Previously the script was called through shell as:
execl(shell, "-sh", "-c", "/usr/lib/qubes/qubes-rpc-multiplexer
...", 0);
This tells the shell to load login scripts, including /etc/profile.
Since 5512e4eada this is no longer the
case and the script is called directly. Since most services do expect
proper user session initialized (/etc/profile loaded etc), adjust the
script's shebang to behave like a login shell and load those startup
scripts.
FixesQubesOS/qubes-issues#3615
(cherry picked from commit f0b057479e)
This avoids duplicating service call parsing in multiple places.
Further improvements to that code (like avoid using shell) can be
implemented in one place.
(cherry picked from commit 5512e4eada)
* qubesos/pr/81:
Fix macros for Thunar to be compatible with qubes-core-agent in R4.0
debian: change qubes-core-agent as a subpackage
Fix UCA mistake and qvm-actions script
Fix ShellCheck comments
Add debian package support
Disable Thunar thumbnails
Add support for Thunar Qubes VM tools
It is necessary to blacklist them on (almost?) any hardware, so lets do
this by default.
FixesQubesOS/qubes-issues#3049
(cherry picked from commit cfbc9533d8)
Do not use /var/run/qubes for this, as it may be non-root writeable and
someone may want to isolate root/user.
Also, remove the file after resume.
(cherry picked from commit 79b38cf106)
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.
Solution by @alyssais, thanks!
FixesQubesOS/qubes-issues#3108
(cherry picked from commit 7ecb74ae3b)
When one use scaling set by gnome tools (gsettings or
gnome-tweak-tool), gsd-xsettings must be running to apply the change
also to other applications.
This include auto scaling on HiDPI screens.
This commit fixes non-uniform behaviour on different VM types.
QubesOS/qubes-issues#3108
(cherry picked from commit 4cd16a2734)
There was a bug that interpreted '-' as file type. But convert don't
know how to handle '-' file type, so refused to proceed.
FixesQubesOS/qubes-issues#3085
(cherry picked from commit ec83df64e3)
I have been using this with a dbus-less Gentoo template since the original
change, and have tested recently on whonix-gw with dbus enabled and running.
It is more robust, especially handle "# Units below this line will be
re-preset on package upgrade" part of 75-qubes-vm.preset file. This is
needed to fix system configuration without the need to rebuild the whole
template.
QubesOS/qubes-issues#2913
(cherry picked from commit 47e6a84f79)
It tries to connect to cups every second and doesn't do anything else
when cups is disabled. So disable (or enable) both of them at the same
time.
(cherry picked from commit 414f944cf9)
Start qubes-firewall (which will add "DROP by default" rule) before
enabling IP forwarding, to not leave a time slot where some connection
could go around configured firewall.
QubesOS/qubes-issues#3269
(cherry picked from commit 3fb258db47)
Since the qubes-download-dom0-updates script executes dnf with fakeroot, some dnf plugins like etckeeper break the update with "Permission denied" errors.
(cherry picked from commit 5438e43ff6)
Fix removing the file - do not free its filename just before unlink call
(scheduled with atexit function).
At the same time, place the temporary file in a unique directory,
making it possible to edit multiple files with the same name at once.
Remove that directory at exit too.
FixesQubesOS/qubes-issues#3112
(cherry picked from commit e2789ca2d7)
New udev have `DRIVERS` matcher, instead of `ENV{ID_NET_DRIVER}`. Add
appropriate rule to the file. Without it, network was working
incidentally, because there is a fallback in qubes-misc-post.service,
but dynamic network change was broken.
This applies at least to Debian stretch.
FixesQubesOS/qubes-issues#3192
(cherry picked from commit 2068299126)
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).
It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).
So, disable this feature completely.
The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.
FixesQubesOS/qubes-issues#2621
(cherry picked from commit 128af0d191)
