version 3.1.20

v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
Fixes QubesOS/qubes-issues#2472 from commit 3f600d03fa (cherry picked from commit 0d243250f2)
2016-12-04 22:03:11 +01:00 · 2016-12-04 22:02:33 +01:00 · 2016-12-04 22:00:42 +01:00 · 2016-11-20 17:06:30 +01:00 · 2016-11-19 00:31:41 +01:00 · 2016-11-19 00:30:53 +01:00
63 changed files with 567 additions and 172 deletions
--- a/11
+++ b/11
@ -52,6 +52,7 @@ SYSTEM_DROPINS += NetworkManager.service NetworkManager-wait-online.service ntpd
 SYSTEM_DROPINS += tinyproxy.service
 SYSTEM_DROPINS += tmp.mount
 SYSTEM_DROPINS += org.cups.cupsd.service org.cups.cupsd.path org.cups.cupsd.socket
+SYSTEM_DROPINS += tor.service tor@default.service

 USER_DROPINS := pulseaudio.service pulseaudio.socket

@ -202,7 +203,8 @@ install-common:
 	install -d $(DESTDIR)/usr/bin
 	install -m 0755 misc/qubes-session-autostart $(DESTDIR)/usr/bin/qubes-session-autostart

-	install qubes-rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-move-to-vm,qvm-run,qvm-mru-entry} $(DESTDIR)/usr/bin
+	install qubes-rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-run,qvm-mru-entry} $(DESTDIR)/usr/bin
+	ln -s qvm-copy-to-vm $(DESTDIR)/usr/bin/qvm-move-to-vm
 	install qubes-rpc/wrap-in-html-if-url.sh $(DESTDIR)$(LIBDIR)/qubes
 	install qubes-rpc/qvm-copy-to-vm.kde $(DESTDIR)$(LIBDIR)/qubes
 	install qubes-rpc/qvm-copy-to-vm.gnome $(DESTDIR)$(LIBDIR)/qubes
@ -223,6 +225,8 @@ install-common:
 	install -d $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell,qubes.SyncNtpClock} $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $(DESTDIR)/etc/qubes-rpc
+	install -m 0755 qubes-rpc/qubes.SuspendPreAll $(DESTDIR)/etc/qubes-rpc
+	install -m 0755 qubes-rpc/qubes.SuspendPostAll $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.WaitForSession $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.DetachPciDevice $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.{Backup,Restore} $(DESTDIR)/etc/qubes-rpc
@ -231,6 +235,11 @@ install-common:
 	install -m 0644 qubes-rpc/qubes.SetDateTime $(DESTDIR)/etc/qubes-rpc
 	install -m 0755 qubes-rpc/qubes.InstallUpdatesGUI $(DESTDIR)/etc/qubes-rpc

+	install -d $(DESTDIR)/etc/qubes/suspend-pre.d
+	install -m 0644 qubes-rpc/suspend-pre.README $(DESTDIR)/etc/qubes/suspend-pre.d/README
+	install -d $(DESTDIR)/etc/qubes/suspend-post.d
+	install -m 0644 qubes-rpc/suspend-post.README $(DESTDIR)/etc/qubes/suspend-post.d/README
+
 	install -d $(DESTDIR)/usr/share/nautilus-python/extensions
 	install -m 0644 qubes-rpc/*_nautilus.py $(DESTDIR)/usr/share/nautilus-python/extensions

--- a/Makefile.builder
+++ b/Makefile.builder
@ -1,6 +1,10 @@
 ifeq ($(PACKAGE_SET),vm)
+  ifeq ($(UPGRADE_PKG_ONLY),yes)
+    RPM_SPEC_FILES := rpm_spec/upgrade-vm.spec
+  else
  RPM_SPEC_FILES := rpm_spec/core-vm.spec \
  rpm_spec/core-vm-doc.spec
+  endif

  ifneq ($(filter $(DISTRIBUTION), debian qubuntu),)
    DEBIAN_BUILD_DIRS := debian
--- a/archlinux/PKGBUILD
+++ b/archlinux/PKGBUILD
@ -6,7 +6,7 @@
 # Maintainer: Olivier Medoc <o_medoc@yahoo.fr>
 pkgname=qubes-vm-core
 pkgver=`cat version`
-pkgrel=6
+pkgrel=9
 epoch=
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch=("x86_64")
@ -25,11 +25,18 @@ options=()
 install=PKGBUILD.install
 changelog=

-source=(PKGBUILD.qubes-ensure-lib-modules.service)
+source=(	PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook
+		PKGBUILD-qubes-noupgrade.conf
+		PKGBUILD-qubes-repo-3.1.conf
+		PKGBUILD-qubes-repo-3.2.conf
+		)

 noextract=()
-md5sums=('88f4b3d5b156888a9d38f5bc28702ab8') #generate with 'makepkg -g'
-
+md5sums=( '88f4b3d5b156888a9d38f5bc28702ab8' 'bbfb946d6d2787e5abf8e2236502a3d4'
+          'c1c1b86eed48cc0f943f21b9a1df8b8e'
+	  '36bf82df048e81250e7ba80b3224bddc'
+	  'd5898def7bad7fd92ea60f0bf48174e3'
+          )

 build() {

@ -78,6 +85,19 @@ package() {
  # Install systemd script allowing to automount /lib/modules
  install -m 644 $srcdir/PKGBUILD.qubes-ensure-lib-modules.service ${pkgdir}/usr/lib/systemd/system/qubes-ensure-lib-modules.service

+  # Install pacman hook to update desktop icons
+  mkdir -p ${pkgdir}/usr/share/libalpm/hooks/
+  install -m 644 $srcdir/PKGBUILD.qubes-update-desktop-icons.hook ${pkgdir}/usr/share/libalpm/hooks/qubes-update-desktop-icons.hook
+
+  # Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail)
+  mkdir -p ${pkgdir}/etc/pacman.d
+  install -m 644 $srcdir/PKGBUILD-qubes-noupgrade.conf ${pkgdir}/etc/pacman.d/10-qubes-noupgrade.conf
+
+  # Install pacman repository
+  release=`echo $pkgver | cut -d '.' -f 1,2`
+  echo "Installing repository for release ${release}"
+  install -m 644 $srcdir/PKGBUILD-qubes-repo-${release}.conf ${pkgdir}/etc/pacman.d/99-qubes-repository-${release}.conf
+
  # Archlinux specific: enable autologin on tty1
  mkdir -p $pkgdir/etc/systemd/system/getty@tty1.service.d/
  cat <<EOF > $pkgdir/etc/systemd/system/getty@tty1.service.d/autologin.conf
--- a/archlinux/PKGBUILD-qubes-noupgrade.conf
+++ b/archlinux/PKGBUILD-qubes-noupgrade.conf
@ -0,0 +1,2 @@
+NoUpgrade = etc/pam.d/su
+NoUpgrade = etc/pam.d/su-l
--- a/archlinux/PKGBUILD-qubes-repo-3.1.conf
+++ b/archlinux/PKGBUILD-qubes-repo-3.1.conf
@ -0,0 +1,2 @@
+[qubes-r3.1]
+Server = http://olivier.medoc.free.fr/archlinux/$repo
--- a/archlinux/PKGBUILD-qubes-repo-3.2.conf
+++ b/archlinux/PKGBUILD-qubes-repo-3.2.conf
@ -0,0 +1,2 @@
+[qubes-r3.2]
+Server = http://olivier.medoc.free.fr/archlinux/$repo
--- a/archlinux/PKGBUILD.install
+++ b/archlinux/PKGBUILD.install
@ -202,24 +202,66 @@ config_prependtomark() {
 FILE=$1
 APPENDBEFORELINE=$2
 APPENDLINE=$3
-grep -q "$APPENDLINE" "$FILE" || sed "/$APPENDBEFORELINE/i$APPENDLINE" -i "$FILE"
+grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDBEFORELINE/i$APPENDLINE" -i "$FILE"
 }

 config_appendtomark() {
 FILE=$1
 APPENDAFTERLINE=$2
 APPENDLINE=$3
-grep -q "$APPENDLINE" "$FILE" || sed "/$APPENDAFTERLINE/a$APPENDLINE" -i "$FILE"
+grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDAFTERLINE/a$APPENDLINE" -i "$FILE"
+}
+
+config_cleanupmark() {
+FILE="$1"
+BEGINMARK="$2"
+ENDMARK="$3"
+if grep -F -q "$BEGINMARK" "$FILE"; then
+	if grep -F -q "$ENDMARK" "$FILE"; then
+		cp "$FILE" "$FILE.qubes-update-orig"
+		sed -i -e "/^$BEGINMARK$/,/^$ENDMARK$/{
+			/^$ENDMARK$/b
+			/^$BEGINMARK$/!d
+			}" "$FILE"
+		rm -f "$FILE.qubes-update-orig"
+	else
+		echo "ERROR: found $BEGINMARK marker but not $ENDMARK in $FILE. Please cleanup this file manually."
+	fi
+elif grep -F -q "$ENDMARK" "$FILE"; then
+	echo "ERROR: found $ENDMARK marker but not $BEGINMARK in $FILE. Please cleanup this file manually."
+fi
 }

 update_finalize() {

+	# Archlinux specific: Cleanup pre pacman.d qubes marker
+	QUBES_MARKER="### QUBES CONFIG MARKER ###"
+	if grep -F -q "$QUBES_MARKER" /etc/pacman.conf; then
+		config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###"
+		config_cleanupmark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES CONFIG END MARKER ###"
+	fi
+
+	# Include /etc/pacman.d drop-in directory
+	config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include = /etc/pacman.d/*.conf"
+
 	# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
-	if [ -z "`cat /etc/pam.d/su | grep system-login`" ] ; then
+	# Also remove pam_unix.so from su configuration
+	# as system-login (which include system-auth) already gives pam_unix.so
+	# with more appropriate parameters (fix the missing nullok parameter)
+
+	if [ -n "`cat /etc/pam.d/su | grep pam_unix.so`" ] ; then
 		echo "Fixing pam.d"
-		sed '/auth\t\trequired\tpam_unix.so/aauth\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
-		sed '/account\t\trequired\tpam_unix.so/aaccount\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
-		sed '/session\t\trequired\tpam_unix.so/asession\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
+		cat <<EOF > /etc/pam.d/su
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth		sufficient	pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth		required	pam_wheel.so use_uid
+auth		include		system-login
+account		include         system-login
+session		include		system-login
+EOF
 		cp /etc/pam.d/su /etc/pam.d/su-l
 	fi

@ -227,14 +269,6 @@ update_finalize() {
 	rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
 	systemctl enable getty\@tty1.service

-	# Archlinux specific: Prepare pacman.conf to add qubes specific config
-	QUBES_MARKER="### QUBES CONFIG MARKER ###"
-	config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "$QUBES_MARKER"
-	
-	# Add Qubes setup script markers at the right place (this won't work at the end of pacman.conf)"
-	config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES END ###"
-	config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES BEGIN ###"
-	
 	systemctl daemon-reload
 }

@ -279,8 +313,6 @@ post_install() {

 	update_finalize
 	
-	glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
-	
 }

 ## arg 1:  the new package version
@ -296,8 +328,6 @@ post_upgrade() {

 	update_finalize

-	/usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
-
 }

 ######################
@ -321,8 +351,6 @@ pre_remove() {
 ## arg 1:  the old package version
 post_remove() {

-    /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
-
    if [ -L /lib/firmware/updates ] ; then
      rm /lib/firmware/updates
    fi
--- a/archlinux/PKGBUILD.qubes-update-desktop-icons.hook
+++ b/archlinux/PKGBUILD.qubes-update-desktop-icons.hook
@ -0,0 +1,11 @@
+[Trigger]
+Type = File
+Operation = Install
+Operation = Upgrade
+Operation = Remove
+Target = usr/share/applications/*.desktop
+
+[Action]
+Description = Updating the Qubes desktop file App Icons...
+When = PostTransaction
+Exec = /usr/lib/qubes/qubes-trigger-sync-appmenus.sh
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,137 @@
+qubes-core-agent (3.1.20-1) wheezy; urgency=medium
+
+  [ Jean-Philippe Ouellet ]
+  * Keep Makefile DRY
+
+  [ Rusty Bird ]
+  * v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 04 Dec 2016 22:03:11 +0100
+
+qubes-core-agent (3.1.19-1) wheezy; urgency=medium
+
+  [ Rusty Bird ]
+  * Order network management units after network-pre.target
+  * dvm, then xendriverdomain, then qrexec-agent
+  * *Do* block until good random is available again
+  * Remove 'if true' wrapper from
+    06a0d30d50ce4ea266532c06ef24880bf5363c1b
+
+  [ Patrick Schleizer ]
+  * add comment
+  * add comment
+
+  [ Rusty Bird ]
+  * Enable xendriverdomain.service in 75-qubes-vm.preset
+
+  [ Olivier MEDOC ]
+  * archlinux: update installer script in prevision of pacman.d drop-ins
+  * archlinux: provide automatic qubes-trigger-sync-appmenus through
+    pacman hooks
+  * archlinux: remove unnecessary glib-compile-scheme
+  * archlinux: switch to usage of pacman.d drop-ins
+  * archlinux: Setup default package repository
+  * archlinux: ensure repositories are the last pacman.d files included
+  * archlinux: fix update-proxy-configs to use pacman.d drop-ins
+
+  [ Marek Marczykowski-Górecki ]
+  * systemd: preset xendriverdomain on update
+  * Revert "systemd: preset xendriverdomain on update"
+  * systemd: order qubes-mount-dirs.service before local-fs.target
+  * systemd: load xen-privcmd module
+  * systemd: include tor-disabling drop-ins in the package
+  * systemd: improve ordering of systemd units
+  * network: reload NM connection after setting it up
+  * systemd: fix syntax error in preset file
+  * network: minor setup-ip fix
+
+  [ Rudd-O ]
+  * Eliminate race condition with qubes-setup-dnat-to-ns
+
+  [ Marek Marczykowski-Górecki ]
+  * Revert "network: disable proxy_arp"
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 20 Nov 2016 17:06:30 +0100
+
+qubes-core-agent (3.1.18-1) wheezy; urgency=medium
+
+  * upgrade: package for simplify upgrade from R3.1 to R3.2
+  * qvm-open-in-vm: fix wrapping URL in HTML file
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 28 Jul 2016 00:17:22 +0200
+
+qubes-core-agent (3.1.17-1) wheezy; urgency=medium
+
+  [ Olivier MEDOC ]
+  * archlinux: fix remaining loginctl privilege issues with invalid
+    pam.d configuration
+
+  [ Marek Marczykowski-Górecki ]
+  * Remove obsolete policy files
+
+  [ Patrick Schleizer ]
+  * fixed sh syntax error
+  * do not start the Tor service inside Qubes TemplateVMs
+
+  [ Marek Marczykowski-Górecki ]
+  * systemd: order units checking for qubes-service after qubes-sysinit
+  * qvm-open-in-vm: escape URL when wrapping it in HTML
+
+  [ Patrick Schleizer ]
+  * fix indent (cherry picked from commit
+    3db93cdc87e75474429207871543491f18ac9afc)
+
+  [ unman ]
+  * Fall back to gnome utilities if kdialog not present
+
+  [ Marek Marczykowski-Górecki ]
+  * Prefer 'dnf' over 'yum' for template update
+  * debian: add missing pkg-config build depends
+
+  [ Patrick Schleizer ]
+  * Do not start tor@default service in TemplateVM.
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 25 Jun 2016 15:48:12 +0200
+
+qubes-core-agent (3.1.16-1) wheezy; urgency=medium
+
+  [ Patrick Schleizer ]
+  * use 'true' rather than ':' for consistency (cherry picked from
+    commit 77d51a69ea294b76c9d5d2d79554c4607b1c0288)
+  * minor indent (cherry picked from commit
+    5a1ea4f5e5961503263b8b91f8eaddb2adb16b38)
+
+  [ Rusty Bird ]
+  * Remove exec in last line of qvm-copy-to-vm
+
+  [ Marek Marczykowski-Górecki ]
+  * network: run setup-ip only on xen frontend interfaces
+  * qubes-rpc: fix SVG icon scaling
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 29 Mar 2016 17:27:21 +0200
+
+qubes-core-agent (3.1.15-1) wheezy; urgency=medium
+
+  [ Rusty Bird ]
+  * qvm-move-to-vm: Remove duplicated code
+  * qvm-move-to-vm: Use '--' before file arguments
+  * Use && in qvm-move-to-vm
+
+  [ Patrick Schleizer ]
+  * disable systemd-timesyncd
+
+  [ Andrew ]
+  * Use proper space-expanded tabs, as per the coding guidelines.
+  * Move usage information printing to separate function, and print
+    usage to stderr; also added some spacing.
+  * Use proper quoting around variables.
+  * Properly handle case of empty domain name.
+
+  [ Marek Marczykowski-Górecki ]
+  * qubes.SuspendPreAll and qubes.SuspendPostAll services
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 15 Mar 2016 23:54:12 +0100
+
 qubes-core-agent (3.1.14-1) wheezy; urgency=medium

  * network: use `qubes-primary-dns` QubesDB entry if present
--- a/debian/control
+++ b/debian/control
@ -10,6 +10,7 @@ Build-Depends:
    debhelper,
    quilt,
    libxen-dev,
+    pkg-config,
    dh-systemd (>= 1.5),
    lsb-release,
    xserver-xorg-dev,
--- a/doc/Makefile
+++ b/doc/Makefile
@ -23,7 +23,7 @@ install: manpages
 manpages: $(QVM_DOCS) $(QUBES_DOCS) $(VM_DOCS)

 preview:	$(rst)
-	pandoc -s -f rst -t man $(rst) | groff -mandoc -Tlatin1 | less -R
+	$(PANDOC) $(rst) | groff -mandoc -Tlatin1 | less -R

 clean:
 	rm -f $(VM_DOCS)
--- a/misc/RPM-GPG-KEY-upgrade-qubes-3-primary
+++ b/misc/RPM-GPG-KEY-upgrade-qubes-3-primary
@ -0,0 +1,40 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFRsmtIBEAC7UgrYFrkPpSxjRoT9OmU0JqYmzLBqzRRdHCtakTdN8pRl/yE/
+zQHvmPnrQ57u45KtxY7EYveWC6RtNEw9IVvyQZp6jGQ05ljhwkNKfxKZcGvT4Qd4
+oCcXdKzGOjsw/mW0saklcrBdm7PiEhQvC0Oc66RreNeZ/2INQALVZLv808KLlNHs
+uK9u/mjrT/A3RpzvFYvVnPJPJFjnYyGM8cVysCez4yeH9nymbLLD73pZyKhSU5Uo
+x3LJKMfIUee0N677Lb45iM+iHW+kcHay3i7tev0xkm08V61ym2YwCJxIpMCvryvK
+h1kScMeAOLsHkZpsqoXuSy8GFz1gKiZFCaiuF+ojRSXcN221Exfz/pF47aMd7Sm3
+0hSQk6Om9DESrzDXm85czq7Taw48NL35nCoPUqNfAP+BknSz79KoNkPDGP9+ps34
+S9o401dygAZToQNTJNuJeZwEVEBykRlsoeR/C9CTsSZMufBGBS9805h31FoZ3ePv
+ITTaZidVWxUnRn4mlcYlfUEniyrmtc8IG0SZQZ+AQu0BgDZ/oV2LsS/g+YbN6qjF
+LczBCWPngXUYvmm0syPdGfPQZJCnvwnEpPoRq+bqknLUN/EzEihbILR9gaO0U/XR
+9+EB796N973+v6HsKxKmfJMqkIXa+PhLvfWVs3ZZnM6USTpA0DYHpvcVIwARAQAB
+tB5RdWJlcyBPUyBSZWxlYXNlIDMgU2lnbmluZyBLZXmJAjgEEwECACIFAlRsmtIC
+GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMsRyh0D+lCCAyUP/jM+dKCC
+WIjTAFzdudJFfznjFjiggI7EdNJYpMd3FP8Gq53qqFH5rvg0fwJjnNGPBpfEjhHM
+TlCNn3M0L6NZbB7PQwUBD332f2QwE4PIcuo1e7c9ySrhdMc0maR5+CcMlJHG6T8Q
+EacL+Xhc91GC2Gi/qMOjE4lo337Y3GLE6WHFRVvqBpI+ovr9LYKP5vQ+InY+uVsP
+LTL7AQVRDZcu4eQdI1HdJ0fYyhx5lJSiPWaM80VBkOgfF6HyGrMcjzWs+9gtYs76
+g6QoEKgu3YuPi1J1JE7d+Un7iYSqrUv3ljSDq2PMlx4vpq+oc1/1qHLyMYpGjmHa
+cQRjPo8bqgZ4vo6BC4Za+SGliLPcN9w0ivjsaGZ2L5PHxJ7kCSJ6SbZUrjWhTZL3
+arWGCFQmYqAY5EkNSWrQePgkCj/5I5YAou39LnREN91KgYDT8bMeED7uQ/fskRns
+Xfbx6ACsU69lLYIqd4HcuhcHWV9lTYtavjLKny71BauLALOve9uHmYX/cweBnt98
+8AWGuIuspvs3kwFJLu5k30m3HUMZPG8lDfN0R9v5eyoNxFc+WNbxHq4fIUXmbGfN
+Jclsn3hzUUS3XBG2G9VDmcf/N82xlwRMDHD78G/+Q3MumQeLtlXirhASQqi3XdXk
+CR5+NjOJZWRYfvk+WbJsshE3sosG2uLHzgs/iQIcBBABAgAGBQJUbJtEAAoJEN36
+Gj42h5SUuVsQAI5QPmqJvnUgUMzoj1gCWW2eJTbxTWs9jALN8JRqPGT4KKe+x5te
+IgYkK056WlxBA73UDcXLQ4dKoqF9J3wMF2O+Ir7C46p+dFS5KTjUj4vaYMgAmshu
+ihZmBChmldQpIYmFvWtdvdanEpaOiblr+AXK1Hd5aJrpBFf5I/EP7iCWeOXc5FzK
+UEZylf8PVmNO3s8uuyWMdGR7cGcukwOONzre9XurO6P8fHfjh+vXeI+5KsJ1Cd2y
+22OWAK0QjtCBLTQ4E6WUM2/FjLU55HB3fdAo4ucd2QgJhf4HuWq6KiLRz74O04o1
+lrqtS3M9GfLmQx/lUF8vIS4jVf8X7/iZY52VCJM5PDoeF0xKTACJ2+emuQfyw0SE
+7AfxCrt35cvXBWAzUN/kLFslQkBI+/FssnUDBYGeU+SkgEfkpuWwRsqfwCITN0I4
+jmwDfa+6PQpMF9lkgF+BanNa8bfroWztmW9dZYp6jyV8/VI5SeG7RYu6TZUeXXoS
+eMIL/d9eIhebLj5syd0BNukZMpI92wnSDWTWxBZFliltOIv6/yC6Bj7UaCyt2JkV
+/xbi+rOiemBS1mPHhV/CAM7sV0TM8xONyVXM4g5eVj0RStFYjc586ZguleNeIfYT
+qDqp/VUKnu6jYNOWS2W/kpenXId22X1TdXcxwm3U3kOc06pygu1fTdDp
+=idYC
+-----END PGP PUBLIC KEY BLOCK-----
--- a/misc/RPM-GPG-KEY-upgrade-qubes-3-unstable
+++ b/misc/RPM-GPG-KEY-upgrade-qubes-3-unstable
@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFRuA2sBEACjOSNmDK6g6vpirgy0mRbRORP44eI0R45JN3oSGgsmCD5jJSTo
+RRUE1RknbK26+bjnsKAKwpP67CA3So/5sa4l7i7G4xJdgVZooM3ZTK7ubQCqkMYB
+h4yYTBAtt7vi6olhKvEkCvhzozcUa4/qW/NuIuTCpF0G0kBUWyqqYQzwtWD5QimE
+6NjbxjuKf0P0KtzUvF2SdNYh87kXUj+6+RcA6VxjsLY3gSWnl+786L4yKUekRjB7
+JvD9yMd1V+U/P1MUamJFyn68Aih6dRi17/ZvHKHY0gj6k6acE34Oy6SDmbwuWWeZ
+jMpSACAHHhWJID0wwrig3ZsxV4lGWoND/n+OSmEyWg4J8dB1thZpoBgjL05prBgC
+oygzwyHlyewVqdtdjMJOSSk34pehQ35lPQ9XqASnF1igQaVTKFxUIg1eoaQMZibd
+dSJzEcwuFUeJ1S22lyUdtaC/WdGb5vvHSEDiOA/3Ll0gpaHm2tor08J0s9C6CD2Q
+irF/FwUu52yO/bNtOkXunX5G2Ua+c49o3D6bvc+mfBY4EVKN5k6URW+vy47gJDbH
+4CVcxgBRoFy8SdAogqf/H/4+UOAR5jo5QLzsRq0mRHRbleLHwyH5PQxF9M73UVgL
+J5OohzOoThyiWbIesjyFw9aiC1Dk9l6ugprPTAS6LPNpxNaByNlpbX/eJQARAQAB
+tCdRdWJlcyBPUyBSZWxlYXNlIDMgVW5zdGFibGUgU2lnbmluZyBLZXmJAjgEEwEC
+ACIFAlRuA2sCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEJP+RAmjx3Ot
+WFMP/1y98l3kXaIUIXZFjdtCmiZvFZKETP5S/81Rn32PISSs5TklxWbt6B3rNY67
+ovtK10qJXxarLeu0+IR+UM+AV1R/OvT3qtrJuvbbr0vIyy0RONaapoPIdI2eD2FC
+E/7JTv7KibKSE4nI9W9ZdRboJB1MPigffBR7qAC2ReCGtyKVUWRCKh57aQqbSDkZ
+AruTV1gXbFDusuKh1kQ2zVXFMn9KU98Qv0nKewjndNwnfOk7UFdsTkRCEyHr19wx
+KOuoLH4bfCyV8dEfriM5d6ABjmpv0Olp9XFT5YznoxrsXAjO0aUIBiNYYTk5vRLG
+ixBJGRjruDUzCZ8gIObIEwfAJsJ4LsFZ5LI0csF2uNueeogmNm0LfejyrWBlyRfW
+XdM5WP9vAbWectxNfaW84pPkvAEaer2W+x9ddO+FirTPNgU0M55JxcjKve8XsbuK
+iOA80h8eiMuukn2CDENVG9g7hiui9YzcenQKzmZIYYARWPzSKRyRrMFWrhDjOZ+R
+sG2PKzuJVIatGqhzqjD4CmoMPkVDli9p1ADOJLMJu062D53aWjgVi6DFHt5cZmFx
+rvDPiLqy/uuWWSDaDgX36KEenvwzQLjlEdTrN8a3qiBMxeceLWFLQqAknQnmU19/
+HcyP+lX0FzFFm1yIB/aEQpcXsfJcil0Dg6zAeFbXxdQYWlVm
+=7CDU
+-----END PGP PUBLIC KEY BLOCK-----
--- a/misc/qubes-upgrade.repo
+++ b/misc/qubes-upgrade.repo
@ -0,0 +1,20 @@
+[qubes-upgrade-vm-current]
+name = Qubes OS Repository for VM (updates)
+baseurl = http://yum.qubes-os.org/r3.2/current/vm/fc$releasever
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-upgrade-qubes-3-primary
+gpgcheck = 1
+
+[qubes-upgrade-vm-current-testing]
+name = Qubes OS Repository for VM (updates-testing)
+baseurl = http://yum.qubes-os.org/r3.2/current-testing/vm/fc$releasever
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-upgrade-qubes-3-primary
+gpgcheck = 1
+enabled=0
+
+[qubes-upgrade-vm-unstable]
+name = Qubes OS Repository for VM (unstable)
+baseurl = http://yum.qubes-os.org/r3.2/unstable/vm/fc$releasever
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-upgrade-qubes-3-unstable
+gpgcheck = 1
+enabled=0
+
--- a/network/setup-ip
+++ b/network/setup-ip
@ -48,6 +48,8 @@ __EOF__
            echo "addresses1=$ip;32" >> $nm_config
        fi
        chmod 600 $nm_config
+        # reload connection
+        nmcli connection load $nm_config || :
    else
        # No NetworkManager enabled, configure the network manually
        /sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255
@ -57,7 +59,7 @@ __EOF__
            /sbin/route add default gw $gateway
        fi
        if ! grep -rq "^/etc/resolv[.]conf$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
-        echo > /etc/resolv.conf
+            echo > /etc/resolv.conf
            if [ "x$disabledns" != "x1" ]; then
                echo "nameserver $primary_dns" > /etc/resolv.conf
                echo "nameserver $secondary_dns" >> /etc/resolv.conf
@ -75,8 +77,12 @@ __EOF__
        /usr/lib/qubes/qubes-setup-dnat-to-ns
    fi
    if [ "x$network" != "x" ]; then
-        [ -x /rw/config/qubes-ip-change-hook ] && /rw/config/qubes-ip-change-hook
+        if [ -x /rw/config/qubes-ip-change-hook ]; then
+            /rw/config/qubes-ip-change-hook
+        fi
        # XXX: Backward compatibility
-        [ -x /rw/config/qubes_ip_change_hook ] && /rw/config/qubes_ip_change_hook
+        if [ -x /rw/config/qubes_ip_change_hook ]; then
+            /rw/config/qubes_ip_change_hook
+        fi
    fi
 fi
--- a/network/udev-qubes-network.rules
+++ b/network/udev-qubes-network.rules
@ -1,2 +1,2 @@

-SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", RUN+="/usr/lib/qubes/setup-ip"
+SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", ENV{ID_NET_DRIVER}=="vif", RUN+="/usr/lib/qubes/setup-ip"
--- a/network/update-proxy-configs
+++ b/network/update-proxy-configs
@ -108,17 +108,30 @@ $PROXY_CONF_ENTRY
 EOF
 fi

+# Pacman (archlinux) also
+if [ -d /etc/pacman.d ]; then
+    if [ -n "$PROXY_ADDR" ]; then
+        cat > /etc/pacman.d/01-qubes-proxy.conf <<EOF
+### This file is automatically generated by Qubes ($0 script).
+### All modifications here will be lost.
+### If you want to override some of this settings, create another file under 
+### /etc/pacman.d
+
+XferCommand = http_proxy=$PROXY_ADDR /usr/bin/curl -C - -f %u > %o
+EOF
+    else
+        rm -r /etc/pacman.d/01-qubes-proxy.conf
+    fi
+fi
+
 # DNF configuration doesn't support including other files
+# https://bugzilla.redhat.com/show_bug.cgi?id=1352234
 if [ -e /etc/dnf/dnf.conf ]; then
    update_conf /etc/dnf/dnf.conf "$PROXY_CONF_ENTRY"
 fi

 # The same goes for PackageKit...
+# https://bugs.freedesktop.org/show_bug.cgi?id=96788
 if [ -e /etc/PackageKit/PackageKit.conf ]; then
    update_conf /etc/PackageKit/PackageKit.conf "ProxyHTTP=$PROXY_ADDR"
 fi
-
-# Pacman (archlinux) also
-if [ -e /etc/pacman.conf ]; then
-    update_conf /etc/pacman.conf "XferCommand = http_proxy=$PROXY_ADDR /usr/bin/curl -C - -f %u > %o"
-fi
--- a/network/vif-route-qubes
+++ b/network/vif-route-qubes
@ -29,6 +29,7 @@ lockfile=/var/run/xen-hotplug/vif-lock
 case "$command" in
 	online)
 		ifconfig ${vif} up
+		echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
 		ipcmd='add'
 		iptables_cmd='-I PREROUTING 1'
 		cmdprefix=''
--- a/qubes-rpc/qubes.Filecopy.policy
+++ b/qubes-rpc/qubes.Filecopy.policy
@ -1,6 +0,0 @@
-## Note that policy parsing stops at the first match,
-## so adding anything below "$anyvm $anyvm action" line will have no effect
-
-## Please use a single # to start your custom comments
-
-$anyvm	$anyvm	ask
--- a/qubes-rpc/qubes.GetImageRGBA
+++ b/qubes-rpc/qubes.GetImageRGBA
@ -5,7 +5,7 @@ ICON_MAXSIZE=512

 if [ "${filename%%:*}" = xdgicon ]; then
    filename="$(/usr/lib/qubes/xdg-icon "${filename#*:}" "$ICON_MAXSIZE")"
-    forcesize="$ICON_MAXSIZE"
+    forcemaxsize="$ICON_MAXSIZE"

    [ -n "${filename}" ]
 elif [ "${filename}" = "-" ] || [ "${filename##*:}" = "-" ]; then
@ -25,12 +25,17 @@ w="$(echo "$s"|cut -d " " -f 1)"
 h="$(echo "$s"|cut -d " " -f 2)"
 m="$(echo "$s"|cut -d " " -f 3)"
 if [ "$m" = SVG ]; then
-    if [ -n "$forcesize" ]; then
-        w="$forcesize"
-        h="$forcesize"
-    fi
    tmpfile2="$(mktemp /tmp/qimg-XXXXXXXX.png)"
-    rsvg-convert -w "$w" -h "$h" -o "$tmpfile2" "$filename"
+    rsvg-convert -o "$tmpfile2" "$filename"
+    # downscale the image if necessary
+    if [ -n "$forcemaxsize" -a \
+            \( "$w" -gt "$forcemaxsize" -o "$h" -gt "$forcemaxsize" \) ]; then
+        convert "$tmpfile2" -scale "${forcemaxsize}x${forcemaxsize}" "$tmpfile2"
+        # read the size again, because icon may not be a square
+        s="$(identify -format '%w %h' "$tmpfile2")"
+        w="$(echo "$s"|cut -d " " -f 1)"
+        h="$(echo "$s"|cut -d " " -f 2)"
+    fi
    filename="$tmpfile2"
 fi
 echo "$w $h"
--- a/qubes-rpc/qubes.InstallUpdatesGUI
+++ b/qubes-rpc/qubes.InstallUpdatesGUI
@ -4,7 +4,9 @@
 # If you are creating package for other distribution, feel free to replace it
 # with distribution-specific script.

-if [ -e /etc/redhat-release ]; then
+if [ -e /etc/redhat-release -a -x /usr/bin/dnf ]; then
+    xterm -title update -e su -l -c 'dnf update --best; echo Done. Press Enter to exit.; read x'
+elif [ -e /etc/redhat-release -a -x /usr/bin/yum ]; then
    xterm -title update -e su -l -c 'yum update; echo Done. Press Enter to exit.; read x'
 elif [ -e /etc/debian_version ]; then
    xterm -title update -e su -l -c 'apt-get update && apt-get -V dist-upgrade; echo Done. Press Enter to exit.; read x'
--- a/qubes-rpc/qubes.OpenInVM.policy
+++ b/qubes-rpc/qubes.OpenInVM.policy
@ -1,7 +0,0 @@
-## Note that policy parsing stops at the first match,
-## so adding anything below "$anyvm $anyvm action" line will have no effect
-
-## Please use a single # to start your custom comments
-
-$anyvm	$dispvm	allow
-$anyvm	$anyvm	ask
--- a/qubes-rpc/qubes.SuspendPostAll
+++ b/qubes-rpc/qubes.SuspendPostAll
@ -2,7 +2,8 @@
 #
 # The Qubes OS Project, http://www.qubes-os.org
 #
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
+# Copyright (C) 2016  Marek Marczykowski-Górecki
+#                                     <marmarek@invisiblethingslab.com>
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@ -20,25 +21,8 @@
 #
 #

-if [ $# -lt 2 ] ; then
-	echo usage: $0 '[--without-progress] dest_vmname file [file]+'
-	exit 1
-fi
-
-if [ x"$1" = "x--without-progress" ] ; then
-	export PROGRESS_TYPE=none
-	shift
-else
-	export PROGRESS_TYPE=console
-fi
-
-
-VM="$1"
-shift
-
-if [ $PROGRESS_TYPE = console ] ; then
-	export FILECOPY_TOTAL_SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
-fi
-set -e
-/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy /usr/lib/qubes/qfile-agent "$@"
-rm -rf "$@"
+for script in /etc/qubes/suspend-post.d/*.sh; do
+    if [ -x "$script" ]; then
+        "$script"
+    fi
+done
--- a/qubes-rpc/qubes.SuspendPreAll
+++ b/qubes-rpc/qubes.SuspendPreAll
@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2016  Marek Marczykowski-Górecki
+#                                     <marmarek@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+
+for script in /etc/qubes/suspend-pre.d/*.sh; do
+    if [ -x "$script" ]; then
+        "$script"
+    fi
+done
--- a/qubes-rpc/qubes.VMShell.policy
+++ b/qubes-rpc/qubes.VMShell.policy
@ -1,7 +0,0 @@
-## Note that policy parsing stops at the first match,
-## so adding anything below "$anyvm $anyvm action" line will have no effect
-
-## Please use a single # to start your custom comments
-
-$anyvm	$dispvm	allow
-$anyvm	$anyvm	ask
--- a/qubes-rpc/qvm-copy-to-vm
+++ b/qubes-rpc/qvm-copy-to-vm
@ -1,4 +1,5 @@
 #!/bin/sh
+set -e
 #
 # The Qubes OS Project, http://www.qubes-os.org
 #
@ -25,7 +26,7 @@ if [ $# -lt 2 ] ; then
 	exit 1
 fi

-if [ x"$1" = "x--without-progress" ] ; then
+if [ "$1" = "--without-progress" ] ; then
 	export PROGRESS_TYPE=none
 	shift
 else
@ -40,4 +41,8 @@ if [ $PROGRESS_TYPE = console ] ; then
 	export FILECOPY_TOTAL_SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
 fi

-exec /usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy /usr/lib/qubes/qfile-agent "$@"
+/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy /usr/lib/qubes/qfile-agent "$@"
+
+if [ "${0##*/}" = "qvm-move-to-vm" ]; then
+	rm -rf -- "$@"
+fi
--- a/qubes-rpc/qvm-copy-to-vm.kde
+++ b/qubes-rpc/qvm-copy-to-vm.kde
@ -19,25 +19,28 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #
 #
+if type kdialog 2> /dev/null; then
+    VM=$(kdialog -inputbox "Enter the VM name to send files to:")
+    if [ X$VM = X ] ; then exit 0 ; fi

-VM=$(kdialog -inputbox "Enter the VM name to send files to:")
-if [ X$VM = X ] ; then exit 0 ; fi
+    SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
+    REF=$(kdialog --progressbar "Copy progress")
+    qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE

-SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
-REF=$(kdialog --progressbar "Copy progress")
-qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE
+    export PROGRESS_TYPE=gui

-export PROGRESS_TYPE=gui
+    /usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
+        /usr/lib/qubes/qfile-agent "$@" |
+    (while read sentsize ; do
+        CURRSIZE=$(($sentsize/1024))
+        qdbus $REF  org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
+    done)

-/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
-	/usr/lib/qubes/qfile-agent "$@" |
-(while read sentsize ; do
-	CURRSIZE=$(($sentsize/1024))
-	qdbus $REF  org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
-done)
-
-qdbus $REF close
-# we do not want a dozen error messages, do we
-# if ! [ "x"$agentstatus = xDONE ] ; then
-# 	kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
-# fi
+    qdbus $REF close
+    # we do not want a dozen error messages, do we
+    # if ! [ "x"$agentstatus = xDONE ] ; then
+    # 	kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
+    # fi
+else
+    exec /usr/lib/qubes/qvm-copy-to-vm.gnome "$@"
+fi
--- a/qubes-rpc/qvm-move-to-vm.kde
+++ b/qubes-rpc/qvm-move-to-vm.kde
@ -19,29 +19,32 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #
 #
+if type kdialog 2> /dev/null; then
+    VM=$(kdialog -inputbox "Enter the VM name to send files to:")
+    if [ X$VM = X ] ; then exit 0 ; fi

-VM=$(kdialog -inputbox "Enter the VM name to send files to:")
-if [ X$VM = X ] ; then exit 0 ; fi
+    SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
+    REF=$(kdialog --progressbar "Move progress")
+    qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE

-SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
-REF=$(kdialog --progressbar "Move progress")
-qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE
+    export PROGRESS_TYPE=gui

-export PROGRESS_TYPE=gui
+    set -o pipefail
+    /usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
+        /usr/lib/qubes/qfile-agent "$@" |
+    (while read sentsize ; do
+        CURRSIZE=$(($sentsize/1024))
+        qdbus $REF  org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
+    done)
+    if [ $? -eq 0 ]; then
+        rm -rf "$@"
+    fi

-set -o pipefail
-/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
-	/usr/lib/qubes/qfile-agent "$@" |
-(while read sentsize ; do
-	CURRSIZE=$(($sentsize/1024))
-	qdbus $REF  org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
-done)
-if [ $? -eq 0 ]; then
-    rm -rf "$@"
+    qdbus $REF close
+    # we do not want a dozen error messages, do we
+    # if ! [ "x"$agentstatus = xDONE ] ; then
+    # 	kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
+    # fi
+else
+    exec /usr/lib/qubes/qvm-move-to-vm.gnome "$@"
 fi
-
-qdbus $REF close
-# we do not want a dozen error messages, do we
-# if ! [ "x"$agentstatus = xDONE ] ; then
-# 	kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
-# fi
--- a/qubes-rpc/qvm-run
+++ b/qubes-rpc/qvm-run
@ -20,8 +20,8 @@
 #
 #

-if [ $# -lt 2 ] ; then
-	cat <<USAGE
+print_usage() {
+cat >&2 <<USAGE
 Usage: $0 vmname command arguments
 Executes a command in another VM using the qubes.VMShell RPC service.  The
 arguments are joined with spaces and passed to "bash -c".
@ -33,11 +33,20 @@ is your terminal.

 You can use \$dispvm or --dispvm instead of vmname to start a new DisposableVM.
 USAGE
-	exit 1
+}
+
+if [ $# -lt 2 ] ; then
+    print_usage
+    exit 1
 fi
-VMNAME=$1
+
+VMNAME="$1"
 shift
-if [ $VMNAME = "--dispvm" ] ; then
-	VMNAME='$dispvm'
+
+if [ "$VMNAME" = "--dispvm" ] ; then
+    VMNAME='$dispvm'
+elif [ "$VMNAME" = "" ] ; then
+    print_usage
+    exit 1
 fi
-exec /usr/lib/qubes/qrexec-client-vm $VMNAME qubes.VMShell "/usr/lib/qubes/qrun-in-vm" "$@"
+exec /usr/lib/qubes/qrexec-client-vm "$VMNAME" qubes.VMShell "/usr/lib/qubes/qrun-in-vm" "$@"
--- a/qubes-rpc/suspend-post.README
+++ b/qubes-rpc/suspend-post.README
@ -0,0 +1,2 @@
+All executable files with `.sh` suffix in this directory will be executed as
+root just after host resume from suspend.
--- a/qubes-rpc/suspend-pre.README
+++ b/qubes-rpc/suspend-pre.README
@ -0,0 +1,2 @@
+All executable files with `.sh` suffix in this directory will be executed as
+root just before host suspend.
--- a/qubes-rpc/wrap-in-html-if-url.sh
+++ b/qubes-rpc/wrap-in-html-if-url.sh
@ -6,9 +6,10 @@ wrap_in_html_if_url()
 	*://*)
 		FILE_ARGUMENT=$(mktemp)

-		echo -n '<html><meta HTTP-EQUIV="REFRESH" content="0; url=' > $FILE_ARGUMENT
-		echo -n "$1" >> $FILE_ARGUMENT
-		echo '"></html>' >> $FILE_ARGUMENT
+		echo -n '<html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>' > $FILE_ARGUMENT
+		echo -n '<meta HTTP-EQUIV="REFRESH" content="0; url=' >> $FILE_ARGUMENT
+		echo -n "$1" | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g; s/"/\&quot;/g; s/'"'"'/\&#39;/g' >> $FILE_ARGUMENT
+		echo '"/></html>' >> $FILE_ARGUMENT
 		;;
 	*)
 		FILE_ARGUMENT="$1"
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@ -337,7 +337,9 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes-rpc/qubes.VMShell
 %config(noreplace) /etc/qubes-rpc/qubes.SyncNtpClock
 %config(noreplace) /etc/qubes-rpc/qubes.SuspendPre
+%config(noreplace) /etc/qubes-rpc/qubes.SuspendPreAll
 %config(noreplace) /etc/qubes-rpc/qubes.SuspendPost
+%config(noreplace) /etc/qubes-rpc/qubes.SuspendPostAll
 %config(noreplace) /etc/qubes-rpc/qubes.WaitForSession
 %config(noreplace) /etc/qubes-rpc/qubes.DetachPciDevice
 %config(noreplace) /etc/qubes-rpc/qubes.Backup
@ -350,6 +352,10 @@ rm -f %{name}-%{version}
 %dir /etc/qubes/autostart
 /etc/qubes/autostart/README.txt
 %config /etc/qubes/autostart/*.desktop.d/30_qubes.conf
+%dir /etc/qubes/suspend-pre.d
+/etc/qubes/suspend-pre.d/README
+%dir /etc/qubes/suspend-post.d
+/etc/qubes/suspend-post.d/README
 %config(noreplace) /etc/sudoers.d/qubes
 %config(noreplace) /etc/sudoers.d/qt_x11_no_mitshm
 %config(noreplace) /etc/sysctl.d/20_tcp_timestamps.conf
@ -573,6 +579,8 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/NetworkManager-wait-online.service.d/30_qubes.conf
 /lib/systemd/system/ntpd.service.d/30_qubes.conf
 /lib/systemd/system/tinyproxy.service.d/30_not_needed_in_qubes_by_default.conf
+/lib/systemd/system/tor.service.d/30_qubes.conf
+/lib/systemd/system/tor@default.service.d/30_qubes.conf
 /lib/systemd/system/tmp.mount.d/30_qubes.conf
 /lib/systemd/user/pulseaudio.service.d/30_qubes.conf
 /lib/systemd/user/pulseaudio.socket.d/30_qubes.conf
--- a/rpm_spec/upgrade-vm.spec
+++ b/rpm_spec/upgrade-vm.spec
@ -0,0 +1,28 @@
+Name:		qubes-upgrade-vm
+Version:	3.1
+Release:	1%{?dist}
+Summary:	Qubes upgrade VM package
+
+Group:		Qubes
+Vendor:		Invisible Things Lab
+License:	GPL
+URL:		http://www.qubes-os.org
+
+%define _builddir %(pwd)
+
+%description
+Upgrade package for Qubes VM.
+
+This package contains only minimal file set required to upgrade Qubes VM
+template to next Qubes release.
+
+%install
+mkdir -p $RPM_BUILD_ROOT/etc/pki/rpm-gpg
+install -m 644 misc/RPM-GPG-KEY-upgrade-qubes-* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
+
+mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d
+install -m 644 misc/qubes-upgrade.repo $RPM_BUILD_ROOT/etc/yum.repos.d/
+
+%files
+/etc/yum.repos.d/qubes-upgrade.repo
+/etc/pki/rpm-gpg/RPM-GPG-KEY-upgrade-qubes*
--- a/2
+++ b/2
@ -1 +1 @@
-3.1.14
+3.1.20
--- a/vm-systemd/75-qubes-vm.preset
+++ b/vm-systemd/75-qubes-vm.preset
@ -30,6 +30,7 @@ disable plymouth-quit-wait.service
 disable smartd.service
 disable upower.service
 disable colord.service
+disable systemd-timesyncd.service

 # Fedora only services
 disable backuppc.service
@ -73,3 +74,4 @@ enable qubes-iptables.service
 enable qubes-random-seed.service
 enable haveged.service
 enable chronyd.service
+enable xendriverdomain.service
--- a/vm-systemd/ModemManager.service.d/30_qubes.conf
+++ b/vm-systemd/ModemManager.service.d/30_qubes.conf
@ -1,3 +1,4 @@
 [Unit]
 ConditionPathExists=|/var/run/qubes-service/network-manager
 ConditionPathExists=|/var/run/qubes-service/modem-manager
+After=qubes-sysinit.service
--- a/vm-systemd/NetworkManager-wait-online.service.d/30_qubes.conf
+++ b/vm-systemd/NetworkManager-wait-online.service.d/30_qubes.conf
@ -1,4 +1,2 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/network-manager
-# For /rw
-After=qubes-misc-post.service
--- a/vm-systemd/NetworkManager.service.d/30_qubes.conf
+++ b/vm-systemd/NetworkManager.service.d/30_qubes.conf
@ -1,7 +1,9 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/network-manager
 # For /rw
-After=qubes-misc-post.service
+After=qubes-mount-dirs.service
+# For /var/run/qubes-service
+After=qubes-sysinit.service

 [Service]
 ExecStartPre=/usr/lib/qubes/network-manager-prepare-conf-dir
--- a/vm-systemd/chronyd.service.d/30_qubes.conf
+++ b/vm-systemd/chronyd.service.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/ntpd
+After=qubes-sysinit.service
--- a/vm-systemd/cron.service.d/30_qubes.conf
+++ b/vm-systemd/cron.service.d/30_qubes.conf
@ -1,10 +1,6 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/crond

-[Unit]
-# For /rw
-After=qubes-misc-post.service
-
 [Service]
 ExecStartPre=/bin/mkdir --mode=0700 -p /rw/cron
 ExecStartPre=/bin/mount --bind /rw/cron /var/spool/cron
--- a/vm-systemd/crond.service.d/30_qubes.conf
+++ b/vm-systemd/crond.service.d/30_qubes.conf
@ -1,10 +1,6 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/crond

-[Unit]
-# For /rw
-After=qubes-misc-post.service
-
 [Service]
 ExecStartPre=/bin/mkdir --mode=0700 -p /rw/cron
 ExecStartPre=/bin/mount --bind /rw/cron /var/spool/cron
--- a/vm-systemd/cups.path.d/30_qubes.conf
+++ b/vm-systemd/cups.path.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/cups
+After=qubes-sysinit.service
--- a/vm-systemd/cups.service.d/30_qubes.conf
+++ b/vm-systemd/cups.service.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/cups
+After=qubes-sysinit.service
--- a/vm-systemd/cups.socket.d/30_qubes.conf
+++ b/vm-systemd/cups.socket.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/cups
+After=qubes-sysinit.service
--- a/vm-systemd/getty@tty.service.d/30_qubes.conf
+++ b/vm-systemd/getty@tty.service.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/getty@tty
+After=qubes-sysinit.service
--- a/vm-systemd/netfilter-persistent.service.d/30_qubes.conf
+++ b/vm-systemd/netfilter-persistent.service.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/netfilter-persistent
+After=qubes-sysinit.service
--- a/vm-systemd/network-manager.service.d/30_qubes.conf
+++ b/vm-systemd/network-manager.service.d/30_qubes.conf
@ -1,3 +1,4 @@
 # Disable sysinit version of network-manager (wheezy)
 [Unit]
 ConditionPathExists=!/var/run/qubes-service
+After=qubes-sysinit.service
--- a/vm-systemd/network-proxy-setup.sh
+++ b/vm-systemd/network-proxy-setup.sh
@ -5,9 +5,9 @@ network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
 if [ "x$network" != "x" ]; then

    if [ -e /proc/sys/kernel ] && ! [ -e /proc/sys/kernel/modules_disabled ]; then
-      readonly modprobe_fail_cmd='true'
+        readonly modprobe_fail_cmd='true'
    else
-      readonly modprobe_fail_cmd='false'
+        readonly modprobe_fail_cmd='false'
    fi

    gateway=$(qubesdb-read /qubes-netvm-gateway)
@ -19,5 +19,5 @@ if [ "x$network" != "x" ]; then
    echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
    /usr/lib/qubes/qubes-setup-dnat-to-ns
    echo "1" > /proc/sys/net/ipv4/ip_forward
-    /sbin/ethtool -K eth0 sg off || :
+    /sbin/ethtool -K eth0 sg off || true
 fi
--- a/vm-systemd/ntpd.service.d/30_qubes.conf
+++ b/vm-systemd/ntpd.service.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/ntpd
+After=qubes-sysinit.service
--- a/vm-systemd/org.cups.cupsd.path.d/30_qubes.conf
+++ b/vm-systemd/org.cups.cupsd.path.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/cups
+After=qubes-sysinit.service
--- a/vm-systemd/org.cups.cupsd.service.d/30_qubes.conf
+++ b/vm-systemd/org.cups.cupsd.service.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/cups
+After=qubes-sysinit.service
--- a/vm-systemd/org.cups.cupsd.socket.d/30_qubes.conf
+++ b/vm-systemd/org.cups.cupsd.socket.d/30_qubes.conf
@ -1,2 +1,3 @@
 [Unit]
 ConditionPathExists=/var/run/qubes-service/cups
+After=qubes-sysinit.service
--- a/vm-systemd/prepare-dvm.sh
+++ b/vm-systemd/prepare-dvm.sh
@ -9,19 +9,16 @@ possibly_run_save_script()
 	DISPLAY=:0 su - user -c /tmp/qubes-save-script
 }

-if true; then
-    echo user | /bin/sh /etc/qubes-rpc/qubes.WaitForSession
-    possibly_run_save_script
-    umount /rw
-    dmesg -c >/dev/null
-    qubesdb-watch /qubes-restore-complete &
-    watch_pid=$!
-    free | grep Mem: |
-        (read label total used free shared buffers cached; qubesdb-write /qubes-used-mem $(( $used + $cached )) )
-    # we're still running in DispVM template
-    echo "Waiting for save/restore..."
-    qubesdb-read /qubes-restore-complete || wait $watch_pid
-    echo Back to life.
-    systemctl --no-block restart qubes-random-seed.service
-fi
-
+echo user | /bin/sh /etc/qubes-rpc/qubes.WaitForSession
+possibly_run_save_script
+umount /rw
+dmesg -c >/dev/null
+qubesdb-watch /qubes-restore-complete &
+watch_pid=$!
+free | grep Mem: |
+    (read label total used free shared buffers cached; qubesdb-write /qubes-used-mem $(( $used + $cached )) )
+# we're still running in DispVM template
+echo "Waiting for save/restore..."
+qubesdb-read /qubes-restore-complete || wait $watch_pid
+echo Back to life.
+systemctl restart qubes-random-seed.service
--- a/vm-systemd/qubes-core.conf
+++ b/vm-systemd/qubes-core.conf
@ -3,3 +3,4 @@ xen-blkback
 u2mfn
 xen-gntalloc
 xen-gntdev
+xen-privcmd
--- a/vm-systemd/qubes-dvm.service
+++ b/vm-systemd/qubes-dvm.service
@ -2,6 +2,7 @@
 Description=Prepare Qubes DispVM Template
 ConditionPathExists=/var/run/qubes-service/qubes-dvm
 After=systemd-readahead-replay.service
+Before=xendriverdomain.service

 [Service]
 Type=oneshot
--- a/vm-systemd/qubes-misc-post.service
+++ b/vm-systemd/qubes-misc-post.service
@ -1,6 +1,6 @@
 [Unit]
 Description=Qubes misc post-boot actions
-After=qubes-dvm.service qubes-mount-dirs.service
+After=network-pre.target qubes-dvm.service qubes-mount-dirs.service qubes-network.service qubes-firewall.service qubes-netwatcher.service

 [Service]
 Type=oneshot
--- a/vm-systemd/qubes-mount-dirs.service
+++ b/vm-systemd/qubes-mount-dirs.service
@ -1,6 +1,8 @@
 [Unit]
 Description=Initialize and mount /rw and /home
-Before=qubes-gui-agent.service
+After=qubes-sysinit.service
+DefaultDependencies=no
+Before=local-fs.target qubes-gui-agent.service

 [Service]
 Type=oneshot
--- a/vm-systemd/qubes-netwatcher.service
+++ b/vm-systemd/qubes-netwatcher.service
@ -1,7 +1,7 @@
 [Unit]
 Description=Qubes network monitor
 ConditionPathExists=/var/run/qubes-service/qubes-netwatcher
-After=qubes-firewall.service
+After=network-pre.target qubes-firewall.service

 [Service]
 ExecStart=/usr/sbin/qubes-netwatcher
--- a/vm-systemd/qubes-network.service
+++ b/vm-systemd/qubes-network.service
@ -2,7 +2,7 @@
 Description=Qubes network forwarding setup
 ConditionPathExists=/var/run/qubes-service/qubes-network
 Before=network.target
-After=qubes-iptables.service
+After=network-pre.target qubes-iptables.service

 [Service]
 Type=oneshot
--- a/vm-systemd/qubes-qrexec-agent.service
+++ b/vm-systemd/qubes-qrexec-agent.service
@ -1,6 +1,6 @@
 [Unit]
 Description=Qubes remote exec agent
-After=qubes-dvm.service
+After=qubes-dvm.service xendriverdomain.service

 [Service]
 ExecStartPre=/bin/sh -c '[ -e /dev/xen/evtchn ] || modprobe xen_evtchn'
--- a/vm-systemd/tor.service.d/30_qubes.conf
+++ b/vm-systemd/tor.service.d/30_qubes.conf
@ -0,0 +1,3 @@
+[Unit]
+ConditionPathExists=!/var/run/qubes/this-is-templatevm
+After=qubes-sysinit.service
--- a/vm-systemd/tor@default.service.d/30_qubes.conf
+++ b/vm-systemd/tor@default.service.d/30_qubes.conf
@ -0,0 +1,3 @@
+[Unit]
+ConditionPathExists=!/var/run/qubes/this-is-templatevm
+After=qubes-sysinit.service
Author	SHA1	Message	Date
Marek Marczykowski-Górecki	550b8f2dcd	version 3.1.20	2016-12-04 22:03:11 +01:00
Rusty Bird	214105a38f	v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument Fixes QubesOS/qubes-issues#2472 from commit `3f600d03fa` (cherry picked from commit `0d243250f2`)	2016-12-04 22:02:33 +01:00
Jean-Philippe Ouellet	e5663fedb1	Keep Makefile DRY (cherry picked from commit `0fb3e503d3`)	2016-12-04 22:00:42 +01:00
Marek Marczykowski-Górecki	1d74a44967	version 3.1.19	2016-11-20 17:06:30 +01:00
Marek Marczykowski-Górecki	d77e9a7955	Revert "network: disable proxy_arp" Proxy ARP apparently is still needed for HVMs. This reverts commit `fa8b05a83c`. Fixes QubesOS/qubes-issues#1421 (cherry picked from commit `696a0918d5`)	2016-11-19 00:31:41 +01:00
Rudd-O	d5fb315a4e	Eliminate race condition with qubes-setup-dnat-to-ns qubes-setup-dnat-to-ns is called multiple times during boot. Of particular interest are the two invocations done by: 1. `/usr/lib/qubes/init/network-proxy.setup.sh` (`qubes-network.service`) 2. `/usr/lib/qubes/init/misc-post.sh` (`qubes-misc-post.service`) These can, and do often, run in parallel. Often enough that the `PR-QBS` `nat` chain can end up with eight rules instead of four, or (worse) zero rules. This commit represents the proper boot ordering of these services, where the post startup must happen after Qubes has already started its iptables, firewall, network setup and netwatcher. This eliminates the race. (cherry picked from commit `b7d8d66bb1`)	2016-11-19 00:30:53 +01:00
Marek Marczykowski-Górecki	322550eb3d	network: minor setup-ip fix Don't exit with non-zero exit code just because custom hook isn't installed (cherry picked from commit `8afc07c513`)	2016-11-19 00:30:12 +01:00
Marek Marczykowski-Górecki	3d09db136b	systemd: fix syntax error in preset file Services needs to be named with full unit name. Fixes QubesOS/qubes-issues#2188 (cherry picked from commit `1fd69636f8`)	2016-11-19 00:29:07 +01:00
Marek Marczykowski-Górecki	4b362d761b	network: reload NM connection after setting it up Apparently NM monitor only its main configuration for changes, but not connection files. Force reloading it. (cherry picked from commit `d99a563542`)	2016-11-19 00:28:59 +01:00
Marek Marczykowski-Górecki	d7df915c5b	systemd: improve ordering of systemd units - qubes-misc-post.service is no longer responsible for mounting /rw - both qubes-sysinit.service and qubes-mount-dirs.service are part of basic.target, so no need to mention them explicitly (as long as DefaultDependencies=yes) QubesOS/qubes-issues#2198 (cherry picked from commit `60d16ea587`)	2016-11-19 00:28:11 +01:00
Marek Marczykowski-Górecki	5266da4dad	systemd: include tor-disabling drop-ins in the package QubesOS/qubes-issues#1625 (cherry picked from commit `ed434ad63f`)	2016-11-19 00:27:14 +01:00
Marek Marczykowski-Górecki	d8be1ff572	systemd: load xen-privcmd module It is needed for vchan communication. It was loaded implicitly by mount /proc/xen, but since we're moving away from this legacy interface, load it explicitly. QubesOS/qubes-issues#2194 (cherry picked from commit `48a35d40d1`)	2016-11-19 00:26:24 +01:00
Marek Marczykowski-Górecki	ef0f5d55c3	systemd: order qubes-mount-dirs.service before local-fs.target The service is really responsible for mounting /rw and /home, so should be ordered before local-fs.target - this will allow other services to use standard ordering targets. This probably makes Before=qubes-gui-agent.service not needed anymore, but do not remove it yet without extensive testing to not risk regression. Fixes QubesOS/qubes-issues#2194 (cherry picked from commit `e0e89f153f`)	2016-11-19 00:26:10 +01:00
Marek Marczykowski-Górecki	0fe42e2da4	Revert "systemd: preset xendriverdomain on update" This doesn't help when xen update is installed after this one. So, deal with it in xen %post itself. This reverts commit `f2257e1e3b`. QubesOS/qubes-issues#2141 (cherry picked from commit `10cadc58a0`)	2016-11-19 00:24:19 +01:00
Marek Marczykowski-Górecki	b0116ae545	systemd: preset xendriverdomain on update Make sure it is enabled, regardless of update installation order. (cherry picked from commit `f2257e1e3b`)	2016-11-19 00:21:38 +01:00
Olivier MEDOC	ef0155b15e	archlinux: fix update-proxy-configs to use pacman.d drop-ins (cherry picked from commit `7cea09711a`)	2016-11-19 00:21:38 +01:00
Olivier MEDOC	c439fe3934	archlinux: ensure repositories are the last pacman.d files included (cherry picked from commit `a346de7e46`)	2016-11-19 00:21:38 +01:00
Olivier MEDOC	66f103bbf7	archlinux: Setup default package repository (cherry picked from commit `d449d75162`)	2016-11-19 00:21:38 +01:00
Olivier MEDOC	70190e2490	archlinux: switch to usage of pacman.d drop-ins (cherry picked from commit `b6a6d4e4e0`)	2016-11-19 00:21:00 +01:00
Olivier MEDOC	0a74cf593b	archlinux: remove unnecessary glib-compile-scheme This is now automatically handled through pacman hooks (cherry picked from commit `245c6d1716`)	2016-11-19 00:20:56 +01:00
Olivier MEDOC	b042596702	archlinux: provide automatic qubes-trigger-sync-appmenus through pacman hooks (cherry picked from commit `c82b82d7b4`)	2016-11-19 00:20:52 +01:00
Olivier MEDOC	81a10ecad7	archlinux: update installer script in prevision of pacman.d drop-ins (cherry picked from commit `051d806f0a`)	2016-11-19 00:20:47 +01:00
Rusty Bird	c82f1466e2	Enable xendriverdomain.service in 75-qubes-vm.preset (cherry picked from commit `0cc4803a9d`)	2016-11-19 00:20:20 +01:00
Patrick Schleizer	30a6785cd2	add comment link to feature request 'implement /etc/PackageKit/conf.d' (cherry picked from commit `80e68e90d9`)	2016-11-19 00:20:09 +01:00
Patrick Schleizer	4fa41e3203	add comment link to feature request 'implement /etc/dnf.conf.d drop-in configuration folder' (cherry picked from commit `62d5b96355`)	2016-11-19 00:20:02 +01:00
Rusty Bird	cd4e851d72	Remove 'if true' wrapper from `06a0d30d50` (cherry picked from commit `ae1a334a1d`)	2016-11-19 00:19:51 +01:00
Rusty Bird	a4b2fc11f4	Do block until good random is available again (cherry picked from commit `cb55dfa6ae`)	2016-11-19 00:19:40 +01:00
Rusty Bird	ead3aad5c7	dvm, then xendriverdomain, then qrexec-agent Fixes QubesOS/qubes-issues#2126 Fixes QubesOS/qubes-issues#1990 (cherry picked from commit `fbf4c93730`)	2016-11-19 00:19:33 +01:00
Rusty Bird	319aca1277	Order network management units after network-pre.target Network management software should order itself after network-pre.target (man 7 systemd.special) so that other units can order themselves before the beginning of network initialization. (qubes-misc-post too because it calls setup-ip.) Relevant for QubesOS/qubes-issues#2108 (cherry picked from commit `ca03e093f7`)	2016-11-19 00:18:41 +01:00
Marek Marczykowski-Górecki	193eb55330	version 3.1.18	2016-07-28 00:17:22 +02:00
Marek Marczykowski-Górecki	a4b53f557a	qvm-open-in-vm: fix wrapping URL in HTML file The first line of HTML wasn't written to the file. Fixes QubesOS/qubes-issues#2205	2016-07-28 00:15:39 +02:00
Marek Marczykowski-Górecki	3bff27460e	upgrade: package for simplify upgrade from R3.1 to R3.2	2016-06-26 10:48:00 +02:00
Marek Marczykowski-Górecki	5518828c59	version 3.1.17	2016-06-25 15:48:13 +02:00
Patrick Schleizer	cc000332b5	Do not start tor@default service in TemplateVM. Not doing that already for the tor service. Since the actual tor service was renamed to tor@default by upstream. (cherry picked from commit `191b2a4cd9`)	2016-06-21 04:59:51 +02:00
Marek Marczykowski-Górecki	73abc86ea8	debian: add missing pkg-config build depends (cherry picked from commit `762189a0ae`)	2016-06-21 04:59:38 +02:00
Marek Marczykowski-Górecki	96c909bbd2	Prefer 'dnf' over 'yum' for template update QubesOS/qubes-issues#1282 (cherry picked from commit `520894e623`)	2016-06-21 04:58:57 +02:00
unman	56b98cfe74	Fall back to gnome utilities if kdialog not present (cherry picked from commit `8471605e6d`)	2016-06-21 04:58:29 +02:00
Patrick Schleizer	999f6a0dcd	fix indent (cherry picked from commit `3db93cdc87`)	2016-06-21 04:58:14 +02:00
Marek Marczykowski-Górecki	8b89bff635	qvm-open-in-vm: escape URL when wrapping it in HTML Thanks @v6ak for the report and solution. Fixes QubesOS/qubes-issues#1462 (cherry picked from commit `ff2678d2f5`)	2016-06-21 04:57:52 +02:00
Marek Marczykowski-Górecki	5c1ba0bc84	systemd: order units checking for qubes-service after qubes-sysinit Files in /var/run/qubes-service are created by qubes-sysinit.service. So defer that condition check after that service start. Thanks @adrelanos for the report. Fixes QubesOS/qubes-issues#1985 (cherry picked from commit `5e08e2bc1d`)	2016-06-21 04:57:34 +02:00
Patrick Schleizer	d4eb750da5	do not start the Tor service inside Qubes TemplateVMs Private data inside /var/lib/tor should not be shared. Tor should not be run inside TemplateVMs. https://github.com/QubesOS/qubes-issues/issues/1625#issuecomment-172369781 (cherry picked from commit `aee3f5ed12`)	2016-06-21 04:57:27 +02:00
Patrick Schleizer	904c30d57e	fixed sh syntax error https://forums.whonix.org/t/qvm-run-fails-in-whonix-vms Thanks to entr0py for the bug report! (cherry picked from commit `69780ef762`)	2016-06-21 04:55:20 +02:00
Marek Marczykowski-Górecki	514a108ef4	Remove obsolete policy files Qrexec policy is really stored in core-admin repo. (cherry picked from commit `4d015432ce`)	2016-06-21 04:55:05 +02:00
Olivier MEDOC	3eb1d4e7f2	archlinux: fix remaining loginctl privilege issues with invalid pam.d configuration (cherry picked from commit `ccb9a5b992`)	2016-06-21 04:54:53 +02:00
Marek Marczykowski-Górecki	af8181ee48	version 3.1.16	2016-03-29 17:27:21 +02:00
Marek Marczykowski-Górecki	a1ce500aae	qubes-rpc: fix SVG icon scaling rsvg-convert doesn't scale the image. Do it with convert, only when really needed. Don't upscale the icon after converting to raster version. Fixes QubesOS/qubes-issues#1884 (cherry picked from commit `7b5f2b77d1`)	2016-03-29 17:26:54 +02:00
Marek Marczykowski-Górecki	d90e2b0cd7	network: run setup-ip only on xen frontend interfaces Fixes QubesOS/qubes-issues#1882 (cherry picked from commit `00698173ed`)	2016-03-29 14:43:36 +02:00
Rusty Bird	7f12d7a659	Remove exec in last line of qvm-copy-to-vm (cherry picked from commit `428d8f09bf`)	2016-03-29 14:43:36 +02:00
Patrick Schleizer	4875303030	minor indent (cherry picked from commit `5a1ea4f5e5`)	2016-03-29 14:43:36 +02:00
Patrick Schleizer	8e9149e9b6	use 'true' rather than ':' for consistency (cherry picked from commit `77d51a69ea`)	2016-03-29 14:43:35 +02:00
Marek Marczykowski-Górecki	15a55e8072	version 3.1.15	2016-03-15 23:54:12 +01:00
Marek Marczykowski-Górecki	7979e402f0	qubes.SuspendPreAll and qubes.SuspendPostAll services Those services are called just before/after host suspend. Thanks @adrelanos for help. Fixes QubesOS/qubes-issues#1663 (cherry picked from commit `7301a898a1`)	2016-03-15 23:54:02 +01:00
Andrew	d6e6c394b7	Properly handle case of empty domain name. (cherry picked from commit `bc73cf1fe3`)	2016-03-15 23:54:01 +01:00
Andrew	4eff6a42e9	Use proper quoting around variables. (cherry picked from commit `561f588d1d`)	2016-03-15 23:54:01 +01:00
Andrew	1cbe42c52b	Move usage information printing to separate function, and print usage to stderr; also added some spacing. (cherry picked from commit `17d274ef48`)	2016-03-15 23:54:01 +01:00
Andrew	b648c47c69	Use proper space-expanded tabs, as per the coding guidelines. (cherry picked from commit `63f3392ff5`)	2016-03-15 23:54:01 +01:00
Patrick Schleizer	e8e15e0f96	disable systemd-timesyncd fixes https://github.com/QubesOS/qubes-issues/issues/1754 (cherry picked from commit `83d0ae6df4`)	2016-03-15 23:54:00 +01:00
Rusty Bird	9314855f78	Use && in qvm-move-to-vm && is safer in case qvm-copy-to-vm is ever changed to call 'set +e'. (cherry picked from commit `c730340039`)	2016-03-15 23:54:00 +01:00
Rusty Bird	4b75f2560c	qvm-move-to-vm: Use '--' before file arguments (cherry picked from commit `160b05756b`)	2016-03-15 23:54:00 +01:00
Rusty Bird	b708a508ed	qvm-move-to-vm: Remove duplicated code (cherry picked from commit `3f600d03fa`)	2016-03-15 23:54:00 +01:00
 @ -1 +1 @@
 .1.14
 .1.20