Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.
QubesOS/qubes-issues#1282
(cherry picked from commit 85793fa31f)
DNF defaults to skip_if_unavailable=True, so make sure that Qubes
repositories are treated as vital one. Otherwise it would allow an
attacker to cut the user from updates without visible error (when using
PackageKit for example).
Do not set it for unstable repository, as it isn't critical one.
FixesQubesOS/qubes-issues#1387
(cherry picked from commit 5102e4f7aa)
Some of the reasons:
- dnf doesn't support --downloaddir option
- dnf doesn't support `copy_local` repo option (used in automated tests
only)
- dnf is horribly slow, especially without cache fetched
(https://bugzilla.redhat.com/show_bug.cgi?id=1227014)
This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.
QubesOS/qubes-issues#1282
(cherry picked from commit d44c8acdeb)
According to Desktop Entry Specification:
NoDisplay means "this application exists, but don't display it in the
menus". This can be useful to e.g. associate this application with MIME
types, so that it gets launched from a file manager (or other apps),
without having a menu entry for it (there are tons of good reasons
for this, including e.g. the netscape -remote, or kfmclient openURL kind
of stuff).
Apparently over half of desktop files in default Fedora template have
NoDisplay=true...
FixesQubesOS/qubes-issues#1348
(cherry picked from commit 7bc6422f53)
Return some meaningful error code. Unfortunately the more meaningful
option (retrieving process exit code) can lead to false errors
(described in comment), but at least report exit code of tar2qfile.
(cherry picked from commit b38ea60f00)
Don't use ${CONF_PATH}.qubes, because it may override some existing
file, and is racy approach (even if not against user, but another script
instance).
QubesOS/qubes-issues#1282
(cherry picked from commit f9c7394c2f)
When qfile-unpacker's child encountered an error, it would display an
error message and exit(1), but the parent didn't inspect its status and
exited successfully.
That was unfortunate for qvm-move-to-vm: Even if the destination VM e.g.
didn't have enough free disk space, the RPC call would claim to succeed
anyway, so the file would be deleted from the source VM.
(cherry picked from commit 4027decbaa)
The custom way proved to be unreliable - for example does not survive
`locales` package upgrade. So settle on much more reliable way.
FixesQubesOS/qubes-issues#1195
(cherry picked from commit 9d52b7d178)
Implement one of TODOs left in the code. Without this buffering, it may
happen that qrexec-agent will hang waiting on write(2) to the child
process, while that child will do the same (try to write something to
the qrexec-agent), without reading its stdin. This would end up in a
deadlock.
FixesQubesOS/qubes-issues#1347
(cherry picked from commit 97a3793345)
Without dconf, gsettings uses "memory" backend which isn't saved
anywhere and isn't shared across applications. This makes gsettings
pretty useless.
FixesQubesOS/qubes-issues#1299
(cherry picked from commit afb70cf040)
According to the specification[1], the setting name is 'addresses', not
'address'. The later apparently worked on some NetworkManager versions,
but for example not on the one in Debian wheezy. Also fix value
format (IP;netmask;gateway).
[1] htts://developer.gnome.org/NetworkManager/unstable/ref-settings.html
FixesQubesOS/qubes-issues#1280
(cherry picked from commit 580d21acdc)
Initial size of those tmpfs-mounted directories is calculated as 50% of
RAM at VM startup time. Which happen to be quite small number, like
150M. Having such small /tmp and/or /dev/shm apparently isn't enough for
some applications like Google chrome. So set the size statically at 1GB,
which would be the case for baremetal system with 2GB of RAM.
FixesQubesOS/qubes-issues#1003
(cherry picked from commit 2a39adfe0f)
This package is required by lots of stuff in Fedora anyway, but this
doesn't mean that we can have broken dependencies.
(cherry picked from commit 3552bc7e41)
