* origin/pr/48:
Add some comments to qubes.repos.List
Don't write a trailing newline in qubes.repos.List
Add qubes.repos.* services to the RPMs
Print `ok` for repo enable/disable success
Use qrexec service arguments
Properly set the umask for repo files
Enable/disable repos atomically
Use Python whitespace conventions
Rename admin.repos.* to qubes.repos.*
Add admin.repos.* qrexec services
Those files may easily accumulate in large quantities, to the point
where just listing the /etc/lvm/archive directory takes a long time.
This affects every lvm command call, so every VM start/stop.
Those archive files are rarely useful, as Qubes do multiple LVM
operations at each VM startup, so older data is really out of date very
quickly.
Automatically remove files in /etc/lvm/archive older than one day.
FixesQubesOS/qubes-issues#4927FixesQubesOS/qubes-issues#2963
Use the same mechanism as VMs - first it's compatible with Admin API (in
contrary to flag files); second it ease handling it.
Migrate old setting on package upgrade.
While qvm-move and qvm-copy cannot work in dom0, their
absence is confusing. Thus, stub tools that output message
informing the user that these tools are unavailable and
qvm-move-to-vm/qvm-copy-to-vm should be used instead.
fixesQubesOS/qubes-issues#4021
Fix current EFI boot dir discovery script.
Also, adjust scripts order:
50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd
80-grub2 copies it to /boot/initramfs-....img
90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img
Make the above order explicit, rather than relying on xen sorted later
than grub2.
QubesOS/qubes-issues#3234
DM_UDEV_DISABLE_DISK_RULES_FLAG flag sometimes isn't properly
propagated, so just to be sure, add a flag file
/var/lib/qubes/.qubes-exclude-block-devices to exclude that directory.
Fixes 5c84a0b "udev: don't exclude loop devices pointing outside of
/var/lib/qubes"
QubesOS/qubes-issues#3084
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )
Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)
fixesQubesOS/qubes-issues#1230
qubes-dom0-update script use qvm-run tool, which is in
qubes-core-admin-client package (python3-qubesadmin isn't enough).
Also, this should fix package installation order during install:
template needs to be installed after qubes-core-admin-client (for
qvm-template-postprocess tool). But we can't add this dependency there
directly, as it will not work on Qubes < 4.0.
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.
- Do not merge to branches where dom0 is older than Fedora 25 -
/usr/lib/* is a place only for some auxiliary binaries. While in
majority cases, qrexec-client and qrexec-daemon are called from some
other scripts, it is valid to call them directly too.
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.
Discussion in https://github.com/QubesOS/qubes-issues/issues/881
Thanks to rustybird for suggested implementation.
