Commit Graph

1624 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
d23f3d8ddb
network: let NetworkManager configure VM uplink, if enabled
Previously even if NetworkManager was enabled, our script manually
configured network parameters. This apparently have negative effects,
because NetworkManager tries to configure some things differently - for
example use metric 1024 for default gateway.

Fixes QubesOS/qubes-issues#1052
2015-11-13 04:26:23 +01:00
Marek Marczykowski-Górecki
3c7844d408
Merge remote-tracking branch 'origin/pr/48'
* origin/pr/48:
  Allow to provide customized DispVM home directly in the template VM

This allows to put a customized DispVM home directly in /home_volatile
in the template instead of placing it in the -dvm internal AppVM.

This significantly speeds up DispVM startup for large customized homes,
since none of the home data has to be copied out from saved_cows.tar to
volatile.img, and instead CoW is used.

It's not a very user friendly or discoverable solution, but it only
takes a few lines of code, and so seems a reasonable stopgap until a
much more complex solution with copy-on-write for the private.img is
written.
2015-11-13 03:06:55 +01:00
qubesuser
f380c346cf Allow to provide customized DispVM home directly in the template VM
This significantly speeds up DispVM creation for large customized
homes, since no data has to be copied, and instead CoW is used.
2015-11-12 15:33:01 +01:00
Marek Marczykowski-Górecki
914bab048a
Explicitly fail upgrades-installed-check on other distributions
QubesOS/qubes-issues#1066
2015-11-12 00:36:43 +01:00
Marek Marczykowski-Górecki
b569f93d0c
Merge remote-tracking branch 'origin/pr/39'
* origin/pr/39:
  misc/upgrades-installed-check: handle apt-get errors
  fixed inverted logic issue in upgrades-installed-check
  Improved upgrade notifications sent to QVMM.

Fixes QubesOS/qubes-issues#1066
2015-11-12 00:35:38 +01:00
Patrick Schleizer
52917593c5
misc/upgrades-installed-check: handle apt-get errors 2015-11-11 21:13:17 +00:00
Patrick Schleizer
d5acf83916
fixed inverted logic issue in upgrades-installed-check
928013f819 (commitcomment-13968627)
2015-11-11 16:10:23 +00:00
Patrick Schleizer
aeb6d188cc
Improved upgrade notifications sent to QVMM.
Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared.
No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.)
No longer clear upgrade notification in QVMM on arbitrary package installation.
Check if upgrades have been actually installed before clearing the notifications.

https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906
2015-11-11 15:45:00 +00:00
Marek Marczykowski-Górecki
06828a9374
Merge remote-tracking branch 'origin/pr/47'
* origin/pr/47:
  minor, removed trailing space
2015-11-11 16:05:11 +01:00
Marek Marczykowski-Górecki
97e5072315
Revert "preset disable tinyproxy by default"
This reverts commit f32dccb5e3.
Not needed anymore since dropin approach is implemented.
2015-11-11 16:04:52 +01:00
Marek Marczykowski-Górecki
3324307ee2
Merge remote-tracking branch 'origin/pr/46'
* origin/pr/46:
  No longer start /etc/init.d/tinyproxy by default anymore.
2015-11-11 16:04:40 +01:00
Patrick Schleizer
cfab7d2068 minor, removed trailing space 2015-11-11 14:59:43 +00:00
Patrick Schleizer
5d6cf722a8
No longer start /etc/init.d/tinyproxy by default anymore.
But allow users to re-enable it through qubes-service framework.
/var/run/qubes-service/tinyproxy

Thanks to @marmarek for helping with this fix!

https://github.com/QubesOS/qubes-issues/issues/1401
2015-11-11 14:57:36 +00:00
Marek Marczykowski-Górecki
a6799cfcaf
Merge remote-tracking branch 'origin/pr/45'
* origin/pr/45:
  minor indent
2015-11-11 15:48:42 +01:00
Marek Marczykowski-Górecki
76ba45c281
Merge remote-tracking branch 'origin/pr/44'
* origin/pr/44:
  removed confusing comments
2015-11-11 15:48:29 +01:00
Patrick Schleizer
91e213a681 minor indent 2015-11-11 14:39:05 +00:00
Patrick Schleizer
ba5910f633 removed confusing comments 2015-11-11 14:37:39 +00:00
Marek Marczykowski-Górecki
e2ab963a27
Minor improvements to packaging (based on rpmlint)
There is much more to fix, but lets start with low hanging fruits.
2015-11-11 15:19:43 +01:00
Marek Marczykowski-Górecki
5d74a8cbc0
version 3.1.3 2015-11-11 06:29:21 +01:00
Marek Marczykowski-Górecki
2a589f2c20
updates-proxy: use separate directory for PID file
And also use systemd-tmpfiles for that directory creation.

Fixes QubesOS/qubes-issues#1401
2015-11-11 05:57:57 +01:00
Marek Marczykowski-Górecki
90b4398863
Merge remote-tracking branch 'origin/pr/43'
* origin/pr/43:
  preset disable tinyproxy by default
2015-11-11 05:27:52 +01:00
Marek Marczykowski-Górecki
164387426b
Bump qubes-utils version requirement
Those commits needs updated qubes-utils:
823954c qrexec: use #define for protocol-specified strings
5774c78 qfile-agent: move data handling code to libqubes-rpc-filecopy

QubesOS/qubes-issues#1324
QubesOS/qubes-issues#1392
2015-11-11 05:25:17 +01:00
Marek Marczykowski-Górecki
49c7473848
dom0-updates: do not use 'yum check-update -q'
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.

QubesOS/qubes-issues#1282
2015-11-11 05:22:26 +01:00
Marek Marczykowski-Górecki
3466f3df35
systemd: make sure that update check is started only after qrexec-agent 2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
7cca1b23ee
Get rid of qubes-core-vm-kernel-placeholder
Since /lib/modules is not mounted read-only anymore (only a selected
subdirectory there), it is no longer required to prevent kernel package
installation. Even more - since PV Grub being supported, it makes sense
to have kernel installed in the VM.

QubesOS/qubes-issues#1354
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
ba28c9f140
fedora: do not require/use yum-plugin-post-transaction-actions in F>=22
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
b6cfcdcc6f
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
f9c7394c2f
updates-proxy-setup: use temporary file for config snippet
Don't use ${CONF_PATH}.qubes, because it may override some existing
file, and is racy approach (even if not against user, but another script
instance).

QubesOS/qubes-issues#1282
2015-11-11 02:36:56 +01:00
Marek Marczykowski-Górecki
85793fa31f
dom0-updates: use yum-deprecated instead of dnf in all calls
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.

QubesOS/qubes-issues#1282
2015-11-11 02:36:55 +01:00
Patrick Schleizer
f32dccb5e3 preset disable tinyproxy by default
Fixes https://github.com/QubesOS/qubes-issues/issues/1401
2015-11-10 20:08:26 +00:00
Marek Marczykowski-Górecki
074309e6a3
dracut: disable hostonly mode
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.

QubesOS/qubes-issues#1354
2015-11-10 16:36:00 +01:00
Marek Marczykowski-Górecki
823954c7f6
qrexec: use #define for protocol-specified strings
And optimize strlen() calls.
Those defines are in qrexec.h (as the rest of qrexec protocol).
2015-11-08 22:06:54 +01:00
Marek Marczykowski-Górecki
b6d4f5afbf
qrexec: add some comments, minor improvement in readability 2015-11-08 21:59:30 +01:00
Marek Marczykowski-Górecki
1c41ca6284
Merge remote-tracking branch 'origin/pr/42'
* origin/pr/42:
  dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking
  dropins: make current systemd dropins specific to systemd-system in order to introduce dropins for systemd-user
  add DROPINS for org.cups.cupsd systemd files.
2015-11-07 23:52:08 +01:00
Olivier MEDOC
0c33c73b8e dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking
Conflicts:
	Makefile
2015-11-07 19:12:30 +01:00
Olivier MEDOC
ce4725523f dropins: make current systemd dropins specific to systemd-system in order to introduce dropins for systemd-user 2015-11-07 19:10:32 +01:00
Marek Marczykowski-Górecki
5102e4f7aa
fedora: Add skip_if_unavailable=False to Qubes repositories
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).

Do not set it for unstable repository, as it isn't critical one.

Fixes QubesOS/qubes-issues#1387
2015-11-07 00:57:38 +01:00
Olivier MEDOC
4b5332081e add DROPINS for org.cups.cupsd systemd files. 2015-11-06 19:36:52 +01:00
Marek Marczykowski-Górecki
d44c8acdeb
dom0-updates: prefer yum-deprecated over dnf
Some of the reasons:
 - dnf doesn't support --downloaddir option
 - dnf doesn't support `copy_local` repo option (used in automated tests
   only)
 - dnf is horribly slow, especially without cache fetched
 (https://bugzilla.redhat.com/show_bug.cgi?id=1227014)

This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.

QubesOS/qubes-issues#1282
2015-11-04 00:49:06 +01:00
Marek Marczykowski-Górecki
6752be9196
No longer disable auditd
On Fedora 22 console is trashed with a lot of messages without auditd
running.

QubesOS/qubes-issues#1282
2015-11-03 18:15:20 +01:00
yaqu
c63a9f6566
Replacing "sleep 365d" with "sleep inf"
To get endless sleep, `sleep inf` (or `sleep infinity`) can be used
instead of `sleep 365d`. Coreutils' sleep accepts any floating-point
number as an argument, which may be 'infinity', according to
`man strtod`.
2015-11-03 14:00:00 +01:00
Marek Marczykowski-Górecki
5774c7872c
qfile-agent: move data handling code to libqubes-rpc-filecopy
This makes the qfile packing code reusable, for example for some dom0
tool. Now qfile-agent.c is only an interface for underlying library.

QubesOS/qubes-issues#1324
2015-11-03 03:42:24 +01:00
Marek Marczykowski-Górecki
7bc6422f53
appmenus: ignore entries with NoDisplay=true
According to Desktop Entry Specification:
NoDisplay means "this application exists, but don't display it in the
menus". This can be useful to e.g. associate this application with MIME
types, so that it gets launched from a file manager (or other apps),
without having a menu entry for it (there are tons of good reasons
for this, including e.g. the netscape -remote, or kfmclient openURL kind
of stuff).

Apparently over half of desktop files in default Fedora template have
NoDisplay=true...

Fixes QubesOS/qubes-issues#1348
2015-11-03 00:48:26 +01:00
Marek Marczykowski-Górecki
8f99cb5759
Merge remote-tracking branch 'qubesos/pr/5'
* qubesos/pr/5:
  qfile-unpacker: Avoid data loss by checking for child errors

Fixes QubesOS/qubes-issues#1355
2015-11-02 21:27:02 +01:00
Marek Marczykowski-Górecki
b38ea60f00
backup: improve exit code reporting
Return some meaningful error code. Unfortunately the more meaningful
option (retrieving process exit code) can lead to false errors
(described in comment), but at least report exit code of tar2qfile.
2015-11-02 03:10:22 +01:00
Marek Marczykowski-Górecki
c704c35cd8
backup: fix handling backup filename with spaces
Fixes QubesOS/qubes-issues#1371
2015-11-02 02:53:12 +01:00
Marek Marczykowski-Górecki
c2596a0435
Setup updates proxy in dnf and PackageKit
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
2015-10-30 15:13:56 +01:00
Rusty Bird
4027decbaa
qfile-unpacker: Avoid data loss by checking for child errors
When qfile-unpacker's child encountered an error, it would display an
error message and exit(1), but the parent didn't inspect its status and
exited successfully.

That was unfortunate for qvm-move-to-vm: Even if the destination VM e.g.
didn't have enough free disk space, the RPC call would claim to succeed
anyway, so the file would be deleted from the source VM.
2015-10-30 09:23:45 +00:00
Marek Marczykowski-Górecki
1936e0f336
makefile: cleanup help message 2015-10-29 04:02:24 +01:00
Marek Marczykowski-Górecki
9d52b7d178
debian: install locales-all instead of custom locales generation
The custom way proved to be unreliable - for example does not survive
`locales` package upgrade. So settle on much more reliable way.

Fixes QubesOS/qubes-issues#1195
2015-10-27 00:23:20 +01:00