Commit Graph

77 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
2ec29a4d4c
Cleanup lvm archived metadata files
Those files may easily accumulate in large quantities, to the point
where just listing the /etc/lvm/archive directory takes a long time.
This affects every lvm command call, so every VM start/stop.
Those archive files are rarely useful, as Qubes do multiple LVM
operations at each VM startup, so older data is really out of date very
quickly.

Automatically remove files in /etc/lvm/archive older than one day.

Fixes QubesOS/qubes-issues#4927
Fixes QubesOS/qubes-issues#2963
2019-04-02 18:04:26 +02:00
Marek Marczykowski-Górecki
d705fa6ed4
system-config: enable dbus in system- and user- presets
It is no longer enabled by default by systemd package.

QubesOS/qubes-issues#4225
2019-04-01 06:23:21 +02:00
Marek Marczykowski-Górecki
1ffa0d69cb
rpm: add BR: gcc 2019-03-02 16:32:05 +01:00
Marek Marczykowski-Górecki
c03fbecb4e
dom0-updates: use qvm-service for disabling dom0 updates check
Use the same mechanism as VMs - first it's compatible with Admin API (in
contrary to flag files); second it ease handling it.

Migrate old setting on package upgrade.
2018-12-04 21:04:09 +01:00
Marek Marczykowski-Górecki
4495000703
Fix mock-based build 2018-09-29 02:39:23 +02:00
Marek Marczykowski-Górecki
a10d724bb1
Add missing R: createrepo_c
Dom0 update scripts need it.

Fixes QubesOS/qubes-issues#4099
2018-09-02 02:04:35 +02:00
Marta Marczykowska-Górecka
9a039f0753
Added dummy qvm-move/qvm-copy do dom0
While qvm-move and qvm-copy cannot work in dom0, their
absence is confusing. Thus, stub tools that output message
informing the user that these tools are unavailable and
qvm-move-to-vm/qvm-copy-to-vm should be used instead.

fixes QubesOS/qubes-issues#4021
2018-07-16 18:30:36 +02:00
Marek Marczykowski-Górecki
9eefe23f4c
kernel-install: fix initramfs copying scripts
Fix current EFI boot dir discovery script.

Also, adjust scripts order:
50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd
80-grub2 copies it to /boot/initramfs-....img
90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img

Make the above order explicit, rather than relying on xen sorted later
than grub2.

QubesOS/qubes-issues#3234
2018-06-28 02:56:16 +02:00
Frédéric Pierret
ee878fa40a
spec.in: remove useless condition on Fedora 17 which induces problem with Travis 2018-04-04 16:26:14 -04:00
Frédéric Pierret
5b78f21921
spec.in: add changelog placeholder 2018-04-03 22:07:36 +02:00
Frédéric Pierret
a2139b95b5
spec.in for vaio fixes package 2018-04-03 22:07:35 +02:00
Frédéric Pierret
3ae3eae48b
Remove _builddir 2018-04-03 22:07:08 +02:00
Frédéric Pierret
9f591b0578
Create .spec.in and Source0 2018-04-03 22:07:08 +02:00
Marek Marczykowski-Górecki
e8c8515211
rpm: adjust dependencies 2018-02-20 01:13:33 +01:00
Marek Marczykowski-Górecki
21df9d55bb
Add qubes-core-dom0 to dnf protected packages set
This will prevent its accidental removal, which would lead to completely
broken system.
2017-11-03 03:27:10 +01:00
Marek Marczykowski-Górecki
6ba03ed65b
Mark /var/lib/qubes to not expose loop devices pointing inside
DM_UDEV_DISABLE_DISK_RULES_FLAG flag sometimes isn't properly
propagated, so just to be sure, add a flag file
/var/lib/qubes/.qubes-exclude-block-devices to exclude that directory.

Fixes 5c84a0b "udev: don't exclude loop devices pointing outside of
/var/lib/qubes"

QubesOS/qubes-issues#3084
2017-09-15 05:15:23 +02:00
Marek Marczykowski-Górecki
f609afddb6
Merge remote-tracking branch 'qubesos/pr/28' 2017-07-12 12:54:55 +02:00
Marta Marczykowska-Górecka
6d424f91a5
clock synchronization rewrite
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
Marek Marczykowski-Górecki
6ffac092ed
udev: exclude LVM volumes for VM images
QubesOS/qubes-issues#2319
2017-07-06 19:41:44 +02:00
Marek Marczykowski-Górecki
51abb471b9
Instruct qubesd to suspend VMs before going to sleep
Move suspend handling into qubesd.
2017-06-06 20:48:12 +02:00
Marek Marczykowski-Górecki
e4cf07c107
rpm: add R: qubes-core-admin-client
qubes-dom0-update script use qvm-run tool, which is in
qubes-core-admin-client package (python3-qubesadmin isn't enough).
Also, this should fix package installation order during install:
template needs to be installed after qubes-core-admin-client (for
qvm-template-postprocess tool). But we can't add this dependency there
directly, as it will not work on Qubes < 4.0.
2017-05-29 05:47:36 +02:00
Marek Marczykowski-Górecki
b69f263c10
Merge remote-tracking branch 'qubesos/pr/22'
* qubesos/pr/22:
  Move qvm-xkill to different repo/pkg
2017-05-28 13:13:00 +02:00
Marek Marczykowski-Górecki
e62acf815a
Really disable lesspipe
Only files with .sh suffix are loaded.

Fixes QubesOS/qubes-issues#2808
2017-05-26 05:44:33 +02:00
Marek Marczykowski-Górecki
1447ecad57
dom0-updates: migrate qubes-receive-updates script to use Admin API
Don't import qubes.xml directly.
2017-05-25 02:20:04 +02:00
Marek Marczykowski-Górecki
1057309951
rpm: drop unused python3-PyQt4 dependency
It was used for policy confirmation, but it isn't in this repository
anymore.
2017-05-25 02:20:04 +02:00
Rusty Bird
6c8df74b7f
Get rid of forked f23 60-persistent-storage.rules
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.

- Do not merge to branches where dom0 is older than Fedora 25 -
2017-05-18 01:42:08 +00:00
Marek Marczykowski-Górecki
ad2a976924
Merge branch 'core3-devel' 2017-05-18 01:26:20 +02:00
Marek Marczykowski-Górecki
22cf6df02f
Move appmenus/icons related to desktop-linux-common
This is the right place for desktop related files - later it will be
installed in GUI VM (but core-admin-linux will not).

QubesOS/qubes-issues#2735
2017-05-17 15:47:13 +02:00
Marek Marczykowski-Górecki
ea6f47bf33
Move main qrexec binaries to /usr/s?bin
/usr/lib/* is a place only for some auxiliary binaries. While in
majority cases, qrexec-client and qrexec-daemon are called from some
other scripts, it is valid to call them directly too.
2017-05-17 14:30:30 +02:00
Marek Marczykowski-Górecki
1502eb4d59
qrexec: switch to new qrexec policy in core-admin
QubesOS/qubes-issues#910
2017-05-17 13:58:55 +02:00
Jean-Philippe Ouellet
ce56a4cdf3
Move qvm-xkill to different repo/pkg
Tentatively qubes-desktop-linux-common.
2017-03-31 00:55:38 -04:00
Marek Marczykowski-Górecki
b253fdba33
qrexec: update qrexec-policy to python3 2017-02-22 12:14:50 +01:00
Rusty Bird
4d18800bc0
v2: (dom0) qvm-move-to-vm: don't "rm -rf" vm name argument
Fixes QubesOS/qubes-issues#2472 from commit
bc29af7c0c
2016-12-04 16:52:18 +00:00
Jean-Philippe Ouellet
c6e1f0536c
Move qvm-xkill to new tools/ dir 2016-11-28 03:56:45 -05:00
Jean-Philippe Ouellet
be1d984364
Mitigate GUI DoS (part 2: qvm-xkill)
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.

Discussion in https://github.com/QubesOS/qubes-issues/issues/881

Thanks to rustybird for suggested implementation.
2016-11-26 21:59:16 -05:00
Marek Marczykowski-Górecki
c34427e264
rpm: make sure /usr/bin/python (not /bin/python) is used
Otherwise rpm will fail to resolve dependencies (no package provides
/bin/python).
2016-08-08 00:51:50 +02:00
Marek Marczykowski-Górecki
7dccbd1ead
appmenus: convert shell scripts to python
Fixes QubesOS/qubes-issues#1897
2016-08-08 00:51:48 +02:00
Marek Marczykowski-Górecki
9690f52dc5
appmenus: add more tests
QubesOS/qubes-issues#1897
2016-08-08 00:51:48 +02:00
Marek Marczykowski-Górecki
c32fbe14aa
appmenus: add simple unit tests
QubesOS/qubes-issues#1897
2016-08-08 00:51:47 +02:00
Marek Marczykowski-Górecki
acee13bf53
appmenus: use setuptools for packaging
QubesOS/qubes-issues#1897
2016-08-08 00:51:47 +02:00
Marek Marczykowski-Górecki
db32b65d81
appmenus: add xterm in Disposable VM menu entry
Fixes QubesOS/qubes-issues#1612
2016-07-17 00:00:47 +02:00
Marek Marczykowski-Górecki
60488d4439
system-config: add systemd-preset configuration
Fixes QubesOS/qubes-issues#2049
2016-06-06 02:22:58 +02:00
Marek Marczykowski-Górecki
01f357ae3a
dom0-updates: patch dnf.conf to use local repository
Add the same options as for yum. And do that with nice markers, instead
of forcefully overriding the entries.

QubesOS/qubes-issues#1807
2016-06-03 20:21:04 +02:00
Marek Marczykowski-Górecki
8f52c83f0b
Require new enough qubes-utils package for updated libqrexec-utils (again)
It is required for additional file-copy functions, moved from
core-agent-linux (qfile-agent).

QubesOS/qubes-issues#1324
2015-11-11 05:12:42 +01:00
Marek Marczykowski-Górecki
4e498c90e6
Implement qvm-copy-to-vm and qvm-move-to-vm utilities
QubesOS/qubes-issues#1324
2015-11-11 05:09:21 +01:00
Marek Marczykowski-Górecki
520e250966
Require new enough qubes-utils package for updated libqrexec-utils
Required by 0c288aa "qrexec: implement buffered write to child stdin to
prevent deadlock"
2015-10-30 15:10:18 +01:00
Marek Marczykowski-Górecki
867baa7266
kernel-install: add new kernel to xen.cfg for xen.efi
QubesOS/qubes-issues#794
2015-09-26 03:56:16 +02:00
Marek Marczykowski-Górecki
f795e58483
Undo 'Boot Loader Spec' by deleting /boot/MACHINE_ID
The specification doesn't cover how to boot Xen (or any other multiboot
binary), but the sole presence of such directory changes dracut default
path. So get rid of that directory.
2015-08-03 03:00:59 +02:00
Marek Marczykowski-Górecki
e062c431dd
rpm: move os-prober removing code to kernel-install subpackage
Main qubes-core-dom0 should not be installed as part of installer image,
but os-prober dependency pulls that in. So move it into
qubes-core-dom0-kernel-install subpackage. After all this is where grub
config regeneration code is placed, so it is more logical place.
2015-07-29 21:35:04 +02:00
Marek Marczykowski-Górecki
7fdff6a735 rpm: force removal os-prober package
It can be can be harmful, because it accesses (and mounts) every block
device, including VM controlled /dev/loop*.
2015-07-27 17:27:35 +02:00