HW42
e73ad96995
debian: don't generate regular conf files in postinst
2015-02-03 05:58:56 +01:00
HW42
707be87a6f
debian: postinst: use dpkg-divert
...
dpkg-divert is not ideal for config files but should work better than
direct cp/mv.
2015-02-03 05:58:56 +01:00
HW42
461a13f882
debian: postinst: use systemctl mask
2015-02-03 05:58:56 +01:00
HW42
47d1fdcbdc
debian: fix for QSB #014 requires up to date qubes-utils
2015-02-03 05:58:56 +01:00
Marek Marczykowski-Górecki
dd210066bc
rpm: add missing R: pygobject3-base
2015-02-02 06:10:45 +01:00
Marek Marczykowski-Górecki
64c14088fc
version 2.1.53
2015-01-29 03:01:19 +01:00
Marek Marczykowski-Górecki
a714162dfe
network: support for not setting DNS and/or default gateway (v2)
...
This patch introduces two new qvm-services:
- disable-default-route
- disable-dns-server
Both disabled by default. You can enable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.
This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C7FB59.2020603%40openmailbox.org
2015-01-29 01:10:34 +01:00
Marek Marczykowski-Górecki
cbf77fd005
filecopy: fallback to "open(..., 000)" method when /proc inaccessible
...
/proc is needed to link files opened with O_TMPFILE to the filesystem.
If not available, fallback to using permissions to block file access,
instead of failing the whole file copy.
2015-01-29 00:44:38 +01:00
Marek Marczykowski-Górecki
cac23b6d77
version 2.1.52
2015-01-27 01:07:52 +01:00
Marek Marczykowski-Górecki
24c74c44e8
systemd: allow to start cron daemon ( #909 )
2015-01-27 00:43:27 +01:00
Marek Marczykowski-Górecki
0470341d87
fedora: reload systemd only once
2015-01-27 00:43:27 +01:00
Marek Marczykowski-Górecki
0805f0eecc
fedora: reduce code duplication in systemd triggers
2015-01-27 00:43:27 +01:00
Olivier MEDOC
44f81a927f
archlinux: align with fedora changes related to imsettings
2015-01-27 00:43:27 +01:00
Olivier MEDOC
d0960d22d7
archlinux: fix new packaging requirements related to sbin, lib64, run ...
2015-01-27 00:43:27 +01:00
Marek Marczykowski-Górecki
b62665d63c
network: support for not setting DNS and/or default gateway
...
This patch introduces two new qvm-services:
- set-default-route
- set-dns-server
Both enabled by default. You can disable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.
This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C39656.3090303%40openmailbox.org
2015-01-27 00:27:08 +01:00
HW42
8bd8fc1874
don't ignore asprintf() return value
2015-01-23 00:55:10 +01:00
Marek Marczykowski-Górecki
f9b1f2953e
version 2.1.51
2015-01-21 06:39:11 +01:00
Marek Marczykowski-Górecki
6ce1e945f3
Merge remote-tracking branch 'joanna/release2' into release2
...
Conflicts:
version
2015-01-21 06:38:43 +01:00
Marek Marczykowski-Górecki
650c4ffe19
version 2.1.49.1
2015-01-21 06:30:05 +01:00
Marek Marczykowski-Górecki
5b3ed7ca78
fedora: Fix iptables config installation one more time
2015-01-21 06:27:51 +01:00
Marek Marczykowski-Górecki
5da2bbd4c2
version 2.1.50
2015-01-18 18:07:07 +01:00
Marek Marczykowski-Górecki
d22673533f
Merge branch 'release2' into release2-secfixes
2015-01-18 18:06:43 +01:00
Marek Marczykowski-Górecki
d2efaf5313
version 2.1.49
2015-01-15 03:50:13 +01:00
Marek Marczykowski-Górecki
b27b11e26f
fedora: Fix iptables config install script
2015-01-15 03:32:08 +01:00
Marek Marczykowski-Górecki
4a732564fa
filecopy: prevent files/dirs movement outside incoming directory during transfer
...
Otherwise, when the user moves directory, which is still in transfer,
somewhere else, it could allow malicious source domain to escape chroot
and place a file in arbitrary location.
It looks like bind mount is just enough - simple rename fails with
EXDEV, so tools are forced to perform copy+delete, which is enough to
keep unpacker process away from new file location.
One inconvenient detail is that we must clean the mount after transfer
finishes, so root perms cannot be dropped completely. We keep separate
process for only that reason.
2015-01-13 18:34:36 +01:00
Marek Marczykowski-Górecki
2e3fd57adf
version 2.1.48
2015-01-12 21:12:36 +01:00
Marek Marczykowski-Górecki
5473639c9b
fedora: Add security-testing repo definition
2015-01-12 21:12:06 +01:00
Jason Mehring
03aed58a1c
fc21: Remove left-over code comment
2014-12-28 03:05:37 -05:00
Jason Mehring
6dbb6be584
fc21: iptables configurations conflict with fc21 yum package manager
...
Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place
2014-12-28 03:02:27 -05:00
Marek Marczykowski-Górecki
1f41090fb0
version 2.1.47
2014-12-22 00:05:25 +01:00
Marek Marczykowski-Górecki
ceb352a6e0
network: fix NM config preparation
...
The same variables are reused to configure downlink in ProxyVM, so
create NM config before they got overrided.
2014-12-22 00:04:16 +01:00
Marek Marczykowski-Górecki
4ed2abb030
network: set uplink configuration based on MAC (NetworkManager)
2014-12-22 00:03:37 +01:00
Marek Marczykowski-Górecki
0fe40b2627
version 2.1.46
2014-12-16 00:54:47 +01:00
Marek Marczykowski-Górecki
f868bdbae7
tag for commit 1e2c5bc932
...
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJUf6+uAAoJEIwFIWzgnAk8xfwP/3I7WgV7l+2l0F8tIN+eNcDs
lXS5iVBlNHwMjBPZk+2Awydk6fOXUc2udLs1bNl9wDIlJSW+qdcmvhDPXGTSwmqG
PLXGaxquF8vAIdTob6hIVKZULLbMs2RJiZ5UqdLmPwVycizACh3WGBCl3OjN7ToW
u54bkVz1L+TjBci+BcCHo8z98154iqm5JB3OXIRa+eMQrOsidUH81rnte4XjpEms
ZUGb8SQ31Oa8hLP1L1r0x+5zgy23yIlF9JypK6JWQhywcKLF1I+6YP+4M+5Z7UWF
tJZpSqI30T/cEijNpLQEaRefxtBwj9FDZVrwPZwz2bYFNB+CdqpAPSQ2LwNLR8mi
FR/tXR4PEjQpNoeT/5bfFi3tgyF5P3S5KSDMszJtt0X0LxR8qFgeXVOFlmxlK2MO
bp4/0eakCQNE1imdxOay8ba9i3g4IDwlfJCToU/2RlS7WSu8nywIcVvGjt/3Sp3L
Fqur/pYp5JGUP8x1b/2vnxVM8/UwQL/b6rtlSfDml71zS62noSUS2B8ZM707HPOh
Q2l5u2bZDFuEpApCXgO8mwWBLKHKkNUhWSZBXj7phx54bUATyZnn9DOmHx/BnpLJ
gdhJOV742GSbdHLBo5jzCzDJ4ZiA5anCLu9cUxZr+wiGdHEtai8AtCTwBPmylyv4
hYV4O00ZBmOFB+r/gf6M
=wRf3
-----END PGP SIGNATURE-----
Merge tag 'hw42_debian_dependencies-1' into release2
tag for commit 1e2c5bc932
Conflicts:
debian/control
2014-12-04 02:29:41 +01:00
HW42
1e2c5bc932
debian: remove unneeded acpid dependency
...
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
2014-12-04 01:22:23 +01:00
HW42
7f29f05e5c
debian: move not strictly required packages to Recommends-Section.
...
https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-devel/oY7m9zNEXFw/N94pknsTg7oJ
2014-12-04 01:13:42 +01:00
Marek Marczykowski-Górecki
584bce7181
Update update-proxy rules for debian security fixes repo
...
The name can be "wheezy/updates".
2014-12-03 00:18:43 +01:00
Marek Marczykowski-Górecki
5fe024b005
debian: fix service name in postinst script
2014-12-02 23:09:47 +01:00
Marek Marczykowski-Górecki
4582489a18
debian: remove obsolete code from postinst script
...
NetworkManager-dispatcher.service issue seems to be already fixed in
upstream package.
2014-12-02 23:09:07 +01:00
Marek Marczykowski-Górecki
dc1ab74734
debian: add missing python-gi to dependencies
...
Required for qubes-desktop-run tool.
2014-12-02 23:08:44 +01:00
Marek Marczykowski-Górecki
31ac99a877
version 2.1.45
2014-12-01 22:32:29 +01:00
Marek Marczykowski-Górecki
d7baaca337
debian: fix generation of apt sources list file
...
Use codename, instead of release number.
2014-12-01 22:32:08 +01:00
Marek Marczykowski-Górecki
8e0a8aa5b8
version 2.1.44
2014-12-01 03:57:41 +01:00
Marek Marczykowski-Górecki
586e746953
debian: create tinyproxy as system user
2014-12-01 03:54:45 +01:00
Marek Marczykowski-Górecki
9ef05c3ae3
Fix disabling nm-applet when NM is disabled
2014-11-30 16:43:11 +01:00
Marek Marczykowski-Górecki
9cfbd05acb
Merge branch 'debian' into release2
2014-11-29 13:40:34 +01:00
Marek Marczykowski-Górecki
a68c09b7fa
version 2.1.43
2014-11-18 17:28:29 +01:00
Marek Marczykowski-Górecki
ea4eef7de8
network: fix indentation
2014-11-13 23:19:34 +01:00
Jason Mehring
599fad53a2
Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian
2014-11-12 03:41:41 -05:00
Jason Mehring
160bf82583
Merge branch 'debian' of https://github.com/nrgaway/core-agent-linux into debian
2014-11-12 03:40:29 -05:00