Commit Graph

385 Commits

Author SHA1 Message Date
Rusty Bird
ce1f0af216
Set 'wait-for-session=1' for 'qubes.VMShell+WaitForSession'
This is intended to be used for DispVMs for which only a single RPC call
can be made before they are destroyed.

Fixes QubesOS/qubes-issues#3012
2018-01-14 19:20:58 +00:00
Marek Marczykowski-Górecki
1b774f9a87
version 4.0.16 2018-01-12 06:18:51 +01:00
Marek Marczykowski-Górecki
7ecb74ae3b
Disable automatic scaling in GNOME/GTK applications
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.

Solution by @alyssais, thanks!
Fixes QubesOS/qubes-issues#3108
2018-01-12 06:00:18 +01:00
Marek Marczykowski-Górecki
d4f6eb1f4a
Install KDE actions for KDE5
Fixes QubesOS/qubes-issues#3449
2018-01-09 17:42:21 +01:00
Marek Marczykowski-Górecki
180146a5c2
version 4.0.15 2017-12-23 02:53:43 +01:00
Marek Marczykowski-Górecki
29e4ac8f97
version 4.0.14 2017-12-15 09:23:22 +01:00
Marek Marczykowski-Górecki
47e6a84f79
debian: use systemd-preset logic from rpm package
It is more robust, especially handle "# Units below this line will be
re-preset on package upgrade" part of 75-qubes-vm.preset file. This is
needed to fix system configuration without the need to rebuild the whole
template.

QubesOS/qubes-issues#2913
2017-12-15 02:50:05 +01:00
Marek Marczykowski-Górecki
1651866aa2
Merge remote-tracking branch 'qubesos/pr/72'
* qubesos/pr/72:
  Fix UCA mistake and qvm-actions script
  Fix ShellCheck comments
  Add debian package support
  Disable Thunar thumbnails
  Add support for Thunar Qubes VM tools
2017-12-13 19:47:16 +01:00
Marek Marczykowski-Górecki
715693b93d
network: IPv6-enabled firewall
If IPv6 is configured in the VM, and it is providing network to others,
apply IPv6 firewall similar to the IPv4 one (including NAT for outgoing
traffix), instead of blocking everything. Also, enable IP forwarding for
IPv6 in such a case.

Fixes QubesOS/qubes-issues#718
2017-12-07 01:41:55 +01:00
Marek Marczykowski-Górecki
414f944cf9
Disable cups-browsed service together with cups
It tries to connect to cups every second and doesn't do anything else
when cups is disabled. So disable (or enable) both of them at the same
time.
2017-12-05 17:58:35 +01:00
Frédéric Pierret
6226531bd5
Fix ShellCheck comments 2017-11-22 15:45:51 +01:00
Frédéric Pierret
3dc294f3bb
Add debian package support 2017-11-22 13:06:51 +01:00
Marek Marczykowski-Górecki
0500719f4d
version 4.0.13 2017-11-21 04:51:28 +01:00
Marek Marczykowski-Górecki
92682903ad
version 4.0.12 2017-10-19 17:28:27 +02:00
Marek Marczykowski-Górecki
5edd3b3f75
Merge branch 'fixes-20171019'
* fixes-20171019:
  debian: cleanup after splitting qubes-core-agent
  Fix removing temporary file after editing in (Disp)VM
  network: fix rules for network setup on new udev
  debian: disable timer-based apt-get
2017-10-19 16:51:12 +02:00
Marek Marczykowski-Górecki
e327da019d
debian: cleanup after splitting qubes-core-agent
Displacement of /etc/pam.d/su was moved to
qubes-core-agent-passwordless-root, fix upgrade path.
2017-10-19 16:18:23 +02:00
Marek Marczykowski-Górecki
128af0d191
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621
2017-10-19 15:03:06 +02:00
Marek Marczykowski-Górecki
1ed6e614ab
Resize root filesystem at VM startup if needed
Check if root device was enlarged while domain was powered off and
resize the filesystem in such a case.

QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 21:02:15 +02:00
Marek Marczykowski-Górecki
d8a2b8c375
Add support for new root volume partition layout to qubes.ResizeDisk
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.

Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.

Fixes QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 19:53:48 +02:00
Marek Marczykowski-Górecki
d84886d477
version 4.0.11 2017-10-07 02:35:42 +02:00
Marek Marczykowski-Górecki
579701d48c
Merge branch 'fixes-20171002'
* fixes-20171002:
  qubes.ResizeDisk: handle dmroot being a symlink
  qrexec: use user shell instead of hardcoded /bin/sh
  qrexec: code style fix - use spaces for indentation
  Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
2017-10-07 01:47:39 +02:00
Marek Marczykowski-Górecki
5daf11bf97
version 4.0.10 2017-10-04 15:19:35 +02:00
Marek Marczykowski-Górecki
486f17ec2d
Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
Default `ask` policy ignore target domain specified by the caller, so it
doesn't make sense to specify one. Provide convenient wrappers not
needing one. Do not change behaviour of existing tools for compatibility
reasons.

Fixes QubesOS/qubes-issues#3141
2017-10-02 05:14:49 +02:00
Marek Marczykowski-Górecki
f16753c67b
debian: fix shellcheck warnings in debian packaging 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
a7ef5726ed
version 4.0.9 2017-09-26 23:09:45 +02:00
Marek Marczykowski-Górecki
abb6d23470
version 4.0.8 2017-09-15 13:44:17 +02:00
Marek Marczykowski-Górecki
0fabc54aad
version 4.0.7 2017-08-11 13:33:36 +02:00
Marek Marczykowski-Górecki
c5fae6ac55
qubes-rpc: add 'wait-for-session=1' option for some services
Configure selected services to wait until GUI session is available.

QubesOS/qubes-issues#2974
2017-08-09 00:58:49 +02:00
Marek Marczykowski-Górecki
5ecd51dab7
document /etc/qubes/rpc-config
QubesOS/qubes-issues#2974
2017-08-09 00:58:48 +02:00
Marek Marczykowski-Górecki
2a0c670a53
version 4.0.6 2017-07-29 05:31:13 +02:00
Marek Marczykowski-Górecki
83aa6a375f
version 4.0.5 2017-07-12 23:40:54 +02:00
Marta Marczykowska-Górecka
f55412cd1e
clock synchronization rewrite
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
Marek Marczykowski-Górecki
e9e5795519
version 4.0.4 2017-07-05 14:02:22 +02:00
Marek Marczykowski-Górecki
11e8290d3d
version 4.0.3 2017-07-05 02:37:51 +02:00
Marek Marczykowski-Górecki
3af55c5cb3
qrexec: use PAM directly instead of calling su to setup the session
Instead of calling 'su' to switch the user, use own implementation of
this. Thanks to PAM it's pretty simple. The main reason is to have
control over process waiting for session termination (to call
pam_close_sesion/pam_end). Especially we don't want it to keep std* fds
open, which would prevent qrexec-agent from receiving EOF when one of
them will be closed.
Also, this will preserve QREXEC_AGENT_PID environment variable.

Fixes QubesOS/qubes-issues#2851
2017-07-05 02:17:43 +02:00
Marek Marczykowski-Górecki
68d98179f0
Do not load 'dummy-hcd' kernel module
It isn't really needed. It was used to workaround libusb bug (causing
crash when the system does not have any USB controller), but since we
use HVM now which do have some USB controllers it isn't needed anymore.

Also, it is not available in stock Fedora kernels.
2017-07-05 00:20:57 +02:00
Marek Marczykowski-Górecki
6c34571b66
Merge remote-tracking branch 'qubesos/pr/46'
* qubesos/pr/46:
  Enable build for Zesty
2017-07-04 13:39:06 +02:00
Marek Marczykowski-Górecki
99c5815baf
version 4.0.2 2017-06-24 02:19:15 +02:00
Marek Marczykowski-Górecki
ff26dcfe53
Add qrexec-client-vm man page
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
cfbd50a936
debian: install man pages
Man pages were installed only in RPM package...
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
f4be704ac0
Ship Qubes 4.0 repository definition and keys 2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
2a117548b6
Ship grub configuration
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.

QubesOS/qubes-issues#2577
2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
bc453d8cd7
version 4.0.1 2017-06-11 00:02:49 +02:00
Marek Marczykowski-Górecki
67f8e9e985
rpm,deb: fix dependencies
1. Cannot Recommend: nftables, as Debian jessie doesn't have it.
2. gsettings tool is in glib, not dconf
2017-06-10 23:15:22 +02:00
Marek Marczykowski-Górecki
7da4ed7d64
Switch qubes.UpdatesProxy to socat
- there are many netcat versions (openbsd, nmap, ...), which behave
 differently - especially while handling EOF
 - Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
   good)

QubesOS/qubes-issues#1854
2017-06-10 23:11:01 +02:00
Marek Marczykowski-Górecki
9270fc589b
version 4.0.0 2017-06-09 23:30:10 +02:00
Marek Marczykowski-Górecki
422f03e9ac
Add qubes.VMRootShell service
It is the same as qubes.VMShell - the actual difference is in qrexec
policy, which contains 'user=root' option.

QubesOS/qubes-issues#2572
2017-06-09 23:06:09 +02:00
Marek Marczykowski-Górecki
a06b5b4d61
debian: drop explicit dependency on sudo
qubes-core-agent itself do not require sudo to work.

QubesOS/qubes-issues#2572
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
000a93e001
rpm,deb: split qrexec-agent into separate subpackage
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.

QubesOS/qubes-issues#2771
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
2337d26a3e
debian: update basic metadata of package 2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
58d21f095f
Remove old vusb scripts
This is unused for a long time (since we've moved to USBIP).
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
32915fe126
deb,rpm: split passwordless root access configs into separate package
Make passwordless root access optional - ease integration qrexec
authorization for sudo.

QubesOS/qubes-issues#2695
2017-06-08 22:11:36 +02:00
Marek Marczykowski-Górecki
db066888e1
Adjust dependencies for clean upgrade
When a file is moved to other package, the new package needs Replaces:
and Breaks: dependecies on old package. Otherwise dpkg will refuse to
change file ownership.

QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
7e608a8bb4
Remove DisposableVM savefile related files
In Qubes 4.0 we no longer use two-stage DisposableVM startup.
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
3e7a45b4ac
Split network-related files to -networking and -network-manager packages
This will save a lot of dependencies if networking is not needed in VMs
based on given template. Thanks to updates proxy over qrexec, template
itself do not need to have network configured too.

QubesOS/qubes-issues#2771
2017-06-08 22:11:34 +02:00
Marek Marczykowski-Górecki
72b9f389b2
Split dom0-updates handling into subpackage
In Fedora it makes little sense, but in Debian it allows to avoid a lot
of dependencies. So split in both, to keep it simple.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
f9fd7a1673
Rename qubes-nautilus to qubes-core-agent-nautilus
Again, this will make it easier to reason about package origin.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
8694931665
Implement qubes.PostInstall service
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.

Fixes QubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
2017-05-26 05:25:30 +02:00
Marek Marczykowski-Górecki
b49ae50ad5
Implement qrexec-based connection to updates proxy
Configure package manager to use 127.0.0.1:8082 as proxy instead of
"magic" IP intercepted later. The listen on this port and whenever
new connection arrives, spawn qubes.UpdatesProxy service call (to
default target domain - subject to configuration in dom0) and connect
its stdin/out to the local TCP connection. This part use systemd.socket
unit in case of systemd, and ncat --exec otherwise.

On the other end - in target domain - simply pass stdin/out to updates
proxy (tinyproxy) running locally.

It's important to _not_ configure the same VM to both be updates proxy and
use it. In practice such configuration makes little sense - if VM can
access network (which is required to run updates proxy), package manager
can use it directly. Even if this network access is through some
VPN/Tor. If a single VM would be configured as both proxy provider and
proxy user, connection would loop back to itself. Because of this, proxy
connection redirection (to qrexec service) is disabled when the same VM
also run updates proxy.

Fixes QubesOS/qubes-issues#1854
2017-05-26 05:25:29 +02:00
unman
b445ebce50
Enable build for Zesty 2017-05-23 23:59:41 +01:00
Marek Marczykowski-Górecki
f9d6ff89bc
Rename qvm-run to qvm-run-vm
Avoid conflict with qvm-run from qubes-core-admin-client package.
2017-05-23 02:55:31 +02:00
Marek Marczykowski-Górecki
34fa6e7ced
debian: make haveged.service patch less intrusive...
...but installed on all Debian versions. This is mostly required by
vebose file list in debian/qubes-core-agent.install. But also make it
use new options when upstream will set them.

QubesOS/qubes-issues#2161
2017-05-22 17:30:06 +02:00
Marek Marczykowski-Górecki
8e505c5b0e
debian: add missing Build-Depends: python-setuptools 2017-05-22 17:06:02 +02:00
Marek Marczykowski-Górecki
42bc93d8fd
Revert "fedora,debian: update python3-daemon dependency"
This reverts commit 7d8218a1d4.
Follow revert "firewall: switch to python 3"
2017-05-21 02:01:59 +02:00
Marek Marczykowski-Górecki
33da315e17
Revert "firewall: switch to python 3"
This reverts commit 5dfcf06ef4.

python3-daemon isn't widespread enough yet - for Debian jessie available
only in packports.

In addition to the revert itself, adjust packaging for this change
(mostly for Debian).
2017-05-21 02:01:47 +02:00
Marek Marczykowski-Górecki
5047fd9288
debian,fedora: split nautilus integration into separate package
This will allow to avoid a lot of dependencies on minimal template.

QubesOS/qubes-issues#2816
QubesOS/qubes-issues#2771
2017-05-21 01:52:23 +02:00
Marek Marczykowski-Górecki
36fa978a0e
debian: fix qubes-firewall python packaging, make it more verbose
Add --install-layout=deb option to setup.py, so files will not land in
/usr/local.
Also, explicitly list packaged files - make it easier to split the
package later.
2017-05-21 01:47:59 +02:00
Marek Marczykowski-Górecki
89183e9944
Ask for target VM for file-copy in dom0
This way:
 - VM prompt do know VM list, the list may be filtered based on policy
 - source VM don't learn name of target VM

Fixes QubesOS/qubes-issues#910
2017-05-20 15:53:03 +02:00
Marek Marczykowski-Górecki
7d8218a1d4
fedora,debian: update python3-daemon dependency
qubes-firewall script now use python3.
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
ce70887a57
Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00
Marek Marczykowski-Górecki
5dfcf06ef4
firewall: switch to python 3 2017-05-20 13:20:08 +02:00
Marek Marczykowski-Górecki
d73221ba3b
version 3.2.18 2017-05-16 00:54:18 +02:00
Marek Marczykowski-Górecki
ee0255b385
debian,fedora: drop gnome-packagekit from dependencies
We don't use it currently - xterm with console updater is used by
default.
2017-04-24 00:17:34 +02:00
Marek Marczykowski-Górecki
03b0b2e481
version 3.2.17 2017-04-01 21:45:29 +02:00
Marek Marczykowski-Górecki
bd6ea489e3
version 3.2.16 2017-03-07 23:04:47 +01:00
Marek Marczykowski-Górecki
cf97f4f8e7
Merge remote-tracking branch 'qubesos/pr/40'
* qubesos/pr/40:
  Stop unnecessary services in Debian
2017-02-20 23:27:07 +01:00
Marek Marczykowski-Górecki
d9cacf66dd
debian: don't fail the upgrade if glib-compile-schemas fails
Thanks @adrelanos
2017-02-20 23:25:39 +01:00
Marek Marczykowski-Górecki
7d97fd3a82
debian: fix lintian warning - command-with-path-in-maintainer-script
Reported by @adrelanos
https://github.com/QubesOS/qubes-core-agent-linux/pull/39#issuecomment-280951206
2017-02-19 22:43:06 +01:00
unman
1ed2954f91
Stop unnecessary services in Debian 2017-02-16 22:41:14 +00:00
unman
8d1b74d732
Apply gschema override preventing previews in nautilus in Debian 2017-02-12 03:06:48 +00:00
Marek Marczykowski-Górecki
fb8c356216
version 3.2.15 2016-12-04 22:39:01 +01:00
Marek Marczykowski-Górecki
bb53619d3d
version 3.2.14 2016-12-04 21:57:10 +01:00
Marek Marczykowski-Górecki
41e3d591ef
Merge remote-tracking branch 'qubesos/pr/25'
* qubesos/pr/25:
  Add systemd override for haveged in xenial and stretch. (#2161) Reenable haveged.service after debian package installation

Fixes QubesOS/qubes-issues#2161
2016-11-28 15:02:32 +01:00
Marek Marczykowski-Górecki
938d184ef4
version 3.2.13 2016-11-18 01:59:25 +01:00
unman
58febd6d20
Add systemd override for haveged in xenial and stretch. (#2161)
Reenable haveged.service after debian package installation
2016-11-14 02:33:20 +00:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
Marek Marczykowski-Górecki
3b65f98db8
version 3.2.12 2016-10-18 15:55:40 +02:00
unman
1b58c7602f
Remove entry in changelog as version not bumped 2016-10-16 22:24:38 +01:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Marek Marczykowski-Górecki
dd30d91375
version 3.2.11 2016-10-03 11:32:40 +02:00
Marek Marczykowski-Górecki
2c8fe644f3
network: remove qubes-netwatcher
This tool/service is obsolete for a long time (it does nothing on R3.0
and later).
2016-09-12 05:58:26 +02:00
Marek Marczykowski-Górecki
ee0a292b21
network: rewrite qubes-firewall daemon
This rewrite is mainly to adopt new interface for Qubes 4.x.
Main changes:
 - change language from bash to python, introduce qubesagent python package
 - support both nftables (preferred) and iptables
 - new interface (https://qubes-os.org/doc/vm-interface/)
 - IPv6 support
 - unit tests included
 - nftables version support running along with other firewall loaded

Fixes QubesOS/qubes-issues#1815
QubesOS/qubes-issues#718
2016-09-12 05:22:53 +02:00
Marek Marczykowski-Górecki
1a601ddbe9
version 3.2.10 2016-08-08 05:23:02 +02:00
HW42
7c15b9b0ea
systemd: remove obsolete symlinks with rm instead of systemctl
The systemctl in Debian unstable fails when trying to disable a removed
service. The manpage do not mention a switch to change this behaviour.
But it says:

  Note that this operation creates only the suggested symlinks for
  the units. While this command is the recommended way to manipulate
  the unit configuration directory, the administrator is free to make
  additional changes manually by placing or removing symlinks in the
  directory.

So a simple rm should be fine.
2016-07-28 21:54:50 +02:00
HW42
5ab7e80306
systemd: fix qubes-mount-home path in cleanup script 2016-07-28 21:54:38 +02:00
Marek Marczykowski-Górecki
fd8a116744
version 3.2.9 2016-07-27 06:08:56 +02:00
Marek Marczykowski-Górecki
bad589bc00
Merge remote-tracking branch 'origin/pr/80' 2016-07-27 05:20:12 +02:00
Marek Marczykowski-Górecki
90be5be630
systemd: cleanup removed services
Fixes QubesOS/qubes-issues#2192
2016-07-27 05:19:46 +02:00
Patrick Schleizer
a003093953
add /usr/lib/qubes/bind-dirs.sh compatibility symlink
https://github.com/QubesOS/qubes-issues/issues/2191
2016-07-23 21:44:00 +00:00
Marek Marczykowski-Górecki
979e2d2bf8
version 3.2.8 2016-07-17 04:27:04 +02:00
Marek Marczykowski-Górecki
8781a5c588
version 3.2.7 2016-07-13 22:43:06 +02:00
Marek Marczykowski-Górecki
e7b1711e21
version 3.2.6 2016-07-13 04:38:18 +02:00
Marek Marczykowski-Górecki
d47a89ec76
version 3.2.5 2016-06-06 00:18:54 +02:00
Marek Marczykowski-Górecki
762189a0ae
debian: add missing pkg-config build depends 2016-06-05 22:32:54 +02:00
Marek Marczykowski-Górecki
49304180c3
version 3.2.4 2016-06-05 22:10:58 +02:00
Marek Marczykowski-Górecki
2fa8c76eec
version 3.2.3 2016-05-18 23:43:23 +02:00
Marek Marczykowski-Górecki
4c1ae75e35
version 3.2.2 2016-05-18 03:00:12 +02:00
Marek Marczykowski-Górecki
737922bf87
version 3.2.1 2016-05-05 00:05:13 +02:00
Marek Marczykowski-Górecki
1c251487fa
version 3.2.0 2016-03-29 14:41:34 +02:00
Marek Marczykowski-Górecki
8f1ec4ba1a
version 3.1.14 2016-03-07 13:47:01 +01:00
Marek Marczykowski-Górecki
d181cf5cff
version 3.1.13 2016-02-08 05:07:39 +01:00
Marek Marczykowski-Górecki
dca5265958
qubes-open: switch from mimeopen to xdg-open
xdg-open is more robust in choosing default application for particular
file type: it supports fallback if the preferred application isn't
working, and most importantly it support system-wide defaults
(/usr/share/applications/defaults.list,
 /usr/share/applications/mimeapps.list), so no "random" application is
chosen.

By default xdg-open tries to use environment-specific tool, like
gvfs-open - which isn't good for us, because many such tools do not wait
for editor/viewer termination. That would mean that DisposableVM would
be destroyed just after opening the file.
To avoid such effect, we set DE=generic.

Fixes QubesOS/qubes-issues#1621
2016-02-02 03:28:34 +01:00
Marek Marczykowski-Górecki
5570c899b8
version 3.1.12 2016-01-11 21:59:35 +01:00
Marek Marczykowski-Górecki
b36146961f
version 3.1.11 2016-01-07 05:52:36 +01:00
Marek Marczykowski-Górecki
89d5f8990f
version 3.1.10 2015-12-31 02:58:29 +01:00
Marek Marczykowski-Górecki
5a04fb34ed debian: add missing python-gtk2 dependency
qvm-mru-entry requires it.

Fixes QubesOS/qubes-issues#1567
2015-12-30 15:16:23 +01:00
Marek Marczykowski-Górecki
7835f4da2b
version 3.1.9 2015-12-26 14:24:03 +01:00
Marek Marczykowski-Górecki
ba5041579a
version 3.1.8 2015-12-20 03:12:39 +01:00
Marek Marczykowski-Górecki
8064682e9e
version 3.1.7 2015-12-04 15:32:14 +01:00
Marek Marczykowski-Górecki
5aa0f32c78
version 3.1.6 2015-11-29 00:34:34 +01:00
Marek Marczykowski-Górecki
a11897a1d0
Revert "network: use drop-ins for NetworkManager configuration (#1176)"
Apparently unmanaged devices are loaded only from main
NetworkManager.conf. Exactly the same line pasted (not typed!) to main
NetworkManager.conf works, but in
/etc/NetworkManager/conf.d/30-qubes.conf it doesn't.
BTW There was a typo in option name ("unmanaged_devices" instead of
"unmanaged-devices", but it wasn't the cause).

This reverts commit 6c4831339c.

QubesOS/qubes-issues#1176
2015-11-28 17:43:15 +01:00
Marek Marczykowski-Górecki
8482fbbd13
version 3.1.5 2015-11-28 14:48:34 +01:00
Marek Marczykowski-Górecki
c99dca37ce
debian: update build-depends for split qubes-utils package
QubesOS/qubes-issues#1416
2015-11-26 22:26:50 +01:00
Marek Marczykowski-Górecki
d4cf78652c
debian: reformat Build-Depends:
QubesOS/qubes-issues#1416
2015-11-26 21:10:23 +01:00
Patrick Schleizer
7a0286d58f clean up /etc/tinyproxy/filter-updates
https://github.com/QubesOS/qubes-issues/issues/1188
2015-11-15 12:31:32 +00:00
Marek Marczykowski-Górecki
b725c050c7
version 3.1.4 2015-11-15 04:29:30 +01:00
Marek Marczykowski-Górecki
5d74a8cbc0
version 3.1.3 2015-11-11 06:29:21 +01:00
Marek Marczykowski-Górecki
164387426b
Bump qubes-utils version requirement
Those commits needs updated qubes-utils:
823954c qrexec: use #define for protocol-specified strings
5774c78 qfile-agent: move data handling code to libqubes-rpc-filecopy

QubesOS/qubes-issues#1324
QubesOS/qubes-issues#1392
2015-11-11 05:25:17 +01:00
Marek Marczykowski-Górecki
7cca1b23ee
Get rid of qubes-core-vm-kernel-placeholder
Since /lib/modules is not mounted read-only anymore (only a selected
subdirectory there), it is no longer required to prevent kernel package
installation. Even more - since PV Grub being supported, it makes sense
to have kernel installed in the VM.

QubesOS/qubes-issues#1354
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
9d52b7d178
debian: install locales-all instead of custom locales generation
The custom way proved to be unreliable - for example does not survive
`locales` package upgrade. So settle on much more reliable way.

Fixes QubesOS/qubes-issues#1195
2015-10-27 00:23:20 +01:00
Marek Marczykowski-Górecki
22365369d2
Require new enough qubes-utils package for updated libqrexec-utils
Required by 97a3793 "qrexec: implement buffered write to a child stdin"
2015-10-24 22:25:19 +02:00
Patrick Schleizer
f2e6dc9391
cleanup /etc/apt/apt.conf.d/00notiy-hook on existing systems
00notiy-hook was renamed to 00notify-hook in
'debian: Renamed incorrect filename: 00notiy-hook -> 00notify-hook'
15f1df4947
but the old file was not removed.
(Files in /etc do not automatically get removed on Debian systems when these are removed from the package.)

This is an independent, but supporting fix for:
'Improved upgrade notifications sent to QVMM.'
- https://github.com/marmarek/qubes-core-agent-linux/pull/39
- https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906

Added debian/qubes-core-agent.maintscript.
2015-10-24 21:05:32 +02:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
d3bf3e0978
version 3.1.2 2015-10-11 03:00:00 +02:00
Patrick Schleizer
9664c97e55 minor 2015-10-06 17:13:52 +00:00
Marek Marczykowski-Górecki
6c4831339c
network: use drop-ins for NetworkManager configuration (#1176)
Do not modify main /etc/NetworkManager/NetworkManager.conf as it would
cause conflicts during updates. Use
/etc/NetworkManager/conf.d/30-qubes.conf instead.
Also remove some dead code for dynamically generated parts (no longer
required to "blacklist" eth0 in VMs - we have proper connection
generated for it). It was commented out for some time already

Fixes QubesOS/qubes-issues#1176
2015-10-06 15:15:26 +02:00
Marek Marczykowski-Górecki
8e497bffc0
Merge branch 'qubes-iptables'
Conflicts:
	debian/control
	rpm_spec/core-vm.spec

QubesOS/qubes-issues#1067
2015-10-05 01:47:01 +02:00
Marek Marczykowski-Górecki
ff40be9c99
version 3.1.1 2015-09-29 16:55:35 +02:00
Marek Marczykowski-Górecki
47a9940a8e
version 3.1.0 2015-09-29 16:39:55 +02:00
Marek Marczykowski-Górecki
0695a18020
Merge remote-tracking branch 'origin/pr/32'
* origin/pr/32:
  fix typo
2015-09-28 12:58:30 +02:00
Marek Marczykowski-Górecki
ca35c7ec70
Merge remote-tracking branch 'origin/pr/31'
* origin/pr/31:
  Fixed /etc/pam.d/su.qubes. (Moved line 'auth sufficient pam_permit.so' up. May not be low '@include' lines.)
  - Prevent 'su -' from asking for password in Debian [based] templates. Thanks to @unman and @marmarek for suggesting the fix! Fixes https://github.com/QubesOS/qubes-issues/issues/1128. - Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.

Conflicts:
	debian/control
2015-09-28 12:58:08 +02:00
Marek Marczykowski-Górecki
4342dc5c66
Merge remote-tracking branch 'origin/pr/30'
* origin/pr/30:
  added missing dependency xserver-xorg-dev
2015-09-28 12:57:13 +02:00
Marek Marczykowski-Górecki
c615afb88f
Merge remote-tracking branch 'origin/pr/28'
* origin/pr/28:
  qubes-rpc: fix icon selection using pyxdg and support SVG icons
  qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA

Conflicts:
	qubes-rpc/qubes.GetImageRGBA
	rpm_spec/core-vm.spec
2015-09-28 12:47:49 +02:00
Marek Marczykowski-Górecki
34b2e822ec
Merge remote-tracking branch 'origin/pr/27'
* origin/pr/27:
  added missing dependency python-dbus to 'Depends:'
2015-09-28 12:20:57 +02:00
Marek Marczykowski-Górecki
54f8bb4169
Merge remote-tracking branch 'origin/pr/23'
* origin/pr/23:
  Allow passwordless login for user "user" (when using 'sudo xl console') for images being upgraded.
2015-09-28 12:09:12 +02:00
Marek Marczykowski-Górecki
cae488dd34
Merge remote-tracking branch 'origin/pr/22'
* origin/pr/22:
  Allow passwordless login for user "user" (when using 'sudo xl console').
2015-09-28 12:08:39 +02:00
Patrick Schleizer
cf55fa54c9 fix typo 2015-09-20 04:01:57 +00:00
Patrick Schleizer
665453da76
- Prevent 'su -' from asking for password in Debian [based] templates.
Thanks to @unman and @marmarek for suggesting the fix!
Fixes https://github.com/QubesOS/qubes-issues/issues/1128.
- Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well.
2015-09-13 17:19:25 +00:00
Patrick Schleizer
3f19b581cd added missing dependency xserver-xorg-dev 2015-09-12 22:54:26 +00:00
qubesuser
7f9fdc8327 qubes-rpc: fix icon selection using pyxdg and support SVG icons 2015-09-06 22:02:27 +02:00