qubes-core-agent (3.2.4-1) wheezy; urgency=medium [ Patrick Schleizer ] * fix indent [ Marek Marczykowski-Górecki ] * dom0-updates: use dnf when available * Prefer 'dnf' over 'yum' for template update [ unman ] * Fall back to gnome utilities if kdialog not present [ Marek Marczykowski-Górecki ] * travis: initial version -- Marek Marczykowski-Górecki Sun, 05 Jun 2016 22:10:58 +0200 qubes-core-agent (3.2.3-1) wheezy; urgency=medium * Cleanup R3.1->R3.2 transitional package * Update repository definitions for R3.2 -- Marek Marczykowski-Górecki Wed, 18 May 2016 23:43:22 +0200 qubes-core-agent (3.2.2-1) wheezy; urgency=medium * systemd: order units checking for qubes-service after qubes-sysinit * qvm-open-in-vm: escape URL when wrapping it in HTML * Implement qubes.OpenURL service instead of wrapping URLs in HTML -- Marek Marczykowski-Górecki Wed, 18 May 2016 03:00:12 +0200 qubes-core-agent (3.2.1-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * qubes-rpc: fix SVG icon scaling * Fix bind-dirs.sh path [ Olivier MEDOC ] * archlinux: fix remaining loginctl privilege issues with invalid pam.d configuration [ Marek Marczykowski-Górecki ] * Remove obsolete policy files [ Patrick Schleizer ] * fixed bind-dirs legacy import function * fixed sh syntax error * minor debug xtrace output -- Marek Marczykowski-Górecki Thu, 05 May 2016 00:05:13 +0200 qubes-core-agent (3.2.0-1) wheezy; urgency=medium [ Patrick Schleizer ] * disable systemd-timesyncd [ Marek Marczykowski-Górecki ] * qrexec: write service stderr to both syslog and caller * qrexec: hide timing debug messages in vm-file-editor [ Patrick Schleizer ] * do not start the Tor service inside Qubes TemplateVMs * work on bind-dirs https://phabricator.whonix.org/T414 * work on bind-dirs * work on bind-dirs * renamed: misc/bind-dirs -> vm-systemd/bind-dirs * renamed: bind-dirs -> bind-dirs.sh * run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh * use symlink_level_max rather than hardcoding 10; comment * also exit from bind-directories if file /var/run/qubes-service/qubes- dvm exists * fixed broken file copy for files in multi level directories * refactoring / code simplification [ Rusty Bird ] * qvm-move-to-vm: Remove duplicated code * qvm-move-to-vm: Use '--' before file arguments * Use && in qvm-move-to-vm [ Andrew ] * Use proper space-expanded tabs, as per the coding guidelines. * Move usage information printing to separate function, and print usage to stderr; also added some spacing. * Use proper quoting around variables. * Properly handle case of empty domain name. [ Marek Marczykowski-Górecki ] * rpm: Add bind-dirs.sh to spec file * qubes.SuspendPreAll and qubes.SuspendPostAll services * qrexec: unify service environment preparation [ Patrick Schleizer ] * use 'true' rather than ':' for consistency * minor indent [ Rusty Bird ] * Remove exec in last line of qvm-copy-to-vm [ Marek Marczykowski-Górecki ] * qrexec: add service argument support * network: run setup-ip only on xen frontend interfaces -- Marek Marczykowski-Górecki Tue, 29 Mar 2016 14:41:34 +0200 qubes-core-agent (3.1.14-1) wheezy; urgency=medium * network: use `qubes-primary-dns` QubesDB entry if present -- Marek Marczykowski-Górecki Mon, 07 Mar 2016 13:47:01 +0100 qubes-core-agent (3.1.13-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * sysinit: Accept also old xenbus kernel interface [ adrianx64 ] * Proposed solution for issue #1657 [ Marek Marczykowski-Górecki ] * Move opening file viewer/editor into separate shell script * qubes-open: switch from mimeopen to xdg-open [ Olivier MEDOC ] * update qubes.InstallUpdateGUI to support archlinux * archlinux: add gcc and make as make dependencies * implement update proxy support for archlinux * archlinux: add Qubes Markers in pacman.conf so that changes done by qubes scripts are not inserted at the end of pacman.conf * archlinux: properly add qubes markers in pacman.conf * update-proxy: use curl instead of wget in archlinux in order to limit additional dependencies -- Marek Marczykowski-Górecki Mon, 08 Feb 2016 05:07:39 +0100 qubes-core-agent (3.1.12-1) wheezy; urgency=medium * Unload USB controllers drivers in USB VM before going to sleep * Do not try to signal NetworkManager before suspend if it isn't running -- Marek Marczykowski-Górecki Mon, 11 Jan 2016 21:59:34 +0100 qubes-core-agent (3.1.11-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * dom0-updates: add a message explaining yum deprecated warning [ noname ] * archlinux: Added python{2,3} as dependency. Solved python22 bug. [ Marek Marczykowski-Górecki ] * Fix time sync service -- Marek Marczykowski-Górecki Thu, 07 Jan 2016 05:52:35 +0100 qubes-core-agent (3.1.10-1) wheezy; urgency=medium * network: use more strict policy about incoming traffic * debian: add missing python-gtk2 dependency -- Marek Marczykowski-Górecki Thu, 31 Dec 2015 02:58:29 +0100 qubes-core-agent (3.1.9-1) wheezy; urgency=medium * dnf: drop shebang, it isn't standalone script * Package DNF plugin for both python2 and python3 * dom0-updates: fix reporting when no updates are available -- Marek Marczykowski-Górecki Sat, 26 Dec 2015 14:24:00 +0100 qubes-core-agent (3.1.8-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * open-in-vm: Fix path to mimeinfo database [ Olivier MEDOC ] * archlinux: fix invalid systemd path in make install directive * archlinux: remove quotes when checking system locales (in case it has been user defined) [ MB ] * [network-proxy-setup] Permit !CONFIG_MODuLES [ Rusty Bird ] * repo description: updates-testing -> security-testing [ Marek Marczykowski-Górecki ] * debian: add security-testing repository [ Olivier MEDOC ] * archlinux: ensure systemctl reset preset correctly (need to be started twice) [ Marek Marczykowski-Górecki ] * updates-proxy: restart on network configuration change to reload DNS -- Marek Marczykowski-Górecki Sun, 20 Dec 2015 03:12:39 +0100 qubes-core-agent (3.1.7-1) wheezy; urgency=medium * updates-proxy: explicitly block connection looping back to the proxy IP -- Marek Marczykowski-Górecki Fri, 04 Dec 2015 15:32:14 +0100 qubes-core-agent (3.1.6-1) wheezy; urgency=medium * Revert "network: use drop-ins for NetworkManager configuration (#1176)" -- Marek Marczykowski-Górecki Sun, 29 Nov 2015 00:34:34 +0100 qubes-core-agent (3.1.5-1) wheezy; urgency=medium [ Patrick Schleizer ] * clean up /etc/tinyproxy/filter-updates [ Olivier MEDOC ] * updates-proxy: remove remaining traces of proxy filtering file from Makefile * rpm_spec: declare InstallUpdateGUI qrexec_service * archlinux: enforce minimum versionning of qubes-utils [ Patrick Schleizer ] * Prevent services from being accidentally restarted by `needrestart`. * Have qubes-sysinit create /var/run/qubes VM type files. [ Marek Marczykowski-Górecki ] * Package needrestart config only for Debian * debian: reformat Build-Depends: * debian: update build-depends for split qubes-utils package * backup: Use 'type' instead of 'which' to prevent unnecessary dependency -- Marek Marczykowski-Górecki Sat, 28 Nov 2015 14:48:33 +0100 qubes-core-agent (3.1.4-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * Minor improvements to packaging (based on rpmlint) [ Patrick Schleizer ] * removed confusing comments * minor indent * No longer start /etc/init.d/tinyproxy by default anymore. [ Marek Marczykowski-Górecki ] * Revert "preset disable tinyproxy by default" [ Patrick Schleizer ] * minor, removed trailing space * Improved upgrade notifications sent to QVMM. * fixed inverted logic issue in upgrades-installed-check * misc/upgrades-installed-check: handle apt-get errors [ Marek Marczykowski-Górecki ] * Explicitly fail upgrades-installed-check on other distributions [ qubesuser ] * Allow to provide customized DispVM home directly in the template VM [ Marek Marczykowski-Górecki ] * network: let NetworkManager configure VM uplink, if enabled * Use improved update-notify script also in Fedora * Implement qubes.InstallUpdatesGUI qrexec service * Really fix update-proxy rules for debian security fixes repo * updates-proxy: disable filtering at all * network: disable proxy_arp -- Marek Marczykowski-Górecki Sun, 15 Nov 2015 04:29:29 +0100 qubes-core-agent (3.1.3-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * network: forward TCP DNS queries [ Patrick Schleizer ] * removed trailing spaces * Renamed qubes-mount-home to qubes-mount-dirs. [ Marek Marczykowski-Górecki ] * qrexec: implement buffered write to a child stdin [ Olivier MEDOC ] * archlinux: update packaging and install script to use systemd DROPINs * archlinux: force running scripts with python2 even when /usr/bin/env is used * archlinux: readd notification-daemon as a dependency * archlinux: readd lines removed by error during merge [ Patrick Schleizer ] * disable leaking TCP timestamps by default [ Marek Marczykowski-Górecki ] * rpm: add /etc/sysctl.d/20_tcp_timestamps.conf * rpm: remove duplicated entry [ Patrick Schleizer ] * cleanup /etc/apt/apt.conf.d/00notiy-hook on existing systems [ erihe251 ] * Small language fixes * Update qubes.sudoers [ Marek Marczykowski-Górecki ] * Require new enough qubes-utils package for updated libqrexec-utils * debian: install locales-all instead of custom locales generation * makefile: cleanup help message * Setup updates proxy in dnf and PackageKit * backup: fix handling backup filename with spaces * backup: improve exit code reporting [ Rusty Bird ] * qfile-unpacker: Avoid data loss by checking for child errors [ Marek Marczykowski-Górecki ] * appmenus: ignore entries with NoDisplay=true * qfile-agent: move data handling code to libqubes-rpc-filecopy [ yaqu ] * Replacing "sleep 365d" with "sleep inf" [ Marek Marczykowski-Górecki ] * No longer disable auditd * dom0-updates: prefer yum-deprecated over dnf * fedora: Add skip_if_unavailable=False to Qubes repositories [ Olivier MEDOC ] * add DROPINS for org.cups.cupsd systemd files. * dropins: make current systemd dropins specific to systemd-system in order to introduce dropins for systemd-user * dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking [ Marek Marczykowski-Górecki ] * qrexec: add some comments, minor improvement in readability * qrexec: use #define for protocol-specified strings * dracut: disable hostonly mode * dom0-updates: use yum-deprecated instead of dnf in all calls * updates-proxy-setup: use temporary file for config snippet * Implement dnf hooks for post-update actions * fedora: do not require/use yum-plugin-post-transaction-actions in F>=22 * Get rid of qubes-core-vm-kernel-placeholder * systemd: make sure that update check is started only after qrexec- agent * dom0-updates: do not use 'yum check-update -q' * Bump qubes-utils version requirement [ Patrick Schleizer ] * preset disable tinyproxy by default [ Marek Marczykowski-Górecki ] * updates-proxy: use separate directory for PID file -- Marek Marczykowski-Górecki Wed, 11 Nov 2015 06:29:21 +0100 qubes-core-agent (3.1.2-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * Enlarge /tmp and /dev/shm * network: use own iptables service instead of repurposing existing one [ Patrick Schleizer ] * removed iptables-persistent from Depends to improve usablity (avoid redundant debconf question) [ Marek Marczykowski-Górecki ] * debian: disable netfilter-persistent.service * Adjust progress message on file move operation * Run 'ldconfig' to update /usr/local/lib* cache, if applicable * updates-proxy: Disable 'Via: tinyproxy' header * Cleanup R3.0->R3.1 transitional package * network: use drop-ins for NetworkManager configuration (#1176) * network: fix 'qubes-uplink-eth0' NetworkManager connection (#1280) [ Patrick Schleizer ] * minor [ HW42 ] * qubes-random-seed: feed kernel rng with randomness from dom0 * reload qubes-random-seed when restoring DispVM [ Marek Marczykowski-Górecki ] * systemd: actually enable qubes-random-seed service * sysvinit: load random seed from dom0 provided data * Use 'type' instead of 'which' to prevent unnecessary dependency * Add missing R: dconf to hide nm-applet when not used * dom0-updates: Fix showing package list when --check-only option was used * dom0-updates: check "yum check-update" exit code, not only its output * dom0-updates: fix hostname in error message -- Marek Marczykowski-Górecki Sun, 11 Oct 2015 03:00:00 +0200 qubes-core-agent (3.1.1-1) wheezy; urgency=medium * Update repository definition for r3.1 -- Marek Marczykowski-Górecki Tue, 29 Sep 2015 16:55:35 +0200 qubes-core-agent (3.1.0-1) wheezy; urgency=medium [ Patrick Schleizer ] * Allow passwordless login for user "user" (when using 'sudo xl console'). * Allow passwordless login for user "user" (when using 'sudo xl console') for images being upgraded. * show error msg if qubes.ReceiveUpdates failed [ qubesuser ] * qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA [ Patrick Schleizer ] * added missing dependency python-dbus to 'Depends:' [ Marek Marczykowski-Górecki ] * rpm: add dbus-python dependency [ qubesuser ] * qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA * qubes-rpc: fix icon selection using pyxdg and support SVG icons [ Patrick Schleizer ] * fixed 'Debian 8 apt.config.d misconfiguration' * added missing dependency xserver-xorg-dev * - Prevent 'su -' from asking for password in Debian [based] templates. Thanks to @unman and @marmarek for suggesting the fix! Fixes https://github.com/QubesOS/qubes-issues/issues/1128. - Changed 'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is), Debian)' to make the build work outside of Qubes Builder as well. * Fixed /etc/pam.d/su.qubes. (Moved line 'auth sufficient pam_permit.so' up. May not be low '@include' lines.) * fix typo -- Marek Marczykowski-Górecki Tue, 29 Sep 2015 16:39:55 +0200 qubes-core-agent (3.0.16-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * debian: remove SELinux disabling code * Revert "qubes-desktop-run: Activate via DBUS when desktop file contains DBusActivatable" * qubes-desktop-run: start the Dbus service (if needed) [ Patrick Schleizer ] * added pulseaudio-kde and spice-vdagent to qubes-trigger-desktop- file-install [ Jason Mehring ] * debian: Move python-xdg to depends section in debian/control * sudoers.d: Stops QT from using the MIT-SHM X11 Shared Memory Extension [ Rusty Bird ] * Mount /dev/xvdb with fs type "auto" [ Marek Marczykowski-Górecki ] * Move .desktop launching code to python moules so it can be reused * Implement dropins for /etc/xdg/autostart (#1151) * Remove dynamically generated autostart desktop files * qubes-session-autostart: do not abort the whole process on invalid file * qubes-desktop-run: don't crash on Debian wheezy (glib < 2.36) * debian: fix /dev permissions on upgrade * systemd: fix starting cups * debian: depend on gawk * Fix show-hide-nm-applet.desktop - use OnlyShowIn=X-QUBES [ Patrick Schleizer ] * moved python-xdg from Recommends to Depends -- Marek Marczykowski-Górecki Thu, 03 Sep 2015 02:45:30 +0200 qubes-core-agent (3.0.15-1) wheezy; urgency=medium * debian: remove `Recommends: chrony` -- Marek Marczykowski-Górecki Sat, 08 Aug 2015 23:23:38 +0200 qubes-core-agent (3.0.14-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * kernel-placeholder: prevent xl2tpd from pulling kernel packages * qubes-core-vm-kernel-placeholder 1.0-3 [ Olivier MEDOC ] * archlinux: update dependency list based on .spec file * archlinux: reorganize install script to make it more easily compareable with the .spec file * archlinux: fix syntax errors in install file [ Marek Marczykowski-Górecki ] * debian: fix permissions of /var/lib/qubes/dom0-updates [ Patrick Schleizer ] * also inform in cli if no new updates are available [ Olivier MEDOC ] * archlinux: pulseaudio should be configured in gui agent and will break installation of pulseaudio if installed in core-agent-linux * archlinux: enabled configuration of all core agent dependencies * archlinux: ensure python2 is used for all scripts and fix dependencies for qubes-desktop-run [ Jason Mehring ] * debian: Renamed incorrect filename: 00notiy-hook -> 00notify-hook * debian: Comment out deb-src line in qubes-r3.list * Use 'which' to locate fuser since fuser path is different in Fedora and Debian * debian: Change triggers to use `interest-await` (execute triggers after all packages installed) * Remove '.service' from systemd enable loop as unit_name already contains .service in name * debian: remove cups/print-applet triggers * debian: Added cups, system-config-printer to Recommends * Makefile: Add systemd drop-in support which include conditionals to prevent services from starting * fedora: Add systemd drop-in support which include conditionals to prevent services from starting * debian: Add systemd drop-in support which include conditionals to prevent services from starting * Re-aranged qubes-vm.preset to indicate which services are specificly for Fedora only * vm-systemd: Add systemd drop-in support which include conditionals to prevent services from starting [ Marek Marczykowski-Górecki ] * archlinux: remove installOverridenServices as now handled by systemd dropins * fedora: do not own dropins directories * fedora: simulate preset-all only on first install, not upgrade * fedora: fix default locale generation * qrexec: fix exit code from qrexec-client-vm * qrexec: make sure that all the pipes/sockets are closed on cleanup [ Jason Mehring ] * qubes-desktop-file-install: Manages xdg desktop entry files * debian: Reformat depends in control for better readability * debian: qubes-desktop-file-install: Add misssing depend to contol * debian: Switch to using org.mate.NotificationDaemon by default to eliminate popups not closing * fedora: Use 'slider' org.mate.NotificationDaemon theme * qubes-desktop-run: Activate via DBUS when desktop file contains DBusActivatable [ Marek Marczykowski-Górecki ] * Move `/usr/share/qubes/xdg` to `/var/lib/qubes/xdg` [ Patrick Schleizer ] * fixed "in place upgrade issue - base-passwd debconf interative question asks 'Remove group "qubes"'" * fixed "in place upgrade issue - base-passwd debconf interative questi…on asks 'Remove group "qubes"'" for existing users -- Marek Marczykowski-Górecki Sat, 08 Aug 2015 04:16:52 +0200 qubes-core-agent (3.0.13-1) wheezy; urgency=medium * fedora: ensure that /etc/sysconfig/iptables exists (Fedora 20) * fedora/systemd: fix service enabling code * network: use iptables-restore instead of iptables --wait * network: guard iptables call with manual lock * network: disable tx csum offload on vif interfaces -- Marek Marczykowski-Górecki Wed, 01 Jul 2015 07:05:53 +0200 qubes-core-agent (3.0.12-1) wheezy; urgency=medium * dom0-updates: make the tool working on Debian * fedora, debian: make sure that default locale is generated * rpm: improve setting iptables rules * Do not override file pointed by /etc/localtime symlink -- Marek Marczykowski-Górecki Tue, 23 Jun 2015 20:06:22 +0200 qubes-core-agent (3.0.11-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * debian: fix apt sources.list generation (missing debian version field) [ Jason Mehring ] * Set a default locale if missing -- Marek Marczykowski-Górecki Thu, 11 Jun 2015 04:06:26 +0200 qubes-core-agent (3.0.10-1) wheezy; urgency=medium * rpm: ensure that all the services are enabled after upgrade * qrexec: do not show message about missing fork-sever - it isn't an error * rpm: add missing dependencies -- Marek Marczykowski-Górecki Tue, 02 Jun 2015 11:20:18 +0200 qubes-core-agent (3.0.9-1) wheezy; urgency=medium [ Jason Mehring ] * debian: Only notify dom0 on apt-get post hook; don't update package index * debian: Allow apt-get post hook to fail gracefully (won't work in chroot) [ Marek Marczykowski-Górecki ] * appmenus: hide message about missing /usr/local/share/applications * qrexec: prefer VM-local service file (if present) over default one * rpm: mark service files as configuration to not override user changes -- Marek Marczykowski-Górecki Fri, 15 May 2015 03:27:58 +0200 qubes-core-agent (3.0.8-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * Use iptables --wait only when it is supported [ Jason Mehring ] * debian: Update notification now notifies dom0 when an upgrade is completed -- Marek Marczykowski-Górecki Tue, 28 Apr 2015 12:51:48 +0200 qubes-core-agent (3.0.7-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * debian: install qubes-download-dom0-updates.sh * prepare-dvm: fix bashism * network: wait for iptables lock instead of aborting * rpm: cleanup R2->R3.0 transitional package [ Jason Mehring ] * whonix: Added protected-files file used to prevent scripts from modifying files that need to be protected * Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected- files.d -- Marek Marczykowski-Górecki Sat, 25 Apr 2015 02:36:55 +0200 qubes-core-agent (3.0.6-1) wheezy; urgency=medium * qrexec: do not reset umask to 077 for every started process * rpm/systemd: do not use preset-all during package upgrade * systemd: disable avahi-daemon and dnf-makecache * dispvm: do not start GUI apps during prerun * Fix resizing of /rw partition (private.img) * Minor fixes in mount-home.sh -- Marek Marczykowski-Górecki Sat, 11 Apr 2015 03:40:57 +0200 qubes-core-agent (3.0.5-1) wheezy; urgency=medium * systemd: use presets to enable services, call preset-all * systemd: install overridden unit file for chronyd -- Marek Marczykowski-Górecki Tue, 07 Apr 2015 14:58:36 +0200 qubes-core-agent (3.0.4-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * qrexec: try to recover from fork-server communication error * rpm: add missing BuildRequires: libX11-devel * debian: fix handling SysV units in disableSystemdUnits * debian: update NetworkManager configuration [ Wojtek Porczyk ] * qubes-rpc-multiplexer: deprecate /etc/qubes_rpc, allow /usr/local * sudoers: do not require TTY [ Marek Marczykowski-Górecki ] * Update repository definition: r3 -> r3.0 -- Marek Marczykowski-Górecki Thu, 02 Apr 2015 00:55:09 +0200 qubes-core-agent (3.0.3-1) wheezy; urgency=medium * Enable updates repos by default -- Marek Marczykowski-Górecki Fri, 27 Mar 2015 01:24:43 +0100 qubes-core-agent (3.0.2-1) wheezy; urgency=medium [ Marek Marczykowski-Górecki ] * debian: fix version number * backup: fix qubes.Restore service - do not send garbage as backup data [ Jason Mehring ] * debian: Add extend-diff-ignore options to debian packager [ Marek Marczykowski-Górecki ] * qrexec: fork into background after setting up qrexec-fork-server socket * Fix "backup: fix qubes.Restore service - do not send garbage as backup data" [ Jason Mehring ] * Switched qvm-move-to-vm.{gnome,kde} scripts to use bash not sh * Removed nautilus-actions depend and replaced with nautilus-python * Removed code that deleted original nautilus actions [ Marek Marczykowski-Górecki ] * fc21: fix DispVM preparation - Xorg has new name * dispvm: kill all process after populating caches * dispvm: start gui agent early, do not kill Xorg * dispvm: close only visible windows during DispVM preparation * Move mounting /rw and /home to separate service * dispvm: use qubes.WaitForSession to wait for gui-agent startup * dispvm: include memory caches in "used memory" notification * dispvm: do not restart qubesdb-daemon, use watch instead * qrexec: simplify makefile * qrexec: handle data vchan directly from qrexec-client-vm * qrexec: return remote process status as qrexec-client-vm exit code * qrexec: better handle remote process termination * qrexec: do not break connection on duplicated SIGUSR1 * qrexec: minor readability fix * qrexec: process vchan data queue (esp MSG_EXIT_CODE) before sending anything * qrexec: add option to use real stdin/out of qrexec-client-vm * qrexec: do not leak FDs to logger process * qrexec: execute RPC service directly (without a shell) if it has executable bit set * qrexec: get rid of shell in services using EOF for any signaling * qrexec: move qrexec-client-vm to /usr/bin * Add support for comments in qubes-suspend-module-blacklist * Create filesystem if the private.img is empty * Provide stub files in /rw/config * qrexec: fix compile warning * qrexec: do not wait for local process if no one exists * qrexec: enable compiler optimization * Do not load xen-usbfront automatically * fedora: override iptables configuration on initial installation * Update comments and xenbus intf in startup scripts regarding vchan requirements * dom0-update: allow to specify custom yum action -- Marek Marczykowski-Górecki Thu, 26 Mar 2015 23:56:25 +0100 qubes-core-agent (3.0.1-1) jessie; urgency=medium [ Marek Marczykowski-Górecki ] * Reenable imsettings service * systemd: fix xenstore-ls path [ Jason Mehring ] * Allow hyphenated distro names in tinyproxy filter * Change condition test to compare to a link "-L" * debian: add xen-utils-common as a dependancy to allow Debian proxies * debian: Added maintainers scripts (pre / postinit + rm) - Currently in debug mode * debian: preinst needs a group and force no password entry on adduser * debian: Added less restrictive filter option for debian packages Sites like sourceforge append ?downloadxxx to end * debian: added new depends * debian: force shell to be bash since its default is dash and many qubes scripts rely on bash and will break in dash and added tinyproxy user [ HW42 ] * move fedora specific stuff to install-rh target * don't track debina/files (since it is autogenerated) * use systemd in debian * install iptables/forwarding for debian * various patches for debian * improve update of /etc/hosts * make source.list multiarch compatible * add xserver-xorg-video-dummy to the dependencies list of qubes-core- agent * dispvm-presun.sh needs bash * use sleep instead os usleep since it is more portable * debian: chown /home_volatile/user in posinst * fix xenstore-read path in network-proxy-setup.sh for debian * debian: add dependency on xen-utils since it's needed for proxy/netvm * debian: add support for qubes appmenus [ Marek Marczykowski-Górecki ] * debian: fix initialization of /etc/hosts [ Jason Mehring ] * debian: set -e added in place of set -x * debian: Made debian proxy filter rules more restrictive * debian: Cleanup * debian: Prepend package name to maintainers scripts * debian: Add qubes-update-check for Debian * debian: Revert back to original NetworkManager, ModemManager service names * debian: apt-get needs to update first * debian: Remove absolute path to xenstore-* * debian: Added more dependancies * debian: Added postrm disable of other Qubes packages * debian: Added all other outstanding triggers contained in rpm_spec as well as triggers if other packages get installed at a later date the configurations will run on them * debian: removed commented out depends * debian: Added more error reporting to track down any missing dependancies * debian: More depends for debian as netvm and some configuration tweaks. [ Marek Marczykowski-Górecki ] * network: do not use ifcfg-rh NM plugin * network: fix NM uplink config permissions [ Jason Mehring ] * debian: Add new notification agent depends; remove other * debian: Added functionality to move desktop entry config files to /usr/share/qubes/xdg/autostart to preserve originals * debian: Wrong variable name was used to create /usr/share/qubes/xdg/autostart [ Marek Marczykowski-Górecki ] * Fix compile flags order (-lX11 moved to the end) [ Jason Mehring ] * debian: Updated tinyproxy filter rules * debian: Don't display systemd info in chroot since systemd show does not work in chroot [ Marek Marczykowski-Górecki ] * network: fix indentation * Fix disabling nm-applet when NM is disabled * debian: create tinyproxy as system user * debian: fix generation of apt sources list file * debian: add missing python-gi to dependencies * debian: remove obsolete code from postinst script * debian: fix service name in postinst script * Update update-proxy rules for debian security fixes repo [ HW42 ] * debian: move not strictly required packages to Recommends-Section. * debian: remove unneeded acpid dependency [ Marek Marczykowski-Górecki ] * network: set uplink configuration based on MAC (NetworkManager) * network: fix NM config preparation [ Jason Mehring ] * fc21: iptables configurations conflict with fc21 yum package manager * fc21: Remove left-over code comment [ Marek Marczykowski-Górecki ] * fedora: Add security-testing repo definition * filecopy: prevent files/dirs movement outside incoming directory during transfer * fedora: Fix iptables config install script * fedora: Fix iptables config installation one more time [ HW42 ] * don't ignore asprintf() return value [ Marek Marczykowski-Górecki ] * network: support for not setting DNS and/or default gateway [ Olivier MEDOC ] * archlinux: fix new packaging requirements related to sbin, lib64, run ... * archlinux: align with fedora changes related to imsettings [ Marek Marczykowski-Górecki ] * fedora: reduce code duplication in systemd triggers * fedora: reload systemd only once * systemd: allow to start cron daemon (#909) * filecopy: fallback to "open(..., 000)" method when /proc inaccessible * network: support for not setting DNS and/or default gateway (v2) * rpm: add missing R: pygobject3-base [ HW42 ] * debian: fix for QSB #014 requires up to date qubes-utils * debian: postinst: use systemctl mask * debian: postinst: use dpkg-divert * debian: don't generate regular conf files in postinst * debian: postinst: don't remove /etc/udev/rules.d/* * debian: postinst: don't create /rw - it is already part of the package * debian: postinst: use systemctl to set default target * debian: postinst: remove fedora specific code * debian: postinst: enable netfilter-persistent service * debian: postinst: cleanup * debian: postinst: don't start systemd services * debian: postinst: enable haveged only if installed * debian: postinst: remove redundant and misleading trigger output * debian: install fstab as normal config file * debian: preinst: remove modification of /etc/modules * remove 'bashisms' or explicit use bash * debian: preinst: don't force the default shell to bash * debian: prerm: remove obsolete code * debian: preinst: cleanup user creation [ Wojtek Porczyk ] * spec: require linux-utils-3.0.1 [ Matt McCutchen ] * Switch to preset file for systemd units to disable. * Make qvm-run bidirectional and document its limitations. [ Marek Marczykowski-Górecki ] * debian: change systemctl set-default back to manual symlink * network: fix handling newline in firewall rules * qrexec: use sockets instead of pipes to communicate with child process * qrexec: reorganise code for upcoming change * qrexec: add simple "fork server" to spawn new processes inside user session * Adjust permissions of /var/run/qubes [ Jason Mehring ] * debian: Remove 'exit 0' in maintainer section scripts to all other debhelpers (if any) to also execute * Add a qubes group and then add the user 'user' to the group * Remove 'xen.evtchn' udev rule * Set permissions to /proc/xen/privcmd, so a user in qubes group can access * debian: Converted debian package to a quilt package to allow patches * debian: Refactor Debian quilt packaging for xen * debian: Remove 'exit 0' in maintainer section scripts to all other debhelpers (if any) to also execute * Add a qubes group and then add the user 'user' to the group * Remove 'xen.evtchn' udev rule * Set permissions to /proc/xen/privcmd, so a user in qubes group can access * debian: Converted debian package to a quilt package to allow patches * debian: Revert depends back to use libxen-dev * debian: Move creation of directories into debian.dirs configuration file * debian: Remove dist target from Makefile as copy-in is now being used * debian: Remove unneeded patch file and README * Make sure when user is added to qubes group that the group is appended [ Marek Marczykowski-Górecki ] * qrexec: fix compile warning * debian: reenable -Werror, mentioned warning already fixed * debian: exclude binary packages from source archive * updates-proxy: allow xz compressed metadata (fc21) -- Marek Marczykowski-Górecki Tue, 17 Feb 2015 14:14:16 +0100 qubes-core-agent (3.0.0-1) jessie; urgency=medium [ Marek Marczykowski-Górecki ] * Improve handling of .desktop files * suspend: do not disable network frontend devices * Handle tabs in /etc/hosts [ Marek Marczykowski ] * Update for new vchan API * spec: add dependencies on vchan package (both R: and BR:) * load xen-gntalloc module required by libxenvchan * spec: get backend_vmm from env variable * rpm: fix typo * Use Qubes DB instead of Xenstore * systemd: fix qubes-service handling * dispvm: restart qubesdb at DispVM start [ Marek Marczykowski-Górecki ] * qrexec: remove dom0 targets from makefile * code style: replace tabs with spaces * qrexec: new protocol - direct data vchan connections * Use xenstore.h instead of xs.h * qrexec: register exec function * Update repos and keys for Qubes R3 -- Marek Marczykowski-Górecki Sat, 22 Nov 2014 16:24:17 +0100 qubes-core-agent (2.1.42) jessie; urgency=medium * firewall: show error message only on actual error * Avoid 100MB reserved space in private ext4 partition * gui-fatal: do not run as root * fedora: workaround slow system shutdown (#852) * Rename qubes-yum-proxy service to qubes-updates-proxy * Rename yum-proxy-setup service to updates-proxy-setup * updates-proxy: add rules for debian repositories (#887) * qrexec: check for setuid() error when calling zenity/kdialog * Use systemd mechanism for loading kernel modules (when available) * Add missing u2mfn module load * archlinux: modules-load.d handled now in generic files * debian: migrate to native systemd services * updates-proxy-setup: support setting proxy for apt (#887) * Introduce qubes.SetDateTime service for time synchronization * systemd: fix 'service' path * Include /rw in the package * debian: custom dh_auto_clean no longer needed -- Marek Marczykowski-Górecki Sat, 25 Oct 2014 01:49:58 +0200 qubes-core-agent (2.1.41) jessie; urgency=medium [ Marek Marczykowski-Górecki ] * dispvm: slow down "spinlock" while waiting for save/restore [ Olivier MEDOC ] * archlinux: add notification daemon * archlinux: follow fedora20 qubes agent improvement * archlinux: follow fedora20 qubes agent improvement * archlinux: enable/disable services when corresponding packages got installed [ Marek Marczykowski-Górecki ] * network: use the same gateway IP generation method as backend * Revert "network: use the same gateway IP generation method as backend" -- Marek Marczykowski-Górecki Fri, 15 Aug 2014 17:45:15 +0200 qubes-core-agent (2.1.40) jessie; urgency=medium [ Marek Marczykowski-Górecki ] * Fix compiler warnings. * Enable compiler optimization. * rpm: do not disable abrt-applet autostart * systemd: relax qubes-sysinit dependencies * systemd: reexec systemd to ensure right version is running * rpm: fix notification-daemon setup * archlinux: do not fail mount /usr/lib/modules if already mounted * version 2.1.34 * suspend: fix dbus-send invocation * qubes-rpc: log service stderr to syslog instead of sending to dom0 (#842) * version 2.1.35 [ Wojciech Zygmunt Porczyk ] * misc: do not display file preview by default (#813) [ Vincent Penquerc'h ] * vm-file-editor: remove temporary file on exit [ Marek Marczykowski-Górecki ] * rpm: remove /lib/firmware/updates link * Hide nm-applet icon earlier (#857) * Configure only installed programs * network: setup NM connection when its active in the ProxyVM * version 2.1.36 * Add --dispvm to qvm-run documentation * Fix formating * Do not start nm-applet at all when no NetworkManager running (#857) * version 2.1.37 * rpm: require generic "desktop-notification-daemon" not a specific one * rpm: enable haveged service by default (#673) * Do not start nm-applet at all when no NetworkManager running - update (#857) * rpm: enable/disable services when corresponding packages got installed * dispvm: close all windows after apps prerun (#872) * version 2.1.38 * systemd: do not reexec when not necessary * version 2.1.39 * rpm: mark config files with %config(noreplace) [ Davíð Steinn Geirsson ] * Split install target into install-common and install-rh, and add all target * Fix make clean target * Check for xenstore-read in /usr/sbin as well (default on debian) * Use xenstore.h instead of xs.h when xen >= 4.2 * Explicitly specify /bin/bash for Makefile SHELL, since it's required. * Initial debian packaging [ Marek Marczykowski-Górecki ] * debian: update deps * qrexec: fix loop bounds * gitignore * Fix bashism * gitignore: fix binary packages declaration * debian: add updates repo definition and key * debian: fix qfile-unpacker perms -- Marek Marczykowski-Górecki Mon, 28 Jul 2014 02:38:59 +0200 qubes-core-agent (2.1.33) jessie; urgency=low * Initial Release. -- Davíð Steinn Geirsson Mon, 21 Apr 2014 01:31:55 +0000