Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,884 Commits 1 Branch 0 Tags 6.4 MiB
e0814b481f
Commit Graph

1884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robin Schneider
e0814b481f
bind-dirs: Create ro if bind target exists 
Before, the script skipped none existing ro paths even if the path
existed below /rw. This would require someone who wants to use bind-dirs
only in TemplateBasedVM to ensure that the paths exist before the
bind-dirs script gets called.

This patch changes this behavior so that if the path exists below /rw, it
is ensured that an (empty) file/directory is present in ro (where the
corresponding path from /rw is then bind mounted over).

Requires: Docs update. I can open a PR when this PRs looks good.
Fixes limitation: "Does not work if the file / folder in question does
  not already exist in the root image. I.e. a file that does not exist in
  the root image cannot be bind mounted in the TemplateBasedVM."
Example use case: https://github.com/debops/ansible-persistent_paths
Tested on: Qubes OS 3.2; Debian 8 TemplateBasedVM (and Template)
Related to: https://github.com/QubesOS/qubes-issues/issues/2661
 2017-03-16 12:56:54 +01:00
Marek Marczykowski-Górecki
bd6ea489e3
version 3.2.16 2017-03-07 23:04:47 +01:00
Marek Marczykowski-Górecki
9f9c3c56fc
Use online resize2fs, and run filesystem check only when needed 
When trying offline resize2fs, it require running fsck first, which
takes time, especially on large volumes. And in most cases, resize2fs
will notice that no action is needed - after wasting some time on fsck.
To remedy this, use resize2fs in online mode (on mounted filesystem).
And drop fsck call if it fails (filesystem is already mounted
read-write, running fsck isn't good idea).

But do not remove fsck call completely - still call it, but without '-f'
flag, so it run actual check only when really needed (unclean shutdown,
last check far in the past etc).

Fixes QubesOS/qubes-issues#979
Fixes QubesOS/qubes-issues#2583
 2017-02-27 04:21:59 +01:00
Marek Marczykowski-Górecki
d8e568fa13
systemd: place user dropins in /usr/lib instead of /lib 
On non-Fedora those are not equivalent. On Debian, user units in /lib
are not supported

Reported by @adrelanos
Fixes QubesOS/qubes-issues#2644
 2017-02-21 01:37:24 +01:00
Marek Marczykowski-Górecki
cf97f4f8e7
Merge remote-tracking branch 'qubesos/pr/40' 
* qubesos/pr/40:
  Stop unnecessary services in Debian
 2017-02-20 23:27:07 +01:00
Marek Marczykowski-Górecki
d9cacf66dd
debian: don't fail the upgrade if glib-compile-schemas fails 
Thanks @adrelanos
 2017-02-20 23:25:39 +01:00
Marek Marczykowski-Górecki
7d97fd3a82
debian: fix lintian warning - command-with-path-in-maintainer-script 
Reported by @adrelanos
https://github.com/QubesOS/qubes-core-agent-linux/pull/39#issuecomment-280951206
 2017-02-19 22:43:06 +01:00
unman
1ed2954f91
Stop unnecessary services in Debian 2017-02-16 22:41:14 +00:00
Marek Marczykowski-Górecki
dcbd20f08c
Merge remote-tracking branch 'qubesos/pr/39' 
* qubesos/pr/39:
  Apply gschema override preventing previews in nautilus in Debian
 2017-02-16 16:51:56 +01:00
Marek Marczykowski-Górecki
8ae5101057
Merge remote-tracking branch 'qubesos/pr/37' 
* qubesos/pr/37:
  Move trusty check and locales-all fix inside source-debian-quilt-copy-in
  Fix build for trusty - locales-all not available
 2017-02-16 16:51:39 +01:00
unman
38f44417d6
Move trusty check and locales-all fix inside source-debian-quilt-copy-in 2017-02-13 22:25:47 +00:00
Marek Marczykowski-Górecki
961455657d
Merge remote-tracking branch 'qubesos/pr/38' 
* qubesos/pr/38:
  Reset iptables ACCEPT rule for updates proxy if service is running
 2017-02-13 00:03:43 +01:00
Marek Marczykowski-Górecki
08edfa630d
Merge remote-tracking branch 'qubesos/pr/35' 
* qubesos/pr/35:
  Constrain cron and anacron in Ubuntu also
  Stop anacron from starting in Debian using existing constraint on cron
 2017-02-12 23:59:43 +01:00
Gregorio Guidi
1ca110a9fd
Restore functionality of disable-default-route and disable-dns-server. 2017-02-12 23:53:43 +01:00
unman
8d1b74d732
Apply gschema override preventing previews in nautilus in Debian 2017-02-12 03:06:48 +00:00
unman
59b025a652
Reset iptables ACCEPT rule for updates proxy if service is running 2017-02-11 02:11:53 +00:00
unman
32dc1ad809
Fix build for trusty - locales-all not available 2017-02-09 01:46:53 +00:00
unman
3180d09ff4
Constrain cron and anacron in Ubuntu also 2017-02-06 00:08:33 +00:00
unman
a361fb454c
Stop anacron from starting in Debian using existing constraint on cron 2017-02-05 23:36:27 +00:00
Olivier MEDOC
7787d39b6e archlinux: add missing qubes-rpc dependencies 2017-01-29 15:37:15 +01:00
Olivier MEDOC
0159cd6a77 archlinux: fix pacman.d dropin not activated if pacman.conf does not already contains qubes markers 2017-01-29 15:27:14 +01:00
Olivier MEDOC
8ba584dfb0 Makefile: enforce mode 750 for directories /etc/sudoers.d and /etc/polkit-1/rules.d 2017-01-29 15:01:01 +01:00
Olivier MEDOC
98b4f1f265 archlinux: fix bash syntax errors 2017-01-29 14:34:50 +01:00
Olivier MEDOC
8584290295 archlinux: update installer script to use systemd preset file 2017-01-29 13:55:35 +01:00
Olivier MEDOC
9890ed191a archlinux: fix lsb_release missing 2017-01-28 21:20:20 +01:00
Lorenzo
f3a44bdd74
Merge branch 'master' of github.com:lorenzog/qubes-core-agent-linux 2017-01-14 22:21:45 +00:00
Lorenzo
f4af5f320a
Shut down after update only if it's a template. 
As per discussion in
https://github.com/QubesOS/qubes-issues/issues/2555#issuecomment-271415169

Signed-off-by: Lorenzo <lorenzo.grespan@gmail.com>
 2017-01-14 22:20:51 +00:00
Lorenzo
ffefce9e25 Shut down after update only if it's a template. 
As per discussion in
https://github.com/QubesOS/qubes-issues/issues/2555#issuecomment-271415169
 2017-01-14 13:11:27 +00:00
Marek Marczykowski-Górecki
bb71ddd8cd
Merge remote-tracking branch 'origin/pr/86' 
* origin/pr/86:
  archlinux: fix community repositories URL
 2017-01-04 23:13:57 +01:00
Marek Marczykowski-Górecki
12231dab4a
Merge remote-tracking branch 'origin/pr/85' 
* origin/pr/85:
  comment
 2017-01-04 23:13:24 +01:00
Olivier MEDOC
d8599d45ba archlinux: fix community repositories URL 2016-12-28 09:00:38 +01:00
Marek Marczykowski-Górecki
63e02a1340
Merge remote-tracking branch 'qubesos/pr/32' 
* qubesos/pr/32:
  Copied needed sources to build root
 2016-12-25 20:44:17 +01:00
Nicklaus McClendon
d1faba7d03
Copied needed sources to build root 2016-12-25 13:33:39 -05:00
Patrick Schleizer
3cc1a855dc comment 2016-12-21 00:15:12 +01:00
Andrew David Wong
cc7d3fc925
Update Xen bug count in sudoers comment 
Closes QubesOS/qubes-issues#2480
 2016-12-04 16:29:01 -08:00
Marek Marczykowski-Górecki
fb8c356216
version 3.2.15 2016-12-04 22:39:01 +01:00
Marek Marczykowski-Górecki
a9e7f91ca6
Fix detection of dom0 updates 
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.

Fixes QubesOS/qubes-issues#2096
 2016-12-04 22:37:17 +01:00
Marek Marczykowski-Górecki
bb53619d3d
version 3.2.14 2016-12-04 21:57:10 +01:00
Marek Marczykowski-Górecki
7c18322ffa
Merge remote-tracking branch 'qubesos/pr/27' 
* qubesos/pr/27:
  v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
 2016-12-04 21:56:11 +01:00
Marek Marczykowski-Górecki
09870c7d80
travis: drop debootstrap workaround 
Move to qubes-builder
 2016-12-04 21:28:13 +01:00
Rusty Bird
0d243250f2
v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument 
Fixes QubesOS/qubes-issues#2472 from commit
3f600d03fa
 2016-12-04 16:50:59 +00:00
Marek Marczykowski-Górecki
41e3d591ef
Merge remote-tracking branch 'qubesos/pr/25' 
* qubesos/pr/25:
  Add systemd override for haveged in xenial and stretch. (#2161) Reenable haveged.service after debian package installation

Fixes QubesOS/qubes-issues#2161
 2016-11-28 15:02:32 +01:00
Marek Marczykowski-Górecki
938d184ef4
version 3.2.13 2016-11-18 01:59:25 +01:00
Marek Marczykowski-Górecki
a69acdabbf
Merge remote-tracking branch 'qubesos/pr/24' 
* qubesos/pr/24:
  Initialize home_volatile for disposable VMs.
 2016-11-17 09:33:02 +01:00
Marek Marczykowski-Górecki
dbcd3e5f0a
Write random seed directly to /dev/urandom 
Don't store it in some variable, as may contain non-ASCII or control
characters (or starts with '-').
 2016-11-17 09:30:49 +01:00
Marek Marczykowski-Górecki
cc2fb303cb
Merge remote-tracking branch 'origin/pr/84' 
* origin/pr/84:
  fix reload_random_seed error handling
 2016-11-17 09:30:14 +01:00
unman
58febd6d20
Add systemd override for haveged in xenial and stretch. (#2161) 
Reenable haveged.service after debian package installation
 2016-11-14 02:33:20 +00:00
Patrick Schleizer
b1f418ca76 fix reload_random_seed error handling 
https://github.com/QubesOS/qubes-core-agent-linux/pull/21#pullrequestreview-8302473
 2016-11-13 23:37:49 +01:00
Manuel Amador (Rudd-O)
6ca10b42eb Initialize home_volatile for disposable VMs. 2016-11-13 21:20:46 +00:00
Marek Marczykowski-Górecki
3050852cbb
Prefer powerpill to update Archlinux VM 
This is the recommended way to connect through update proxy.
 2016-11-12 22:30:37 +01:00