Marek Marczykowski-Górecki
e62acf815a
Really disable lesspipe
...
Only files with .sh suffix are loaded.
Fixes QubesOS/qubes-issues#2808
7 years ago
Marek Marczykowski-Górecki
1447ecad57
dom0-updates: migrate qubes-receive-updates script to use Admin API
...
Don't import qubes.xml directly.
7 years ago
Marek Marczykowski-Górecki
1057309951
rpm: drop unused python3-PyQt4 dependency
...
It was used for policy confirmation, but it isn't in this repository
anymore.
7 years ago
Rusty Bird
6c8df74b7f
Get rid of forked f23 60-persistent-storage.rules
...
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.
- Do not merge to branches where dom0 is older than Fedora 25 -
7 years ago
Marek Marczykowski-Górecki
ad2a976924
Merge branch 'core3-devel'
7 years ago
Marek Marczykowski-Górecki
22cf6df02f
Move appmenus/icons related to desktop-linux-common
...
This is the right place for desktop related files - later it will be
installed in GUI VM (but core-admin-linux will not).
QubesOS/qubes-issues#2735
7 years ago
Marek Marczykowski-Górecki
ea6f47bf33
Move main qrexec binaries to /usr/s?bin
...
/usr/lib/* is a place only for some auxiliary binaries. While in
majority cases, qrexec-client and qrexec-daemon are called from some
other scripts, it is valid to call them directly too.
7 years ago
Marek Marczykowski-Górecki
1502eb4d59
qrexec: switch to new qrexec policy in core-admin
...
QubesOS/qubes-issues#910
7 years ago
Marek Marczykowski-Górecki
b253fdba33
qrexec: update qrexec-policy to python3
7 years ago
Rusty Bird
4d18800bc0
v2: (dom0) qvm-move-to-vm: don't "rm -rf" vm name argument
...
Fixes QubesOS/qubes-issues#2472 from commit
bc29af7c0c
8 years ago
Jean-Philippe Ouellet
c6e1f0536c
Move qvm-xkill to new tools/ dir
8 years ago
Jean-Philippe Ouellet
be1d984364
Mitigate GUI DoS (part 2: qvm-xkill)
...
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.
Discussion in https://github.com/QubesOS/qubes-issues/issues/881
Thanks to rustybird for suggested implementation.
8 years ago
Marek Marczykowski-Górecki
c34427e264
rpm: make sure /usr/bin/python (not /bin/python) is used
...
Otherwise rpm will fail to resolve dependencies (no package provides
/bin/python).
8 years ago
Marek Marczykowski-Górecki
7dccbd1ead
appmenus: convert shell scripts to python
...
Fixes QubesOS/qubes-issues#1897
8 years ago
Marek Marczykowski-Górecki
9690f52dc5
appmenus: add more tests
...
QubesOS/qubes-issues#1897
8 years ago
Marek Marczykowski-Górecki
c32fbe14aa
appmenus: add simple unit tests
...
QubesOS/qubes-issues#1897
8 years ago
Marek Marczykowski-Górecki
acee13bf53
appmenus: use setuptools for packaging
...
QubesOS/qubes-issues#1897
8 years ago
Marek Marczykowski-Górecki
db32b65d81
appmenus: add xterm in Disposable VM menu entry
...
Fixes QubesOS/qubes-issues#1612
8 years ago
Marek Marczykowski-Górecki
60488d4439
system-config: add systemd-preset configuration
...
Fixes QubesOS/qubes-issues#2049
8 years ago
Marek Marczykowski-Górecki
01f357ae3a
dom0-updates: patch dnf.conf to use local repository
...
Add the same options as for yum. And do that with nice markers, instead
of forcefully overriding the entries.
QubesOS/qubes-issues#1807
8 years ago
Marek Marczykowski-Górecki
8f52c83f0b
Require new enough qubes-utils package for updated libqrexec-utils (again)
...
It is required for additional file-copy functions, moved from
core-agent-linux (qfile-agent).
QubesOS/qubes-issues#1324
9 years ago
Marek Marczykowski-Górecki
4e498c90e6
Implement qvm-copy-to-vm and qvm-move-to-vm utilities
...
QubesOS/qubes-issues#1324
9 years ago
Marek Marczykowski-Górecki
520e250966
Require new enough qubes-utils package for updated libqrexec-utils
...
Required by 0c288aa
"qrexec: implement buffered write to child stdin to
prevent deadlock"
9 years ago
Marek Marczykowski-Górecki
867baa7266
kernel-install: add new kernel to xen.cfg for xen.efi
...
QubesOS/qubes-issues#794
9 years ago
Marek Marczykowski-Górecki
f795e58483
Undo 'Boot Loader Spec' by deleting /boot/MACHINE_ID
...
The specification doesn't cover how to boot Xen (or any other multiboot
binary), but the sole presence of such directory changes dracut default
path. So get rid of that directory.
9 years ago
Marek Marczykowski-Górecki
e062c431dd
rpm: move os-prober removing code to kernel-install subpackage
...
Main qubes-core-dom0 should not be installed as part of installer image,
but os-prober dependency pulls that in. So move it into
qubes-core-dom0-kernel-install subpackage. After all this is where grub
config regeneration code is placed, so it is more logical place.
9 years ago
Marek Marczykowski-Górecki
7fdff6a735
rpm: force removal os-prober package
...
It can be can be harmful, because it accesses (and mounts) every block
device, including VM controlled /dev/loop*.
9 years ago
Marek Marczykowski-Górecki
5e6d3a273d
Prevent installing all the qubes packages in the installer image
...
Split kernel-install hook into separate package, as only this part is
needed by the installer. This will prevent installing all the Qubes/Xen
staff in the installer, especially udev scripts and xenstored, which
doesn't play well with anaconda.
9 years ago
Marek Marczykowski-Górecki
f056e0341e
rpm: provide qubes-core-dom0-linux-kernel-install virtual pkg
...
This is for kernel package dependencies, since we have the same kernel
packages for both R2 and R3.0
9 years ago
Marek Marczykowski-Górecki
2a14ae9c0b
Add kernel post-installation script to regenerate grub2 config
...
Since we now allow using Fedora kernel, add a script to generate proper
bootloader configuration then. Standard Fedora mechanism relies on
Boot Loader Specification support in grub2, which sadly does not support
Xen, so it is useless in Qubes.
9 years ago
Marek Marczykowski-Górecki
8acd40905d
Disable lesspipe in dom0
...
It can be dangerous when processing untrusted content (for example VM
logs).
Details:
https://groups.google.com/d/msgid/qubes-users/20150527215812.GA13915%40mail-itl
9 years ago
Marek Marczykowski-Górecki
5035fc7eed
Remove iptables config
...
Dom0 have no network at all, it isn't needed.
9 years ago
Marek Marczykowski-Górecki
af66472c36
rpm: add missing vchan-devel build requires
10 years ago
Marek Marczykowski-Górecki
8f2a03e672
rpm: fix permissions of /etc/qubes-rpc{,/policy}
...
Group qubes should have write right there.
10 years ago
Marek Marczykowski-Górecki
1e8b3ea876
rpm: do not save removed udev script
...
As Qubes dom0 is standalone system, not an addon to Fedora (for some
time...), we do not longer need to save such scripts to handle
package remove.
10 years ago
Marek Marczykowski-Górecki
5af0530e8d
udev: prevent VM disks content from being accessed by dom0 processes
...
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
10 years ago
Marek Marczykowski-Górecki
6f1ba98230
rpm: disable non-Xen grub entry on upgrade
10 years ago
Marek Marczykowski-Górecki
1205d9e01f
rpm: fix dom0 updates with F20 firewallvm
...
F20 yum version have changed a way of parsing system-release package
version (so $releasever variable). Force it to use qubes-release package
version, not redhat-release.
10 years ago
Marek Marczykowski-Górecki
30535e59d2
rpm: require qubes-utils >= 2.0.6 for imgconverter
10 years ago
Marek Marczykowski-Górecki
ea7b4eb5cb
rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
...
Note that R: will be generated automatically (on library name).
10 years ago
Marek Marczykowski-Górecki
7ad1183793
rpm: speedup package installation
...
Do not rebuild cache after each icon installation.
11 years ago
Marek Marczykowski-Górecki
c000f24def
appmenus: fallback hardcoded appmenus for HVM with qrexec installed
...
If VM didn't returned any appmenus data, the service is most likely not
available there. Actually it hasn't been written yet.
11 years ago
Marek Marczykowski-Górecki
d0509caf9e
pm-utils: hook qubes suspend scripts to systemd
...
Apparently new KDE doesn't call pm-suspend anymore, instead use systemd
suspend logic. So hook our scripts also there.
11 years ago
Marek Marczykowski-Górecki
aa5635b4f5
rpm: fix policy/qubes.SyncAppMenus name (v2)
11 years ago
Marek Marczykowski-Górecki
72b528ddd1
Revert "rpm: fix policy/qubes.SyncAppMenus name"
...
This reverts commit de087e9b8d
.
Mangled two changes together.
11 years ago
Marek Marczykowski-Górecki
de087e9b8d
rpm: fix policy/qubes.SyncAppMenus name
11 years ago
Marek Marczykowski-Górecki
b4ab187793
dracut: change the way to include ehci-pci module
...
Apparently add_drivers doesn't work. Looking at kernel-modules dracut
code, it can only be used for block-device driver and only makes sense
in --host-only mode.
So add additional module, which unconditionally install kernel modules.
11 years ago
Marek Marczykowski
0f384aacd9
spec: create 'qubes' group is not exists
...
This group can be created also by qubes-core-dom0 package, but add
relevant code also here to simplify dependencies.
11 years ago
Marek Marczykowski
158bfff3cf
Add qrexec back, use qubes-utils libraries for common code
11 years ago
Marek Marczykowski
dbe9693851
Other Linux-specific files
11 years ago