Commit Graph

471 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
9b75dd1321
systemd: remove qubes-block-cleaner 2017-06-06 01:25:54 +02:00
Marek Marczykowski-Górecki
8719e5d74c
qrexec: fix pending requests cleanup code (cont)
There was a second place with exactly the same bug. See
dad208a "qrexec: fix pending requests cleanup code" for details.

Fixes QubesOS/qubes-issues#2699
2017-05-29 20:51:16 +02:00
Marek Marczykowski-Górecki
e4cf07c107
rpm: add R: qubes-core-admin-client
qubes-dom0-update script use qvm-run tool, which is in
qubes-core-admin-client package (python3-qubesadmin isn't enough).
Also, this should fix package installation order during install:
template needs to be installed after qubes-core-admin-client (for
qvm-template-postprocess tool). But we can't add this dependency there
directly, as it will not work on Qubes < 4.0.
2017-05-29 05:47:36 +02:00
Marek Marczykowski-Górecki
b69f263c10
Merge remote-tracking branch 'qubesos/pr/22'
* qubesos/pr/22:
  Move qvm-xkill to different repo/pkg
2017-05-28 13:13:00 +02:00
Marek Marczykowski-Górecki
e62acf815a
Really disable lesspipe
Only files with .sh suffix are loaded.

Fixes QubesOS/qubes-issues#2808
2017-05-26 05:44:33 +02:00
Marek Marczykowski-Górecki
1447ecad57
dom0-updates: migrate qubes-receive-updates script to use Admin API
Don't import qubes.xml directly.
2017-05-25 02:20:04 +02:00
Marek Marczykowski-Górecki
1057309951
rpm: drop unused python3-PyQt4 dependency
It was used for policy confirmation, but it isn't in this repository
anymore.
2017-05-25 02:20:04 +02:00
Marek Marczykowski-Górecki
e6cd559b82
Merge remote-tracking branch 'qubesos/pr/26'
* qubesos/pr/26:
  Get rid of forked f23 60-persistent-storage.rules
2017-05-20 14:42:18 +02:00
Marek Marczykowski-Górecki
d9202f8d14
Update qubes-dom0-update script
- don't call removed qvm-sync-clock
- use qvm-start --skip-if-running instead of qvm-run ... true, to start
a VM
- update qvm-run options
- use dnf directly, not through compatibility wrapper
2017-05-20 03:46:33 +02:00
Rusty Bird
6c8df74b7f
Get rid of forked f23 60-persistent-storage.rules
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.

- Do not merge to branches where dom0 is older than Fedora 25 -
2017-05-18 01:42:08 +00:00
Marek Marczykowski-Górecki
6681ad79bc
version 4.0.0 2017-05-18 01:56:26 +02:00
Marek Marczykowski-Górecki
8fd4d9e853
qrexec: adjust for new qrexec-policy
New qrexec-policy can provide information about original target domain,
even if later overriden by policy (using target= keyword).
2017-05-18 01:44:25 +02:00
Marek Marczykowski-Górecki
ad2a976924
Merge branch 'core3-devel' 2017-05-18 01:26:20 +02:00
Marek Marczykowski-Górecki
e36dba5acb
travis: update for Qubes 4.0 2017-05-18 01:16:53 +02:00
Marek Marczykowski-Górecki
22cf6df02f
Move appmenus/icons related to desktop-linux-common
This is the right place for desktop related files - later it will be
installed in GUI VM (but core-admin-linux will not).

QubesOS/qubes-issues#2735
2017-05-17 15:47:13 +02:00
Marek Marczykowski-Górecki
ea6f47bf33
Move main qrexec binaries to /usr/s?bin
/usr/lib/* is a place only for some auxiliary binaries. While in
majority cases, qrexec-client and qrexec-daemon are called from some
other scripts, it is valid to call them directly too.
2017-05-17 14:30:30 +02:00
Marek Marczykowski-Górecki
1502eb4d59
qrexec: switch to new qrexec policy in core-admin
QubesOS/qubes-issues#910
2017-05-17 13:58:55 +02:00
Marek Marczykowski-Górecki
83308758f0
systemd: enable qubesd.service 2017-05-17 13:54:36 +02:00
Marek Marczykowski-Górecki
b629cbfe9e
Merge remote-tracking branch 'qubesos/pr/24'
* qubesos/pr/24:
  Prompt to create policy file for qubes-rpc if not present.
2017-04-21 16:19:50 +02:00
Marek Marczykowski-Górecki
a86c36ceb1
Merge remote-tracking branch 'qubesos/pr/23'
* qubesos/pr/23:
  Flush dnf configuration on updateVM before starting dom0 update
2017-04-21 16:18:18 +02:00
unman
194e0bc3cc
Prompt to create policy file for qubes-rpc if not present. 2017-04-20 22:27:36 +01:00
unman
fa72d66d5d
Flush dnf configuration on updateVM before starting dom0 update 2017-04-20 14:41:19 +01:00
Jean-Philippe Ouellet
ce56a4cdf3
Move qvm-xkill to different repo/pkg
Tentatively qubes-desktop-linux-common.
2017-03-31 00:55:38 -04:00
Jean-Philippe Ouellet
5e0df3d2cc
Remove dates from man pages
Counterpart to https://github.com/QubesOS/qubes-core-admin/pull/94
2017-03-16 05:44:58 -04:00
Marek Marczykowski-Górecki
9ea58a2ce2
Merge remote-tracking branch 'qubesos/pr/20'
* qubesos/pr/20:
  Fixes
  Starting mods for template upgrade support
2017-03-15 17:43:22 +01:00
Christopher Laprise
25f1801061
Fixes 2017-03-15 10:10:36 -04:00
M. Vefa Bicakci
e6e2404d24
dracut: Do not fail if Xen components are built into the kernel
Prior to this commit, if the Linux kernel's Xen-related components were
built into the kernel (as opposed to the use of kernel modules), then
the dracut module initialization would fail during the generation of the
initial ramdisk image.

This commit corrects this issue by using an if/then block.

Signed-off-by: M. Vefa Bicakci <m.v.b@runbox.com>
2017-03-14 17:20:05 +03:00
Christopher Laprise
ad404bfbe6
Starting mods for template upgrade support 2017-03-12 23:15:45 -04:00
Marek Marczykowski-Górecki
eb12a8cfc6
version 3.2.12 2017-03-13 03:32:25 +01:00
Marek Marczykowski-Górecki
dad208a0d5
qrexec: fix pending requests cleanup code
There was a logic error in pending requests cleanup code, causing
policy_pending_max being set to 0, even if there were more pending
requests. This effectively limited maximum pending requests to 1, after
some system uptime, because policy_pending_max set to 0 makes the code
looks only at the first pending request slot.

While at it, remove outdated FIXME comment, actually this bug is in the
code implementing this FIXME.

Fixes QubesOS/qubes-issues#2699
2017-03-13 03:17:27 +01:00
Marek Marczykowski-Górecki
723d32b8b7
qrexec: fix pending requests cleanup code
There was a logic error in pending requests cleanup code, causing
policy_pending_max being set to 0, even if there were more pending
requests. This effectively limited maximum pending requests to 1, after
some system uptime, because policy_pending_max set to 0 makes the code
looks only at the first pending request slot.

While at it, remove outdated FIXME comment, actually this bug is in the
code implementing this FIXME.

Fixes QubesOS/qubes-issues#2699
2017-03-13 03:16:34 +01:00
tasket
05b57f4960 Merge pull request #4 from QubesOS/master
Update from original
2017-03-07 02:15:00 -05:00
Marek Marczykowski-Górecki
452b6c4ae2
dom0-updates: code style fixes 2017-02-27 00:15:40 +01:00
Marek Marczykowski-Górecki
514c27d681
dom0-updates: update qubes-receive-updates to python3 2017-02-27 00:15:39 +01:00
Marek Marczykowski-Górecki
b253fdba33
qrexec: update qrexec-policy to python3 2017-02-22 12:14:50 +01:00
Marek Marczykowski-Górecki
b370eea13c
travis: drop debootstrap workaround
Move to qubes-builder

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2017-01-10 12:15:47 +01:00
Marek Marczykowski-Górecki
4f0878ccbf
version 3.2.11 2016-12-06 01:55:11 +01:00
Marek Marczykowski-Górecki
97c13e15f0
travis: remove debootstrap workaround
Moved to qubes-builder
2016-12-06 01:55:06 +01:00
Rusty Bird
4d18800bc0
v2: (dom0) qvm-move-to-vm: don't "rm -rf" vm name argument
Fixes QubesOS/qubes-issues#2472 from commit
bc29af7c0c
2016-12-04 16:52:18 +00:00
Jean-Philippe Ouellet
c6e1f0536c
Move qvm-xkill to new tools/ dir 2016-11-28 03:56:45 -05:00
Jean-Philippe Ouellet
e59c863c23
Fix a typo
Thanks rustybird for catching it.
2016-11-26 23:50:47 -05:00
Jean-Philippe Ouellet
be1d984364
Mitigate GUI DoS (part 2: qvm-xkill)
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.

Discussion in https://github.com/QubesOS/qubes-issues/issues/881

Thanks to rustybird for suggested implementation.
2016-11-26 21:59:16 -05:00
Marek Marczykowski-Górecki
73ba5f805b
version 3.2.10 2016-11-18 03:17:29 +01:00
Marek Marczykowski-Górecki
981a11cee1
qrexec: really do not match 'dom0' at '$anyvm', as documented
Design documentation says:
'note string dom0 does not match the $anyvm pattern; all other names do'

This behaviour was broken, because 'is not' in python isn't the same as
string comparison. In theory this could result in some service
erroneously allowed to execute in dom0, but in practice such services are
not installed in dom0 at all, so the only impact was misleading error
message.

Fixes QubesOS/qubes-issues#2031
Reported by @Jeeppler
2016-11-18 02:51:25 +01:00
Jean-Philippe Ouellet
9b7667c3a5
Ignore EFI boot args when parsing for filename
I need to set some flags in order to boot as described here:
https://www.qubes-os.org/doc/uefi-troubleshooting/

My settings look like this:
    $ efibootmgr -v
    BootCurrent: 0000
    Boot0000* Qubes HD(...)/File(\EFI\qubes\xen.efi)p.l.a.c.e.h.o...

which causes awk to get confused and think my $EFI_DIR should be:
    /EFI/qubesp.l.a.c.e.h.o.l.d.e.r. ./.m.a.p.b.s. ./.n.o.e.x.i.t.b.o.o.t.

This causes the script to later bail:
    if [ ! -d "$EFI_DIR" ]; then
        # non-EFI system
        exit 0;
    fi

So my xen.cfg did not get new entries when installing dom0 kernel packages.
2016-11-11 16:22:23 -05:00
Marek Marczykowski-Górecki
c73dcd2786
Merge remote-tracking branch 'qubesos/pr/12'
* qubesos/pr/12:
  Keep Makefile DRY
2016-11-11 14:24:48 +01:00
Jean-Philippe Ouellet
e24f3535ff
Keep Makefile DRY 2016-11-10 06:42:39 -05:00
Marek Marczykowski-Górecki
4efedd2951
appmenus: retrieve appmenus during template installation
Hardcoded call to qvm-sync-appmenus in template post-install is no
longer used, handle appropriate event.

QubesOS/qubes-issues#2412
2016-11-02 23:29:55 +01:00
Marek Marczykowski-Górecki
90b18a1ec1
appmenus: add qvm-sync-appmenus --regenerate-only
This is especially useful when something goes wrong (like accidentally
removing entries).
2016-11-02 23:27:06 +01:00
Marek Marczykowski-Górecki
ef47bda417
appmenus: add few docstrings 2016-11-02 23:26:11 +01:00