Commit Graph

78 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
7fdff6a735 rpm: force removal os-prober package
It can be can be harmful, because it accesses (and mounts) every block
device, including VM controlled /dev/loop*.
2015-07-27 17:27:35 +02:00
Marek Marczykowski-Górecki
5e6d3a273d
Prevent installing all the qubes packages in the installer image
Split kernel-install hook into separate package, as only this part is
needed by the installer. This will prevent installing all the Qubes/Xen
staff in the installer, especially udev scripts and xenstored, which
doesn't play well with anaconda.
2015-07-14 23:27:03 +02:00
Marek Marczykowski-Górecki
f056e0341e
rpm: provide qubes-core-dom0-linux-kernel-install virtual pkg
This is for kernel package dependencies, since we have the same kernel
packages for both R2 and R3.0
2015-07-12 01:53:48 +02:00
Marek Marczykowski-Górecki
2a14ae9c0b
Add kernel post-installation script to regenerate grub2 config
Since we now allow using Fedora kernel, add a script to generate proper
bootloader configuration then. Standard Fedora mechanism relies on
Boot Loader Specification support in grub2, which sadly does not support
Xen, so it is useless in Qubes.
2015-07-10 17:54:24 +02:00
Marek Marczykowski-Górecki
8acd40905d Disable lesspipe in dom0
It can be dangerous when processing untrusted content (for example VM
logs).
Details:
https://groups.google.com/d/msgid/qubes-users/20150527215812.GA13915%40mail-itl
2015-06-25 02:37:29 +02:00
Marek Marczykowski-Górecki
5035fc7eed Remove iptables config
Dom0 have no network at all, it isn't needed.
2015-03-31 22:55:25 +02:00
Marek Marczykowski-Górecki
af66472c36 rpm: add missing vchan-devel build requires 2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
8f2a03e672 rpm: fix permissions of /etc/qubes-rpc{,/policy}
Group qubes should have write right there.
2014-10-30 06:40:34 +01:00
Marek Marczykowski-Górecki
1e8b3ea876 rpm: do not save removed udev script
As Qubes dom0 is standalone system, not an addon to Fedora (for some
time...), we do not longer need to save such scripts to handle
package remove.
2014-09-30 23:51:10 +02:00
Marek Marczykowski-Górecki
5af0530e8d udev: prevent VM disks content from being accessed by dom0 processes
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
6f1ba98230 rpm: disable non-Xen grub entry on upgrade 2014-04-14 04:14:18 +02:00
Marek Marczykowski-Górecki
1205d9e01f rpm: fix dom0 updates with F20 firewallvm
F20 yum version have changed a way of parsing system-release package
version (so $releasever variable). Force it to use qubes-release package
version, not redhat-release.
2014-03-04 02:07:50 +01:00
Marek Marczykowski-Górecki
30535e59d2 rpm: require qubes-utils >= 2.0.6 for imgconverter 2014-02-07 05:46:19 +01:00
Marek Marczykowski-Górecki
ea7b4eb5cb rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
Note that R: will be generated automatically (on library name).
2014-02-07 05:36:56 +01:00
Marek Marczykowski-Górecki
7ad1183793 rpm: speedup package installation
Do not rebuild cache after each icon installation.
2013-12-26 05:07:11 +01:00
Marek Marczykowski-Górecki
c000f24def appmenus: fallback hardcoded appmenus for HVM with qrexec installed
If VM didn't returned any appmenus data, the service is most likely not
available there. Actually it hasn't been written yet.
2013-12-04 03:05:34 +01:00
Marek Marczykowski-Górecki
d0509caf9e pm-utils: hook qubes suspend scripts to systemd
Apparently new KDE doesn't call pm-suspend anymore, instead use systemd
suspend logic. So hook our scripts also there.
2013-11-04 01:28:36 +01:00
Marek Marczykowski-Górecki
aa5635b4f5 rpm: fix policy/qubes.SyncAppMenus name (v2) 2013-10-23 05:40:27 +02:00
Marek Marczykowski-Górecki
72b528ddd1 Revert "rpm: fix policy/qubes.SyncAppMenus name"
This reverts commit de087e9b8d.
Mangled two changes together.
2013-10-23 05:39:46 +02:00
Marek Marczykowski-Górecki
de087e9b8d rpm: fix policy/qubes.SyncAppMenus name 2013-10-23 00:25:50 +02:00
Marek Marczykowski-Górecki
b4ab187793 dracut: change the way to include ehci-pci module
Apparently add_drivers doesn't work. Looking at kernel-modules dracut
code, it can only be used for block-device driver and only makes sense
in --host-only mode.
So add additional module, which unconditionally install kernel modules.
2013-08-13 00:39:35 +02:00
Marek Marczykowski
0f384aacd9 spec: create 'qubes' group is not exists
This group can be created also by qubes-core-dom0 package, but add
relevant code also here to simplify dependencies.
2013-03-25 16:21:43 +01:00
Marek Marczykowski
158bfff3cf Add qrexec back, use qubes-utils libraries for common code 2013-03-20 06:24:17 +01:00
Marek Marczykowski
dbe9693851 Other Linux-specific files 2013-03-16 19:52:16 +01:00
Marek Marczykowski
e5f9e46e19 dom0-updates code 2013-03-16 18:54:21 +01:00
Marek Marczykowski
d06bbdc967 appmenus: include standalone qvm-sync-appmenus and its manpage 2013-03-16 18:34:40 +01:00
Marek Marczykowski
5d78289bfe vaio-fixes 2013-03-16 18:24:21 +01:00
Marek Marczykowski
ad522026d3 Initial commit: appmenus handling code, icons 2013-03-16 18:23:22 +01:00