... instead of requested user. This makes sure that session startup
script will be able to send a signal here to notify about session
startup.
This is especially needed when the first service started in the VM is
called as root (like qubes.InstallUpdatesGUI).
FixesQubesOS/qubes-issues#3526
When VM is set to synchronize the time with the network, to not sync its
time with clockvm.
Besides not having sense, in default configuration it will lead to
loopback qrexec connection (sys-net -> sys-net), which will hang.
QubesOS/qubes-issues#3333
The most common thing to fix S3 sleep is to unload PCI devices drivers
before suspend. Instead of having every user figuring out what drivers
needs to be blacklisted, detach all drivers from actual PCI devices.
Exclude qemu emulated devices.
FixesQubesOS/qubes-issues#3486
qvm-run-vm cannot make a separate qubes.WaitForSession call for a
DispVM. Instead, pass the new WaitForSession argument to qubes.VMShell,
which will do the equivalent.
There was a bug that interpreted '-' as file type. But convert don't
know how to handle '-' file type, so refused to proceed.
FixesQubesOS/qubes-issues#3085
* qubesos/pr/72:
Fix UCA mistake and qvm-actions script
Fix ShellCheck comments
Add debian package support
Disable Thunar thumbnails
Add support for Thunar Qubes VM tools
* fixes-20171019:
debian: cleanup after splitting qubes-core-agent
Fix removing temporary file after editing in (Disp)VM
network: fix rules for network setup on new udev
debian: disable timer-based apt-get
Fix removing the file - do not free its filename just before unlink call
(scheduled with atexit function).
At the same time, place the temporary file in a unique directory,
making it possible to edit multiple files with the same name at once.
Remove that directory at exit too.
FixesQubesOS/qubes-issues#3112
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.
Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.
FixesQubesOS/qubes-issues#3173QubesOS/qubes-issues#3143
Default `ask` policy ignore target domain specified by the caller, so it
doesn't make sense to specify one. Provide convenient wrappers not
needing one. Do not change behaviour of existing tools for compatibility
reasons.
FixesQubesOS/qubes-issues#3141
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )
Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)
fixesQubesOS/qubes-issues#1230
- there are many netcat versions (openbsd, nmap, ...), which behave
differently - especially while handling EOF
- Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
good)
QubesOS/qubes-issues#1854
It is expected to be killed by a signal. Exit with returncode 0 anyway.
While at it, adjust it for current service format (executable, with
proper shebang).
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.
FixesQubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
Configure package manager to use 127.0.0.1:8082 as proxy instead of
"magic" IP intercepted later. The listen on this port and whenever
new connection arrives, spawn qubes.UpdatesProxy service call (to
default target domain - subject to configuration in dom0) and connect
its stdin/out to the local TCP connection. This part use systemd.socket
unit in case of systemd, and ncat --exec otherwise.
On the other end - in target domain - simply pass stdin/out to updates
proxy (tinyproxy) running locally.
It's important to _not_ configure the same VM to both be updates proxy and
use it. In practice such configuration makes little sense - if VM can
access network (which is required to run updates proxy), package manager
can use it directly. Even if this network access is through some
VPN/Tor. If a single VM would be configured as both proxy provider and
proxy user, connection would loop back to itself. Because of this, proxy
connection redirection (to qrexec service) is disabled when the same VM
also run updates proxy.
FixesQubesOS/qubes-issues#1854
This way:
- VM prompt do know VM list, the list may be filtered based on policy
- source VM don't learn name of target VM
FixesQubesOS/qubes-issues#910
