Commit Graph

499 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
6c8537fab1
version 4.0.8 2017-12-23 02:53:11 +01:00
Jean-Philippe Ouellet
c69662eb28
Improve qrexec protocol mismatch error dialog
- only have one button, because "yes/no" makes no sense in this context
- inform use to use "-t pv" for xl console, because otherwise it won't
  work for HVM domains.
- use the actual VM name, not "vmname"
2017-12-07 14:42:33 -05:00
Marek Marczykowski-Górecki
be9e759697
Merge remote-tracking branch 'qubesos/pr/33'
* qubesos/pr/33:
  qubes-dom0-update: Adapt template backup failsafe for R4
2017-12-05 23:10:02 +01:00
Marek Marczykowski-Górecki
7902979470
Merge remote-tracking branch 'qubesos/pr/32'
* qubesos/pr/32:
  qubes-dom0-update: Simplify
2017-12-05 23:06:12 +01:00
Jean-Philippe Ouellet
552fd062ea
qubes-dom0-update: Adapt template backup failsafe for R4
Perhaps the UpdateVM template should be temporarily switched to the
backup too. That would make it really failsafe. Currently it requires
manual recovery (by setting template of UpdateVM to the backup).
2017-11-30 08:52:13 -05:00
Jean-Philippe Ouellet
aeb04e24e2
qubes-dom0-update: Simplify
qvm-run auto-starts VMs by default
2017-11-30 08:51:14 -05:00
Jean-Philippe Ouellet
686db90032
qubes-dom0-update: Remove dependency on Xen as vmm 2017-11-30 08:46:28 -05:00
Marek Marczykowski-Górecki
7a644b6d61
version 4.0.7 2017-11-03 22:37:48 +01:00
Marek Marczykowski-Górecki
21df9d55bb
Add qubes-core-dom0 to dnf protected packages set
This will prevent its accidental removal, which would lead to completely
broken system.
2017-11-03 03:27:10 +01:00
Marek Marczykowski-Górecki
b79aa05014
version 4.0.6 2017-10-07 02:35:09 +02:00
Marek Marczykowski-Górecki
68dd013585
Drop dracut workaround for missing LUKS-related modules
It isn't needed for a long time, but at the same time some modules have
changed names, so now it cause errors/warnings.
2017-10-02 21:38:51 +02:00
Marek Marczykowski-Górecki
54d5c7b35c
qrexec: allow ':' in call target specification
':' is used in DispVM special tags, like '$dispvm:something'.

Fixes QubesOS/qubes-issues#3137
2017-10-01 13:19:42 +02:00
Frédéric Pierret
69d230d065
fix fallthrough: add specific error message with respect to 'select' return value 2017-09-26 23:05:09 +02:00
Marek Marczykowski-Górecki
a93a846687
version 4.0.5 2017-09-15 13:43:44 +02:00
Marek Marczykowski-Górecki
6ba03ed65b
Mark /var/lib/qubes to not expose loop devices pointing inside
DM_UDEV_DISABLE_DISK_RULES_FLAG flag sometimes isn't properly
propagated, so just to be sure, add a flag file
/var/lib/qubes/.qubes-exclude-block-devices to exclude that directory.

Fixes 5c84a0b "udev: don't exclude loop devices pointing outside of
/var/lib/qubes"

QubesOS/qubes-issues#3084
2017-09-15 05:15:23 +02:00
Marek Marczykowski-Górecki
1f6546f484
version 4.0.4 2017-09-12 04:25:04 +02:00
Marek Marczykowski-Górecki
5c84a0be92
udev: don't exclude loop devices pointing outside of /var/lib/qubes
Generally list loop devices in qvm-block, but exclude only those
pointing at files in /var/lib/qubes (VM disk images).

Fixes QubesOS/qubes-issues#3084
2017-09-12 04:22:25 +02:00
Andrew (anoa)
02ced3a639
Switch to createrepo_c
Fixes QubesOS/qubes-core-admin-linux#2815
2017-07-31 20:36:20 -07:00
Marek Marczykowski-Górecki
afa673ff46
version 4.0.3 2017-07-18 05:23:29 +02:00
Marek Marczykowski-Górecki
f609afddb6
Merge remote-tracking branch 'qubesos/pr/28' 2017-07-12 12:54:55 +02:00
Marta Marczykowska-Górecka
6d424f91a5
clock synchronization rewrite
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
Marek Marczykowski-Górecki
955762b71e
version 4.0.2 2017-07-06 19:55:44 +02:00
Marek Marczykowski-Górecki
6ffac092ed
udev: exclude LVM volumes for VM images
QubesOS/qubes-issues#2319
2017-07-06 19:41:44 +02:00
Marek Marczykowski-Górecki
e0ce4a8348
version 4.0.1 2017-07-05 14:28:07 +02:00
Marek Marczykowski-Górecki
2fb94bd3e6
qvm-copy-to-vm: use --service option
qvm-run got --service option, so use it. Old method doesn't work
anymore, because qubes.VMShell service is used, instead of qrexec
command directly.
2017-07-05 14:26:11 +02:00
Marek Marczykowski-Górecki
005fed6cdf
Merge remote-tracking branch 'qubesos/pr/27'
* qubesos/pr/27:
  Fix root.img handling bug
2017-06-07 10:09:03 +02:00
Christopher Laprise
6d251d5c58
Fix root.img handling bug
Per issue https://github.com/QubesOS/qubes-issues/issues/2848
2017-06-07 01:35:34 -04:00
Marek Marczykowski-Górecki
51abb471b9
Instruct qubesd to suspend VMs before going to sleep
Move suspend handling into qubesd.
2017-06-06 20:48:12 +02:00
Marek Marczykowski-Górecki
9b75dd1321
systemd: remove qubes-block-cleaner 2017-06-06 01:25:54 +02:00
Marek Marczykowski-Górecki
8719e5d74c
qrexec: fix pending requests cleanup code (cont)
There was a second place with exactly the same bug. See
dad208a "qrexec: fix pending requests cleanup code" for details.

Fixes QubesOS/qubes-issues#2699
2017-05-29 20:51:16 +02:00
Marek Marczykowski-Górecki
e4cf07c107
rpm: add R: qubes-core-admin-client
qubes-dom0-update script use qvm-run tool, which is in
qubes-core-admin-client package (python3-qubesadmin isn't enough).
Also, this should fix package installation order during install:
template needs to be installed after qubes-core-admin-client (for
qvm-template-postprocess tool). But we can't add this dependency there
directly, as it will not work on Qubes < 4.0.
2017-05-29 05:47:36 +02:00
Marek Marczykowski-Górecki
b69f263c10
Merge remote-tracking branch 'qubesos/pr/22'
* qubesos/pr/22:
  Move qvm-xkill to different repo/pkg
2017-05-28 13:13:00 +02:00
Marek Marczykowski-Górecki
e62acf815a
Really disable lesspipe
Only files with .sh suffix are loaded.

Fixes QubesOS/qubes-issues#2808
2017-05-26 05:44:33 +02:00
Marek Marczykowski-Górecki
1447ecad57
dom0-updates: migrate qubes-receive-updates script to use Admin API
Don't import qubes.xml directly.
2017-05-25 02:20:04 +02:00
Marek Marczykowski-Górecki
1057309951
rpm: drop unused python3-PyQt4 dependency
It was used for policy confirmation, but it isn't in this repository
anymore.
2017-05-25 02:20:04 +02:00
Marek Marczykowski-Górecki
e6cd559b82
Merge remote-tracking branch 'qubesos/pr/26'
* qubesos/pr/26:
  Get rid of forked f23 60-persistent-storage.rules
2017-05-20 14:42:18 +02:00
Marek Marczykowski-Górecki
d9202f8d14
Update qubes-dom0-update script
- don't call removed qvm-sync-clock
- use qvm-start --skip-if-running instead of qvm-run ... true, to start
a VM
- update qvm-run options
- use dnf directly, not through compatibility wrapper
2017-05-20 03:46:33 +02:00
Rusty Bird
6c8df74b7f
Get rid of forked f23 60-persistent-storage.rules
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.

- Do not merge to branches where dom0 is older than Fedora 25 -
2017-05-18 01:42:08 +00:00
Marek Marczykowski-Górecki
6681ad79bc
version 4.0.0 2017-05-18 01:56:26 +02:00
Marek Marczykowski-Górecki
8fd4d9e853
qrexec: adjust for new qrexec-policy
New qrexec-policy can provide information about original target domain,
even if later overriden by policy (using target= keyword).
2017-05-18 01:44:25 +02:00
Marek Marczykowski-Górecki
ad2a976924
Merge branch 'core3-devel' 2017-05-18 01:26:20 +02:00
Marek Marczykowski-Górecki
e36dba5acb
travis: update for Qubes 4.0 2017-05-18 01:16:53 +02:00
Marek Marczykowski-Górecki
22cf6df02f
Move appmenus/icons related to desktop-linux-common
This is the right place for desktop related files - later it will be
installed in GUI VM (but core-admin-linux will not).

QubesOS/qubes-issues#2735
2017-05-17 15:47:13 +02:00
Marek Marczykowski-Górecki
ea6f47bf33
Move main qrexec binaries to /usr/s?bin
/usr/lib/* is a place only for some auxiliary binaries. While in
majority cases, qrexec-client and qrexec-daemon are called from some
other scripts, it is valid to call them directly too.
2017-05-17 14:30:30 +02:00
Marek Marczykowski-Górecki
1502eb4d59
qrexec: switch to new qrexec policy in core-admin
QubesOS/qubes-issues#910
2017-05-17 13:58:55 +02:00
Marek Marczykowski-Górecki
83308758f0
systemd: enable qubesd.service 2017-05-17 13:54:36 +02:00
Marek Marczykowski-Górecki
b629cbfe9e
Merge remote-tracking branch 'qubesos/pr/24'
* qubesos/pr/24:
  Prompt to create policy file for qubes-rpc if not present.
2017-04-21 16:19:50 +02:00
Marek Marczykowski-Górecki
a86c36ceb1
Merge remote-tracking branch 'qubesos/pr/23'
* qubesos/pr/23:
  Flush dnf configuration on updateVM before starting dom0 update
2017-04-21 16:18:18 +02:00
unman
194e0bc3cc
Prompt to create policy file for qubes-rpc if not present. 2017-04-20 22:27:36 +01:00
unman
fa72d66d5d
Flush dnf configuration on updateVM before starting dom0 update 2017-04-20 14:41:19 +01:00