Commit Graph

520 Commits

Author SHA1 Message Date
3hhh
f22e19bf37
Proper argument escaping for special characters.
Fixes side note of QubesOS/qubes-issues#5562

(cherry picked from commit c600b1b39c)
2020-01-29 05:44:30 +01:00
3hhh
dcd14a4697
Don't pass stdin to VMs unless necessary.
Fixes QubesOS/qubes-issues#5562

(cherry picked from commit f4f5731bdc)
2020-01-29 05:44:21 +01:00
Pawel Marczewski
4f2a86d956
qrexec-client: ignore SIGPIPE
This caused qrexec-client to be killed when the local process
exited (by design) before consuming all the input, for instance
when receiving too much data for the admin.vm.volume.Import call.
2020-01-21 16:03:15 +01:00
Marek Marczykowski-Górecki
cb782bd07b
travis: drop R4.1 in release4.0 branch 2019-10-23 15:00:29 +02:00
Marek Marczykowski-Górecki
1cf11798ec
version 4.0.21 2019-10-23 14:49:18 +02:00
Marek Marczykowski-Górecki
154031d7cf
qubes-dom0-update: fix removing backup template after the operation
qvm-remove got confirmation prompt, add -f to avoid it.

(cherry picked from commit 9cf273d187)
2019-10-23 14:47:17 +02:00
Frédéric Pierret (fepitre)
cc60e99eec
travis: switch to bionic
QubesOS/qubes-issues#4613
2019-10-20 01:42:45 +02:00
Marek Marczykowski-Górecki
3ea1fa775d
version 4.0.20 2019-10-09 05:15:50 +02:00
Marek Marczykowski-Górecki
51d74f777d
Fix various issues with qubes-dom0-update
- fix unescaped dot in package_regex
- if any package fails verification, remove the whole directory, not
only that single package
- abort (and remove the whole directory) on any exception
- don't include file name in the error message, if it failed
verification

This, among other things, fix handling symlinks and directories sent by
potentially malicious UpdateVM. os.remove() can't remove non-empty
directories, so it would fail.
Fortunately metadata is created only after successful verification, so
dnf/yum wouldn't touch packages that failed verification and also
weren't removed. But make the code better handle such situations.

Reported-by: Hans Jerry Illikainen <hji@dyntopia.com>
(cherry picked from commit e5e006d933)
2019-10-09 05:04:12 +02:00
Marek Marczykowski-Górecki
4f0152ba7c
version 4.0.19 2019-09-10 03:56:32 +02:00
M. Vefa Bicakci
13d6c90561
qubes-dom0-update: Quote arguments
This commit ensures that all arguments to qubes-download-dom0-updates.sh
are properly quoted. This allows the use of commands such as

  sudo qubes-dom0-update --action=distro-sync '*'

where, prior to this commit, the asterisk would be expanded in the
update virtual machine's home directory, whereas this commit prevents
the undesirable shell expansion of wildcards.

Fixes QubesOS/qubes-issues#5096

(cherry picked from commit 1089a7a07b)
2019-09-10 03:55:28 +02:00
Marek Marczykowski-Górecki
1b9d4f5e01
Cleanup lvm archived metadata files
Those files may easily accumulate in large quantities, to the point
where just listing the /etc/lvm/archive directory takes a long time.
This affects every lvm command call, so every VM start/stop.
Those archive files are rarely useful, as Qubes do multiple LVM
operations at each VM startup, so older data is really out of date very
quickly.

Automatically remove files in /etc/lvm/archive older than one day.

Fixes QubesOS/qubes-issues#4927
Fixes QubesOS/qubes-issues#2963

(cherry picked from commit 2ec29a4d4c)
2019-09-10 03:55:12 +02:00
Marek Marczykowski-Górecki
b6e3f360c9
version 4.0.18 2019-03-09 23:59:36 +01:00
Marek Marczykowski-Górecki
edf406c172
travis: fix R4.1 line 2019-03-02 16:38:44 +01:00
Marek Marczykowski-Górecki
1ffa0d69cb
rpm: add BR: gcc 2019-03-02 16:32:05 +01:00
Marek Marczykowski-Górecki
d5e667d0ee
qvm-copy: fix handling VM names starting with dash
Reported by @v6ak
2019-03-02 16:31:17 +01:00
Marek Marczykowski-Górecki
e5deabe0aa
suspend: let errors be logged into journald
The \0 after error code prevent logging error message which is after it.
This change clobber qubesd-query exit code with tr exit code (mostly 0),
but this is a good thing - failing qubes-suspend service does not
prevent the suspend, but do prevent the stop hooks being called, which
for example breaks time synchronization or may leave some domains
paused.

QubesOS/qubes-issues#3489
2019-02-24 15:51:57 +01:00
Marek Marczykowski-Górecki
59ecf8eb83
dom0-update: fix backup template name calculation
VM name is limited to 31 chars, not 32.

Fixes QubesOS/qubes-issues#4829
2019-02-18 05:05:24 +01:00
Marek Marczykowski-Górecki
72a3459119
version 4.0.17 2018-12-09 18:43:03 +01:00
Marek Marczykowski-Górecki
9c3a4e7b00
dom0-updates: use qvm-run -q
One of the calls missed -q option.
2018-12-08 12:03:33 +01:00
Marek Marczykowski-Górecki
d7c23e1b7f
dom0-updates: fix command line for dnf4
dnf4 (Fedora 29) does not like final coma in --exclude option. If it's
there, the whole --exclude is ignored on misinterpreted (as one long
package name?).
2018-12-06 15:20:22 +01:00
Marek Marczykowski-Górecki
07c286fad5
Merge remote-tracking branch 'origin/pr/47'
* origin/pr/47:
  Fix GCC8 warning
  tracis-ci: add support for fc29 dom0
2018-12-06 14:05:41 +01:00
Marek Marczykowski-Górecki
8555ff4ced
dom-updates: drop 'distroverpkg' from dnf.conf
It does nothing in dnf (was useful in yum era).

QubesOS/qubes-issues#4477
2018-12-04 21:04:14 +01:00
Marek Marczykowski-Górecki
c03fbecb4e
dom0-updates: use qvm-service for disabling dom0 updates check
Use the same mechanism as VMs - first it's compatible with Admin API (in
contrary to flag files); second it ease handling it.

Migrate old setting on package upgrade.
2018-12-04 21:04:09 +01:00
fepitre
b36f298815 Fix GCC8 warning
QubesOS/qubes-issues#4225
2018-11-22 19:30:55 +01:00
Frédéric Pierret (fepitre)
7064279316 tracis-ci: add support for fc29 dom0 2018-11-22 19:30:55 +01:00
Marek Marczykowski-Górecki
10960564cf
dom0-updates: use qvm-features to report dom0 updates
Use the same as thing as VMs.
2018-11-02 01:58:27 +01:00
Kushal Das
0a94e59325
Adds info & search actions for template packages
Now we can do --action=info or --action=search
for a template. This will not shutdown the template and simply
execute search or info command for dnf.
2018-10-30 08:06:15 +05:30
Marek Marczykowski-Górecki
3cc4f5bed3
Merge remote-tracking branch 'origin/pr/44'
* origin/pr/44:
  Error in qubes-dom0-update --gui
2018-09-29 13:52:49 +02:00
Marek Marczykowski-Górecki
4495000703
Fix mock-based build 2018-09-29 02:39:23 +02:00
Marta Marczykowska-Górecka
879b62c353
Error in qubes-dom0-update --gui
Fixed error with zenity in qubes-dom0-update --gui,
in which zenity was called with insufficient parameters.

fixes QubesOS/qubes-issues#4339
2018-09-27 21:05:28 +02:00
Marek Marczykowski-Górecki
912861c8b0
version 4.0.16 2018-09-13 23:39:13 +02:00
Marek Marczykowski-Górecki
b1c038e882
Merge remote-tracking branch 'qubesos/pr/43'
* qubesos/pr/43:
  Fix some references to `yum` instead of `dnf`
2018-09-02 07:41:51 +02:00
Marek Marczykowski-Górecki
a10d724bb1
Add missing R: createrepo_c
Dom0 update scripts need it.

Fixes QubesOS/qubes-issues#4099
2018-09-02 02:04:35 +02:00
AJ Jordan
a5d6dd3001
Fix some references to yum instead of dnf
I didn't change any of the variable names because it made me nervous and I was too lazy to test.
2018-08-18 01:11:50 -04:00
Marta Marczykowska-Górecka
9a039f0753
Added dummy qvm-move/qvm-copy do dom0
While qvm-move and qvm-copy cannot work in dom0, their
absence is confusing. Thus, stub tools that output message
informing the user that these tools are unavailable and
qvm-move-to-vm/qvm-copy-to-vm should be used instead.

fixes QubesOS/qubes-issues#4021
2018-07-16 18:30:36 +02:00
Marek Marczykowski-Górecki
6d08882978
version 4.0.15 2018-07-03 21:08:56 +02:00
Marek Marczykowski-Górecki
9eefe23f4c
kernel-install: fix initramfs copying scripts
Fix current EFI boot dir discovery script.

Also, adjust scripts order:
50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd
80-grub2 copies it to /boot/initramfs-....img
90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img

Make the above order explicit, rather than relying on xen sorted later
than grub2.

QubesOS/qubes-issues#3234
2018-06-28 02:56:16 +02:00
Marek Marczykowski-Górecki
53730c4ba2
kernel-install: remove EFI variant of BLS dirs too
Remove also EFI version of BootLoader Specification dirs. This will:
- really force to re-generate initramfs during installation, after all
relevant configs are updated; previously, dracut (called by anaconda
through kernel-install) refuse to update already existing
/boot/efi/.../initrd file.
- save some precious space in /boot/efi

Fixes QubesOS/qubes-issues#3234
2018-06-27 03:59:05 +02:00
Marek Marczykowski-Górecki
861ddc9ce0
kernel-install: cleanup old kernel binary on remove
Don't let kernel images accumulate on EFI partition.
2018-05-22 19:51:47 +02:00
Marek Marczykowski-Górecki
03959b670c
dom0-updates: display GUI notification about no updates
If no updates are available, display some notification about that (when
GUI mode requested). Otherwise user has no idea what happened (update
failed? still doing something?).

Fixes QubesOS/qubes-issues#3751
2018-04-21 02:58:30 +02:00
Frédéric Pierret
ee878fa40a
spec.in: remove useless condition on Fedora 17 which induces problem with Travis 2018-04-04 16:26:14 -04:00
Frédéric Pierret
5b78f21921
spec.in: add changelog placeholder 2018-04-03 22:07:36 +02:00
Frédéric Pierret
a2139b95b5
spec.in for vaio fixes package 2018-04-03 22:07:35 +02:00
Frédéric Pierret
3ae3eae48b
Remove _builddir 2018-04-03 22:07:08 +02:00
Frédéric Pierret
9f591b0578
Create .spec.in and Source0 2018-04-03 22:07:08 +02:00
Marek Marczykowski-Górecki
565fb3dc3a
version 4.0.14 2018-03-28 04:14:02 +02:00
Marek Marczykowski-Górecki
bcf7c9e978
kernel-install: use up to date initramfs
During installation, /usr/lib/kernel/install.d/50-dracut.install
generate initramfs in $BOOT_DIR_ABS. It is important to use that one,
even if there is one in /boot/initramfs-*.img already, because it was
generated later and contains all required config files (including
keyboard layout for entering LUKS passphrase).

This fixes d1f3be0eed "kernel-install:
avoid creating initramfs multiple times".

Fixes QubesOS/qubes-issues#3234
2018-03-27 19:20:36 +02:00
Marek Marczykowski-Górecki
7c1cad00b0
version 4.0.13 2018-03-04 03:47:13 +01:00
Marek Marczykowski-Górecki
bae443dfce
systemd-preset: enable fstrim.timer
On LVM thin it is easy to fill the pool if fstrim (or 'discard' mount
option) isn't used from time to time. Enable fstrim.timer by default,
which will do fstrim once a week.
2018-03-04 03:43:54 +01:00