS/qubes-issues#3449
2018-01-09 17:42:21 +01:00
Marek Marczykowski-Górecki
180146a5c2
version 4.0.15 2017-12-23 02:53:43 +01:00
Marek Marczykowski-Górecki
29e4ac8f97
version 4.0.14 2017-12-15 09:23:22 +01:00
Marek Marczykowski-Górecki
47e6a84f79
debian: use systemd-preset logic from rpm package
It is more robust, especially handle "# Units below this line will be
re-preset on package upgrade" part of 75-qubes-vm.preset file. This is
needed to fix system configuration without the need to rebuild the whole
template.

QubesOS/qubes-issues#2913
2017-12-15 02:50:05 +01:00
Marek Marczykowski-Górecki
1651866aa2
Merge remote-tracking branch 'qubesos/pr/72'
* qubesos/pr/72:
  Fix UCA mistake and qvm-actions script
  Fix ShellCheck comments
  Add debian package support
  Disable Thunar thumbnails
  Add support for Thunar Qubes VM tools
2017-12-13 19:47:16 +01:00
Marek Marczykowski-Górecki
715693b93d
network: IPv6-enabled firewall
If IPv6 is configured in the VM, and it is providing network to others,
apply IPv6 firewall similar to the IPv4 one (including NAT for outgoing
traffix), instead of blocking everything. Also, enable IP forwarding for
IPv6 in such a case.

Fixes QubesOS/qubes-issues#718
2017-12-07 01:41:55 +01:00
Marek Marczykowski-Górecki
414f944cf9
Disable cups-browsed service together with cups
It tries to connect to cups every second and doesn't do anything else
when cups is disabled. So disable (or enable) both of them at the same
time.
2017-12-05 17:58:35 +01:00
Frédéric Pierret
6226531bd5
Fix ShellCheck comments 2017-11-22 15:45:51 +01:00
Frédéric Pierret
3dc294f3bb
Add debian package support 2017-11-22 13:06:51 +01:00
Marek Marczykowski-Górecki
0500719f4d
version 4.0.13 2017-11-21 04:51:28 +01:00
Marek Marczykowski-Górecki
92682903ad
version 4.0.12 2017-10-19 17:28:27 +02:00
Marek Marczykowski-Górecki
5edd3b3f75
Merge branch 'fixes-20171019'
* fixes-20171019:
  debian: cleanup after splitting qubes-core-agent
  Fix removing temporary file after editing in (Disp)VM
  network: fix rules for network setup on new udev
  debian: disable timer-based apt-get
2017-10-19 16:51:12 +02:00
Marek Marczykowski-Górecki
e327da019d
debian: cleanup after splitting qubes-core-agent
Displacement of /etc/pam.d/su was moved to
qubes-core-agent-passwordless-root, fix upgrade path.
2017-10-19 16:18:23 +02:00
Marek Marczykowski-Górecki
128af0d191
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621
2017-10-19 15:03:06 +02:00
Marek Marczykowski-Górecki
1ed6e614ab
Resize root filesystem at VM startup if needed
Check if root device was enlarged while domain was powered off and
resize the filesystem in such a case.

QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 21:02:15 +02:00
Marek Marczykowski-Górecki
d8a2b8c375
Add support for new root volume partition layout to qubes.ResizeDisk
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.

Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.

Fixes QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 19:53:48 +02:00
Marek Marczykowski-Górecki
d84886d477
version 4.0.11 2017-10-07 02:35:42 +02:00
Marek Marczykowski-Górecki
579701d48c
Merge branch 'fixes-20171002'
* fixes-20171002:
  qubes.ResizeDisk: handle dmroot being a symlink
  qrexec: use user shell instead of hardcoded /bin/sh
  qrexec: code style fix - use spaces for indentation
  Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
2017-10-07 01:47:39 +02:00
Marek Marczykowski-Górecki
5daf11bf97
version 4.0.10 2017-10-04 15:19:35 +02:00
Marek Marczykowski-Górecki
486f17ec2d
Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
Default `ask` policy ignore target domain specified by the caller, so it
doesn't make sense to specify one. Provide convenient wrappers not
needing one. Do not change behaviour of existing tools for compatibility
reasons.

Fixes QubesOS/qubes-issues#3141
2017-10-02 05:14:49 +02:00
Marek Marczykowski-Górecki
f16753c67b
debian: fix shellcheck warnings in debian packaging 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
a7ef5726ed
version 4.0.9 2017-09-26 23:09:45 +02:00
Marek Marczykowski-Górecki
abb6d23470
version 4.0.8 2017-09-15 13:44:17 +02:00
Marek Marczykowski-Górecki
0fabc54aad
version 4.0.7 2017-08-11 13:33:36 +02:00
Marek Marczykowski-Górecki
c5fae6ac55
qubes-rpc: add 'wait-for-session=1' option for some services
Configure selected services to wait until GUI session is available.

QubesOS/qubes-issues#2974
2017-08-09 00:58:49 +02:00
Marek Marczykowski-Górecki
5ecd51dab7
document /etc/qubes/rpc-config
QubesOS/qubes-issues#2974
2017-08-09 00:58:48 +02:00
Marek Marczykowski-Górecki
2a0c670a53
version 4.0.6 2017-07-29 05:31:13 +02:00
Marek Marczykowski-Górecki
83aa6a375f
version 4.0.5 2017-07-12 23:40:54 +02:00
Marta Marczykowska-Górecka
f55412cd1e
clock synchronization rewrite
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
Marek Marczykowski-Górecki
e9e5795519
version 4.0.4 2017-07-05 14:02:22 +02:00
Marek Marczykowski-Górecki
11e8290d3d
version 4.0.3 2017-07-05 02:37:51 +02:00
Marek Marczykowski-Górecki
3af55c5cb3
qrexec: use PAM directly instead of calling su to setup the session
Instead of calling 'su' to switch the user, use own implementation of
this. Thanks to PAM it's pretty simple. The main reason is to have
control over process waiting for session termination (to call
pam_close_sesion/pam_end). Especially we don't want it to keep std* fds
open, which would prevent qrexec-agent from receiving EOF when one of
them will be closed.
Also, this will preserve QREXEC_AGENT_PID environment variable.

Fixes QubesOS/qubes-issues#2851
2017-07-05 02:17:43 +02:00
Marek Marczykowski-Górecki
68d98179f0
Do not load 'dummy-hcd' kernel module
It isn't really needed. It was used to workaround libusb bug (causing
crash when the system does not have any USB controller), but since we
use HVM now which do have some USB controllers it isn't needed anymore.

Also, it is not available in stock Fedora kernels.
2017-07-05 00:20:57 +02:00
Marek Marczykowski-Górecki
6c34571b66
Merge remote-tracking branch 'qubesos/pr/46'
* qubesos/pr/46:
  Enable build for Zesty
2017-07-04 13:39:06 +02:00
Marek Marczykowski-Górecki
99c5815baf
version 4.0.2 2017-06-24 02:19:15 +02:00
Marek Marczykowski-Górecki
ff26dcfe53
Add qrexec-client-vm man page
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
cfbd50a936
debian: install man pages
Man pages were installed only in RPM package...
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
f4be704ac0
Ship Qubes 4.0 repository definition and keys 2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
2a117548b6
Ship grub configuration
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.

QubesOS/qubes-issues#2577
2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
bc453d8cd7
version 4.0.1 2017-06-11 00:02:49 +02:00
Marek Marczykowski-Górecki
67f8e9e985
rpm,deb: fix dependencies
1. Cannot Recommend: nftables, as Debian jessie doesn't have it.
2. gsettings tool is in glib, not dconf
2017-06-10 23:15:22 +02:00
Marek Marczykowski-Górecki
7da4ed7d64
Switch qubes.UpdatesProxy to socat
- there are many netcat versions (openbsd, nmap, ...), which behave
 differently - especially while handling EOF
 - Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
   good)

QubesOS/qubes-issues#1854
2017-06-10 23:11:01 +02:00
Marek Marczykowski-Górecki
9270fc589b
version 4.0.0 2017-06-09 23:30:10 +02:00
Marek Marczykowski-Górecki
422f03e9ac
Add qubes.VMRootShell service
It is the same as qubes.VMShell - the actual difference is in qrexec
policy, which contains 'user=root' option.

QubesOS/qubes-issues#2572
2017-06-09 23:06:09 +02:00
Marek Marczykowski-Górecki
a06b5b4d61
debian: drop explicit dependency on sudo
qubes-core-agent itself do not require sudo to work.

QubesOS/qubes-issues#2572
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
000a93e001
rpm,deb: split qrexec-agent into separate subpackage
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.

QubesOS/qubes-issues#2771
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
2337d26a3e
debian: update basic metadata of package 2017-06-08 22:11:37 +02:00