Commit Graph

1285 Commits

Author SHA1 Message Date
HW42
e73ad96995 debian: don't generate regular conf files in postinst 2015-02-03 05:58:56 +01:00
HW42
707be87a6f debian: postinst: use dpkg-divert
dpkg-divert is not ideal for config files but should work better than
direct cp/mv.
2015-02-03 05:58:56 +01:00
HW42
461a13f882 debian: postinst: use systemctl mask 2015-02-03 05:58:56 +01:00
HW42
47d1fdcbdc debian: fix for QSB #014 requires up to date qubes-utils 2015-02-03 05:58:56 +01:00
Marek Marczykowski-Górecki
dd210066bc rpm: add missing R: pygobject3-base 2015-02-02 06:10:45 +01:00
Marek Marczykowski-Górecki
64c14088fc version 2.1.53 2015-01-29 03:01:19 +01:00
Marek Marczykowski-Górecki
a714162dfe network: support for not setting DNS and/or default gateway (v2)
This patch introduces two new qvm-services:
 - disable-default-route
 - disable-dns-server
Both disabled by default. You can enable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.

This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C7FB59.2020603%40openmailbox.org
2015-01-29 01:10:34 +01:00
Marek Marczykowski-Górecki
cbf77fd005 filecopy: fallback to "open(..., 000)" method when /proc inaccessible
/proc is needed to link files opened with O_TMPFILE to the filesystem.
If not available, fallback to using permissions to block file access,
instead of failing the whole file copy.
2015-01-29 00:44:38 +01:00
Marek Marczykowski-Górecki
cac23b6d77 version 2.1.52 2015-01-27 01:07:52 +01:00
Marek Marczykowski-Górecki
24c74c44e8 systemd: allow to start cron daemon (#909) 2015-01-27 00:43:27 +01:00
Marek Marczykowski-Górecki
0470341d87 fedora: reload systemd only once 2015-01-27 00:43:27 +01:00
Marek Marczykowski-Górecki
0805f0eecc fedora: reduce code duplication in systemd triggers 2015-01-27 00:43:27 +01:00
Olivier MEDOC
44f81a927f archlinux: align with fedora changes related to imsettings 2015-01-27 00:43:27 +01:00
Olivier MEDOC
d0960d22d7 archlinux: fix new packaging requirements related to sbin, lib64, run ... 2015-01-27 00:43:27 +01:00
Marek Marczykowski-Górecki
b62665d63c network: support for not setting DNS and/or default gateway
This patch introduces two new qvm-services:
 - set-default-route
 - set-dns-server
Both enabled by default. You can disable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.

This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C39656.3090303%40openmailbox.org
2015-01-27 00:27:08 +01:00
HW42
8bd8fc1874 don't ignore asprintf() return value 2015-01-23 00:55:10 +01:00
Marek Marczykowski-Górecki
f9b1f2953e version 2.1.51 2015-01-21 06:39:11 +01:00
Marek Marczykowski-Górecki
6ce1e945f3 Merge remote-tracking branch 'joanna/release2' into release2
Conflicts:
	version
2015-01-21 06:38:43 +01:00
Marek Marczykowski-Górecki
650c4ffe19 version 2.1.49.1 2015-01-21 06:30:05 +01:00
Marek Marczykowski-Górecki
5b3ed7ca78 fedora: Fix iptables config installation one more time 2015-01-21 06:27:51 +01:00
Marek Marczykowski-Górecki
5da2bbd4c2 version 2.1.50 2015-01-18 18:07:07 +01:00
Marek Marczykowski-Górecki
d22673533f Merge branch 'release2' into release2-secfixes 2015-01-18 18:06:43 +01:00
Marek Marczykowski-Górecki
d2efaf5313 version 2.1.49 2015-01-15 03:50:13 +01:00
Marek Marczykowski-Górecki
b27b11e26f fedora: Fix iptables config install script 2015-01-15 03:32:08 +01:00
Marek Marczykowski-Górecki
4a732564fa filecopy: prevent files/dirs movement outside incoming directory during transfer
Otherwise, when the user moves directory, which is still in transfer,
somewhere else, it could allow malicious source domain to escape chroot
and place a file in arbitrary location.

It looks like bind mount is just enough - simple rename fails with
EXDEV, so tools are forced to perform copy+delete, which is enough to
keep unpacker process away from new file location.

One inconvenient detail is that we must clean the mount after transfer
finishes, so root perms cannot be dropped completely. We keep separate
process for only that reason.
2015-01-13 18:34:36 +01:00
Marek Marczykowski-Górecki
2e3fd57adf version 2.1.48 2015-01-12 21:12:36 +01:00
Marek Marczykowski-Górecki
5473639c9b fedora: Add security-testing repo definition 2015-01-12 21:12:06 +01:00
Jason Mehring
03aed58a1c
fc21: Remove left-over code comment 2014-12-28 03:05:37 -05:00
Jason Mehring
6dbb6be584
fc21: iptables configurations conflict with fc21 yum package manager
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2014-12-28 03:02:27 -05:00
Marek Marczykowski-Górecki
1f41090fb0 version 2.1.47 2014-12-22 00:05:25 +01:00
Marek Marczykowski-Górecki
ceb352a6e0 network: fix NM config preparation
The same variables are reused to configure downlink in ProxyVM, so
create NM config before they got overrided.
2014-12-22 00:04:16 +01:00
Marek Marczykowski-Górecki
4ed2abb030 network: set uplink configuration based on MAC (NetworkManager) 2014-12-22 00:03:37 +01:00
Marek Marczykowski-Górecki
0fe40b2627 version 2.1.46 2014-12-16 00:54:47 +01:00
Marek Marczykowski-Górecki
f868bdbae7 tag for commit 1e2c5bc932
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUf6+uAAoJEIwFIWzgnAk8xfwP/3I7WgV7l+2l0F8tIN+eNcDs
 lXS5iVBlNHwMjBPZk+2Awydk6fOXUc2udLs1bNl9wDIlJSW+qdcmvhDPXGTSwmqG
 PLXGaxquF8vAIdTob6hIVKZULLbMs2RJiZ5UqdLmPwVycizACh3WGBCl3OjN7ToW
 u54bkVz1L+TjBci+BcCHo8z98154iqm5JB3OXIRa+eMQrOsidUH81rnte4XjpEms
 ZUGb8SQ31Oa8hLP1L1r0x+5zgy23yIlF9JypK6JWQhywcKLF1I+6YP+4M+5Z7UWF
 tJZpSqI30T/cEijNpLQEaRefxtBwj9FDZVrwPZwz2bYFNB+CdqpAPSQ2LwNLR8mi
 FR/tXR4PEjQpNoeT/5bfFi3tgyF5P3S5KSDMszJtt0X0LxR8qFgeXVOFlmxlK2MO
 bp4/0eakCQNE1imdxOay8ba9i3g4IDwlfJCToU/2RlS7WSu8nywIcVvGjt/3Sp3L
 Fqur/pYp5JGUP8x1b/2vnxVM8/UwQL/b6rtlSfDml71zS62noSUS2B8ZM707HPOh
 Q2l5u2bZDFuEpApCXgO8mwWBLKHKkNUhWSZBXj7phx54bUATyZnn9DOmHx/BnpLJ
 gdhJOV742GSbdHLBo5jzCzDJ4ZiA5anCLu9cUxZr+wiGdHEtai8AtCTwBPmylyv4
 hYV4O00ZBmOFB+r/gf6M
 =wRf3
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian_dependencies-1' into release2

tag for commit 1e2c5bc932

Conflicts:
	debian/control
2014-12-04 02:29:41 +01:00
HW42
1e2c5bc932 debian: remove unneeded acpid dependency
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
2014-12-04 01:22:23 +01:00
HW42
7f29f05e5c debian: move not strictly required packages to Recommends-Section.
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
2014-12-04 01:13:42 +01:00
Marek Marczykowski-Górecki
584bce7181 Update update-proxy rules for debian security fixes repo
The name can be "wheezy/updates".
2014-12-03 00:18:43 +01:00
Marek Marczykowski-Górecki
5fe024b005 debian: fix service name in postinst script 2014-12-02 23:09:47 +01:00
Marek Marczykowski-Górecki
4582489a18 debian: remove obsolete code from postinst script
NetworkManager-dispatcher.service issue seems to be already fixed in
upstream package.
2014-12-02 23:09:07 +01:00
Marek Marczykowski-Górecki
dc1ab74734 debian: add missing python-gi to dependencies
Required for qubes-desktop-run tool.
2014-12-02 23:08:44 +01:00
Marek Marczykowski-Górecki
31ac99a877 version 2.1.45 2014-12-01 22:32:29 +01:00
Marek Marczykowski-Górecki
d7baaca337 debian: fix generation of apt sources list file
Use codename, instead of release number.
2014-12-01 22:32:08 +01:00
Marek Marczykowski-Górecki
8e0a8aa5b8 version 2.1.44 2014-12-01 03:57:41 +01:00
Marek Marczykowski-Górecki
586e746953 debian: create tinyproxy as system user 2014-12-01 03:54:45 +01:00
Marek Marczykowski-Górecki
9ef05c3ae3 Fix disabling nm-applet when NM is disabled 2014-11-30 16:43:11 +01:00
Marek Marczykowski-Górecki
9cfbd05acb Merge branch 'debian' into release2 2014-11-29 13:40:34 +01:00
Marek Marczykowski-Górecki
a68c09b7fa version 2.1.43 2014-11-18 17:28:29 +01:00
Marek Marczykowski-Górecki
ea4eef7de8 network: fix indentation 2014-11-13 23:19:34 +01:00
Jason Mehring
599fad53a2 Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian 2014-11-12 03:41:41 -05:00
Jason Mehring
160bf82583 Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian 2014-11-12 03:40:29 -05:00