qubes-linux-utils

Author	SHA1	Message	Date
Marek Marczykowski-Górecki	d48e497aff	travis: update to R4.1	2019-06-06 23:18:11 +02:00
Marek Marczykowski-Górecki	c046807641	Remove u2mfn module Since converting GUI agent to use grant tables, it isn't needed anymore. This also allows to not install dkms anymore. Fixes QubesOS/qubes-issues#4280	2019-06-06 23:16:55 +02:00
Marek Marczykowski-Górecki	7486078769	Remove qrexec related files QubesOS/qubes-issues#4955	2019-06-06 23:16:21 +02:00
Marek Marczykowski-Górecki	042b6717a8	version 4.0.24	2019-06-06 21:30:30 +02:00
Marek Marczykowski-Górecki	9c6c825691	initramfs: use overlayfs for /lib/modules, if available If overlay fs is available, use it for /lib/modules. This way the whole /lib/modules will be writable and changes (like extra modules) will persist in TemplateVM/StandaloneVM. In practice, this will allow to conveniently build in-vm kernel modules, even for dom0-provided kernels. QubesOS/qubes-issues#2908	2019-06-06 01:41:51 +02:00
Marek Marczykowski-Górecki	90641b0dce	Merge remote-tracking branch 'origin/pr/40' * origin/pr/40: travis: remove older Fedora releases and add Fedora 30 travis: switch to xenial python3: use macro pkgversion	2019-06-05 19:04:23 +02:00
Marek Marczykowski-Górecki	e7c90c705f	Declare u2mfn module version, skip build for qubes kernels This will allow dkms to skip u2mfn module install if one is already shipped with the kernel package - which is the case for kernels delivered through dom0. Make the version high enough to be considered newer than dkms package. Sadly, it does not prevent module build. And the build fails becaue of mismatching compiler version (kernel headers include gcc plugins). Skip the build by setting BUILD_EXCLUSIVE_KERNEL in dkms.conf. Ideally, we'd set some value indicating "don't build on kernel qubes", but this variable does not support negation. So, set this variable to a dummy value after manually checking $kernelver variable. Fixes QubesOS/qubes-issues#4963	2019-06-05 18:21:49 +02:00
Frédéric Pierret (fepitre)	f365d7cce8	travis: remove older Fedora releases and add Fedora 30	2019-06-05 00:00:53 +02:00
Frédéric Pierret (fepitre)	2b8411346f	travis: switch to xenial QubesOS/qubes-issues#4613	2019-06-04 23:59:51 +02:00
Frédéric Pierret (fepitre)	e00a64a915	python3: use macro pkgversion	2019-06-04 23:59:12 +02:00
Marek Marczykowski-Górecki	24a25cce5f	version 4.0.23	2019-02-25 21:46:52 +01:00
Marek Marczykowski-Górecki	de2150e3d3	Add xen_scrub_pages=0 kernel option only if initramfs was rebuilt Rebuild initramfs on package upgrade (already done for Debian previously) and store 1 into /var/lib/qubes/initramfs-updated. Then, only add xen_scrub_pages=0 kernel option if /var/lib/qubes/initramfs-updated is there (with "1" or greater number). This way, if initramfs rebuild doesn't happen for any reason, xen_scrub_pages=0 will not be added. Fixes `456fe99` "Disable scrubbing memory pages during initial balloon down" QubesOS/qubes-issues#1963	2019-02-25 06:38:53 +01:00
Marek Marczykowski-Górecki	ad790a53d4	Really install xen-scrub-pages dracut module Fixes `456fe99` "Disable scrubbing memory pages during initial balloon down" QubesOS/qubes-issues#1963	2019-02-25 06:38:53 +01:00
Marek Marczykowski-Górecki	2c696013cd	Do not use /proc/xen for detecting dom0 anymore Phase out /proc/xen usage. Relevant device files are available in /dev/xen. Dom0 check can be replaced with uuid check - dom0 have well-known value of all-0. QubesOS/qubes-issues#2540	2019-02-19 00:06:06 +01:00
Marek Marczykowski-Górecki	4fe08d31e4	Adjust permissions of /dev/xen/hypercall Starting with Linux 4.18, there is new device node for issuing hypercalls from user space - /dev/xen/hypercall (partially duplicating functionality of /dev/xen/privcmd). New Xen tools (4.12) make use of it, so make it available for them. Otherwise such tools will fail the operation (there is no fallback to privcmd on EACCESS).	2019-02-16 14:56:14 +01:00
Marek Marczykowski-Górecki	da61cb7511	dracut: add a flag file indicating scrub-pages option support Indicate when the dracut "qubes-vm-simple" module supports (re-)enabling xen_scrub_pages option. This means the kernel can be safely booted with xen_scrub_pages=0. QubesOS/qubes-issues#1963	2019-02-15 20:33:03 +01:00
Marek Marczykowski-Górecki	5eb526da4b	dracut: fix checking for "Root filesystem" label, improve udev sync Don't try to dereference "Root filesytem" partlabel symlink, unless it's really present (not only directory for it). Also, use udevadm settle for waiting for /dev/xvda, instead of naive wait sleep loop.	2019-02-06 20:20:08 +01:00
Marek Marczykowski-Górecki	456fe99fa6	Disable scrubbing memory pages during initial balloon down Balloon driver scrub memory page before giving it back to the hypervisor. Normally this is a good thing, to avoid leaking VM's memory data into Xen and other domains. But during initial startup when maxmem is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use. This means every page on initial balloon down needs to be first mapped by Xen into VM's memory (as it wasn't populated before - and in fact didn't have any data), scrubbed by the kernel and then given back to Xen. This is great waste of time. Such operation with default settings (initial memory 400M, maxmem 4000M) can take few seconds, delaying every VM startup (including DispVM). In extreme situation, when running inside nested virtualization, the effect is much worse. Avoid this problem by disabling memory scrubbing during initial boot, and re-enable it as soon as user space kicks in - in initramfs, before mounting root filesystem, to be sure it's enabled before memory contains any kind of secrets. This commit handle only one case - when kernel in managed by the VM itself. It is critical to enable initramfs module whenever xen_scrub_pages=0 kernel option is given, so make them depend on the same condition and ship them in the same package. Fixes QubesOS/qubes-issues#1963	2019-02-06 20:20:08 +01:00
Marek Marczykowski-Górecki	14be8aa5ae	version 4.0.22	2018-10-29 01:04:00 +01:00
Marek Marczykowski-Górecki	4543ab1ff0	tests: skip the other img converter test too if qubes-img-converter is not installed	2018-10-26 01:44:24 +02:00
Marek Marczykowski-Górecki	4bfd10baaa	imgconverter: allow icons up to 2048x2048 Recently some applications ships with large icons like 1024x1024 (Signal-desktop for example). To not degrade any fancy HiDPI 8K experience, allow for that, instead of downscaling. The max icon size is only anti-DoS protection anyway.	2018-10-17 05:27:27 +02:00
Marek Marczykowski-Górecki	0255f4d843	tests: skip img converter test if qubes-img-converter is not installed	2018-10-16 22:13:46 +02:00
Marek Marczykowski-Górecki	e2d7f08d42	version 4.0.21	2018-10-09 00:25:11 +02:00
Marek Marczykowski-Górecki	76fa9c9d9f	travis: update Fedora and Debian versions	2018-10-08 23:29:10 +02:00
Marek Marczykowski-Górecki	3ca9f130b7	rpm: adjust for fc29 Don't rely on python -> python2 symlink and default %{python_*} macros. Add explicit BR: gcc (default build env for fc29 doesn't have it anymore). QubesOS/qubes-issues#4223	2018-10-02 20:53:08 +02:00
Rusty Bird	6cd4a1b888	Order qubes-meminfo-writer-dom0 before systemd-user-sessions qubes-vm@.service would already cause this ordering, but not every user has any autostart=True VMs. Also needed to maybe f*x QubesOS/qubes-issues#3149 at some point.	2018-09-06 16:23:12 +00:00
Marek Marczykowski-Górecki	ab7ca7be89	version 4.0.20	2018-07-03 21:11:00 +02:00
Marek Marczykowski-Górecki	f7b8a79ce6	udev: create /dev/mapper/dmroot -> xvda3 symlink when its mounted directly When root device is available read-write (TemplateVM/StandaloneVM), its mounted directly, instead of using device-mapper layer. But /dev/mapper/dmroot still needs to exists (it is pointed from /etc/fstab), otherwise various tools, including grub-mkconfig get confused. Create a symlink using udev rule. It is already done in initramfs, and in case of Fedora that udev rule/symlink survive switching to non-initramfs udev, but not on Debian. So, add appropriate udev rules file. Fixes QubesOS/qubes-issues#3178	2018-06-13 15:48:00 +02:00
Marek Marczykowski-Górecki	915c8f0cf7	version 4.0.19	2018-05-02 17:55:10 +02:00
Marek Marczykowski-Górecki	645d23b712	travis: add centos7	2018-05-01 16:07:51 +02:00
Marek Marczykowski-Górecki	89776c7f18	rpm: use proper macros for systemd handling	2018-05-01 16:07:16 +02:00
Marek Marczykowski-Górecki	4157f919b6	version 4.0.18	2018-04-21 14:36:39 +02:00
Marek Marczykowski-Górecki	cf6438807b	travis: update Fedora versions	2018-04-21 14:22:01 +02:00
Marek Marczykowski-Górecki	0df0d23ec6	Merge remote-tracking branch 'qubesos/pr/34' * qubesos/pr/34: spec.in: add changelog placeholder Fix debug symbols Remove _builddir Makefile.builder: currently disable Mock rpm: preparation for src.rpm building	2018-04-21 01:22:35 +02:00
Marek Marczykowski-Górecki	9eafc65cb4	udev: don't call udev-block-add-change for devices excluded by other rules The script call is quite expensive (it does multiple things, including checking device-mapper, qubesdb etc). Don't call it for devices we (or else) already excluded earlier. This is the most relevant for dom0, where udev "change" event is triggered quite often, for multiple LVM volumes - all excluded, because being VM's disks.	2018-04-20 16:47:46 +02:00
Frédéric Pierret	f049d63571	spec.in: add changelog placeholder	2018-04-07 17:56:20 -04:00
Frédéric Pierret	2b3b684107	Fix debug symbols	2018-04-07 17:56:20 -04:00
Frédéric Pierret	a716102a08	Remove _builddir	2018-04-07 17:56:20 -04:00
Frédéric Pierret	0630c17588	Makefile.builder: currently disable Mock	2018-04-07 17:56:20 -04:00
Marek Marczykowski-Górecki	84c9ae4bf1	rpm: preparation for src.rpm building QubesOS/qubes-issues#1508	2018-04-03 22:13:47 +02:00
Marek Marczykowski-Górecki	610e7d8f3e	version 4.0.17	2018-02-27 15:17:12 +01:00
Marek Marczykowski-Górecki	258b7926ef	Merge remote-tracking branch 'qubesos/pr/33' * qubesos/pr/33: drop busybox dependance centos: fix python packages names Remove busybox as it is not provided in RHEL7 anymore Fix python3 package names with respect to CentOS for consistency with python34 names	2018-02-25 21:15:46 +01:00
Frédéric Pierret	d60964ee23	drop busybox dependance	2018-02-22 18:32:59 +01:00
Frédéric Pierret	2f511d4881	centos: fix python packages names	2018-02-22 18:32:54 +01:00
Frédéric Pierret	e3179e066c	Remove busybox as it is not provided in RHEL7 anymore	2018-02-22 18:02:24 +01:00
Frédéric Pierret	d1ce12f610	Fix python3 package names with respect to CentOS for consistency with python34 names	2018-02-21 20:20:41 +01:00
Marek Marczykowski-Górecki	ff36d11c19	version 4.0.16	2018-02-20 00:05:31 +01:00
Marek Marczykowski-Górecki	d623a3e7d3	debian: adjust required version after adding new function	2018-02-20 00:01:46 +01:00
Marek Marczykowski-Górecki	50412a8a8f	qrexec: provide common function for handling service call Reduce code duplication by moving parsing of "QUBESRPC" magic command to one place. Call qubes-rpc-multiplexer directly with execve(), to avoid string expansions in its parameters.	2018-02-16 04:20:31 +01:00
Marek Marczykowski-Górecki	ff2e2dbc22	version 4.0.15	2018-01-18 19:07:40 +01:00

1 2 3 4 5 ...

368 Commits