Commit Graph

123 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
ba51d32758 Compile u2mfn module only when not already present
If someone want to force rebuild, he/she always can call dkms manually.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
bc7a2091db dracut: load ext4 module manually in minimalistic dracut module 2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
15cc3b2d51 dracut: Provide minimalistic initramfs files - no udev, no systemd
Provide simple script to run under busybox, this is all we need in the
VM.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
c64b94e9d6 Provide a script to generate VM kernel files 2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
2b6fd27839 dracut: do not assume full udevd running inside initramfs
Limited udev (or just limited rule set) will not create device-mapper
entries in /dev, so create them manually.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
0c4c2323c0 Add VM kernel related files as qubes-core-vm-kernel-support package
This is preparation for pvgrub support, where all VM kernel files will
be installed inside of VM instead of dom0.
But also the same could be used to prepare VM kernel image from any dom0
kernel.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
501cbca4c1 udev: allow normal user to access /dev/xen/xenbus for vchan connections
Recently we've switched all xenstore access to the new interface
(instead of deprecated /proc/xen/xenbus). Mostly because of deadlock in
/proc/xen/xenbus implementation.
2015-03-25 00:04:45 +01:00
Marek Marczykowski-Górecki
015015d940 qrexec-lib: enable compiler optimization 2015-03-20 12:17:32 +01:00
Marek Marczykowski-Górecki
6bb3ca16fd version 3.0.2 2015-02-17 14:22:38 +01:00
Marek Marczykowski-Górecki
14f7f284d4 Revert "Removed -Werror from qrexec Makefile to allow unpack to compile for both Fedora 20 and 21"
This reverts commit 96a3d98f60.
This problem is already fixed.
2015-02-17 14:21:39 +01:00
Marek Marczykowski-Górecki
b92b87388e Tag for commit 96301f3cc1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU3OKsAAoJEBu5sftaTG2teD4P/2AgLmFI2x8RHqHz17T+lDZW
 gD4QoQlTFm1jysvexwLSCKYh4yYOKmMOaCs8UVc44k1KTxr1l/XYPhTFpzDg1gmb
 6zAKV36yxRZuB/3oRQ1tpUFN8obgV3GQh9Uz7zyOV8a34xSLkulUqp86ceW8gEyR
 XHlUF2XSNpOLca56IOTHzSlvje+kTxTON9OAfNv18cPv+Um27xt+IAz2nl7jytlc
 2SgZnJgcdf+blFvdxoEJQ9Dky3jLxcE/W4HMNmMPBEknSJYhoVNaSWtfgvJO66E9
 M0CIUk2v068vDSdmC7OUIDgQ/URE6SW85OyTvQlKOft3k33mZkSWog6y7FEbuXAS
 lWpXMR4xwnOqJtFTpKsGNyylqhNZhS1UQ4TpMgQijjxqs6oCWH42KwzSpPjd+zyq
 Vn151qsBg2UGMT5OqePDBq0fLFbN1Jfk1Oja78XFZ4PAKsvTmKdMd2oEaU10Wzkr
 jOpiEXtOK6QBWQYRySJH5GdFqEc2K4HFtHJPZPg6oIX7nMq9p8k3khfRDTgQ94nW
 qMwOoGa/rfuh/8PmSoMsvsceGHDzVV1zZtIVPHnzoQcDjp4wkKodD0dSRV/FC/4B
 lFsBS+UJMgOIvywzoRaU4lJowY0TPokg/MYPPYou3efWzDZCvB555n75gtRxYdg1
 TQz5tLSVBp9E2JNqt7is
 =ZgPE
 -----END PGP SIGNATURE-----

Merge tag 'jm_96301f3c'

Tag for commit 96301f3cc1

# gpg: Signature made Thu Feb 12 18:28:12 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD
2015-02-17 14:21:24 +01:00
Marek Marczykowski-Górecki
d5c0761da5 debian: O_TMPFILE already defined 2015-02-17 13:15:32 +01:00
Marek Marczykowski-Górecki
1b5533ae10 qrexec: create stdin/out/err as sockets instead of pipes
Instead of pipes, stdin/out/err are created as sockets. This allows
qrexec-agent/daemon to decide to use some of them bidirectional. This is
up to qrexec-agent/daemon, such socket can still be used as
unidirectional channel.

The main reason for this feature is to use USBIP over qrexec, which
require single socket.
2015-02-16 23:11:37 +01:00
Jason Mehring
96301f3cc1
debian: Revert back to using libxen-dev as depend 2015-02-12 12:28:03 -05:00
Jason Mehring
fb09e42078
debian: Added qubesdb-vm as a depend 2015-02-11 12:11:04 -05:00
Jason Mehring
65b1d6ac73
debian: Updated changelog to reflect 3.0.1 version change 2015-02-10 11:10:12 -05:00
Jason Mehring
b909404a59
debian: Modified control file for new R3 Debian depends 2015-02-10 11:09:19 -05:00
Jason Mehring
96a3d98f60
Removed -Werror from qrexec Makefile to allow unpack to compile for both Fedora 20 and 21
linux-utils/qrexec-lib/unpack.c:

Different compile errors will abort.  Both different for fc20/21 but
based on same error below:
*
 * FC21 ERROR:  (but FC20 needs the code)
 * unpack.c:31:0: error: "O_TMPFILE" redefined [-Werror]
 *  #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
 *   ^
 *   In file included from /usr/include/bits/fcntl.h:61:0,
 *                    from /usr/include/fcntl.h:35,
 *                                     from unpack.c:4:
 * /usr/include/bits/fcntl-linux.h:151:0: note: this is the location of the previous definition
 * # define O_TMPFILE __O_TMPFILE / * Atomically create nameless file.  * /
 * ^
 * cc1: all warnings being treated as errors
 * <builtin>: recipe for target 'unpack.o' failed
 */
/* #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) */
2015-02-10 11:07:20 -05:00
Wojtek Porczyk
82b19d3283 v3.0.1
This has to be versioned because of dependency in core-agent-linux.
2015-02-02 19:05:02 +01:00
Marek Marczykowski-Górecki
fcbe0363d0 filecopy: fix handling ENOENT error
Do not fail when file was successfully created.

I will test before commit. I will test before commit. I will...
2015-01-30 00:55:46 +01:00
Marek Marczykowski-Górecki
7607b45eae filecopy: really do not use O_TMPFILE when use_tmpfile==0
When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.
2015-01-30 00:55:46 +01:00
Marek Marczykowski-Górecki
b0fe4d5868 filecopy: create new file unaccessible to the user until fully written
Otherwise source domain can modify (append) the file while the user
already is accessing it. While incoming files should be treated as
untrusted, this problem could allow file modification after the user
makes some sanity checks.
2015-01-30 00:55:46 +01:00
Marek Marczykowski-Górecki
b4f48c1770 udev: update hotplug block scripts for QubesDB
Some initial work was done, but apparently not complete and buggy.
2014-12-11 06:06:57 +01:00
Marek Marczykowski-Górecki
f7325b3e9e version 3.0.0 2014-11-22 16:24:11 +01:00
Marek Marczykowski-Górecki
680c36934e Fix compile warnings 2014-11-19 15:10:59 +01:00
Marek Marczykowski-Górecki
020f341f98 qrexec-utils: add read_vchan_all and write_vchan_all
Similar to read_all and write_all.
2014-11-19 15:10:59 +01:00
Marek Marczykowski-Górecki
591fb10a32 qrexec: update protocol
- add new messages
- uniform packet header
- organize #defines
2014-11-19 15:10:59 +01:00
Marek Marczykowski-Górecki
0ca9e06877 code style: change tabs to spaces 2014-11-19 15:10:59 +01:00
Marek Marczykowski-Górecki
aa31c67e24 qrexec-utils: disable write-stdin (buffered writes) compilation
Not compatible with new qrexec protocol yet. To be done.
2014-11-19 15:10:58 +01:00
Marek Marczykowski-Górecki
3e0c5a74d2 New qrexec protocol
Use separate vchan to pass I/O for each process, which greatly simplify
protocol implementation (eg. no flow control needed).
2014-11-19 15:10:58 +01:00
Marek Marczykowski-Górecki
a930f7b2ea udev: setup permissions on xen device nodes 2014-11-19 15:10:58 +01:00
Marek Marczykowski
08f6f18af7 qrexec-lib: prevent deadlock on vchan
It can happen that we already cleared libvchan_fd pending state via
libvchan_wait, but data arrived later. This is especially true just
after connection, when client send unsolicited notification to server,
which can confuse it with some requested notification.
2014-11-19 15:10:58 +01:00
Marek Marczykowski
dc41fbad79 Use Qubes DB instead of Xenstore 2014-11-19 15:10:58 +01:00
Marek Marczykowski
a91a8c8312 Update for new vchan API, remove code not needed anymore
Remove some vchan wrappers, which are not necessary now.
2014-11-19 15:10:58 +01:00
Marek Marczykowski-Górecki
4476a1fe71 Use native systemd services (like in the fedora templates). This should also
add support for netvm, proxyvm, dispvm.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWAv1AAoJEIwFIWzgnAk887EP/2c9kc72kY/24vgDfo4zDIHu
 yfaYjlEUmqTH8MDNpA2JnOz4caSGNpHcLWt68Cn0zsi40Tq2G1kQGmoPJRrpKdnO
 muqqI+vjCcNymar7XTa4XpRxQ4PTfVW/XQ4GyzGja0JKnBW6IrtrbRDF+bW7KqjP
 8CxAjv+Pnm0hdkWXgvFLCt7uwDgXQ7oPb2a5G1eqfHKZ84HzXElU2PPr2Fh4Rh4x
 jWu/nsXDwY5XoT8YdaPfZ0vkmExfNfQXHgc6wnvZmW4ZuDvpldshhFI3iyZwa0zy
 dJyzykEM7FWT8RxnsLqalhjycjF9mX+7KUUDL0quQNArUuRR4hAnA/85kCaHAgaE
 3XjpWiwRJPhFKVj00rqxxBgYKQYPszr0Wy2X3AgMdB50/YNa7ct43v+OG8RZFjkW
 HLC4tfnwwMyDbpwc/Hy4Ltfcy2LIMM2w8AsO74wPmTwy5CcvlViUMiV5AEUssjE5
 cTx9iiAP76oOe0ewY7lmJ6pkMDMuYSM44PtwhHdITXR8XxgkDOiolkMtYNvsJ21q
 C4ECW5JoktvgDJZsKGWz0nB599+WVGeq7Kj/Km45PI+9NeVPrlS6IrVDdm7M55pJ
 zaRm/WhtuL6SJ152iCn9u40m/+3XcE+jruewPoxbxSV4/a6bVKflVtElffVm6MZK
 pmaIZmr9X5bKbr2Aub3h
 =EbZd
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-1'

Use native systemd services (like in the fedora templates). This should also
add support for netvm, proxyvm, dispvm.

# gpg: Signature made Tue Nov  4 00:12:53 2014 CET using RSA key ID E09C093C
# gpg: Good signature from "HW42 (Qubes Signing Key) <hw42-qubes@ipsumj.de>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FC1A C023 76D0 4C68 341F  406F 8C05 216C E09C 093C
2014-11-05 05:00:42 +01:00
HW42
7693f097d4 use systemd in debian 2014-09-26 23:33:38 +02:00
Marek Marczykowski-Górecki
6e965d0093 version 2.0.14 2014-07-28 02:46:39 +02:00
Marek Marczykowski-Górecki
35300b54ac udev: update dmsetup path
Debian has it in /sbin/dmsetup. Fedora has /sbin->/usr/sbin symlink, so
it should work on both.
2014-07-26 15:47:15 +02:00
Marek Marczykowski-Górecki
91766f9b5d gitignore 2014-07-26 03:36:31 +02:00
Marek Marczykowski-Górecki
098a93bab0 debian: rename package to qubes-utils, update deps 2014-07-26 03:35:57 +02:00
Davíð Steinn Geirsson
566bd2901b Initial native debian packaging 2014-07-23 04:32:46 +02:00
Davíð Steinn Geirsson
bc75b6559b Use xenstore.h when xen >= 4.2 2014-07-23 04:32:46 +02:00
Davíð Steinn Geirsson
b4751c55dc Add qmemman to make clean 2014-07-23 04:32:46 +02:00
Joanna Rutkowska
8284ed0c44 version 2.0.13 2014-07-12 14:07:56 +02:00
Marek Marczykowski-Górecki
43ec024616 rpm: add missing dependency 2014-07-08 12:07:38 +02:00
Marek Marczykowski-Górecki
60fe01e11f version 2.0.12 2014-07-05 16:13:31 +02:00
Marek Marczykowski-Górecki
644372149f udev: convert device description to ascii only 2014-07-05 16:13:08 +02:00
Marek Marczykowski-Górecki
36a2c99b49 udev: filter out template's root device 2014-07-05 16:12:37 +02:00
Marek Marczykowski-Górecki
6722b17333 version 2.0.11 2014-07-05 14:51:15 +02:00
Marek Marczykowski-Górecki
58df64ad20 udev: skip empty device-mapper nodes
It can happen during device reconfiguration - do not decide to expose
the device until its known what device it will be.
This fixes bug where root.img was visible in qvm-block as normal device
and could be detached.
2014-07-04 03:29:38 +02:00