Commit Graph

352 Commits

Author SHA1 Message Date
Christopher Laprise
ad404bfbe6
Starting mods for template upgrade support 2017-03-12 23:15:45 -04:00
tasket
05b57f4960 Merge pull request #4 from QubesOS/master
Update from original
2017-03-07 02:15:00 -05:00
Marek Marczykowski-Górecki
4f0878ccbf
version 3.2.11 2016-12-06 01:55:11 +01:00
Marek Marczykowski-Górecki
97c13e15f0
travis: remove debootstrap workaround
Moved to qubes-builder
2016-12-06 01:55:06 +01:00
Rusty Bird
4d18800bc0
v2: (dom0) qvm-move-to-vm: don't "rm -rf" vm name argument
Fixes QubesOS/qubes-issues#2472 from commit
bc29af7c0c
2016-12-04 16:52:18 +00:00
Jean-Philippe Ouellet
c6e1f0536c
Move qvm-xkill to new tools/ dir 2016-11-28 03:56:45 -05:00
Jean-Philippe Ouellet
e59c863c23
Fix a typo
Thanks rustybird for catching it.
2016-11-26 23:50:47 -05:00
Jean-Philippe Ouellet
be1d984364
Mitigate GUI DoS (part 2: qvm-xkill)
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.

Discussion in https://github.com/QubesOS/qubes-issues/issues/881

Thanks to rustybird for suggested implementation.
2016-11-26 21:59:16 -05:00
Marek Marczykowski-Górecki
73ba5f805b
version 3.2.10 2016-11-18 03:17:29 +01:00
Marek Marczykowski-Górecki
981a11cee1
qrexec: really do not match 'dom0' at '$anyvm', as documented
Design documentation says:
'note string dom0 does not match the $anyvm pattern; all other names do'

This behaviour was broken, because 'is not' in python isn't the same as
string comparison. In theory this could result in some service
erroneously allowed to execute in dom0, but in practice such services are
not installed in dom0 at all, so the only impact was misleading error
message.

Fixes QubesOS/qubes-issues#2031
Reported by @Jeeppler
2016-11-18 02:51:25 +01:00
Jean-Philippe Ouellet
9b7667c3a5
Ignore EFI boot args when parsing for filename
I need to set some flags in order to boot as described here:
https://www.qubes-os.org/doc/uefi-troubleshooting/

My settings look like this:
    $ efibootmgr -v
    BootCurrent: 0000
    Boot0000* Qubes HD(...)/File(\EFI\qubes\xen.efi)p.l.a.c.e.h.o...

which causes awk to get confused and think my $EFI_DIR should be:
    /EFI/qubesp.l.a.c.e.h.o.l.d.e.r. ./.m.a.p.b.s. ./.n.o.e.x.i.t.b.o.o.t.

This causes the script to later bail:
    if [ ! -d "$EFI_DIR" ]; then
        # non-EFI system
        exit 0;
    fi

So my xen.cfg did not get new entries when installing dom0 kernel packages.
2016-11-11 16:22:23 -05:00
Marek Marczykowski-Górecki
c73dcd2786
Merge remote-tracking branch 'qubesos/pr/12'
* qubesos/pr/12:
  Keep Makefile DRY
2016-11-11 14:24:48 +01:00
Jean-Philippe Ouellet
e24f3535ff
Keep Makefile DRY 2016-11-10 06:42:39 -05:00
Marek Marczykowski-Górecki
35d32aa3d7
version 3.2.9 2016-10-31 14:18:21 +01:00
Marek Marczykowski-Górecki
610902a5c1
Revert "qrexec: fix "yes to all" for qrexec calls with custom argument"
Do not copy policy file at arbitrary time.
This reverts commit 1dff6361b7.
2016-10-31 14:17:54 +01:00
Marek Marczykowski-Górecki
c15841c828
version 3.2.8 2016-10-30 21:32:21 +01:00
Marek Marczykowski-Górecki
1dff6361b7
qrexec: fix "yes to all" for qrexec calls with custom argument
If argument-specific policy file do not exists, create one based on
generic one.

Fixes QubesOS/qubes-issues#2403
Reported by @Rudd-O
2016-10-28 13:28:04 +02:00
Marek Marczykowski-Górecki
2768b22494
version 3.2.7 2016-10-03 11:50:07 +02:00
Marek Marczykowski-Górecki
875866c3c0
Merge remote-tracking branch 'qubesos/pr/11'
* qubesos/pr/11:
  qubes-dom0-update: Show sync and download progress
2016-10-03 11:49:43 +02:00
Marek Marczykowski-Górecki
34ed18527b
Merge branch 'bug1676'
* bug1676:
  install-kernel: handle custom EFI directory
2016-10-03 11:48:19 +02:00
Rusty Bird
be30203d81
qubes-dom0-update: Show sync and download progress
Use "script" (part of util-linux) to fake a dumb terminal in the
updatevm, so dnf will show sync and download progress indicators.
2016-09-05 13:57:07 +00:00
Marek Marczykowski-Górecki
1cee27275e
version 3.2.6 2016-08-31 13:14:55 +02:00
Rusty Bird
c7ad14320f
qrexec-client: Also allow the bell character 2016-08-17 13:10:13 +00:00
Rusty Bird
e005836286
qrexec-client: Filter terminal output much more strictly
qrexec-client -t/-T (and therefore, qvm-run --pass-io) only handled the
escape character, \033. Everything else, such as Unicode and obscure
control characters, was passed through from the VM to the dom0 terminal.

Instead, replace all bytes except for a benign subset of ASCII. That's
still enough to allow progress bars to be drawn (tested using
"wget --progress=bar:force" and "pv --force").
2016-08-17 02:41:38 +02:00
Marek Marczykowski-Górecki
37f92396c4
install-kernel: handle custom EFI directory
Fixes QubesOS/qubes-issues#1676
2016-07-21 14:16:52 +02:00
Marek Marczykowski-Górecki
769e70e76a
version 3.2.5 2016-07-17 04:57:35 +02:00
Marek Marczykowski-Górecki
db32b65d81
appmenus: add xterm in Disposable VM menu entry
Fixes QubesOS/qubes-issues#1612
2016-07-17 00:00:47 +02:00
Marek Marczykowski-Górecki
7080c0371d
appmenus: force X-Qubes-VM category for all VM-related entries
This will ease filtering entries when constructing applications menu.
For example '<OnlyUnallocated/>' key used in Xfce4 before looks to
introduce some problems.

Fixes QubesOS/qubes-issues#2129
2016-07-15 11:31:27 +02:00
Marek Marczykowski-Górecki
e90c8a97ff
appmenus: fix detection of desktop environment
In Fedora 23-based dom0, DESKTOP_SESSION environment contains full path
to session file, instead of just basename.

QubesOS/qubes-issues#1606
2016-07-14 04:32:16 +02:00
Marek Marczykowski-Górecki
6cd45f88c5
Merge remote-tracking branch 'qubesos/pr/8'
* qubesos/pr/8:
  Don't probe disk contents of loop* or xvd*
  Copy unmodified(!) 60-persistent-storage.rules from Fedora 23
2016-06-26 22:03:18 +02:00
Rusty Bird
fe6846d5eb
Add AEM services to 75-qubes-dom0.preset
They will only start if booted with rd.antievilmaid anyway.
2016-06-26 15:17:38 +00:00
Rusty Bird
ae7656e348
Don't probe disk contents of loop* or xvd*
Adds a standalone rule to the very top of 60-persistent-storage.rules.
2016-06-26 12:51:20 +00:00
Rusty Bird
e85363da20
Copy unmodified(!) 60-persistent-storage.rules from Fedora 23 2016-06-26 12:36:31 +00:00
Marek Marczykowski-Górecki
db8aa6cf15
version 3.2.4 2016-06-24 23:07:32 +02:00
Marek Marczykowski-Górecki
d9b37eec6c
dom0-updates: whitespace fixes 2016-06-24 02:24:52 +02:00
Marek Marczykowski-Górecki
3eed63b892
Merge remote-tracking branch 'ttasket/ttasket-patch-3'
Fixes QubesOS/qubes-issues#2061

* ttasket/ttasket-patch-3:
  Fixes
  Re-create private.img if missing
  Try to handle private.img (fail)
  Fix syntax
  Backup root.img
  Update qubes-dom0-update
  Backup root.img
  Backup root.img
  Support in-place template reinstalls - for testing
  Add template reinstall support
2016-06-24 02:22:45 +02:00
ttasket
fbb58918af Fixes
Moved create private.img before yum.
Shutdown templatevm first -- don't want to query possibly compromised vm running old private.img.
Issue #2061
2016-06-21 15:15:34 -04:00
ttasket
ef1ab34234 Re-create private.img if missing
This restores the netvm setting and also re-creates private.img if older rpm scriptlet doesn't create it.
Issue #2061
2016-06-21 10:57:57 -04:00
ttasket
577944c8fb Try to handle private.img (fail)
mv and rm private.img like root.img, but this results in no private.img after reinstall.
do not use.
2016-06-20 14:04:55 -04:00
ttasket
457b275800 Fix syntax
@marmarek This works on my system.
2016-06-20 13:36:30 -04:00
ttasket
32a4269f4a Backup root.img
Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails.
Also preserves Netvm prefs setting.
2016-06-18 12:00:00 -04:00
ttasket
d316624f61 Update qubes-dom0-update 2016-06-18 05:24:18 -04:00
ttasket
8c7a225070 Backup root.img
Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails. Fixed PKGS test.
2016-06-18 04:22:23 -04:00
ttasket
6c7c25d9e7 Backup root.img
Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails.
2016-06-18 03:02:46 -04:00
ttasket
17627cdf3c Support in-place template reinstalls - for testing
This doesn't yet prevent appvms from starting with invalid template during the reinstall, and doesn't deal with the Netvm setting problem.
For issue #2061
2016-06-16 07:59:28 -04:00
ttasket
6b315b1dad Add template reinstall support
Issue #2061
Simple implementation checks for --action=reinstall but adds no sanity checks.
2016-06-12 12:05:28 -04:00
Marek Marczykowski-Górecki
30aac6b6a8
version 3.2.3 2016-06-07 06:13:07 +02:00
Marek Marczykowski-Górecki
60488d4439
system-config: add systemd-preset configuration
Fixes QubesOS/qubes-issues#2049
2016-06-06 02:22:58 +02:00
Marek Marczykowski-Górecki
4d4e7cc5e9
kernel-install: do not add kernel entry if already present
The entry may be already present for example when reinstalling package,
or calling the script multiple times (which apparently is the case
during system installation).
2016-06-03 20:51:18 +02:00
Marek Marczykowski-Górecki
dc9e3c9c11
travis: initial version
QubesOS/qubes-issues#1926
2016-06-03 20:23:10 +02:00