suzanne.soy/qubes-core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,361 Commits 8 Branches 534 Tags 6.8 MiB
9a142fb654
Commit Graph

1361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
4a732564fa filecopy: prevent files/dirs movement outside incoming directory during transfer 
Otherwise, when the user moves directory, which is still in transfer,
somewhere else, it could allow malicious source domain to escape chroot
and place a file in arbitrary location.

It looks like bind mount is just enough - simple rename fails with
EXDEV, so tools are forced to perform copy+delete, which is enough to
keep unpacker process away from new file location.

One inconvenient detail is that we must clean the mount after transfer
finishes, so root perms cannot be dropped completely. We keep separate
process for only that reason.
 2015-01-13 18:34:36 +01:00
Marek Marczykowski-Górecki
2e3fd57adf version 2.1.48 2015-01-12 21:12:36 +01:00
Marek Marczykowski-Górecki
5473639c9b fedora: Add security-testing repo definition 2015-01-12 21:12:06 +01:00
Jason Mehring
03aed58a1c
fc21: Remove left-over code comment 2014-12-28 03:05:37 -05:00
Jason Mehring
6dbb6be584
fc21: iptables configurations conflict with fc21 yum package manager 
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
 2014-12-28 03:02:27 -05:00
Marek Marczykowski-Górecki
1f41090fb0 version 2.1.47 2014-12-22 00:05:25 +01:00
Marek Marczykowski-Górecki
ceb352a6e0 network: fix NM config preparation 
The same variables are reused to configure downlink in ProxyVM, so
create NM config before they got overrided.
 2014-12-22 00:04:16 +01:00
Marek Marczykowski-Górecki
4ed2abb030 network: set uplink configuration based on MAC (NetworkManager) 2014-12-22 00:03:37 +01:00
Marek Marczykowski-Górecki
0fe40b2627 version 2.1.46 2014-12-16 00:54:47 +01:00
Marek Marczykowski-Górecki
f868bdbae7 tag for commit 1e2c5bc932 
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUf6+uAAoJEIwFIWzgnAk8xfwP/3I7WgV7l+2l0F8tIN+eNcDs
 lXS5iVBlNHwMjBPZk+2Awydk6fOXUc2udLs1bNl9wDIlJSW+qdcmvhDPXGTSwmqG
 PLXGaxquF8vAIdTob6hIVKZULLbMs2RJiZ5UqdLmPwVycizACh3WGBCl3OjN7ToW
 u54bkVz1L+TjBci+BcCHo8z98154iqm5JB3OXIRa+eMQrOsidUH81rnte4XjpEms
 ZUGb8SQ31Oa8hLP1L1r0x+5zgy23yIlF9JypK6JWQhywcKLF1I+6YP+4M+5Z7UWF
 tJZpSqI30T/cEijNpLQEaRefxtBwj9FDZVrwPZwz2bYFNB+CdqpAPSQ2LwNLR8mi
 FR/tXR4PEjQpNoeT/5bfFi3tgyF5P3S5KSDMszJtt0X0LxR8qFgeXVOFlmxlK2MO
 bp4/0eakCQNE1imdxOay8ba9i3g4IDwlfJCToU/2RlS7WSu8nywIcVvGjt/3Sp3L
 Fqur/pYp5JGUP8x1b/2vnxVM8/UwQL/b6rtlSfDml71zS62noSUS2B8ZM707HPOh
 Q2l5u2bZDFuEpApCXgO8mwWBLKHKkNUhWSZBXj7phx54bUATyZnn9DOmHx/BnpLJ
 gdhJOV742GSbdHLBo5jzCzDJ4ZiA5anCLu9cUxZr+wiGdHEtai8AtCTwBPmylyv4
 hYV4O00ZBmOFB+r/gf6M
 =wRf3
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian_dependencies-1' into release2

tag for commit 1e2c5bc932

Conflicts:
	debian/control
 2014-12-04 02:29:41 +01:00
HW42
1e2c5bc932 debian: remove unneeded acpid dependency 
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
 2014-12-04 01:22:23 +01:00
HW42
7f29f05e5c debian: move not strictly required packages to Recommends-Section. 
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
 2014-12-04 01:13:42 +01:00
Marek Marczykowski-Górecki
584bce7181 Update update-proxy rules for debian security fixes repo 
The name can be "wheezy/updates".
 2014-12-03 00:18:43 +01:00
Marek Marczykowski-Górecki
5fe024b005 debian: fix service name in postinst script 2014-12-02 23:09:47 +01:00
Marek Marczykowski-Górecki
4582489a18 debian: remove obsolete code from postinst script 
NetworkManager-dispatcher.service issue seems to be already fixed in
upstream package.
 2014-12-02 23:09:07 +01:00
Marek Marczykowski-Górecki
dc1ab74734 debian: add missing python-gi to dependencies 
Required for qubes-desktop-run tool.
 2014-12-02 23:08:44 +01:00
Marek Marczykowski-Górecki
31ac99a877 version 2.1.45 2014-12-01 22:32:29 +01:00
Marek Marczykowski-Górecki
d7baaca337 debian: fix generation of apt sources list file 
Use codename, instead of release number.
 2014-12-01 22:32:08 +01:00
Marek Marczykowski-Górecki
8e0a8aa5b8 version 2.1.44 2014-12-01 03:57:41 +01:00
Marek Marczykowski-Górecki
586e746953 debian: create tinyproxy as system user 2014-12-01 03:54:45 +01:00
Marek Marczykowski-Górecki
9ef05c3ae3 Fix disabling nm-applet when NM is disabled 2014-11-30 16:43:11 +01:00
Marek Marczykowski-Górecki
9cfbd05acb Merge branch 'debian' into release2 2014-11-29 13:40:34 +01:00
Marek Marczykowski-Górecki
a68c09b7fa version 2.1.43 2014-11-18 17:28:29 +01:00
Marek Marczykowski-Górecki
ea4eef7de8 network: fix indentation 2014-11-13 23:19:34 +01:00
Jason Mehring
599fad53a2 Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian 2014-11-12 03:41:41 -05:00
Jason Mehring
160bf82583 Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian 2014-11-12 03:40:29 -05:00
Jason Mehring
4420df01ea debian: Don't display systemd info in chroot since systemd show does not work in chroot 2014-11-12 03:39:17 -05:00
Marek Marczykowski-Górecki
4f89980137 Merge remote-tracking branch 'nrgaway/debian' into debian 2014-11-11 23:06:45 +01:00
Jason Mehring
848c53adc2 debian: Updated tinyproxy filter rules 2014-11-11 13:38:26 -05:00
Marek Marczykowski-Górecki
9bb9e8d9e5 Fix compile flags order (-lX11 moved to the end) 2014-11-11 01:22:26 +01:00
Jason Mehring
da6f6bd22b debian: Wrong variable name was used to create /usr/share/qubes/xdg/autostart 2014-11-09 13:27:38 -05:00
Jason Mehring
51cac340ca debian: Added functionality to move desktop entry config files to /usr/share/qubes/xdg/autostart to preserve originals 
Added trigger for new notify agent; removed trigger for old one
 2014-11-09 12:58:57 -05:00
Jason Mehring
ef50c0d7b6 debian: Add new notification agent depends; remove other 2014-11-09 12:58:48 -05:00
Marek Marczykowski-Górecki
427decd793 network: fix NM uplink config permissions 
Otherwise NM will not use the file.
 2014-11-09 05:35:07 +01:00
Marek Marczykowski-Górecki
7027633e80 network: do not use ifcfg-rh NM plugin 
Apparently eth0 in ProxyVM can be configured using plain keyfile plugin,
which is present on all distributions.
 2014-11-09 05:31:22 +01:00
Jason Mehring
cadb102781 debian: More depends for debian as netvm and some configuration tweaks. 
Jessie base loads as netvm; wheezy base giving bad window error when trying to start nm-applet
Fixed qt MIT-SHM graphics issue
 2014-11-08 02:58:07 -05:00
Jason Mehring
1f93dc0a60 debian: Added more error reporting to track down any missing dependancies 
Prints various systemd messages when a unit fails to enable/disable/start/stop
Fixed issue with alternate NetworkManager* systemd files not being placed
Removed 'basename -s' since -s option not supported in wheezy
 2014-11-07 22:52:32 -05:00
Jason Mehring
afcff2ca4b debian: removed commented out depends 2014-11-07 18:29:05 -05:00
Jason Mehring
9e065d6d9c debian: Added all other outstanding triggers contained in rpm_spec as well as triggers if other packages get installed at a later date the configurations will run on them 2014-11-07 18:28:04 -05:00
Jason Mehring
79db86a94a debian: Added postrm disable of other Qubes packages 2014-11-07 18:26:21 -05:00
Jason Mehring
abcc01b874 debian: Added more dependancies 2014-11-07 18:25:12 -05:00
Jason Mehring
44230f7f35 debian: Remove absolute path to xenstore-* 2014-11-07 09:59:41 -05:00
Jason Mehring
cc26e26be8 debian: apt-get needs to update first 2014-11-07 03:46:54 -05:00
Jason Mehring
dbffe57bc9 debian: Revert back to original NetworkManager, ModemManager service names 2014-11-07 03:32:06 -05:00
Jason Mehring
96887ea1b8 debian: Add qubes-update-check for Debian 2014-11-07 03:30:45 -05:00
Jason Mehring
132729bd79 debian: Prepend package name to maintainers scripts 2014-11-07 00:16:51 -05:00
Jason Mehring
4c30f28864 debian: Cleanup 
'set -e' in place of 'set -x'
Seperated out 'QT_X11_NO_MITSHM=1' export into own profile.d file
Seperated out 'QT_X11_NO_MITSHM=1' sudoers rule to own sudoers.d file
Commented out some services that were being enabled that are not installed (yet)
Reformated trigger section to allow for multiple triggers
 2014-11-07 00:09:54 -05:00
Jason Mehring
a6e6c86764 debian: Made debian proxy filter rules more restrictive 2014-11-07 00:09:13 -05:00
Jason Mehring
802626c197 debian: set -e added in place of set -x 2014-11-07 00:08:26 -05:00
Marek Marczykowski-Górecki
a2bba58877 debian: fix initialization of /etc/hosts 2014-11-05 05:10:42 +01:00