Commit Graph

154 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
f8db065a75 Merge remote-tracking branch 'nrgaway/r3-templates' 2015-02-17 04:58:04 +01:00
Marek Marczykowski-Górecki
700c240d37 qrexec: add simple "fork server" to spawn new processes inside user session
This process should be started from user session (most likely
qubes-session). New processes (of that user) will be created as
children of that session making logind and such crap happy. This should
also solve problems with EOF transmission (no additional "su" process)
and prevent loading all the environment multiple times.
2015-02-17 04:18:34 +01:00
Jason Mehring
567a045bcd
Make sure when user is added to qubes group that the group is appended
added -a option to usermod.
This will prevent other groups from being un-subscribed when qubes group is added
2015-02-13 15:00:54 -05:00
Jason Mehring
fc42561586 Add a qubes group and then add the user 'user' to the group
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions.  /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
2015-02-11 08:02:55 -05:00
Matt McCutchen
377e0b4cd4 Switch to preset file for systemd units to disable. 2015-02-09 06:35:05 +01:00
Marek Marczykowski-Górecki
ea47dfbd5d Merge remote-tracking branch 'woju/master' 2015-02-06 08:07:47 +01:00
Marek Marczykowski-Górecki
490176f180 rpm: add missing R: pygobject3-base 2015-02-05 01:19:33 +01:00
Wojtek Porczyk
591b95a81b spec: require linux-utils-3.0.1 2015-02-02 19:04:02 +01:00
Marek Marczykowski-Górecki
efb79d5784 systemd: allow to start cron daemon (#909) 2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
ab637395cb fedora: reload systemd only once 2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
5590445319 fedora: reduce code duplication in systemd triggers 2015-01-30 00:48:56 +01:00
Marek Marczykowski-Górecki
bc8a6a0a20 fedora: Fix iptables config installation one more time 2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
66620c1005 fedora: Fix iptables config install script 2015-01-30 00:45:04 +01:00
Jason Mehring
33d3a6c9ea fc21: iptables configurations conflict with fc21 yum package manager
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2015-01-30 00:43:31 +01:00
Marek Marczykowski-Górecki
9130636c88 Merge branch 'debian'
Conflicts:
	misc/qubes-r2.list.in
	misc/qubes-trigger-sync-appmenus.sh
	network/30-qubes-external-ip
	network/qubes-firewall
	vm-systemd/network-proxy-setup.sh
	vm-systemd/prepare-dvm.sh
	vm-systemd/qubes-sysinit.sh
2015-01-30 00:30:24 +01:00
Marek Marczykowski-Górecki
9b71e6db8b Update repos and keys for Qubes R3 2014-11-20 17:01:10 +01:00
Marek Marczykowski
db35abadc8 Use Qubes DB instead of Xenstore 2014-11-19 15:34:33 +01:00
Marek Marczykowski
a3aab7dab2 rpm: fix typo 2014-11-19 15:34:33 +01:00
Marek Marczykowski
735531a9ba spec: get backend_vmm from env variable
There is no way to pass --define to yum-buildep, but we use VMM name for
required packages names.
2014-11-19 15:34:32 +01:00
Marek Marczykowski
94f54d6c9f spec: add dependencies on vchan package (both R: and BR:) 2014-11-19 15:34:32 +01:00
Marek Marczykowski-Górecki
c817bb0282 little fix for the official template
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
 nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
 /Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
 hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
 2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
 eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
 NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
 lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
 xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
 7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
 OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
 cXas4+wsl0+qXRk/PDOn
 =6kCH
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-3' into debian

Conflicts:
	debian/control
	Merged postinst scripts from hw42 and nrgaway
2014-11-05 04:35:23 +01:00
Marek Marczykowski-Górecki
e4e7176a16 Merge remote-tracking branch 'nrgaway/debian' into debian 2014-11-05 04:24:41 +01:00
HW42
63e915f6d4 Tag for commit 5d68e2cc70
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
aad0d4d57a Reenable imsettings service
It is required for some languages (Chinese for example).
2014-11-01 00:29:14 +01:00
Jason Mehring
3366af3f55 Change condition test to compare to a link "-L" 2014-10-31 01:56:19 -04:00
Marek Marczykowski-Górecki
0613a58961 Improve handling of .desktop files
Instead of directly using Exec= line, parse the file (at the launch
time) with Gio library. The main reason for this change is to handle
Terminal= option, but generally this approach should be more
bulletproof, especially when some fancy options are present in desktop
files.
2014-10-27 12:25:45 +01:00
Marek Marczykowski-Górecki
be266a00dd Include /rw in the package
On Fedora it was created in %post, but on Debian not. Unify it to simply
provide the directory as standard package content.
2014-10-19 04:38:16 +02:00
Marek Marczykowski-Górecki
7339dd1ece Introduce qubes.SetDateTime service for time synchronization
It would be called by qvm-sync-clock instead of 'date' directly. This
gives a lot of flexibility - VM can control whether it want to sync time
this way. For now slight corrections (+-2sec) are ignored to not cause
problems by frequent time changes. But it can be easily extended to
refuse time sync when some other mechanism is used.
2014-10-01 05:40:23 +02:00
Marek Marczykowski-Górecki
4bccdb0ba5 Use systemd mechanism for loading kernel modules (when available)
One more thing done in more generic way (not Fedora-specific).
2014-09-29 21:31:10 +02:00
HW42
0d0261d1c1 improve update of /etc/hosts
* use 127.0.1.1 under debian (since it's the default there)
 * also set the IPv6 loopback address (::1) since some tools tries to
   AAAA resolve the hostname (for example sendmail)
 * ensure proper /etc/hosts format through postinst-script (hostname as
   last entry)
2014-09-29 05:25:32 +02:00
Marek Marczykowski-Górecki
3f19c89301 Rename qubes-yum-proxy service to qubes-updates-proxy
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
2014-09-27 00:32:52 +02:00
Marek Marczykowski-Górecki
1e842c985d fedora: workaround slow system shutdown (#852)
It looks to be related to this report:
https://bugzilla.redhat.com/show_bug.cgi?id=1088619
Workaround idea was from comment 37.

The hanging process in Qubes VM is most likely dconf-service, but there
is a lot of possible causes. To start with a non-standard method of
accessing the X session (no real login manager, processes started by
qrexec-agent). So instead of wasting a lot of time on digging through
gnome services, simply shorten the stop timeout - the processes would be
killed anyway.
2014-09-24 14:17:24 +02:00
Marek Marczykowski-Górecki
6361ea4c95 rpm: mark config files with %config(noreplace) 2014-07-23 04:45:11 +02:00
Marek Marczykowski-Górecki
fd42d99803 dispvm: close all windows after apps prerun (#872)
Killing Xorg makes "unclean" termination of applications. Some apps
(Firefox) complains about that at next startup.
2014-07-04 18:51:02 +02:00
Marek Marczykowski-Górecki
eeb66ad8e9 rpm: enable/disable services when corresponding packages got installed
Otherwise when someone installed NetworkManager after qubes-core-vm (for
example in "minimal" template), it will not be configured correctly.
2014-07-04 18:48:35 +02:00
Marek Marczykowski-Górecki
25557fa158 rpm: enable haveged service by default (#673) 2014-07-04 12:00:54 +02:00
Marek Marczykowski-Górecki
0cf2a713b9 rpm: require generic "desktop-notification-daemon" not a specific one 2014-07-03 02:05:39 +02:00
Marek Marczykowski-Górecki
486b148a08 Configure only installed programs 2014-05-22 01:31:43 +02:00
Marek Marczykowski-Górecki
923af1c94b Hide nm-applet icon earlier (#857)
Since d660f260b8 icon is hidden during VM
startup for non-netvm. Because qubes-session handles tasks sequentially,
move that one earlier to not scary the user with ghost icon.
2014-05-15 01:27:31 +02:00
Marek Marczykowski-Górecki
fe69bba14b rpm: remove /lib/firmware/updates link
It is no longer needed and currently broke linux-firmware package
installation.
2014-05-12 00:37:22 +02:00
Wojciech Zygmunt Porczyk
40fcbdebaa misc: do not display file preview by default (#813) 2014-05-08 14:17:24 +02:00
Marek Marczykowski-Górecki
5912ea4330 rpm: fix notification-daemon setup 2014-04-23 01:54:28 +02:00
Marek Marczykowski-Górecki
12080a42a2 rpm: do not disable abrt-applet autostart 2014-04-23 01:31:57 +02:00
Marek Marczykowski-Górecki
3b55facb2e Update repo file for R2rc1 repo 2014-04-10 04:08:49 +02:00
Marek Marczykowski-Górecki
a4fc4822ef dom0-updates: use yum --downloadonly instead of yumdownloader
This better handles dependencies (especially of "Obsolete:" type).
Unfortunately yum install/upgrade checks if running as root. Because we
are only downloading packages, using local "system root" (--installroot
option) no real root access is requires, so use fakeroot to mute yum
error.
2014-03-28 06:52:31 +01:00
Marek Marczykowski-Górecki
fe64539789 Implement "Move to VM" action (#725) 2014-03-24 05:19:16 +01:00
Marek Marczykowski-Górecki
226282bd90 rpm: enable notification-daemon
Without it explicitly enabled, notify-send (used by qubes-firewall) does
nothing.
2014-02-22 01:24:13 +01:00
Marek Marczykowski-Górecki
8acad1b78d rpm: disable (standard) pulseaudio autostart on its upgrade
Not only on initial template installation.
2014-02-08 10:22:28 +01:00
Marek Marczykowski-Górecki
3cc9d0f329 Merge branch 'appicons'
Conflicts:
	rpm_spec/core-vm.spec
2014-02-07 05:50:07 +01:00
Marek Marczykowski-Górecki
ededdf32ec rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
Note that R: will be generated automatically (on library name).
2014-02-07 05:36:22 +01:00