Those services are called just before/after host suspend.
Thanks @adrelanos for help.
FixesQubesOS/qubes-issues#1663
(cherry picked from commit 7301a898a1)
(cherry picked from commit 7979e402f0)
For a long time the DNS address was the same as default gateway. This is
still the case in R3.x, but using `qubes-gateway` configuration
parameter for it is misleading. It should be up to dom0 to provide DNS
address (whether the value is the same as gateway or not).
FixesQubesOS/qubes-issues#1817
(cherry picked from commit fb9b3b62c0)
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.
FixesQubesOS/qubes-issues#1475
(cherry picked from commit c46c1e4d2c)
qubes-sysinit.sh waits for xenbus initialization by watching its
interface file presence. In linux before 3.10 there is no
/dev/xen/xenbus, which is the case in Debian 7 (3.2 kernel). The problem
applies only to the VMs with PVGrub enabled, because otherwise VM would
use dom0 privided kernel, which is much newer.
FixesQubesOS/qubes-issues#1609
(cherry picked from commit fb470fe86f)
Sending dbus calls to a service which isn't running _and is blocked to
not be started_ would result in timeout, which would delay the whole
system suspend.
FixesQubesOS/qubes-issues#1419
(cherry picked from commit cb5c457fba)
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.
FixesQubesOS/qubes-issues#1565
(cherry picked from commit d4c238c45e)
It is expected to not output anything on stdout. Especially remote end
may be already terminated, so writing there would result in EPIPE.
FixesQubesOS/qubes-issues#1592
(cherry picked from commit 0e062ff31e)
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.
FixesQubesOS/qubes-issues#1529
(cherry picked from commit 2478cb5c05)
Conflicts:
rpm_spec/core-vm.spec
Apparently tinyproxy does not notice /etc/resolv.conf change, so need to
be kicked to reload it.
FixesQubesOS/qubes-issues#1530
(cherry picked from commit 4e3076f0b6)
Because those services do not yet support being restarted.
Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.
See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)
Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
(cherry picked from commit 7dc99ee662)
And also use systemd-tmpfiles for that directory creation.
FixesQubesOS/qubes-issues#1401
(cherry picked from commit 2a589f2c20)
Conflicts:
Makefile
rpm_spec/core-vm.spec
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.
QubesOS/qubes-issues#1282
(cherry picked from commit 49c7473848)
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.
QubesOS/qubes-issues#1282
(cherry picked from commit ba28c9f140)
Conflicts:
rpm_spec/core-vm.spec
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.
QubesOS/qubes-issues#1282
(cherry picked from commit 85793fa31f)
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).
Do not set it for unstable repository, as it isn't critical one.
FixesQubesOS/qubes-issues#1387
(cherry picked from commit 5102e4f7aa)
Some of the reasons:
- dnf doesn't support --downloaddir option
- dnf doesn't support `copy_local` repo option (used in automated tests
only)
- dnf is horribly slow, especially without cache fetched
(https://bugzilla.redhat.com/show_bug.cgi?id=1227014)
This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.
QubesOS/qubes-issues#1282
(cherry picked from commit d44c8acdeb)
According to Desktop Entry Specification:
NoDisplay means "this application exists, but don't display it in the
menus". This can be useful to e.g. associate this application with MIME
types, so that it gets launched from a file manager (or other apps),
without having a menu entry for it (there are tons of good reasons
for this, including e.g. the netscape -remote, or kfmclient openURL kind
of stuff).
Apparently over half of desktop files in default Fedora template have
NoDisplay=true...
FixesQubesOS/qubes-issues#1348
(cherry picked from commit 7bc6422f53)
Return some meaningful error code. Unfortunately the more meaningful
option (retrieving process exit code) can lead to false errors
(described in comment), but at least report exit code of tar2qfile.
(cherry picked from commit b38ea60f00)
Don't use ${CONF_PATH}.qubes, because it may override some existing
file, and is racy approach (even if not against user, but another script
instance).
QubesOS/qubes-issues#1282
(cherry picked from commit f9c7394c2f)
When qfile-unpacker's child encountered an error, it would display an
error message and exit(1), but the parent didn't inspect its status and
exited successfully.
That was unfortunate for qvm-move-to-vm: Even if the destination VM e.g.
didn't have enough free disk space, the RPC call would claim to succeed
anyway, so the file would be deleted from the source VM.
(cherry picked from commit 4027decbaa)
The custom way proved to be unreliable - for example does not survive
`locales` package upgrade. So settle on much more reliable way.
FixesQubesOS/qubes-issues#1195
(cherry picked from commit 9d52b7d178)