Commit Graph

267 Commits

Author SHA1 Message Date
unman
3180d09ff4
Constrain cron and anacron in Ubuntu also 2017-02-06 00:08:33 +00:00
unman
a361fb454c
Stop anacron from starting in Debian using existing constraint on cron 2017-02-05 23:36:27 +00:00
Olivier MEDOC
8ba584dfb0 Makefile: enforce mode 750 for directories /etc/sudoers.d and /etc/polkit-1/rules.d 2017-01-29 15:01:01 +01:00
Marek Marczykowski-Górecki
7c18322ffa
Merge remote-tracking branch 'qubesos/pr/27'
* qubesos/pr/27:
  v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
2016-12-04 21:56:11 +01:00
Rusty Bird
0d243250f2
v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
Fixes QubesOS/qubes-issues#2472 from commit
3f600d03fa
2016-12-04 16:50:59 +00:00
unman
58febd6d20
Add systemd override for haveged in xenial and stretch. (#2161)
Reenable haveged.service after debian package installation
2016-11-14 02:33:20 +00:00
Marek Marczykowski-Górecki
1c42a06238
network: integrate vif-route-qubes-nat into vif-route-qubes
Since 'script' xenstore entry no longer allows passing arguments
(actually this always was a side effect, not intended behaviour), we
need to pass additional parameters some other way. Natural choice for
Qubes-specific script is to use QubesDB.
And since those parameters are passed some other way, it is no longer
necessary to keep it as separate script.

Fixes QubesOS/qubes-issues#1143
2016-10-31 00:40:32 +01:00
Marek Marczykowski-Górecki
3131bb6135
Merge remote-tracking branch 'origin/pr/24' into core3-devel
* origin/pr/24:
  network: add vif-route-qubes-nat for IP address anonymization
2016-10-29 14:42:50 +02:00
Marek Marczykowski-Górecki
a6658bc329
Merge remote-tracking branch 'qubesos/pr/22'
* qubesos/pr/22:
  Invert logic of SKIP_SIGNING.
2016-10-28 14:10:18 +02:00
Manuel Amador (Rudd-O)
6189801cff Invert logic of SKIP_SIGNING. 2016-10-28 05:22:39 +00:00
Marek Marczykowski-Górecki
014a706113
Merge remote-tracking branch 'qubesos/pr/21'
* qubesos/pr/21:
  Better private.img size management.
  Clean up early initialization and setup of /rw
2016-10-27 01:32:25 +02:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
Manuel Amador (Rudd-O)
87ebd2e157 Make signing optional for testing, and add program checks. 2016-10-23 19:48:15 +00:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Marek Marczykowski-Górecki
e73d662bf1
Configure NetworkManager to keep /etc/resolv.conf as plain file
Do not use a symlink there, as it will be left after NetworkManager
shutdown - as a broken link then

Fixes QubesOS/qubes-issues#2320
Reported by Achim Patzner <noses@noses.com>
2016-09-15 01:26:35 +02:00
Marek Marczykowski-Górecki
2c8fe644f3
network: remove qubes-netwatcher
This tool/service is obsolete for a long time (it does nothing on R3.0
and later).
2016-09-12 05:58:26 +02:00
Marek Marczykowski-Górecki
ee0a292b21
network: rewrite qubes-firewall daemon
This rewrite is mainly to adopt new interface for Qubes 4.x.
Main changes:
 - change language from bash to python, introduce qubesagent python package
 - support both nftables (preferred) and iptables
 - new interface (https://qubes-os.org/doc/vm-interface/)
 - IPv6 support
 - unit tests included
 - nftables version support running along with other firewall loaded

Fixes QubesOS/qubes-issues#1815
QubesOS/qubes-issues#718
2016-09-12 05:22:53 +02:00
Marek Marczykowski-Górecki
b50cba3f2c
Add qubes.ResizeDisk service to adjust filesystem size
Do this using qubes rpc service, instead of calling resize2fs directly
by dom0.
2016-08-17 21:47:22 +02:00
Marek Marczykowski-Górecki
779414d216
Merge remote-tracking branch 'woju/master' into core3-devel
* woju/master:
  misc: add qvm-features-request
2016-08-17 21:28:37 +02:00
Marek Marczykowski-Górecki
76e12cae2d
Rename qubes.xdg python module to qubesxdg
Do not interfere with 'qubes' module.

QubesOS/qubes-issues#1813
2016-08-17 21:27:28 +02:00
Marek Marczykowski-Górecki
ed434ad63f
systemd: include tor-disabling drop-ins in the package
QubesOS/qubes-issues#1625
2016-07-27 05:19:47 +02:00
Marek Marczykowski-Górecki
f4d53fb7e6
Include Qubes Master Key in the VM template
It is useful to verify other qubes-related keys.

Fixes QubesOS/qubes-issues#1614
2016-07-17 04:26:01 +02:00
Marek Marczykowski-Górecki
65f0b26600
systemd: plug random seed loading into systemd-random-seed
Reuse its dependencies to make sure it is loaded early enough.

Reported by @adrelanos
Fixes QubesOS/qubes-issues#1761
2016-07-17 04:26:01 +02:00
Wojtek Porczyk
5261f936b2 misc: add qvm-features-request
This tool is used to request features from template.

QubesOS/qubes-issues#1637
2016-06-13 14:19:00 +02:00
Marek Marczykowski-Górecki
19921274e1
Implement qubes.OpenURL service instead of wrapping URLs in HTML
This have many advantages:
 - prevent XSS (QubesOS/qubes-issues#1462)
 - use default browser instead of default HTML viewer
 - better qrexec policy control
 - easier to control where are opened files vs URLs

For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.

QubesOS/qubes-issues#1462
Fixes QubesOS/qubes-issues#1487
2016-05-18 01:32:54 +02:00
Marek Marczykowski-Górecki
7301a898a1
qubes.SuspendPreAll and qubes.SuspendPostAll services
Those services are called just before/after host suspend.

Thanks @adrelanos for help.
Fixes QubesOS/qubes-issues#1663
2016-03-15 23:33:11 +01:00
Marek Marczykowski-Górecki
0211ea5d1d
Move opening file viewer/editor into separate shell script
No functional change.

This will make it easier to switch the tool (without recompiling
vm-file-editor), or even use differrent tools depending on some
conditions.

QubesOS/qubes-issues#1621
2016-02-01 12:17:15 +01:00
Marek Marczykowski-Górecki
d4c238c45e
Unload USB controllers drivers in USB VM before going to sleep
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.

Fixes QubesOS/qubes-issues#1565
2016-01-11 19:34:10 +01:00
Marek Marczykowski-Górecki
2478cb5c05
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529
2015-12-23 02:04:26 +01:00
Marek Marczykowski-Górecki
181c15f422
updates-proxy: explicitly block connection looping back to the proxy IP
Explicitly block something like "curl http://10.137.255.254:8082" and
return error page in this case. This error page is used in Whonix to
detect if the proxy is torrified. If not blocked, it may happen that
empty response is returned instead of error. See linked ticket for
details.

Fixes QubesOS/qubes-issues#1482
2015-12-04 14:57:07 +01:00
Marek Marczykowski-Górecki
a11897a1d0
Revert "network: use drop-ins for NetworkManager configuration (#1176)"
Apparently unmanaged devices are loaded only from main
NetworkManager.conf. Exactly the same line pasted (not typed!) to main
NetworkManager.conf works, but in
/etc/NetworkManager/conf.d/30-qubes.conf it doesn't.
BTW There was a typo in option name ("unmanaged_devices" instead of
"unmanaged-devices", but it wasn't the cause).

This reverts commit 6c4831339c.

QubesOS/qubes-issues#1176
2015-11-28 17:43:15 +01:00
Marek Marczykowski-Górecki
808b3ab660
Package needrestart config only for Debian
On Fedora there is no such package.
2015-11-24 06:18:36 +01:00
Marek Marczykowski-Górecki
c603f32d23
Merge remote-tracking branch 'origin/pr/51'
* origin/pr/51:
  Prevent services from being accidentally restarted by `needrestart`.
2015-11-23 16:18:42 +01:00
Patrick Schleizer
7dc99ee662
Prevent services from being accidentally restarted by needrestart.
Because those services do not yet support being restarted.

Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.

See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)

Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
2015-11-20 16:35:06 +01:00
Olivier MEDOC
15c69f434b updates-proxy: remove remaining traces of proxy filtering file from Makefile 2015-11-17 09:45:15 +01:00
Marek Marczykowski-Górecki
f0de6c5b16
Implement qubes.InstallUpdatesGUI qrexec service
It should be up to the VM what GUI tool is used for installing updates.
For now stick with console tools in xterm...

Fixes QubesOS/qubes-issues#1249
2015-11-13 05:32:44 +01:00
Patrick Schleizer
aeb6d188cc
Improved upgrade notifications sent to QVMM.
Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared.
No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.)
No longer clear upgrade notification in QVMM on arbitrary package installation.
Check if upgrades have been actually installed before clearing the notifications.

https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906
2015-11-11 15:45:00 +00:00
Marek Marczykowski-Górecki
06828a9374
Merge remote-tracking branch 'origin/pr/47'
* origin/pr/47:
  minor, removed trailing space
2015-11-11 16:05:11 +01:00
Marek Marczykowski-Górecki
3324307ee2
Merge remote-tracking branch 'origin/pr/46'
* origin/pr/46:
  No longer start /etc/init.d/tinyproxy by default anymore.
2015-11-11 16:04:40 +01:00
Patrick Schleizer
cfab7d2068 minor, removed trailing space 2015-11-11 14:59:43 +00:00
Patrick Schleizer
5d6cf722a8
No longer start /etc/init.d/tinyproxy by default anymore.
But allow users to re-enable it through qubes-service framework.
/var/run/qubes-service/tinyproxy

Thanks to @marmarek for helping with this fix!

https://github.com/QubesOS/qubes-issues/issues/1401
2015-11-11 14:57:36 +00:00
Marek Marczykowski-Górecki
a6799cfcaf
Merge remote-tracking branch 'origin/pr/45'
* origin/pr/45:
  minor indent
2015-11-11 15:48:42 +01:00
Marek Marczykowski-Górecki
76ba45c281
Merge remote-tracking branch 'origin/pr/44'
* origin/pr/44:
  removed confusing comments
2015-11-11 15:48:29 +01:00
Patrick Schleizer
91e213a681 minor indent 2015-11-11 14:39:05 +00:00
Patrick Schleizer
ba5910f633 removed confusing comments 2015-11-11 14:37:39 +00:00
Marek Marczykowski-Górecki
e2ab963a27
Minor improvements to packaging (based on rpmlint)
There is much more to fix, but lets start with low hanging fruits.
2015-11-11 15:19:43 +01:00
Marek Marczykowski-Górecki
2a589f2c20
updates-proxy: use separate directory for PID file
And also use systemd-tmpfiles for that directory creation.

Fixes QubesOS/qubes-issues#1401
2015-11-11 05:57:57 +01:00
Marek Marczykowski-Górecki
7cca1b23ee
Get rid of qubes-core-vm-kernel-placeholder
Since /lib/modules is not mounted read-only anymore (only a selected
subdirectory there), it is no longer required to prevent kernel package
installation. Even more - since PV Grub being supported, it makes sense
to have kernel installed in the VM.

QubesOS/qubes-issues#1354
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
b6cfcdcc6f
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
074309e6a3
dracut: disable hostonly mode
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.

QubesOS/qubes-issues#1354
2015-11-10 16:36:00 +01:00
Olivier MEDOC
0c33c73b8e dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking
Conflicts:
	Makefile
2015-11-07 19:12:30 +01:00
Olivier MEDOC
ce4725523f dropins: make current systemd dropins specific to systemd-system in order to introduce dropins for systemd-user 2015-11-07 19:10:32 +01:00
Olivier MEDOC
4b5332081e add DROPINS for org.cups.cupsd systemd files. 2015-11-06 19:36:52 +01:00
Marek Marczykowski-Górecki
c2596a0435
Setup updates proxy in dnf and PackageKit
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
2015-10-30 15:13:56 +01:00
Marek Marczykowski-Górecki
1936e0f336
makefile: cleanup help message 2015-10-29 04:02:24 +01:00
Patrick Schleizer
ba8337658e
disable leaking TCP timestamps by default
https://github.com/QubesOS/qubes-issues/issues/1344
2015-10-19 14:03:57 +00:00
Marek Marczykowski-Górecki
6c4831339c
network: use drop-ins for NetworkManager configuration (#1176)
Do not modify main /etc/NetworkManager/NetworkManager.conf as it would
cause conflicts during updates. Use
/etc/NetworkManager/conf.d/30-qubes.conf instead.
Also remove some dead code for dynamically generated parts (no longer
required to "blacklist" eth0 in VMs - we have proper connection
generated for it). It was commented out for some time already

Fixes QubesOS/qubes-issues#1176
2015-10-06 15:15:26 +02:00
Marek Marczykowski-Górecki
8e497bffc0
Merge branch 'qubes-iptables'
Conflicts:
	debian/control
	rpm_spec/core-vm.spec

QubesOS/qubes-issues#1067
2015-10-05 01:47:01 +02:00
Marek Marczykowski-Górecki
2a39adfe0f
Enlarge /tmp and /dev/shm
Initial size of those tmpfs-mounted directories is calculated as 50% of
RAM at VM startup time. Which happen to be quite small number, like
150M. Having such small /tmp and/or /dev/shm apparently isn't enough for
some applications like Google chrome. So set the size statically at 1GB,
which would be the case for baremetal system with 2GB of RAM.

Fixes QubesOS/qubes-issues#1003
2015-10-04 23:07:10 +02:00
Marek Marczykowski-Górecki
ca35c7ec70
Merge remote-tracking branch 'origin/pr/31'
* origin/pr/31:
  Fixed /etc/pam.d/su.qubes. (Moved line 'auth sufficient pam_permit.so' up. May not be low '@include' lines.)
  - Prevent 'su -' from asking for password in Debian [based] templates. Thanks to @unman and @marmarek for suggesting the fix! Fixes https://github.com/QubesOS/qubes-issues/issues/1128. - Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.

Conflicts:
	debian/control
2015-09-28 12:58:08 +02:00
Patrick Schleizer
665453da76
- Prevent 'su -' from asking for password in Debian [based] templates.
Thanks to @unman and @marmarek for suggesting the fix!
Fixes https://github.com/QubesOS/qubes-issues/issues/1128.
- Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.
2015-09-13 17:19:25 +00:00
qubesuser
7f9fdc8327 qubes-rpc: fix icon selection using pyxdg and support SVG icons 2015-09-06 22:02:27 +02:00
Marek Marczykowski-Górecki
c8ac55b179 Merge branch 'autostart-dropins'
Conflicts:
	misc/qubes-trigger-desktop-file-install

Fixes qubesos/qubes-issues#1151
2015-09-02 01:16:19 +02:00
qubesuser
2a15863ccb network: add vif-route-qubes-nat for IP address anonymization 2015-08-30 16:27:14 +02:00
Marek Marczykowski-Górecki
4703e3fca7
Remove dynamically generated autostart desktop files
qubesos/qubes-issues#1151
2015-08-27 22:08:04 +02:00
Marek Marczykowski-Górecki
3d06ce1ee9
Implement dropins for /etc/xdg/autostart (#1151)
Usage of _static_ files (dropins) to override some of autostart entries
(enable/disable them in appropriate VM types) is much simpler and less
error prone than automatic generators.

Handling code is implemented in qubes-session-autostart, which is called
from qubes-session.

qubesos/qubes-issues#1151
2015-08-27 22:08:00 +02:00
Marek Marczykowski-Górecki
d710970e4d
Move .desktop launching code to python moules so it can be reused 2015-08-27 22:07:59 +02:00
Jason Mehring
9644d86845
sudoers.d: Stops QT from using the MIT-SHM X11 Shared Memory Extension
Fedora now needs this sudoer rule.  Allows sudo to keep the `QT_X11_NO_MITSHM` ENV
variable which prevents MIT-SHM errors for Fedora and Debian when running a QT
application:

    `Defaults env_keep += "QT_X11_NO_MITSHM"`

A complementary commit has been made in gui-agent-linux:
    Commit: a02e54b71a9ee17f4b10558065a8fc9deaf69984)
    Author: Jason Mehring <nrgaway@gmail.com>
    Date:   Sat Aug 15 20:13:48 2015 -0400
2015-08-16 08:22:19 -04:00
Marek Marczykowski-Górecki
3ccbde9a3c
debian: disable netfilter-persistent.service
This is now handled by qubes-iptables.service

qubesos/qubes-issues#1067
2015-08-09 20:32:35 +02:00
Marek Marczykowski-Górecki
65e9e4c72c
network: use own iptables service instead of repurposing existing one
There were multiple problems with reusing existing one:
 - need to sync with upstream changes (configuration path etc)
 - conflicts resolution on updates
 - lack of iptables --wait, which causes firewall fail to load sometimes

QubesOS/qubes-issues#1067
2015-08-09 20:09:51 +02:00
Jason Mehring
edc9dd404d fedora: Use 'slider' org.mate.NotificationDaemon theme 2015-08-07 09:20:44 -04:00
Jason Mehring
b6c19fc2ef qubes-desktop-file-install: Manages xdg desktop entry files
qubes-desktop-file-install is called by qubes-triggers-desktop-file-install. It's
arguments are based on the Gnome desktop-install-file utility to allow it to be replaced
by same.  Currently the Gnome utility can not be used since it automatically validates
the .desktop entry files with no option to skip validation and will fail on some third
party .desktop files that are not formed properly.

A single trigger script is shared between Fedora, Debian.  This script is used by the
package managers triggers and will copy original .desktop files from `/etc/xdg/autostart`
to `/usr/share/qubes/xdg/autostart` and modify the OnlyShownIn / NotShownIn, etc.  The
original .desktop files are left untouched and left in place.

Qubes modifies the XDG_CONFIG_DIRS to first include the `/usr/share/qubes/xdg`
directory (XDG_CONFIG_DIRS=/usr/share/qubes/xdg:/etc/xdg).

If a package gets removed, it's desktop entry is also removed from the /usr/share/qubes/xdg
directory.

'qubes-desktop-file-install' options:
   --dir DIR                          Install desktop files to the DIR directory (default: <FILE>)
   --force                            Force overwrite of existing desktop files (default: False)
   --remove-show-in                   Remove the "OnlyShowIn" and "NotShowIn" entries from the desktop file (default: False)
   --remove-key KEY                   Remove the KEY key from the desktop files, if present
   --set-key (KEY VALUE)              Set the KEY key to VALUE
   --remove-only-show-in ENVIRONMENT  Remove ENVIRONMENT from the list of desktop environment where the desktop files should be displayed
   --add-only-show-in ENVIRONMENT     Add ENVIRONMENT to the list of desktop environment where the desktop files should be displayed
   --remove-not-show-in ENVIRONMENT   Remove ENVIRONMENT from the list of desktop environment where the desktop files should not be displayed
   --add-not-show-in ENVIRONMENT      Add ENVIRONMENT to the list of desktop environment where the desktop files should not be displayed
2015-08-07 09:15:30 -04:00
Jason Mehring
e8d45665f9 Makefile: Add systemd drop-in support which include conditionals to prevent services from starting 2015-08-04 10:32:00 -04:00
Jason Mehring
15f1df4947
debian: Renamed incorrect filename: 00notiy-hook -> 00notify-hook 2015-08-02 17:45:21 -04:00
Marek Marczykowski-Górecki
3fdb67ac2b dom0-updates: make the tool working on Debian
Restore support for older yum: no --downloadonly option, so use
yumdownloader.
Also add some a code to handle some Debian quirks - especially default
rpmdb location in user home...
2015-06-16 02:22:42 +02:00
Jason Mehring
21d89335fe
debian: Update notification now notifies dom0 when an upgrade is completed 2015-04-25 03:44:28 -04:00
Marek Marczykowski-Górecki
ab38410f5c debian: install qubes-download-dom0-updates.sh 2015-04-14 00:22:35 +02:00
Jason Mehring
6836420c3c
Removed nautilus-actions depend and replaced with nautilus-python
nautilus-actions was orphaned in fc21, so all nautilus context menus have
been re-written as nautilus-python extensions
2015-02-27 00:52:17 -05:00
Jason Mehring
9b35bbdcb4
debian: Remove dist target from Makefile as copy-in is now being used 2015-02-12 11:32:45 -05:00
Jason Mehring
6e3be531c5
Merge branch 'r3-templates' of github.com:nrgaway/core-agent-linux into r3-templates
Conflicts:
	debian/rules
2015-02-11 08:06:45 -05:00
Jason Mehring
2274e65a32 debian: Refactor Debian quilt packaging for xen
- Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian
- Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf
2015-02-11 08:02:55 -05:00
Jason Mehring
79650f0c4c debian: Converted debian package to a quilt package to allow patches
Applied patch to qrexec Makefile to prevent compile failure on warnings
  qrexec: Disable all warnings being treated as errors

  gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2  -c -o qrexec-agent-data.o qrexec-agent-data.c
  qrexec-agent-data.c: In function 'handle_remote_data':
  qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
                 status = *(unsigned int *)buf;
                 ^
  cc1: all warnings being treated as errors
  <builtin>: recipe for target 'qrexec-agent-data.o' failed
2015-02-11 08:02:55 -05:00
Jason Mehring
0df84c7796
debian: Converted debian package to a quilt package to allow patches
Applied patch to qrexec Makefile to prevent compile failure on warnings
  qrexec: Disable all warnings being treated as errors

  gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2  -c -o qrexec-agent-data.o qrexec-agent-data.c
  qrexec-agent-data.c: In function 'handle_remote_data':
  qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
                 status = *(unsigned int *)buf;
                 ^
  cc1: all warnings being treated as errors
  <builtin>: recipe for target 'qrexec-agent-data.o' failed
2015-02-10 10:40:51 -05:00
Matt McCutchen
377e0b4cd4 Switch to preset file for systemd units to disable. 2015-02-09 06:35:05 +01:00
HW42
6ff749a13a debian: install fstab as normal config file 2015-02-05 01:23:00 +01:00
HW42
47550ee2b6 debian: don't generate regular conf files in postinst 2015-02-05 01:22:19 +01:00
Marek Marczykowski-Górecki
efb79d5784 systemd: allow to start cron daemon (#909) 2015-01-30 00:48:56 +01:00
Olivier MEDOC
a94f1f4111 archlinux: fix new packaging requirements related to sbin, lib64, run ... 2015-01-30 00:48:55 +01:00
Jason Mehring
546b4c7911 fc21: Remove left-over code comment 2015-01-30 00:43:31 +01:00
Jason Mehring
33d3a6c9ea fc21: iptables configurations conflict with fc21 yum package manager
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2015-01-30 00:43:31 +01:00
Marek Marczykowski-Górecki
7476eb2f24 debian: fix generation of apt sources list file
Use codename, instead of release number.

Conflicts:
	Makefile
2015-01-30 00:32:49 +01:00
Marek Marczykowski-Górecki
9130636c88 Merge branch 'debian'
Conflicts:
	misc/qubes-r2.list.in
	misc/qubes-trigger-sync-appmenus.sh
	network/30-qubes-external-ip
	network/qubes-firewall
	vm-systemd/network-proxy-setup.sh
	vm-systemd/prepare-dvm.sh
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski-Górecki
9b71e6db8b Update repos and keys for Qubes R3 2014-11-20 17:01:10 +01:00
HW42
63e915f6d4 Tag for commit 5d68e2cc70
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
0613a58961 Improve handling of .desktop files
Instead of directly using Exec= line, parse the file (at the launch
time) with Gio library. The main reason for this change is to handle
Terminal= option, but generally this approach should be more
bulletproof, especially when some fancy options are present in desktop
files.
2014-10-27 12:25:45 +01:00
Marek Marczykowski-Górecki
be266a00dd Include /rw in the package
On Fedora it was created in %post, but on Debian not. Unify it to simply
provide the directory as standard package content.
2014-10-19 04:38:16 +02:00
Marek Marczykowski-Górecki
7339dd1ece Introduce qubes.SetDateTime service for time synchronization
It would be called by qvm-sync-clock instead of 'date' directly. This
gives a lot of flexibility - VM can control whether it want to sync time
this way. For now slight corrections (+-2sec) are ignored to not cause
problems by frequent time changes. But it can be easily extended to
refuse time sync when some other mechanism is used.
2014-10-01 05:40:23 +02:00
Marek Marczykowski-Górecki
e83a91e3d3 debian: migrate to native systemd services 2014-09-30 00:54:33 +02:00
HW42
70bbc7923d install iptables/forwarding for debian 2014-09-29 05:25:14 +02:00
HW42
435c04e8a4 use systemd in debian 2014-09-29 05:24:26 +02:00
Marek Marczykowski-Górecki
3f19c89301 Rename qubes-yum-proxy service to qubes-updates-proxy
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
2014-09-27 00:32:52 +02:00
HW42
b0ac8adca3 move fedora specific stuff to install-rh target 2014-09-25 03:57:33 +02:00
Marek Marczykowski-Górecki
1e842c985d fedora: workaround slow system shutdown (#852)
It looks to be related to this report:
https://bugzilla.redhat.com/show_bug.cgi?id=1088619
Workaround idea was from comment 37.

The hanging process in Qubes VM is most likely dconf-service, but there
is a lot of possible causes. To start with a non-standard method of
accessing the X session (no real login manager, processes started by
qrexec-agent). So instead of wasting a lot of time on digging through
gnome services, simply shorten the stop timeout - the processes would be
killed anyway.
2014-09-24 14:17:24 +02:00
Marek Marczykowski-Górecki
48b6bc5e5e debian: add updates repo definition and key 2014-07-28 02:27:56 +02:00
Davíð Steinn Geirsson
7098842bb6 Explicitly specify /bin/bash for Makefile SHELL, since it's required. 2014-07-23 05:13:22 +02:00
Davíð Steinn Geirsson
0a9199623c Fix make clean target 2014-07-23 05:11:26 +02:00
Davíð Steinn Geirsson
f3d3d501ca Split install target into install-common and install-rh, and add all target 2014-07-23 05:11:07 +02:00
Marek Marczykowski-Górecki
fd42d99803 dispvm: close all windows after apps prerun (#872)
Killing Xorg makes "unclean" termination of applications. Some apps
(Firefox) complains about that at next startup.
2014-07-04 18:51:02 +02:00
Marek Marczykowski-Górecki
923af1c94b Hide nm-applet icon earlier (#857)
Since d660f260b8 icon is hidden during VM
startup for non-netvm. Because qubes-session handles tasks sequentially,
move that one earlier to not scary the user with ghost icon.
2014-05-15 01:27:31 +02:00
Wojciech Zygmunt Porczyk
40fcbdebaa misc: do not display file preview by default (#813) 2014-05-08 14:17:24 +02:00
Marek Marczykowski-Górecki
3b55facb2e Update repo file for R2rc1 repo 2014-04-10 04:08:49 +02:00
Marek Marczykowski-Górecki
fe64539789 Implement "Move to VM" action (#725) 2014-03-24 05:19:16 +01:00
Marek Marczykowski-Górecki
3cc9d0f329 Merge branch 'appicons'
Conflicts:
	rpm_spec/core-vm.spec
2014-02-07 05:50:07 +01:00
Marek Marczykowski-Górecki
d660f260b8 Hide nm-applet when NetworkManager is disabled (retry)
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
2014-02-07 02:16:39 +01:00
Marek Marczykowski-Górecki
e6b1769549 rpm: fix qfile-unpacker permissions
So rpmbuild will be able to create debuginfo and store stipped version.
2014-02-07 02:09:15 +01:00
Marek Marczykowski-Górecki
58496dbac0 rpm: move serial.conf to /usr/share/qubes
It isn't executable file...
2014-02-06 23:56:18 +01:00
Marek Marczykowski-Górecki
fc04408c7a systemd: disable ModemManager in non-NetVM
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
cac25cbe60 Merge remote-tracking branch 'woju/master' into appicons
Conflicts:
	Makefile
	rpm_spec/core-vm.spec
2014-01-31 02:12:06 +01:00
Wojciech Zygmunt Porczyk
453ab0f22c qubes.GetImageRGBA for appicons 2014-01-30 16:30:17 +01:00
Marek Marczykowski-Górecki
99708afc52 systemd: disable ModemManager in non-NetVM
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
2014-01-30 02:56:30 +01:00
Marek Marczykowski-Górecki
361ab0b266 qubes-rpc: introduce services for browsing VM filesystem
For now used to select system backup inside of VM.
2014-01-13 05:07:23 +01:00
Marek Marczykowski-Górecki
fd55d48126 Move meminfo-writer to linux-utils repo
It is common for both dom0 and VM.  So move to linux-specific repo (not
VM-specific).
2014-01-05 05:38:10 +01:00
Marek Marczykowski-Górecki
b3081dce07 systemd: disable additional unneeded services 2013-12-17 01:29:26 +01:00
Marek Marczykowski-Górecki
c04d4e4fea systemd: while disabling service, disable also its activators
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
2013-12-16 21:10:37 +01:00
Marek Marczykowski-Górecki
3cc566f539 Split R2 yum repository for individual beta releases. 2013-12-06 13:02:22 +01:00
Marek Marczykowski-Górecki
8f840e10dc vm-file-editor: add override for mimeinfo *.png entry (#753)
MIME-info database contains multiple entries for *.png, namely image/png
and image/x-apple-ios-png. The later one doesn't have associated handler
program, but this one is selected by mimeopen tool.

Not sure how this tool should behave in case of multiple matches (IOW is
it a bug in File::MimeInfo perl module used by mimeopen).  Instead of
switching to different tool, which probably will break other files
(check #423), add override for this particular file type.
2013-11-14 21:38:27 +01:00
Marek Marczykowski-Górecki
639cb51414 Add qubes.{Backup,Restore} services, include them in rpm package 2013-11-09 19:01:57 +01:00
Olivier MEDOC
5511e0ea7f Merge branch 'master' of git://git.qubes-os.org/marmarek/core-agent-linux
Conflicts:
	Makefile
2013-09-28 11:56:10 +02:00
Marek Marczykowski-Górecki
1d41cb4c18 Add qubes.DetachPciDevice for live PCI detach (#708) 2013-09-01 01:28:07 +02:00
Olivier MEDOC
bfd544eb87 makefile: Use the sbindir variable instead of a fixed path 2013-08-14 03:46:50 +02:00
Olivier MEDOC
f372062c4b makefile: Use the sbindir variable instead of a fixed path 2013-08-07 11:20:33 +02:00
Marek Marczykowski
8c9433fc00 yum-proxy: use iptables-restore to set firewall rules
Simple iptables sometimes returns EBUSY.
2013-08-05 02:08:52 +02:00
Marek Marczykowski
5bbbc3dab2 Merge Makefile.core into main Makefile 2013-04-17 01:52:16 +02:00
Marek Marczykowski
adbb27846f Remove support for old builder API 2013-03-19 19:03:01 +01:00
Marek Marczykowski
a88c122efa Move manpages here from separate repo 2013-03-12 17:10:49 +01:00
Marek Marczykowski
dffd7e0457 remove qubes-core-libs and qrexec leftovers
They are now in separate repository.
2013-03-07 05:09:13 +01:00
Joanna Rutkowska
1a851b4024 Makefile: use fc18 as default value for DIST_DOM0 2013-02-28 13:43:32 +00:00
Marek Marczykowski
c9cec94f00 makefile: support dom0 different than fc13 2013-01-25 03:07:16 +01:00
Marek Marczykowski
a51d9a7c28 makefile: update-repo-template target 2012-11-14 15:53:42 +01:00
Marek Marczykowski
fe1f685b50 spec: extract core libs from qubes-core-vm
This libs are required by both dom0 and VM so it's better to have it
separately. Previously in VM it was separate package, but dom0 have them
embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build
qubes-gui-dom0. Now we do not build all packages for all distros (especially do
not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it
explicit which package is needed by which system.
2012-11-14 13:12:51 +01:00
Marek Marczykowski
68aaafc9e5 makefile: generic rpms-dom0 and rpms-vm targets 2012-11-14 01:41:21 +01:00
Marek Marczykowski
601f8d8ec6 makefile: split rpms into rpms-vm and rpms-dom0 (#665) 2012-11-07 18:05:17 +01:00
Marek Marczykowski
077c74782c vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645)
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
2012-07-23 23:17:50 +02:00
Marek Marczykowski
4d9898aa69 makefile: fix clean target 2012-07-07 02:45:56 +02:00
Marek Marczykowski
18da792ac0 Makefile: network doesn't require clean 2012-01-15 17:36:35 +01:00
Marek Marczykowski
240d35259f vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
Joanna Rutkowska
6604259e89 Makefile: do not run update_repo.sh for update-repo-installer 2011-11-05 11:05:49 +01:00
Joanna Rutkowska
b2482f8025 Makefile: don't autoupdate yum repo after copying rpms there 2011-06-30 20:47:48 +02:00
Joanna Rutkowska
a7c679c6e7 Makefile: automaically copy rpms to _all_ vm repos 2011-06-24 23:00:40 +02:00
Marek Marczykowski
1c1e4362b0 Merge branch 'r1-beta1-fixes'
Conflicts:
	dom0/qvm-core/qubes.py
	version_dom0
	version_vm
2011-05-24 00:20:39 +02:00