Commit Graph

182 Commits

Author SHA1 Message Date
Reynir Björnsson
822cacac9a
bind mount /usr/local
(cherry picked from commit 86413df6d2)
2018-07-18 17:22:07 +02:00
Marek Marczykowski-Górecki
e9fc4f5c8c
dom0-updates: do not modify yum.conf
Few reasons for this:
1. new templates use dnf to download packages, so yum.conf is unused
2. dom0 in Qubes 4.0 don't have this file at all (so sed fails here)
3. $OPTS already contains --setopt=reposdir=...

Fixes QubesOS/qubes-issues#2945

(cherry picked from commit 49b70f037c)
2018-05-07 05:24:52 +02:00
Marek Marczykowski-Górecki
0bfe66695b
Merge remote-tracking branch 'qubesos/pr/81' into release3.2
* qubesos/pr/81:
  Fix macros for Thunar to be compatible with qubes-core-agent in R4.0
  debian: change qubes-core-agent as a subpackage
  Fix UCA mistake and qvm-actions script
  Fix ShellCheck comments
  Add debian package support
  Disable Thunar thumbnails
  Add support for Thunar Qubes VM tools
2018-02-10 22:36:10 +01:00
Marek Marczykowski-Górecki
b81e4dfd86
Add intel wifi drivers to suspend-module-blacklist
It is necessary to blacklist them on (almost?) any hardware, so lets do
this by default.

Fixes QubesOS/qubes-issues#3049

(cherry picked from commit cfbc9533d8)
2018-02-10 22:31:50 +01:00
Marek Marczykowski-Górecki
ab80284759
Disable automatic scaling in GNOME/GTK applications
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.

Solution by @alyssais, thanks!
Fixes QubesOS/qubes-issues#3108

(cherry picked from commit 7ecb74ae3b)
2018-02-10 22:24:47 +01:00
Frédéric Pierret
1dcab8789c
Fix UCA mistake and qvm-actions script 2017-12-26 16:16:40 +01:00
Frédéric Pierret
31f75e3629
Disable Thunar thumbnails 2017-12-26 16:12:53 +01:00
Frédéric Pierret
20560bf5e0
Add support for Thunar Qubes VM tools 2017-12-26 16:11:54 +01:00
MB
bf69335074 Fall back to direct execution when dbus is not installed or running
I have been using this with a dbus-less Gentoo template since the original
change, and have tested recently on whonix-gw with dbus enabled and running.
2017-12-19 11:30:42 +00:00
Nedyalko Andreev
78c1a22bbf
Disable dnf plugins when downloading dom0 updates in sys-firewall
Since the qubes-download-dom0-updates script executes dnf with fakeroot, some dnf plugins like etckeeper break the update with "Permission denied" errors.

(cherry picked from commit 5438e43ff6)
2017-12-13 03:37:53 +01:00
Marek Marczykowski-Górecki
364fd3687f
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621

(cherry picked from commit 128af0d191)
2017-12-13 03:36:28 +01:00
Frédéric Pierret
60b6f13f8e
dnf-qubes-hooks: handle newer DNF >= 2.x
(cherry picked from commit cb2448f1ab)
2017-09-24 23:14:27 +02:00
Andrew David Wong
cc7d3fc925
Update Xen bug count in sudoers comment
Closes QubesOS/qubes-issues#2480
2016-12-04 16:29:01 -08:00
Marek Marczykowski-Górecki
a9e7f91ca6
Fix detection of dom0 updates
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.

Fixes QubesOS/qubes-issues#2096
2016-12-04 22:37:17 +01:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Marek Marczykowski-Górecki
f4d53fb7e6
Include Qubes Master Key in the VM template
It is useful to verify other qubes-related keys.

Fixes QubesOS/qubes-issues#1614
2016-07-17 04:26:01 +02:00
Marek Marczykowski-Górecki
40d5f85b36
dom0-updates: fix cleaning downloaded packages 2016-07-15 11:27:35 +02:00
Marek Marczykowski-Górecki
6cf30bff29
Merge remote-tracking branch 'origin/pr/66'
* origin/pr/66:
  fixed qubes-core-agent upgrading double package manager lock

  Fixes QubesOS/qubes-issues#1889
2016-07-13 22:38:25 +02:00
Marek Marczykowski-Górecki
9aeecb91f3
dom0-updates: use dnf --best --allowerasing
Otherwise `dnf install` do not want to upgrade existing packages, or
upgrading other packages to satisfy dependencies.

Fixes QubesOS/qubes-issues#2100
2016-06-21 04:33:46 +02:00
Marek Marczykowski-Górecki
07c442f534
dom0-updates: use dnf when available
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).

This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.

Related to QubesOS/qubes-issues#1574
2016-06-01 05:10:18 +02:00
Marek Marczykowski-Górecki
7378ec326a
Update repository definitions for R3.2 2016-05-18 23:42:43 +02:00
Patrick Schleizer
cfb75f3cba
fixed qubes-core-agent upgrading double package manager lock
https://github.com/QubesOS/qubes-issues/issues/1889
2016-04-02 15:00:10 +00:00
Marek Marczykowski-Górecki
d4c238c45e
Unload USB controllers drivers in USB VM before going to sleep
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.

Fixes QubesOS/qubes-issues#1565
2016-01-11 19:34:10 +01:00
Marek Marczykowski-Górecki
c4ff490844 dom0-updates: add a message explaining yum deprecated warning
Thanks @axon-qubes for the idea.

Fixes QubesOS/qubes-issues#1574
2016-01-04 02:13:21 +01:00
Marek Marczykowski-Górecki
c46c1e4d2c
dom0-updates: fix reporting when no updates are available
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.

Fixes QubesOS/qubes-issues#1475
2015-12-26 04:43:23 +01:00
Marek Marczykowski-Górecki
2478cb5c05
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529
2015-12-23 02:04:26 +01:00
Marek Marczykowski-Górecki
8f0a024f6d
dnf: drop shebang, it isn't standalone script
QubesOS/qubes-issues#1529
2015-12-21 13:12:51 +01:00
Marek Marczykowski-Górecki
405c42658f
debian: add security-testing repository
Fixes QubesOS/qubes-issues#1522
2015-12-19 18:08:57 +01:00
Rusty Bird
3238eab85f repo description: updates-testing -> security-testing 2015-12-17 15:54:42 +00:00
Patrick Schleizer
7dc99ee662
Prevent services from being accidentally restarted by needrestart.
Because those services do not yet support being restarted.

Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.

See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)

Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
2015-11-20 16:35:06 +01:00
qubesuser
f380c346cf Allow to provide customized DispVM home directly in the template VM
This significantly speeds up DispVM creation for large customized
homes, since no data has to be copied, and instead CoW is used.
2015-11-12 15:33:01 +01:00
Marek Marczykowski-Górecki
914bab048a
Explicitly fail upgrades-installed-check on other distributions
QubesOS/qubes-issues#1066
2015-11-12 00:36:43 +01:00
Patrick Schleizer
52917593c5
misc/upgrades-installed-check: handle apt-get errors 2015-11-11 21:13:17 +00:00
Patrick Schleizer
d5acf83916
fixed inverted logic issue in upgrades-installed-check
928013f819 (commitcomment-13968627)
2015-11-11 16:10:23 +00:00
Patrick Schleizer
aeb6d188cc
Improved upgrade notifications sent to QVMM.
Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared.
No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.)
No longer clear upgrade notification in QVMM on arbitrary package installation.
Check if upgrades have been actually installed before clearing the notifications.

https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906
2015-11-11 15:45:00 +00:00
Marek Marczykowski-Górecki
49c7473848
dom0-updates: do not use 'yum check-update -q'
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.

QubesOS/qubes-issues#1282
2015-11-11 05:22:26 +01:00
Marek Marczykowski-Górecki
b6cfcdcc6f
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00
Marek Marczykowski-Górecki
85793fa31f
dom0-updates: use yum-deprecated instead of dnf in all calls
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.

QubesOS/qubes-issues#1282
2015-11-11 02:36:55 +01:00
Marek Marczykowski-Górecki
074309e6a3
dracut: disable hostonly mode
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.

QubesOS/qubes-issues#1354
2015-11-10 16:36:00 +01:00
Marek Marczykowski-Górecki
5102e4f7aa
fedora: Add skip_if_unavailable=False to Qubes repositories
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).

Do not set it for unstable repository, as it isn't critical one.

Fixes QubesOS/qubes-issues#1387
2015-11-07 00:57:38 +01:00
Marek Marczykowski-Górecki
d44c8acdeb
dom0-updates: prefer yum-deprecated over dnf
Some of the reasons:
 - dnf doesn't support --downloaddir option
 - dnf doesn't support `copy_local` repo option (used in automated tests
   only)
 - dnf is horribly slow, especially without cache fetched
 (https://bugzilla.redhat.com/show_bug.cgi?id=1227014)

This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.

QubesOS/qubes-issues#1282
2015-11-04 00:49:06 +01:00
Marek Marczykowski-Górecki
28a65ac568
Merge remote-tracking branch 'qubesos/pr/4'
* qubesos/pr/4:
  Update qubes.sudoers
  Small language fixes
2015-10-24 21:06:29 +02:00
erihe251
de293f12d5 Update qubes.sudoers 2015-10-19 22:34:34 +02:00
erihe251
0f410ed2de Small language fixes 2015-10-19 21:52:41 +02:00
Patrick Schleizer
ba8337658e
disable leaking TCP timestamps by default
https://github.com/QubesOS/qubes-issues/issues/1344
2015-10-19 14:03:57 +00:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
801c5c62f1
dom0-updates: fix hostname in error message 2015-10-11 01:47:03 +02:00
Marek Marczykowski-Górecki
520178d5dc
dom0-updates: check "yum check-update" exit code, not only its output
QubesOS/qubes-issues#1168
2015-10-10 22:02:16 +02:00
Marek Marczykowski-Górecki
397f6fdc52
dom0-updates: Fix showing package list when --check-only option was used
Fixes QubesOS/qubes-issues#1294
2015-10-10 22:02:12 +02:00