DM_UDEV_DISABLE_DISK_RULES_FLAG flag sometimes isn't properly
propagated, so just to be sure, add a flag file
/var/lib/qubes/.qubes-exclude-block-devices to exclude that directory.
Fixes 5c84a0b "udev: don't exclude loop devices pointing outside of
/var/lib/qubes"
QubesOS/qubes-issues#3084
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )
Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)
fixesQubesOS/qubes-issues#1230
qubes-dom0-update script use qvm-run tool, which is in
qubes-core-admin-client package (python3-qubesadmin isn't enough).
Also, this should fix package installation order during install:
template needs to be installed after qubes-core-admin-client (for
qvm-template-postprocess tool). But we can't add this dependency there
directly, as it will not work on Qubes < 4.0.
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.
- Do not merge to branches where dom0 is older than Fedora 25 -
/usr/lib/* is a place only for some auxiliary binaries. While in
majority cases, qrexec-client and qrexec-daemon are called from some
other scripts, it is valid to call them directly too.
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.
Discussion in https://github.com/QubesOS/qubes-issues/issues/881
Thanks to rustybird for suggested implementation.
The specification doesn't cover how to boot Xen (or any other multiboot
binary), but the sole presence of such directory changes dracut default
path. So get rid of that directory.
Main qubes-core-dom0 should not be installed as part of installer image,
but os-prober dependency pulls that in. So move it into
qubes-core-dom0-kernel-install subpackage. After all this is where grub
config regeneration code is placed, so it is more logical place.
Split kernel-install hook into separate package, as only this part is
needed by the installer. This will prevent installing all the Qubes/Xen
staff in the installer, especially udev scripts and xenstored, which
doesn't play well with anaconda.
Since we now allow using Fedora kernel, add a script to generate proper
bootloader configuration then. Standard Fedora mechanism relies on
Boot Loader Specification support in grub2, which sadly does not support
Xen, so it is useless in Qubes.
F20 yum version have changed a way of parsing system-release package
version (so $releasever variable). Force it to use qubes-release package
version, not redhat-release.
