Even when iptables.service is configured to use different file, the
service would not start when there is no /etc/sysconfig/iptables. Fedora
20 package does not provide it.
(cherry picked from commit 3aca3f8c48)
Restore support for older yum: no --downloadonly option, so use
yumdownloader.
Also add some a code to handle some Debian quirks - especially default
rpmdb location in user home...
(cherry picked from commit 3fdb67ac2b)
Conflicts:
debian/control
misc/qubes-download-dom0-updates.sh
Instead of overriding /etc/sysconfig/ip{,6}tables, store qubes rules in
/etc/sysconfig/iptables.qubes and configure the service to use that file
instead. This will prevent conflict on that file and also handle upgrades.
(cherry picked from commit 0382f84eae)
Conflicts:
rpm_spec/core-vm.spec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVeKZ1AAoJEBu5sftaTG2tB5UP/0ZvsGpixgfFb8VV6jbor320
pejrxHsa5IBpvrlUE7JPQ2+TAKwQUZ7BIlYlHHU49vHzejpTd7rAEOnIUg5o6gml
ViEo2KociGsK6kwZgV2lTbr0yM9i5DEUhp+c+uf5QJr73rSfMWYIbpJLNjNEk3ri
vduL9CfcGiNApABT6YreTlBU5/utr6zoQDij3Wu8XV5/uPcoohnTezr3AuA8id6W
2PWHSuvu73szv5etE19iIbXundwmISgMwwsQ9baCqI+Qbithg0ANDyrlWlN2v0V9
mOnJBBJlhFEKfRtnDwtOJAmZGGKbSJBdndXyn6w+KBAJhBlpFa5Xob5DF9ZSLJdm
t91O5wIgInPmroalX+IRkwGSTdOirUs2gOXU+3pdUYgSe5hSKdnHRKuUzBWzJ8X0
rCsrp8eIFfxOjde+zO6QnXNTMkaNxFTPRlZ5IzCYw8jW6aNoX4WLHg+am9i6BcbD
5XgzxvS66g+fETqMBce2gZeDOyIeO/Qd/8ab3MyjmH8+BXbe0opUA0dNVBbsLHrG
js5vsev7mLH8tiFu7vPdxvlWftyf0xfQtHpMkUcDQKEt/Vkq+9A9tmDCRIaHKnZm
GOEX1CVf0yHcRlwpEWd29ctYLtJClUqyi1E2H88grc/59rzUUCTB/BBVUv4mojdt
QfggjOjV+/qPrmv6lD4Q
=VmGJ
-----END PGP SIGNATURE-----
Merge tag 'jm_e4445855' into release2
Tag for commit e4445855ac
# gpg: Signature made Wed 10 Jun 2015 11:04:53 PM CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_e4445855':
Set a default locale if missing
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVQ0GkAAoJEBu5sftaTG2tlMUQAKTq+kKcnB3TG42jfVUU82lM
5VV6u+uXhEnSJXfyP7iyJuiWixYjF8/0VuXMZAVUpZFpmkQouNZZMJBEAeE4u9Qc
O07BQLyGUgnNydl4zD/SeHQUnfoC4JeQ1cKEdPQFtbERTFE5xs6+mpzaRtNTstgl
f9DKNvSEJnYS5TK4OOTr2cR7xkawmhaC0bnRpO5edGvDaCkiJgOby6kqgd5U4IlU
taDvvCSbtGtKhOBbicPbWf8U/o9iZcsBQ8unitX3gkUvD/fj7zcdz8L3Llis19Oe
7GTJcyryrq9V0Uqtxj+HO07TXsv8C9YuaX40fX5MuiNdpxC4msPSau4K0Fi22003
JPVhQuW58e45B23acMxCf/gAqEIYw0dyNbqVh8zBmjPHyqPo3yoldmjUpsk9ibn8
uV6cwUtBE0d2qa5wcR6RpcGOMu8TnhFG2mHA+dSp1hPz6VYat+LC+yWn/O9A3nhh
9TIJ5T48b140rO3MjktGCB6D8pj2lbCbDp89J+L+WNVTEbVoqywztVUd8T/d0NYj
lx/2KeAjzehyYJlq8ZDAycgjiGS6x8WVLDhOltOl8UoU5c9Pzd3dWPKceRgE/ae8
1xKwCrekansig9kGd1CqqqcPB/3lsO0RVkSW561hWOiC0iEhciYNj8/4KJpLfhVD
JfhWlZkm7LiLioGRtpP7
=lSMY
-----END PGP SIGNATURE-----
Merge tag 'jm_faf20db7' into release2
Tag for commit faf20db7ac
# gpg: Signature made Fri 01 May 2015 11:04:36 AM CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_faf20db7':
debian: Allow apt-get post hook to fail gracefully (won't work in chroot)
debian: Only notify dom0 on apt-get post hook; don't update package index
There is a possiblilty of the apt-get post hook getting triggered
more than once for each apt-get session, therefore we only notify
dom0 that there are no updates available and do not perform an
apt-get update.
The qubes-update-check.service will still perform an update so even
if the dist-upgrade failed and there was actually more files to update
the qubes-update-check.serivce would then at some point notify dom0
about those updates being available
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVPJPkAAoJEBu5sftaTG2tTYcP/1fVgOL+VyvE3WLMn+8kql5q
Nt4kLazCSUUQGKL3XIKf53RsQACbWPVPB+47Fzak9Jmr4ta8c4Q18ZfCdQ4mHUfJ
r2z2VowmqEvqn2WYPfypqC4Z0sGUpRAVSpMN0lhEsSVtBHDwDanNAA2K2sSqLWfb
591D38IiEzkFTMa/fv+4J9DBuPkByBWgHBjFwPGBPyiJl8yEls86yytiopzmGndM
b3CeSUAphp17R1NLael8yTQYJG+NpwAvB17CYw7WTpzSE7601gxsN50nGI/okFt/
guLLcJtx9jMTC/O2VpyBYNs7Hc9iPnL1DO+n3jdI8V30Lvs9RJJP+BEq6/OfjzpK
mAo/x2pHjCPcwkOKoiXMpzoQk8C0aKii9cEElnmcOtzb/czhRinYjseu5pxFekAX
oJRyQBkf12T0Kc06139vw9c4nyiiHb3lowOLoeoDnA2V1cD2kYFFnzilAXNhPLMW
/H5o6ACqMWoxI+NcOBwyu79LZVWxhI5MPawRNlFPZlgrkUaewYWsz2oI1FruW/Y2
Aai2UMgHZk0hNrzErNZ1kUg5cfnspD1lQ3haXDHZ+j/0EQJTDbvrR2+qOoC/lLMG
ak/q9rOy8ThCuG5eGOyhrZCHvm0gxqx2YddIJmX/CE4tK8GzXABJrODZUPQe6Fz1
EZLvVcI9YO5vd0aRtKrT
=o9uA
-----END PGP SIGNATURE-----
Merge tag 'jm_bbcfdd4c' into release2
Tag for commit bbcfdd4c90
# gpg: Signature made Sun Apr 26 09:29:40 2015 CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_bbcfdd4c':
debian: Update notification now notifies dom0 when an upgrade is completed
A file is created in /var/lib/qubes/protected-files. Scripts can grep this file before modifying
known files to be protected and skip any modifications if the file path is within protected-files.
Usage Example:
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
Also cleaned up maintainer scripts removing unneeded systemd status functions and streamlined
the enable/disable systemd unit files functions
systemctl is-enabled always reports "disabled" for them (actually not a
real "disabled", but and error, but exit code is the same). So simply
always disable the unit, it is no-op for already disabled ones.
BTW systemctl preset also do not work for them.
(cherry picked from commit 52d502bce2)
Offline resize requires to run fsck -f first. Because we support only
growing that image, we can simply use online resize instead.
This finally fixesqubesos/qubes-issues#772
(cherry picked from commit 65bc22fd1d)
Conflicts:
vm-init.d/qubes-core
vm-systemd/mount-home.sh
Closing some invisible window can cause e.g. Firefox crash. Send the
message to visible windows and others should be cleaned up by the
application.
(cherry picked from commit 5c4e88a765)
nautilus-actions was orphaned in fc21, so all nautilus context menus have
been re-written as nautilus-python extensions
(cherry picked from commit 6836420c3c)
Conflicts:
debian/control
