Commit Graph

1964 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
e55baf7a6b
Merge remote-tracking branch 'qubesos/pr/88' into release3.2
* qubesos/pr/88:
  Stop Debian templates from forwarding by default.
2018-02-22 20:13:24 +01:00
Marek Marczykowski-Górecki
99826220ca
Merge remote-tracking branch 'qubesos/pr/86' into release3.2
* qubesos/pr/86:
  Configure for build of artful templates, and remove zesty.
2018-02-22 20:12:02 +01:00
Marek Marczykowski-Górecki
7bbc90d796
version 3.2.25 2018-02-22 12:44:52 +01:00
Marek Marczykowski-Górecki
d5c5715bc0
qrexec: launch services in login shell
Previously the script was called through shell as:
    execl(shell, "-sh", "-c", "/usr/lib/qubes/qubes-rpc-multiplexer
            ...", 0);
This tells the shell to load login scripts, including /etc/profile.
Since 5512e4eada this is no longer the
case and the script is called directly. Since most services do expect
proper user session initialized (/etc/profile loaded etc), adjust the
script's shebang to behave like a login shell and load those startup
scripts.

Fixes QubesOS/qubes-issues#3615

(cherry picked from commit f0b057479e)
2018-02-22 12:44:26 +01:00
Marek Marczykowski-Górecki
e2e8b00790
version 3.2.24 2018-02-20 01:07:37 +01:00
Marek Marczykowski-Górecki
9b339c69db
rpm: adjust dependencies 2018-02-20 01:07:05 +01:00
Marek Marczykowski-Górecki
5d51c7af05
qrexec: translate keywords in target specification on the client side
(cherry picked from commit 878bb98a82)
2018-02-19 02:41:53 +01:00
Marek Marczykowski-Górecki
5068d939f1
qrexec: use exec_qubes_rpc_if_requested() from qubes-utils
This avoids duplicating service call parsing in multiple places.
Further improvements to that code (like avoid using shell) can be
implemented in one place.

(cherry picked from commit 5512e4eada)
2018-02-19 02:41:47 +01:00
Marek Marczykowski-Górecki
a5f736f8df
version 3.2.23 2018-02-12 16:48:21 +01:00
Marek Marczykowski-Górecki
0bfe66695b
Merge remote-tracking branch 'qubesos/pr/81' into release3.2
* qubesos/pr/81:
  Fix macros for Thunar to be compatible with qubes-core-agent in R4.0
  debian: change qubes-core-agent as a subpackage
  Fix UCA mistake and qvm-actions script
  Fix ShellCheck comments
  Add debian package support
  Disable Thunar thumbnails
  Add support for Thunar Qubes VM tools
2018-02-10 22:36:10 +01:00
Marek Marczykowski-Górecki
112d81825a
Merge remote-tracking branch 'qubesos/pr/68' into release3.2
* qubesos/pr/68:
  archlinux: add recently splitted packages as optional dependencies of qubes-vm-core
  archlinux: fix incorrect keyring being populated
  archlinux: pick Qubes4.0 mergeable changes
2018-02-10 22:35:36 +01:00
Marek Marczykowski-Górecki
b81e4dfd86
Add intel wifi drivers to suspend-module-blacklist
It is necessary to blacklist them on (almost?) any hardware, so lets do
this by default.

Fixes QubesOS/qubes-issues#3049

(cherry picked from commit cfbc9533d8)
2018-02-10 22:31:50 +01:00
Marek Marczykowski-Górecki
d9206f0aa0
Place list of loaded modules in /var/run directly
Do not use /var/run/qubes for this, as it may be non-root writeable and
someone may want to isolate root/user.
Also, remove the file after resume.

(cherry picked from commit 79b38cf106)
2018-02-10 22:29:11 +01:00
Marek Marczykowski-Górecki
ab80284759
Disable automatic scaling in GNOME/GTK applications
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.

Solution by @alyssais, thanks!
Fixes QubesOS/qubes-issues#3108

(cherry picked from commit 7ecb74ae3b)
2018-02-10 22:24:47 +01:00
Marek Marczykowski-Górecki
be29a60b34
Enable gnome settings daemon xsettings plugin
When one use scaling set by gnome tools (gsettings or
gnome-tweak-tool), gsd-xsettings must be running to apply the change
also to other applications.
This include auto scaling on HiDPI screens.

This commit fixes non-uniform behaviour on different VM types.

QubesOS/qubes-issues#3108

(cherry picked from commit 4cd16a2734)
2018-02-10 22:23:37 +01:00
Marek Marczykowski-Górecki
5957893fa7
Install KDE actions for KDE5
Fixes QubesOS/qubes-issues#3449

(cherry picked from commit d4f6eb1f4a)
2018-02-10 22:23:11 +01:00
Marek Marczykowski-Górecki
2bfbfadc84
qubes.GetImageRGBA: fix handling '-' path without explicit type
There was a bug that interpreted '-' as file type. But convert don't
know how to handle '-' file type, so refused to proceed.

Fixes QubesOS/qubes-issues#3085

(cherry picked from commit ec83df64e3)
2018-02-10 22:20:29 +01:00
Patrick Schleizer
f8bfd8a8b2
make apt-get apt-transport-tor broken in Qubes non-networked TemplateVMs
fixes https://github.com/QubesOS/qubes-issues/issues/3403

(cherry picked from commit 7fd008b1a8)
2018-02-10 22:18:28 +01:00
unman
e0e87e708f
Stop Debian templates from forwarding by default. 2018-02-06 22:20:06 +00:00
unman
79e3cfff79
Configure for build of artful templates, and remove zesty. 2018-02-01 19:42:40 +00:00
Frédéric Pierret
483652108b
Fix macros for Thunar to be compatible with qubes-core-agent in R4.0 2018-01-05 22:52:55 +01:00
Frédéric Pierret
41f568766f
debian: change qubes-core-agent as a subpackage 2017-12-30 16:01:13 +01:00
Frédéric Pierret
1dcab8789c
Fix UCA mistake and qvm-actions script 2017-12-26 16:16:40 +01:00
Frédéric Pierret
c452cca812
Fix ShellCheck comments 2017-12-26 16:16:31 +01:00
Frédéric Pierret
b8e38c2f7f
Add debian package support 2017-12-26 16:16:08 +01:00
Frédéric Pierret
31f75e3629
Disable Thunar thumbnails 2017-12-26 16:12:53 +01:00
Frédéric Pierret
20560bf5e0
Add support for Thunar Qubes VM tools 2017-12-26 16:11:54 +01:00
MB
bf69335074 Fall back to direct execution when dbus is not installed or running
I have been using this with a dbus-less Gentoo template since the original
change, and have tested recently on whonix-gw with dbus enabled and running.
2017-12-19 11:30:42 +00:00
Marek Marczykowski-Górecki
b34a2b7f4c
version 3.2.22 2017-12-15 09:22:54 +01:00
Marek Marczykowski-Górecki
6a7f38e8da
debian: use systemd-preset logic from rpm package
It is more robust, especially handle "# Units below this line will be
re-preset on package upgrade" part of 75-qubes-vm.preset file. This is
needed to fix system configuration without the need to rebuild the whole
template.

QubesOS/qubes-issues#2913

(cherry picked from commit 47e6a84f79)
2017-12-15 02:52:36 +01:00
Marek Marczykowski-Górecki
259c807b06
debian: fix shellcheck warnings in debian packaging
(cherry picked from commit f16753c67b)
2017-12-15 02:28:54 +01:00
Marek Marczykowski-Górecki
9577eedfe9
Merge remote-tracking branch 'qubesos/pr/78' into release3.2
* qubesos/pr/78:
  Disable wpa_supplicant@.service
2017-12-15 02:27:01 +01:00
unman
51f80d39a1
Disable wpa_supplicant@.service 2017-12-14 20:40:04 +00:00
Marek Marczykowski-Górecki
c557c095e5
version 3.2.21 2017-12-13 19:44:07 +01:00
Marek Marczykowski-Górecki
eede2a9df4
Merge remote-tracking branch 'qubesos/pr/73' into release3.2
* qubesos/pr/73:
  Add iptables dep to qubes-core-vm RPM spec
2017-12-13 03:43:00 +01:00
Marek Marczykowski-Górecki
2effdca232
Disable cups-browsed service together with cups
It tries to connect to cups every second and doesn't do anything else
when cups is disabled. So disable (or enable) both of them at the same
time.

(cherry picked from commit 414f944cf9)
2017-12-13 03:42:28 +01:00
Marek Marczykowski-Górecki
ee16e5cecb
network: order qubes-firewall service before enabling IP forwarding
Start qubes-firewall (which will add "DROP by default" rule) before
enabling IP forwarding, to not leave a time slot where some connection
could go around configured firewall.

QubesOS/qubes-issues#3269

(cherry picked from commit 3fb258db47)
2017-12-13 03:40:43 +01:00
Nedyalko Andreev
78c1a22bbf
Disable dnf plugins when downloading dom0 updates in sys-firewall
Since the qubes-download-dom0-updates script executes dnf with fakeroot, some dnf plugins like etckeeper break the update with "Permission denied" errors.

(cherry picked from commit 5438e43ff6)
2017-12-13 03:37:53 +01:00
Marek Marczykowski-Górecki
a067452c64
Fix removing temporary file after editing in (Disp)VM
Fix removing the file - do not free its filename just before unlink call
(scheduled with atexit function).
At the same time, place the temporary file in a unique directory,
making it possible to edit multiple files with the same name at once.
Remove that directory at exit too.

Fixes QubesOS/qubes-issues#3112

(cherry picked from commit e2789ca2d7)
2017-12-13 03:37:19 +01:00
Marek Marczykowski-Górecki
e706e54f26
network: fix rules for network setup on new udev
New udev have `DRIVERS` matcher, instead of `ENV{ID_NET_DRIVER}`. Add
appropriate rule to the file. Without it, network was working
incidentally, because there is a fallback in qubes-misc-post.service,
but dynamic network change was broken.

This applies at least to Debian stretch.

Fixes QubesOS/qubes-issues#3192

(cherry picked from commit 2068299126)
2017-12-13 03:36:56 +01:00
Marek Marczykowski-Górecki
364fd3687f
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621

(cherry picked from commit 128af0d191)
2017-12-13 03:36:28 +01:00
Marek Marczykowski-Górecki
5e3efc23d7
qrexec: code style fix - use spaces for indentation
(cherry picked from commit 1497b3b05b)
2017-12-13 03:17:00 +01:00
Rusty Bird
d082479dc3
Add iptables dep to qubes-core-vm RPM spec
Only the Debian package had declared the dependecy. And apparently,
fedora-26-minimal does not include the iptables package by default
anymore.
2017-11-19 15:48:40 +00:00
Olivier MEDOC
d93c9910de archlinux: add recently splitted packages as optional dependencies of qubes-vm-core
Also improve package description and comments.
2017-11-19 14:43:48 +01:00
Olivier MEDOC
32063a5989 archlinux: fix incorrect keyring being populated
Fix one of the issue described in the following commit:
https://github.com/QubesOS/qubes-issues/issues/3185
2017-11-06 23:37:06 +01:00
Olivier MEDOC
ab529ddc47 archlinux: pick Qubes4.0 mergeable changes 2017-10-31 22:57:01 +01:00
Nedyalko Andreev
8c06c1eabd
Fix the previous shellcheck-related "fixes" again 2017-10-02 14:49:40 +03:00
Nedyalko Andreev
6d28d4dfaf
Fix the install script after the shellcheck "fixes" 2017-10-02 01:22:40 +03:00
Nedyalko Andreev
60ee036f04
Fix indentation and shellcheck issues for archlinux 2017-10-01 21:48:13 +03:00
Nedyalko Andreev
5662d7e5fe
Disable Oliver's binary pacman repo by default
Currently building the package fails with an error 'qubes-r3.2: key "2043E7ACC1833B9C" is unknown'.
This also harmonizes the code with the current documentation: https://www.qubes-os.org/doc/templates/archlinux/#binary-packages-activation
2017-10-01 21:05:04 +03:00