Few reasons for this:
1. new templates use dnf to download packages, so yum.conf is unused
2. dom0 in Qubes 4.0 don't have this file at all (so sed fails here)
3. $OPTS already contains --setopt=reposdir=...
FixesQubesOS/qubes-issues#2945
(cherry picked from commit 49b70f037c)
* qubesos/pr/81:
Fix macros for Thunar to be compatible with qubes-core-agent in R4.0
debian: change qubes-core-agent as a subpackage
Fix UCA mistake and qvm-actions script
Fix ShellCheck comments
Add debian package support
Disable Thunar thumbnails
Add support for Thunar Qubes VM tools
It is necessary to blacklist them on (almost?) any hardware, so lets do
this by default.
FixesQubesOS/qubes-issues#3049
(cherry picked from commit cfbc9533d8)
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.
Solution by @alyssais, thanks!
FixesQubesOS/qubes-issues#3108
(cherry picked from commit 7ecb74ae3b)
I have been using this with a dbus-less Gentoo template since the original
change, and have tested recently on whonix-gw with dbus enabled and running.
Since the qubes-download-dom0-updates script executes dnf with fakeroot, some dnf plugins like etckeeper break the update with "Permission denied" errors.
(cherry picked from commit 5438e43ff6)
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).
It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).
So, disable this feature completely.
The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.
FixesQubesOS/qubes-issues#2621
(cherry picked from commit 128af0d191)
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.
FixesQubesOS/qubes-issues#2096
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).
This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.
Related to QubesOS/qubes-issues#1574
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.
FixesQubesOS/qubes-issues#1565
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.
FixesQubesOS/qubes-issues#1475
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.
FixesQubesOS/qubes-issues#1529
Because those services do not yet support being restarted.
Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.
See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)
Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared.
No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.)
No longer clear upgrade notification in QVMM on arbitrary package installation.
Check if upgrades have been actually installed before clearing the notifications.
https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.
QubesOS/qubes-issues#1282
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.
QubesOS/qubes-issues#1282
Initramfs created in TemplateVM may be used also in AppVMs based on it, so
technically it is different system. Especially it has different devices
mounted (own /rw, own swap etc), so prevent hardcoding UUIDs here.
QubesOS/qubes-issues#1354
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).
Do not set it for unstable repository, as it isn't critical one.
FixesQubesOS/qubes-issues#1387
Some of the reasons:
- dnf doesn't support --downloaddir option
- dnf doesn't support `copy_local` repo option (used in automated tests
only)
- dnf is horribly slow, especially without cache fetched
(https://bugzilla.redhat.com/show_bug.cgi?id=1227014)
This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.
QubesOS/qubes-issues#1282
