'qubes' group is used internally, but useradd want to create a new group
named as new user, so 'qubes' user name should also be avoided.
FixesQubesOS/qubes-issues#3777
Xorg loads keyboard layout for new devices (or existing one re-detected)
only from its config, ignoring runtime changes done in the meantime
(setxkbmap etc). Since installation process calls udevadm trigger
somewhere, all input devices are re-discovered and reverted to default
keyboard layout (us). Avoid this by configuring current keyboard layout
also as udev rules, which are loaded by Xorg while discovering device.
FixesQubesOS/qubes-issues#3352
It isn't possible to import rpm signing keys during update, because
rpm itself holds a lock. Schedule the operation after update using
systemd-run.
FixesQubesOS/qubes-issues#3756
List kernel versions without duplicates, even when there are multiple
files related to the same kernel version.
Duplicated kernel versions here caused regenerating initramfs multiple
times and duplicated entries in xen.cfg.
QubesOS/qubes-issues#3624
Try to update microcode as early as possible if provided.
This option will scan all multiboot modules besides dom0 kernel. In our
case this is perfect - there is only one other module and it is
initramfs which have microcode early cpio prepended.
QubesOS/qubes-issues#3703
This may have performance impact on some older SSD, but on the other
hand, without this option it's pretty easy to fill the whole LVM thin
pool even if there is plenty free space in dom0.
Note that this doesn't enable it on LUKS layer, this is still disabled
by default.
FixesQubesOS/qubes-issues#3226
* travis-full:
travis: disable unit tests during full ISO build
travis: switch to ukfast mirror
travis: ignore groups from online repositories
travis: build full ISO, including templates
Add config with templates repositories included
Kernel command line in legacy mode is constructed by grub scripts and
properly handle btrfs subvolumes. For EFI, it is built directly by
anaconda and 'rootflags=subvol=...' argument need to be added manually.
FixesQubesOS/qubes-issues#1871
Save some time - especially those in pykickstart are time consuming. And
we need to fit in 50min available on Travis-CI - currently the build is
very close to that limit (most times on the wrong side of it).
Typical GRUB2 installations would execute the script
located at /usr/libexec/mactel-boot-setup which would
modify the HFS+ ESP files and bless the specified efi.
However, we are not using GRUB at this time which would
cause that script to exit earlier.
These changes will execute the relevant commands
to symlink the efi file in the /System directory as well
the cfg file. Lastly, macOS requires the bootable efi
file to be blessed.
We also attempt to place some user-friendly icons
for Qubes to show to the user.
Lastly, we add a README with some instructions on how
to get into rescue mode from macOS.
Grub cause problems while loading xen.efi on many machines, mostly
because xen.efi support loading dom0 kernel and initramfs only via EFI
services and xen.efi needs to be loaded through them too. But grub in
some cases uses own filesystem handling code instead, leaving xen.efi
without dom0 kernel.
This should improve when xen.efi will get multiboot2 support (Xen 4.10?)
- then grub could load dom0 kernel and initramfs too and pass them to
xen.efi.
For now, bypass grub and launch xen.efi directly. This have unfortunate
effect of not having boot menu, so choose the most universal option:
verbose, with all known workarounds for UEFI applied.
FixesQubesOS/qubes-issues#3505
We have been doing this filtering already, but some paths have likely
changed and the filter was no longer effective.
So add two new filter strings:
"_intf.storage.ksdata"
"_intf.data"
After adding these two I was no longer able to find the plaintext password
anywhere in the traceback after manually triggering a crash with:
kill -USR1 `cat /var/run/anaconda.pid`
Resolves: rhbz#1519895