Commit Graph

42 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
ad790a53d4
Really install xen-scrub-pages dracut module
Fixes 456fe99 "Disable scrubbing memory pages during initial balloon down"
QubesOS/qubes-issues#1963
2019-02-25 06:38:53 +01:00
Marek Marczykowski-Górecki
456fe99fa6
Disable scrubbing memory pages during initial balloon down
Balloon driver scrub memory page before giving it back to the
hypervisor. Normally this is a good thing, to avoid leaking VM's memory
data into Xen and other domains. But during initial startup when maxmem
is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use.
This means every page on initial balloon down needs to be first mapped
by Xen into VM's memory (as it wasn't populated before - and in fact
didn't have any data), scrubbed by the kernel and then given back to
Xen. This is great waste of time. Such operation with default settings
(initial memory 400M, maxmem 4000M) can take few seconds, delaying every
VM startup (including DispVM). In extreme situation, when running inside
nested virtualization, the effect is much worse.

Avoid this problem by disabling memory scrubbing during initial boot,
and re-enable it as soon as user space kicks in - in initramfs, before
mounting root filesystem, to be sure it's enabled before memory contains
any kind of secrets.

This commit handle only one case - when kernel in managed by the VM
itself. It is critical to enable initramfs module whenever
xen_scrub_pages=0 kernel option is given, so make them depend on the
same condition and ship them in the same package.

Fixes QubesOS/qubes-issues#1963
2019-02-06 20:20:08 +01:00
Marek Marczykowski-Górecki
3ca9f130b7
rpm: adjust for fc29
Don't rely on python -> python2 symlink and default %{python_*} macros.
Add explicit BR: gcc (default build env for fc29 doesn't have it
anymore).

QubesOS/qubes-issues#4223
2018-10-02 20:53:08 +02:00
Marek Marczykowski-Górecki
f7b8a79ce6
udev: create /dev/mapper/dmroot -> xvda3 symlink when its mounted directly
When root device is available read-write (TemplateVM/StandaloneVM), its
mounted directly, instead of using device-mapper layer. But
/dev/mapper/dmroot still needs to exists (it is pointed from
/etc/fstab), otherwise various tools, including grub-mkconfig get
confused.
Create a symlink using udev rule. It is already done in initramfs, and
in case of Fedora that udev rule/symlink survive switching to
non-initramfs udev, but not on Debian. So, add appropriate udev rules
file.

Fixes QubesOS/qubes-issues#3178
2018-06-13 15:48:00 +02:00
Marek Marczykowski-Górecki
89776c7f18
rpm: use proper macros for systemd handling 2018-05-01 16:07:16 +02:00
Frédéric Pierret
f049d63571
spec.in: add changelog placeholder 2018-04-07 17:56:20 -04:00
Frédéric Pierret
2b3b684107
Fix debug symbols 2018-04-07 17:56:20 -04:00
Frédéric Pierret
a716102a08
Remove _builddir 2018-04-07 17:56:20 -04:00
Marek Marczykowski-Górecki
84c9ae4bf1
rpm: preparation for src.rpm building
QubesOS/qubes-issues#1508
2018-04-03 22:13:47 +02:00
Frédéric Pierret
d60964ee23
drop busybox dependance 2018-02-22 18:32:59 +01:00
Frédéric Pierret
2f511d4881
centos: fix python packages names 2018-02-22 18:32:54 +01:00
Frédéric Pierret
d1ce12f610
Fix python3 package names with respect to CentOS for consistency with python34 names 2018-02-21 20:20:41 +01:00
Marek Marczykowski-Górecki
2b1f8931a6
tests: integration tests for qvm-convert-img
Actual tool is in separate repository, but the backend module is here.
Also, other tests for imgconverter are already here.

QubesOS/qubes-issues#3085
2017-12-22 16:47:06 +01:00
qubesuser
6c6070ab49 add Python pillow and numpy dependencies 2017-11-08 17:45:21 +01:00
Frédéric Pierret
b3f24caaf2
Fix CentOS dependencies: python3 2017-09-28 14:34:20 +02:00
Marek Marczykowski-Górecki
4d6579474d
rpm: add missing build requires 2017-05-18 01:23:23 +02:00
Marek Marczykowski-Górecki
6c36cb8de9
rpm: packge qubesimgconverter for both python2 and python3
And while at it, move it to separate subpackages, following Fedora
packaging guidelines.
2017-05-18 01:03:05 +02:00
Marek Marczykowski-Górecki
ae56d597f3
rpm: add missing build requires 2017-04-10 10:47:48 +02:00
Marek Marczykowski-Górecki
b52f4e0f36
Add python-setuptools to build depends 2017-04-08 13:58:33 +02:00
Wojtek Porczyk
162e3734e5
Move imggen module from artwork. 2017-04-08 13:58:32 +02:00
Wojtek Porczyk
2a0bbe1c6f
Package imgconverter as separate Python module
This is partly because qubes/__init__.py conflicted with core3.
It is also a good practice.
2017-04-08 13:58:32 +02:00
Marek Marczykowski-Górecki
7148f8d135
Move udev scripts to /usr/lib/qubes, move rules to /lib/udev/
Resolve udev-rule-in-etc, non-standard-dir-in-usr, file-in-unusual-dir
lintian warnings.

QubesOS/qubes-issues#1416
2015-11-26 22:18:03 +01:00
Marek Marczykowski-Górecki
170d46c40d
rpm: disable debuginfo subpackage in qubes-kernel-vm-support
find-debuginfo.sh in Fedora 23 doesn't properly handle packages without
any binary.

QubesOS/qubes-issues#1413
2015-11-13 06:02:37 +01:00
Marek Marczykowski-Górecki
3cd77e4f70
debian: introduce qubes-kernel-vm-support package
This package is responsible for kernel modules and initramfs additions
needed in Qubes VM. When installed, it is possible to switch the VM to
use PV Grub and load the kernel from inside of VM. This greatly ease
installing custom kernel modules.

Changes:
 - make qubes_cow_setup.sh working with both dracut and initramfs-tools
 - add initramfs-tools configuration/scripts (including
         qubes_cow_setup.sh)
 - modify DESTDIR to handle multiple binary packages out of single
   source

QubesOS/qubes-issues#1354
2015-11-11 05:10:59 +01:00
Marek Marczykowski-Górecki
882052eca0
dracut: split 'full' dracut module into 'full-dmroot' and 'full-modules'
When PV Grub will be used, VM initramfs should not contain /lib/modules
mounting code, as the VM root.img will already contains kernel modules.
Make it possible by splitting the module.

QubesOS/qubes-issues#1354
2015-11-08 03:44:27 +01:00
Marek Marczykowski-Górecki
1a3be481b5
libqrexec-utils: bump SO version because of ABI change
New functions were introduced.
2015-10-26 20:00:08 +01:00
Marek Marczykowski-Górecki
15cc3b2d51 dracut: Provide minimalistic initramfs files - no udev, no systemd
Provide simple script to run under busybox, this is all we need in the
VM.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
c64b94e9d6 Provide a script to generate VM kernel files 2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
0c4c2323c0 Add VM kernel related files as qubes-core-vm-kernel-support package
This is preparation for pvgrub support, where all VM kernel files will
be installed inside of VM instead of dom0.
But also the same could be used to prepare VM kernel image from any dom0
kernel.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
43ec024616 rpm: add missing dependency 2014-07-08 12:07:38 +02:00
Wojciech Zygmunt Porczyk
e18bfc5dad move site-packages/qubes/__init__.py from core-admin 2014-05-27 16:13:34 +02:00
Marek Marczykowski-Górecki
ed146390d6 rpm: fix meminfo-writer setup during system installation
We have no control over package installation, so it can happen to be
before qubes-release got installed. Simply enable both dom0 and VM
services - they contains relevant start conditions.
2014-03-21 02:47:49 +01:00
Marek Marczykowski-Górecki
f6ec5e1d8a Merge branch 'appicons'
Conflicts:
	rpm_spec/qubes-utils.spec
2014-02-07 05:40:51 +01:00
Marek Marczykowski-Górecki
759c9da6be rpm: fix debuginfo package build 2014-02-07 05:31:46 +01:00
Marek Marczykowski-Górecki
20cb2103e5 rpm: package libraries in -libs package
There are need for both compiling (where main package is unwanted) and
using (where devel package is unnecessary).
2014-02-07 05:30:47 +01:00
Marek Marczykowski-Górecki
516815a266 qrexec-lib: make it shared library 2014-02-07 05:29:59 +01:00
Wojciech Zygmunt Porczyk
d8f3c64b5d imgconverter: error in spec 2014-01-30 17:22:48 +01:00
Wojciech Zygmunt Porczyk
98b7c2f99b appicons: require ImageMagick 2014-01-30 16:31:43 +01:00
Wojciech Porczyk
59fb8daa03
site-packages/qubes/imgconverter.py
This module does three things:
- secure image transfer protocol between VMs
- icon tinting for appmenus
- generic icon (padlock) generation
2014-01-14 16:04:03 +01:00
Marek Marczykowski-Górecki
f0b1271a5e Include meminfo-writer
It is common for dom0 and VM, so keep in one place for both of them.
2014-01-05 05:32:57 +01:00
Marek Marczykowski
a84a1e98e4 spec: Add missing build requires 2013-03-21 04:45:24 +01:00
Marek Marczykowski
42e133b753 Qrexec common code, qubes.Filecopy common code, udev scripts 2013-03-20 06:27:32 +01:00