Commit Graph

1583 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
062f9920c4
version 3.0.26 2016-05-01 22:36:43 +02:00
Marek Marczykowski-Górecki
9b7b8d0891
network: run setup-ip only on xen frontend interfaces
Fixes QubesOS/qubes-issues#1882

(cherry picked from commit 00698173ed)
(cherry picked from commit d90e2b0cd7)
2016-05-01 21:50:05 +02:00
Marek Marczykowski-Górecki
a0c2377a02
qubes.SuspendPreAll and qubes.SuspendPostAll services
Those services are called just before/after host suspend.

Thanks @adrelanos for help.
Fixes QubesOS/qubes-issues#1663

(cherry picked from commit 7301a898a1)
(cherry picked from commit 7979e402f0)
2016-05-01 21:49:41 +02:00
Marek Marczykowski-Górecki
1fabb678e2
network: use qubes-primary-dns QubesDB entry if present
For a long time the DNS address was the same as default gateway. This is
still the case in R3.x, but using `qubes-gateway` configuration
parameter for it is misleading. It should be up to dom0 to provide DNS
address (whether the value is the same as gateway or not).

Fixes QubesOS/qubes-issues#1817

(cherry picked from commit fb9b3b62c0)
2016-05-01 21:46:05 +02:00
Marek Marczykowski-Górecki
a2b29a3ad2
version 3.0.25 2016-02-29 14:38:05 +01:00
Marek Marczykowski-Górecki
e9d1bc1710
dom0-updates: fix reporting when no updates are available
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.

Fixes QubesOS/qubes-issues#1475

(cherry picked from commit c46c1e4d2c)
2016-02-27 23:44:29 +01:00
adrianx64
e22e327939
Proposed solution for issue #1657
qvm-sync-appmenus fails when a shortcut have spaces in the file name #1657
(cherry picked from commit d3966b0f6c)
2016-02-27 23:43:25 +01:00
Marek Marczykowski-Górecki
5d7ad5383c
version 3.0.24 2016-01-15 12:35:13 +01:00
Marek Marczykowski-Górecki
f8251f5982
sysinit: Accept also old xenbus kernel interface
qubes-sysinit.sh waits for xenbus initialization by watching its
interface file presence. In linux before 3.10 there is no
/dev/xen/xenbus, which is the case in Debian 7 (3.2 kernel). The problem
applies only to the VMs with PVGrub enabled, because otherwise VM would
use dom0 privided kernel, which is much newer.

Fixes QubesOS/qubes-issues#1609

(cherry picked from commit fb470fe86f)
2016-01-14 04:54:47 +01:00
Marek Marczykowski-Górecki
1b1083b649
Do not try to signal NetworkManager before suspend if it isn't running
Sending dbus calls to a service which isn't running _and is blocked to
not be started_ would result in timeout, which would delay the whole
system suspend.

Fixes QubesOS/qubes-issues#1419

(cherry picked from commit cb5c457fba)
2016-01-14 04:54:41 +01:00
Marek Marczykowski-Górecki
850b917ffa
Unload USB controllers drivers in USB VM before going to sleep
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.

Fixes QubesOS/qubes-issues#1565

(cherry picked from commit d4c238c45e)
2016-01-14 04:54:36 +01:00
Marek Marczykowski-Górecki
17890dd003
Fix time sync service
It is expected to not output anything on stdout. Especially remote end
may be already terminated, so writing there would result in EPIPE.

Fixes QubesOS/qubes-issues#1592

(cherry picked from commit 0e062ff31e)
2016-01-14 04:54:22 +01:00
Marek Marczykowski-Górecki
e97e393ab1
dom0-updates: add a message explaining yum deprecated warning
Thanks @axon-qubes for the idea.

Fixes QubesOS/qubes-issues#1574

(cherry picked from commit c4ff490844)
2016-01-14 04:53:54 +01:00
Marek Marczykowski-Górecki
bafca3142d
debian: add missing python-gtk2 dependency
qvm-mru-entry requires it.

Fixes QubesOS/qubes-issues#1567

(cherry picked from commit 5a04fb34ed)

Conflicts:
	debian/control
2016-01-14 04:53:52 +01:00
Marek Marczykowski-Górecki
6e2ab31687
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529

(cherry picked from commit 2478cb5c05)

Conflicts:
	rpm_spec/core-vm.spec
2016-01-14 04:51:26 +01:00
Marek Marczykowski-Górecki
6f10143000
dnf: drop shebang, it isn't standalone script
QubesOS/qubes-issues#1529

(cherry picked from commit 8f0a024f6d)
2016-01-14 04:48:26 +01:00
Marek Marczykowski-Górecki
a3a2130fe4
version 3.0.23 2015-12-20 04:15:56 +01:00
Marek Marczykowski-Górecki
96bcad91d1
updates-proxy: restart on network configuration change to reload DNS
Apparently tinyproxy does not notice /etc/resolv.conf change, so need to
be kicked to reload it.

Fixes QubesOS/qubes-issues#1530

(cherry picked from commit 4e3076f0b6)
2015-12-20 04:15:00 +01:00
Rusty Bird
fb7942145d
repo description: updates-testing -> security-testing
(cherry picked from commit 3238eab85f)

Conflicts:
	misc/qubes-r3.repo
2015-12-20 04:14:34 +01:00
Marek Marczykowski-Górecki
6edca6d250
open-in-vm: Fix path to mimeinfo database
There was missing "/mime" in entry for user home.

QubesOS/qubes-issues#1490

(cherry picked from commit 169c389339)
2015-12-20 04:13:52 +01:00
Marek Marczykowski-Górecki
03097a319e
backup: Use 'type' instead of 'which' to prevent unnecessary dependency
This fixes using minimal-template based VMs to store/retrieve backup.

(cherry picked from commit 5157d9822e)
2015-12-20 04:13:34 +01:00
Marek Marczykowski-Górecki
b6c94313c8
Package needrestart config only for Debian
On Fedora there is no such package.

(cherry picked from commit 808b3ab660)

Conflicts:
	Makefile
2015-12-20 04:11:46 +01:00
Patrick Schleizer
f8f86a39a7
Prevent services from being accidentally restarted by needrestart.
Because those services do not yet support being restarted.

Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.

See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)

Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625

(cherry picked from commit 7dc99ee662)
2015-12-20 04:10:53 +01:00
Marek Marczykowski-Górecki
12d91a84fa
version 3.0.22 2015-12-20 03:39:14 +01:00
Marek Marczykowski-Górecki
7a18909ddc
debian: add security-testing repository
Fixes QubesOS/qubes-issues#1522

(cherry picked from commit 405c42658f)
Updated for R3.0
2015-12-20 03:38:44 +01:00
Marek Marczykowski-Górecki
348a56fa6e
upgrade: package for simplify upgrade from R3.0 to R3.1 2015-11-30 06:55:18 +01:00
Marek Marczykowski-Górecki
d957149c1b
version 3.0.21 2015-11-15 04:34:38 +01:00
Marek Marczykowski-Górecki
e19b9479cb
Really fix update-proxy rules for debian security fixes repo
Reported by @adrelanos
Fixes QubesOS/qubes-issues#1422

(cherry picked from commit 5377dc50dc)
2015-11-15 04:34:05 +01:00
Marek Marczykowski-Górecki
689db404e8
updates-proxy: use separate directory for PID file
And also use systemd-tmpfiles for that directory creation.

Fixes QubesOS/qubes-issues#1401

(cherry picked from commit 2a589f2c20)

Conflicts:
	Makefile
	rpm_spec/core-vm.spec
2015-11-15 04:31:53 +01:00
Marek Marczykowski-Górecki
1e2e9706b7
version 3.0.20 2015-11-13 23:22:37 +01:00
Marek Marczykowski-Górecki
976f4acfa6
dom0-updates: do not use 'yum check-update -q'
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.

QubesOS/qubes-issues#1282

(cherry picked from commit 49c7473848)
2015-11-13 05:50:01 +01:00
Marek Marczykowski-Górecki
a2ff437d4d
systemd: make sure that update check is started only after qrexec-agent
(cherry picked from commit 3466f3df35)
2015-11-13 05:49:50 +01:00
Marek Marczykowski-Górecki
05e4a695dc
fedora: do not require/use yum-plugin-post-transaction-actions in F>=22
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.

QubesOS/qubes-issues#1282

(cherry picked from commit ba28c9f140)

Conflicts:
	rpm_spec/core-vm.spec
2015-11-13 05:49:08 +01:00
Marek Marczykowski-Górecki
c087bca40c
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282

(cherry picked from commit b6cfcdcc6f)

Conflicts:
	rpm_spec/core-vm.spec
2015-11-13 05:47:55 +01:00
Marek Marczykowski-Górecki
9afc93dbc8
dom0-updates: use yum-deprecated instead of dnf in all calls
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.

QubesOS/qubes-issues#1282

(cherry picked from commit 85793fa31f)
2015-11-13 05:47:19 +01:00
Marek Marczykowski-Górecki
11d424bf49
fedora: Add skip_if_unavailable=False to Qubes repositories
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).

Do not set it for unstable repository, as it isn't critical one.

Fixes QubesOS/qubes-issues#1387

(cherry picked from commit 5102e4f7aa)
2015-11-13 03:30:59 +01:00
Olivier MEDOC
ca64d4d496
add DROPINS for org.cups.cupsd systemd files.
(cherry picked from commit 4b5332081e)
2015-11-13 03:30:49 +01:00
Marek Marczykowski-Górecki
cdcab08477
dom0-updates: prefer yum-deprecated over dnf
Some of the reasons:
 - dnf doesn't support --downloaddir option
 - dnf doesn't support `copy_local` repo option (used in automated tests
   only)
 - dnf is horribly slow, especially without cache fetched
 (https://bugzilla.redhat.com/show_bug.cgi?id=1227014)

This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.

QubesOS/qubes-issues#1282

(cherry picked from commit d44c8acdeb)
2015-11-13 03:29:47 +01:00
Marek Marczykowski-Górecki
569bdeffdd
No longer disable auditd
On Fedora 22 console is trashed with a lot of messages without auditd
running.

QubesOS/qubes-issues#1282

(cherry picked from commit 6752be9196)
2015-11-13 03:29:20 +01:00
Marek Marczykowski-Górecki
36fb030314
appmenus: ignore entries with NoDisplay=true
According to Desktop Entry Specification:
NoDisplay means "this application exists, but don't display it in the
menus". This can be useful to e.g. associate this application with MIME
types, so that it gets launched from a file manager (or other apps),
without having a menu entry for it (there are tons of good reasons
for this, including e.g. the netscape -remote, or kfmclient openURL kind
of stuff).

Apparently over half of desktop files in default Fedora template have
NoDisplay=true...

Fixes QubesOS/qubes-issues#1348

(cherry picked from commit 7bc6422f53)
2015-11-13 03:28:45 +01:00
Marek Marczykowski-Górecki
a9f30f36bf
backup: improve exit code reporting
Return some meaningful error code. Unfortunately the more meaningful
option (retrieving process exit code) can lead to false errors
(described in comment), but at least report exit code of tar2qfile.

(cherry picked from commit b38ea60f00)
2015-11-13 03:20:28 +01:00
Marek Marczykowski-Górecki
105b62f5ac
backup: fix handling backup filename with spaces
Fixes QubesOS/qubes-issues#1371

(cherry picked from commit c704c35cd8)
2015-11-13 03:18:24 +01:00
Marek Marczykowski-Górecki
85d2f1722f
updates-proxy-setup: use temporary file for config snippet
Don't use ${CONF_PATH}.qubes, because it may override some existing
file, and is racy approach (even if not against user, but another script
instance).

QubesOS/qubes-issues#1282

(cherry picked from commit f9c7394c2f)
2015-11-13 03:18:11 +01:00
Marek Marczykowski-Górecki
5924cfa3b7
Setup updates proxy in dnf and PackageKit
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197

(cherry picked from commit c2596a0435)

Conflicts:
	Makefile
	rpm_spec/core-vm.spec
2015-11-13 03:17:50 +01:00
Rusty Bird
989adf4dab
qfile-unpacker: Avoid data loss by checking for child errors
When qfile-unpacker's child encountered an error, it would display an
error message and exit(1), but the parent didn't inspect its status and
exited successfully.

That was unfortunate for qvm-move-to-vm: Even if the destination VM e.g.
didn't have enough free disk space, the RPC call would claim to succeed
anyway, so the file would be deleted from the source VM.

(cherry picked from commit 4027decbaa)
2015-11-13 03:15:09 +01:00
Marek Marczykowski-Górecki
45d9f78ebc
version 3.0.19 2015-10-30 15:40:09 +01:00
Marek Marczykowski-Górecki
0f236a8192
debian: install locales-all instead of custom locales generation
The custom way proved to be unreliable - for example does not survive
`locales` package upgrade. So settle on much more reliable way.

Fixes QubesOS/qubes-issues#1195

(cherry picked from commit 9d52b7d178)
2015-10-30 15:31:37 +01:00
Marek Marczykowski-Górecki
aaff61921b
Require new enough qubes-utils package for updated libqrexec-utils
Required by 97a3793 "qrexec: implement buffered write to a child stdin"
2015-10-30 15:31:12 +01:00
Patrick Schleizer
0fc6c73068
cleanup /etc/apt/apt.conf.d/00notiy-hook on existing systems
00notiy-hook was renamed to 00notify-hook in
'debian: Renamed incorrect filename: 00notiy-hook -> 00notify-hook'
15f1df4947
but the old file was not removed.
(Files in /etc do not automatically get removed on Debian systems when these are removed from the package.)

This is an independent, but supporting fix for:
'Improved upgrade notifications sent to QVMM.'
- https://github.com/marmarek/qubes-core-agent-linux/pull/39
- https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906

Added debian/qubes-core-agent.maintscript.

(cherry picked from commit f2e6dc9391)
2015-10-30 15:28:45 +01:00
Marek Marczykowski-Górecki
d0bba59f86
rpm: remove duplicated entry
(cherry picked from commit 457578280b)
2015-10-30 15:28:38 +01:00