Commit Graph

534 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
6d08882978
version 4.0.15 2018-07-03 21:08:56 +02:00
Marek Marczykowski-Górecki
9eefe23f4c
kernel-install: fix initramfs copying scripts
Fix current EFI boot dir discovery script.

Also, adjust scripts order:
50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd
80-grub2 copies it to /boot/initramfs-....img
90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img

Make the above order explicit, rather than relying on xen sorted later
than grub2.

QubesOS/qubes-issues#3234
2018-06-28 02:56:16 +02:00
Marek Marczykowski-Górecki
53730c4ba2
kernel-install: remove EFI variant of BLS dirs too
Remove also EFI version of BootLoader Specification dirs. This will:
- really force to re-generate initramfs during installation, after all
relevant configs are updated; previously, dracut (called by anaconda
through kernel-install) refuse to update already existing
/boot/efi/.../initrd file.
- save some precious space in /boot/efi

Fixes QubesOS/qubes-issues#3234
2018-06-27 03:59:05 +02:00
Marek Marczykowski-Górecki
861ddc9ce0
kernel-install: cleanup old kernel binary on remove
Don't let kernel images accumulate on EFI partition.
2018-05-22 19:51:47 +02:00
Marek Marczykowski-Górecki
03959b670c
dom0-updates: display GUI notification about no updates
If no updates are available, display some notification about that (when
GUI mode requested). Otherwise user has no idea what happened (update
failed? still doing something?).

Fixes QubesOS/qubes-issues#3751
2018-04-21 02:58:30 +02:00
Frédéric Pierret
ee878fa40a
spec.in: remove useless condition on Fedora 17 which induces problem with Travis 2018-04-04 16:26:14 -04:00
Frédéric Pierret
5b78f21921
spec.in: add changelog placeholder 2018-04-03 22:07:36 +02:00
Frédéric Pierret
a2139b95b5
spec.in for vaio fixes package 2018-04-03 22:07:35 +02:00
Frédéric Pierret
3ae3eae48b
Remove _builddir 2018-04-03 22:07:08 +02:00
Frédéric Pierret
9f591b0578
Create .spec.in and Source0 2018-04-03 22:07:08 +02:00
Marek Marczykowski-Górecki
565fb3dc3a
version 4.0.14 2018-03-28 04:14:02 +02:00
Marek Marczykowski-Górecki
bcf7c9e978
kernel-install: use up to date initramfs
During installation, /usr/lib/kernel/install.d/50-dracut.install
generate initramfs in $BOOT_DIR_ABS. It is important to use that one,
even if there is one in /boot/initramfs-*.img already, because it was
generated later and contains all required config files (including
keyboard layout for entering LUKS passphrase).

This fixes d1f3be0eed "kernel-install:
avoid creating initramfs multiple times".

Fixes QubesOS/qubes-issues#3234
2018-03-27 19:20:36 +02:00
Marek Marczykowski-Górecki
7c1cad00b0
version 4.0.13 2018-03-04 03:47:13 +01:00
Marek Marczykowski-Górecki
bae443dfce
systemd-preset: enable fstrim.timer
On LVM thin it is easy to fill the pool if fstrim (or 'discard' mount
option) isn't used from time to time. Enable fstrim.timer by default,
which will do fstrim once a week.
2018-03-04 03:43:54 +01:00
Marek Marczykowski-Górecki
d924270bb1
version 4.0.12 2018-03-04 02:51:32 +01:00
Marek Marczykowski-Górecki
d1f3be0eed
kernel-install: avoid creating initramfs multiple times
There are multiple places where initramfs can be created:
 - /boot/iniramfs-*.img
 - /boot/$MACHINE_ID/.../initrd (unused on Qubes, but created by Fedora
   scripts)
 - /boot/efi/EFI/.../initramfs-*.img

Do not generate all of those from scratch, but try to reuse existing
image (if exists). Since one dracut call may last even 5 minutes, this
change should greatly reduce installation time.

Fixes QubesOS/qubes-issues#3637
2018-02-27 23:19:50 +01:00
Marek Marczykowski-Górecki
6cef3f3966
Merge remote-tracking branch 'qubesos/pr/38'
* qubesos/pr/38:
  Bad spaces
  Add -p to mkdir to skip error if dir already exists
  Make dir dom0-updates if not exists on UpdateVM

Fixes QubesOS/qubes-issues#3620
2018-02-25 21:26:11 +01:00
Marek Marczykowski-Górecki
cd23a035c5
qrexec: use distinct exit code for timeout
This will allow for better error reporting
2018-02-25 13:12:34 +01:00
donoban
dbb22f6335
Bad spaces 2018-02-25 12:17:48 +01:00
donoban
31548737c6
Add -p to mkdir to skip error if dir already exists 2018-02-25 12:14:39 +01:00
donoban
994bd72363
Make dir dom0-updates if not exists on UpdateVM
https://github.com/QubesOS/qubes-issues/issues/3620
2018-02-23 10:48:06 +01:00
Marek Marczykowski-Górecki
d48f5599d3
Merge remote-tracking branch 'qubesos/pr/37'
* qubesos/pr/37:
  Fix typos in qubes-dom0-update
2018-02-22 21:38:42 +01:00
Marek Marczykowski-Górecki
cfc424667a
version 4.0.11 2018-02-20 01:14:06 +01:00
Marek Marczykowski-Górecki
e8c8515211
rpm: adjust dependencies 2018-02-20 01:13:33 +01:00
Marek Marczykowski-Górecki
c129ce2e4d
qrexec: forbid '$' in target and service name
Those parameters eventually may eventually be passed to a shell script
(at least /usr/lib/qubes/qubes-rpc-multiplexer). While it is possible to
properly escape shell special characters, lets do safer and less fragile
thing: forbid such characters entirely.
In case of target name, qrexec policy keywords are allowed, and after
recent change, those contains '@', so allow this char.
2018-02-19 03:30:26 +01:00
Marek Marczykowski-Górecki
d54d953af1
qrexec: use separate variables for original target type and value
Avoid passing special characters (like '$' or '@') to the service, even
if in environment variable. Use separate variable (and
qubes-rpc-multiplexer argument) to provide type of original target.
There are two:
 - specific VM by name ("name")
 - special name, like $adminvm, $dispvm etc ("keyword")

Then, use separate variables to provide actual value:
 - QREXEC_REQUESTED_TARGET_KEYWORD (if _TYPE == "keyword")
 - QREXEC_REQUESTED_TARGET (if _TYPE == "name")

The later one intentionally is the same as in previous implementation,
to preserve compatibility.
2018-02-19 03:30:04 +01:00
Marek Marczykowski-Górecki
32b0c659a1
qrexec: use exec_qubes_rpc_if_requested() from qubes-utils
This avoids duplicating service call parsing in multiple places. For
dom0 part it was in qrexec-policy tool.
Also, add execl() error handling.
2018-02-16 04:22:48 +01:00
Miguel Jacq
6a792ed056
Fix typos in qubes-dom0-update 2018-02-12 16:48:52 +11:00
Marek Marczykowski-Górecki
bdebfe330a
version 4.0.10 2018-01-19 18:13:44 +01:00
Rusty Bird
629d02948f
Don't let udev parse 'file' driver .img anywhere 2018-01-19 18:04:56 +01:00
Marek Marczykowski-Górecki
da61441bf9
version 4.0.9 2018-01-18 19:49:06 +01:00
Marek Marczykowski-Górecki
21c951201c
Merge remote-tracking branch 'qubesos/pr/36'
* qubesos/pr/36:
  Fix fall through
2018-01-12 17:34:10 +01:00
Marek Marczykowski-Górecki
b07706fd7a
dom0-updates: launch console update in terminal emulator as "GUI"
GUI updaters and Packagekit are confused by networkless dom0 and often
report that:
 - cannot check for updates (because of no network connection)
 - no updates are available, even if they are

The latter happen mostly because PackageKit does not load dnf.conf, so
try to use /etc/yum.repos.d (network repositories) instead of
/etc/yum.real.repos.d (local cache, downloaded by qubes-dom0-update).
Currently PackageKit does not support configuring it, the path is
hardcoded.

Until both of above issues get fixed, prefer console updater.

Fixes QubesOS/qubes-issues#1378
2018-01-12 04:54:07 +01:00
BaN-Co
3a176fa658
Fix fall through
It's necessary to add the break at the end of "case -1" statement else the compiler will treat it as fall through and GCC 7 will throw an error because of -Werror=implicit-fallthrough=.
2018-01-09 15:36:37 +07:00
Marek Marczykowski-Górecki
8689170368
dom0-updates: move PackageKit cache refresh to GUI handling
PackageKit is used only by GUI updaters, refresh its cache only then.
Since PackageKit daemon do not read dnf.conf, it doesn't know  the right
repository location, so try to access network, which results in
timeouts. But at the same time, it invalidate previous cache, which is
what we need.
Do not delay every qubes-dom0-update call by pkcon call.
2018-01-08 01:40:18 +01:00
Marek Marczykowski-Górecki
6c8537fab1
version 4.0.8 2017-12-23 02:53:11 +01:00
Jean-Philippe Ouellet
c69662eb28
Improve qrexec protocol mismatch error dialog
- only have one button, because "yes/no" makes no sense in this context
- inform use to use "-t pv" for xl console, because otherwise it won't
  work for HVM domains.
- use the actual VM name, not "vmname"
2017-12-07 14:42:33 -05:00
Marek Marczykowski-Górecki
be9e759697
Merge remote-tracking branch 'qubesos/pr/33'
* qubesos/pr/33:
  qubes-dom0-update: Adapt template backup failsafe for R4
2017-12-05 23:10:02 +01:00
Marek Marczykowski-Górecki
7902979470
Merge remote-tracking branch 'qubesos/pr/32'
* qubesos/pr/32:
  qubes-dom0-update: Simplify
2017-12-05 23:06:12 +01:00
Jean-Philippe Ouellet
552fd062ea
qubes-dom0-update: Adapt template backup failsafe for R4
Perhaps the UpdateVM template should be temporarily switched to the
backup too. That would make it really failsafe. Currently it requires
manual recovery (by setting template of UpdateVM to the backup).
2017-11-30 08:52:13 -05:00
Jean-Philippe Ouellet
aeb04e24e2
qubes-dom0-update: Simplify
qvm-run auto-starts VMs by default
2017-11-30 08:51:14 -05:00
Jean-Philippe Ouellet
686db90032
qubes-dom0-update: Remove dependency on Xen as vmm 2017-11-30 08:46:28 -05:00
Marek Marczykowski-Górecki
7a644b6d61
version 4.0.7 2017-11-03 22:37:48 +01:00
Marek Marczykowski-Górecki
21df9d55bb
Add qubes-core-dom0 to dnf protected packages set
This will prevent its accidental removal, which would lead to completely
broken system.
2017-11-03 03:27:10 +01:00
Marek Marczykowski-Górecki
b79aa05014
version 4.0.6 2017-10-07 02:35:09 +02:00
Marek Marczykowski-Górecki
68dd013585
Drop dracut workaround for missing LUKS-related modules
It isn't needed for a long time, but at the same time some modules have
changed names, so now it cause errors/warnings.
2017-10-02 21:38:51 +02:00
Marek Marczykowski-Górecki
54d5c7b35c
qrexec: allow ':' in call target specification
':' is used in DispVM special tags, like '$dispvm:something'.

Fixes QubesOS/qubes-issues#3137
2017-10-01 13:19:42 +02:00
Frédéric Pierret
69d230d065
fix fallthrough: add specific error message with respect to 'select' return value 2017-09-26 23:05:09 +02:00
Marek Marczykowski-Górecki
a93a846687
version 4.0.5 2017-09-15 13:43:44 +02:00
Marek Marczykowski-Górecki
6ba03ed65b
Mark /var/lib/qubes to not expose loop devices pointing inside
DM_UDEV_DISABLE_DISK_RULES_FLAG flag sometimes isn't properly
propagated, so just to be sure, add a flag file
/var/lib/qubes/.qubes-exclude-block-devices to exclude that directory.

Fixes 5c84a0b "udev: don't exclude loop devices pointing outside of
/var/lib/qubes"

QubesOS/qubes-issues#3084
2017-09-15 05:15:23 +02:00