github.com/QubesOS/qubes-core-agent-linux commits

version 4.2.19

298853bcfe14321231f6326783647cb28f8c6aea authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/437'

* origin/pr/437:
Clean up network/network-manager-prepare-conf-dir
Set correct SELinux conte...

d416b29775b6f6374f96f8de15b708161a233a92 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Clean up network/network-manager-prepare-conf-dir

Add missing double quotes, use POSIX sed -E instead of sed -r, and call
sed once instead of twice.

3f0cabbc05bd08c90a95b9bb83403f7a27ff7c36 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Set correct SELinux contexts on /rw

This is needed for disposable sys-net to work properly. Without it
/rw is not labeled correctly...

f1e4b37e659fb37ab72c8ecfd475535dd0fe036d authored over 1 year ago by Demi Marie Obenour <[email protected]>

Avoid reinitializing /home if a transient I/O error happens

Shell tests for file and directory existence coerce errors (I/O error,
permission denied, no mem...

37a82553278304151858047731dbcb97f8575697 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Disable evolution-data-server by default

evolution-data-center provides calendar support for GNOME Shell in a
default Fedora installation...

7909ba28b41a51234a41fedd7183218da586ee36 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Disable Tracker (GNOME desktop search) by default

Tracker has several problems that make it ill-suited to Qubes OS:

- It parses untrusted email a...

fdc05cfc60f468328b6471ab138fbfbe5e4d1fc2 authored over 1 year ago by Demi Marie Obenour <[email protected]>

version 4.2.18

f1d49fea16627d9076158cd3da3ef5ab424a084f authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Set default text/plain editor to something not LibreOffice

Debian does not define default application, so the choice is a bit
random (in practice - lexicog...

b98ffab38ce698a5686252b21bcf72a532049329 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

dom0-update: fix rpmdb migration logic

Fix checking if dom0's (bdb format) rpmdb is newer than converted one
(sqlite format in either /...

3ab856b96be0e74584a430a1d367d860b2d307d4 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

version 4.2.17

a2926c8523ce812faf40b0c7811f62b30771337e authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/444'

* origin/pr/444:
Fix qubes-antispoof.service

12c9d2139ca440c3ec99e37ba065f29d5d7d4024 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/441'

* origin/pr/441:
Do not fail if address already exists

ba0e7d3777782df8821998666742fa9cd6ab0d9e authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Fix qubes-antispoof.service

The Before= should be in the Unit section, not Service one.

57c0f1a8c069fc842d21691c3d7948b55d2f2f29 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

ubuntu: put keyring archive into version-specific file

It will ease upgrades, as the key will differ between versions, so
having different names allows...

5e142b2eb0a5916966e2814197399ccca81f1aae authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

debian: put keyring archive into version-specific file

It will ease upgrades, as the key will differ between versions, so
having different names allows...

21fdbc5b6a6b1f85ace87815400244f0836b3fa4 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Do not fail if address already exists

This patch fixes network uplink failures on Fedora 37 and Debian 11 VMs
with only one vCPU. The...

39b456f2f07df833a093a0fc5149a27b60781910 authored over 1 year ago by Demi Marie Obenour <[email protected]>

version 4.2.16

21518b87717772519a8555b48f71199405e5a79b authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/440'

* origin/pr/440:
Drop requirement on iptables

905a9901d7ef67f044c6e67952f49eb85f6c312c authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/439'

* origin/pr/439:
Hide ibus icon by default

e4b0855e74778341beb6b87577f0b4f56b3b052f authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Drop requirement on iptables

iptables is not used any more.

Fixes: QubesOS/qubes-issues#5301
Fixes: QubesOS/qubes-issues#8346

bd485422baf6021c1553b400df6473090b37abfd authored over 1 year ago by Demi Marie Obenour <[email protected]>

Hide ibus icon by default

Having an ibus tray icon from every (Debian bookworm) qube pollutes the
tray a lot. Disable it.
...

8c1e6d53484c6e7e593d7d9981d103116fec8dbe authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Run SELinux relabling in all Fedora VMs

This is needed so that e.g. disposable VM templates imported from R4.1
work, even if the disposa...

9a437f689bee268e39f2048e6e51d9c9cf50d787 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Merge remote-tracking branch 'origin/pr/413'

* origin/pr/413:
Fix a few bugs in vm-file-editor

eaae6ba1c916777cec7ec816e65bb1dbdd289c07 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/432'

* origin/pr/432:
Use network-pre.target to order firewall before network uplink

e1dd0564a83f0de8708e9bf17c1d7c93933da7bb authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

version 4.2.15

bb434721138229cefc14a447aa60a1cde9f77820 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Use network-pre.target to order firewall before network uplink

network-pre.target is intended to be ordered after any service that sets
up a firewall and befor...

6ab21430b09d8a019351b2ebf8fb10c011974c44 authored over 1 year ago by Demi Marie Obenour <[email protected]>

qvm-template: fix handling repos with just baseurl set

pkg.repo._repo.getMirrors() returns only mirrors from metalink, if there
is none, the return is ...

7a0c7d44e48e75bfbc1a3b61b0e80476206dfee8 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

version 4.2.14

8da85a75dd73d5e0e472538272af9d75483eccce authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/414'

* origin/pr/414:
Remove qvm_caja_bookmark.sh
Remove an unused define
Obtain default user f...

1a5acda3a8a786d81526e94807db687fa7d83064 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/434'

* origin/pr/434:
(Re-)enable override-redirect windows in xfce4-notifyd

b1984ad6e565d6cbd50859273fd76350a32e8454 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/433'

* origin/pr/433:
Ensure correct labeling of ~/QubesIncoming

0a758fda355f2f91003e0ef72d3f8e3591ced1b7 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Fix rapid network uplink disconnect and reconnect

SYSTEMD_WANTS= does not conflict with existing systemd jobs. Therefore,
if a stop job is in pro...

736803f400e0d3d728aba2999bc73b00bd20cdc7 authored over 1 year ago by Demi Marie Obenour <[email protected]>

(Re-)enable override-redirect windows in xfce4-notifyd

Upstream decided to not use override-redirect windows for notifications
and use _MOTIF_WM_HINTS ...

15bc4f42a67bc9538e19b49ebba93fadaecf814e authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Ensure correct labeling of ~/QubesIncoming

This requires using the special HOME_DIR keyword in the .fc file and
ensuring that the appropria...

5fa70718dab5a91880d47b63c1938e39bb752b27 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Remove qvm_caja_bookmark.sh

It hardcoded /home/user and was never called.

7aab8e09d480de71ad4c0ea2a1a0acdee121cdae authored over 1 year ago by Demi Marie Obenour <[email protected]>

Remove an unused define

The DVM_SPOOL define was not used anywhere and hard-coded /home/user as
the default user home di...

75a70552d921a4d0f21a5fc1b23044a1e7ea569b authored over 1 year ago by Demi Marie Obenour <[email protected]>

Obtain default user from QubesDB

The default user is not guaranteed to be "user". Stop assuming that it
is.

6c6df665803a01d60c8175c779cb036a133cb4bc authored over 1 year ago by Demi Marie Obenour <[email protected]>

Stop modifying user home directories

User home directories are reserved for users. Modifying them from
package maintainer scripts is...

89d6409fd89ed39afc6c405ae7aa38fa8215d4fa authored over 1 year ago by Demi Marie Obenour <[email protected]>

version 4.2.13

f066f7a8587c939fa3499feb76fb01cb7b8b619c authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/422'

* origin/pr/422:
Jail qfile-unpacker in an SELinux sandbox

1e1c99148cc782cae83eb375006c25071707a834 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Allow forwarding traffic that did not originate from netback

This unbreaks container networking, wireless hotspots, and much more.

Reported-by: Frédéric Pie...

6cc53076add38c08b2f42c2e6a167a8b995a4b2d authored over 1 year ago by Demi Marie Obenour <[email protected]>

Merge remote-tracking branch 'origin/pr/428'

* origin/pr/428:
Revert "Remount /lib/modules in early boot"
Allow kernel threads to set arb...

e0befe2a88063625d56d1dd5c5a9497d23ae1e70 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Run %selinux_relabel_pre in %pre

This is needed for labels to be properly fixed on upgrade.

1f238008e44fa60540a3b22ba35f0b83bd9155d9 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Label Xen hotplug scripts correctly

They should be initrc_exec_t, but due to an incorrect regular expression
this did not happen. [...

fcd38fae96d94dd09cc7fc3d33fae510ff97edbb authored over 1 year ago by Demi Marie Obenour <[email protected]>

Revert "Remount /lib/modules in early boot"

It causes problems in practice with at least some kernel configurations,
and a51ccccead445cc2154...

7cffb72eceeb634750cd4c81a0726fb075961f82 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Allow kernel threads to set arbitrary SELinux labels

kernel_t can read, write, create, and delete all files and device nodes
on the system, so preven...

60b79c2cbf90c5ec0c35154cdb526bb52446b893 authored over 1 year ago by Demi Marie Obenour <[email protected]>

version 4.2.12

a51ccccead445cc21549cada21842319cd57968b authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/426'

* origin/pr/426:
qubes.WaitForSession: no need to specify machine

06c25b656eee234f240ad51d3b2d4af3de901cda authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/425'

* origin/pr/425:
Remount /lib/modules in early boot

de49e94122663b47d170bb4cbb2c6541f67236bd authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/424'

* origin/pr/424:
Include Ubuntu packages repo and its key

9695dd47eb69ebb21240c2c37ad97e8e02f81ddd authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

rpm: do not build qubes-core-agent-caja package on CentOS 7

It doesn't have required dependencies (python-caja).

1ffe87e1a7d6d81f0ee6f064952e4f0d373ebb10 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Include Ubuntu packages repo and its key

There will be repo for ubuntu packages at debu.qubes-os.org

a246ae5cb1c8def06c572ffc0356e20fa6be9c6f authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

debian: fix postinst script in chroot

Do not fail package installation in chroot (like during template build
or in CI) - there, system...

0158ad783b7f6c3f82cc9b40d8f0b4a9695c95f7 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

qubes.WaitForSession: no need to specify machine

Closes https://github.com/QubesOS/qubes-issues/issues/8205

41e64583e79415bce8d774028fdd0483651c934b authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

Remount /lib/modules in early boot

This unbreaks writing to /lib/modules with SELinux enforcing.

Reported-by: Marek Marczykowski-G...

0899fc53512b1a61f8bde5b112273a80eda5214d authored over 1 year ago by Demi Marie Obenour <[email protected]>

version 4.2.11

aac61f6cdcd719cfbdfa55bc4a9edd38fe31edea authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/423'

* origin/pr/423:
Disable blueman applet by default
qubes-session-autostart: fix processing d...

7e6491e42e6b6fad4c579234a06ccc969b3a19e6 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/407'

* origin/pr/407:
Remove an unneded use of cat
Add permanent neighbor entries again
Replace...

5ce5dd908b29d7551a8f150ae361be765766df4d authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/419'

* origin/pr/419:
Xen hotplug scripts should be initrc_exec_t

49275be5944112603ebb82ed3316de45886e1a97 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

A wrapper for starting a process conditionally on qvm-service

Add a generic wrapper that starts a given process only if specific
qvm-service is enabled. This ...

5cf9c870d49f240cc3cc99d75f4262825fb24cf0 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

qubes-session-autostart: fix processing drop-ins

Consider dropins also for the actual entry startup, not only when
evaluating startup condition. ...

7507db1cfe3600c5cdefe7a6404ae99cb145900f authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Disable blueman applet by default

It is useless without bluetooth controller (most qubes), and without
loaded rfkill module (also ...

dc666a8a9477688264c62cd22bbfbc7ec7e40f88 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Jail qfile-unpacker in an SELinux sandbox

This prevents it from writing outside of ~/QubesIncoming. It would be
preferable to prevent it ...

c8b66fbcf46d0f483c0334a91ba7358e77894f5e authored over 1 year ago by Demi Marie Obenour <[email protected]>

Merge remote-tracking branch 'origin/pr/421'

* origin/pr/421:
Update archlinux python version dependency to <3.12

dcfc936267af719341076f033af43322d08a9276 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Do not use deprecated '$default' keyword

It's '@default' for a long time already.

effd2425718f5bf53a47b335d2c4eae0a1fcab05 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/420'

* origin/pr/420:
Unify and improve wording on copy/move to other qube

0970ebffe52d842f3cca59a54e6252d7fd577863 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Update archlinux python version dependency to <3.12

6d32fc24a7f5e7362287e2d174e7003605a2c6e9 authored over 1 year ago by Ludovic Bellier <[email protected]>

Remove an unneded use of cat

Tiny speedup; otherwise no functional change.

8d5275662c45c852cf3682b4999e9ed017bb4c51 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Add permanent neighbor entries again

Previously, neighbor discovery used ARP or NDP, both of which have
nonzero attack surface. Addi...

41fff23c6dae16e6eb3f686a79297f1fc5cd8ca7 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Replace iptables with nftables

nftables is the modern replacement for iptables. It has more features
and is actively maintaine...

28b95535c7cbd15543c804e822c0e4c997f5966e authored over 1 year ago by Demi Marie Obenour <[email protected]>

Unify and improve wording on copy/move to other qube

Use qube instead of VM/AppVM, use the same wording everywhere
and move from every-word-capitized...

4c32d01e960da26bd961a6c66bd5ae4d52778e75 authored over 1 year ago by Marta Marczykowska-Górecka <[email protected]>

Xen hotplug scripts should be initrc_exec_t

This makes them unconfined while ensuring that programs they spawn have
the correct (possibly co...

252e5cda0f1b1c6f9582dcb09e8d20a966c92284 authored over 1 year ago by Demi Marie Obenour <[email protected]>

Use appropriate rpm macros

No functional change intended.

73b3344f96c7b6b918d8571cce2b9125898bf740 authored over 1 year ago by Demi Marie Obenour <[email protected]>

version 4.2.10

ed3acd6e7f05cdaab9e2e66ad5990b3bb856d5e2 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/416'

* origin/pr/416:
archlinux: support for new packaging in legacy builder
Rework Archlinux pac...

d64e5453930101d1d148657f823a6ead5d8262fc authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Fix a few bugs in vm-file-editor

- Do not hard-code username "user" or home directory "/home/user"
- Check for errors properly

639d4851de48e029ac696b9cd205bcbf5afe3dee authored over 1 year ago by Demi Marie Obenour <[email protected]>

Revert "Workaround Fedora selinux preventing shutdown"

The issue is fixed upstream already.

This reverts commit 0707922bb4a6aa5475289905ce37e8b0cbd8b635.

705674779d493664071650728fafe590fcde01c5 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

archlinux: support for new packaging in legacy builder

0cd524020214c98c5587957d1414a251d52b8fbf authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

Switch to new codecov uploader

https://about.codecov.io/blog/message-regarding-the-pypi-package/

8c3de498dc91dadd23891090b3f17c40ea74ec29 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

version 4.2.9

ff56aaa96fff7aeb205c35b08c442963b1a3fa4f authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Workaround Fedora selinux preventing shutdown

Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2185490

QubesOS/qubes-issues#8069

0707922bb4a6aa5475289905ce37e8b0cbd8b635 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

debian: re-announce services when some is installed

Trigger qubes.PostInstall not only when desktop file gets
installed/changed, but also when qrexe...

a07da3b7e6c327affd933bb95848ca675fc235c5 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Rework Archlinux packaging

3c05789a11d8f1969883cb2720461b238692bdd6 authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

dom0-updates: force refreshing sqlite rpmdb if legacy one is newer

This is especially relevant for older dom0 (in R4.1) - otherwise once
converted rpmdb won't be u...

b26f5ce1e854fe1e7f1c3971fd72364004d7eff3 authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

version 4.2.8

930744df4bb429b0436a02326049e37779781471 authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/409'

9622879699836d33e39834fffc8f08686b670f15 authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/380'

* origin/pr/380:
Update debian rules file to include pythonver for caja
Update rpm spec to i...

fa9f2c161f67b2e777c5587443e0844e1711d32a authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Announce qubes agent version to dom0

This allows GUI tools to warn about outdated version (for example template imported
from older i...

9e760f8923d9ea5fe4e1f35080959eabec7b0dbb authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Advertise supported RPC services

Let dom0 know which services are supported without trying to call them.
This allows better error...

a0ce6aae37138ed5f14c0fe94564a64c134c7b4a authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/408'

* origin/pr/408:
Add -h and --help to qvm-copy

4d122e1245b6dfb204221f7f36365b6b8dc967b2 authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/404'

* origin/pr/404:
qvm-connect-tcp: print usage on invalid parameters

70866f9dd8a0d0ac21f159747b54051448126508 authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/403'

* origin/pr/403:
Do not install SELinux-related services on Debian

098002f0bd08d9c33ac19fe72ab1e4da704473ac authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/383'

* origin/pr/383:
Enable IPv6 Privacy Extension by default

cbb4f26a1a6367b7281da540151f6fdd07fb89a6 authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Add -h and --help to qvm-copy

Fixes: QubesOS/qubes-issues#8023

395a62bece471b7ab2eb168c8dc98a31a836a685 authored almost 2 years ago by Demi Marie Obenour <[email protected]>

version 4.2.7

76c7abbe737ee564a1a4d1b4f2fc099b2fd15fbc authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

rpm: mark package as providing qubes group

This will ease setting dependencies so the group is created before
installing packages with file...

2e1933362e0961d5db71d83fcf3b9d62d4be7f8e authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

version 4.2.6

9b87fbb14132b39812e0c23b37c84d31364485da authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Handle dom0 rpmdb in /usr/lib/sysimage/rpm too

When dom0 gets updated to newer Fedora, its rpmdb is in
/usr/lib/sysimage/rpm. Handle this case ...

e7aed411345d7208ad441f1aadec7ac38481365c authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Follow ShellCheck suggestions

In init/functions line 153:
x=${1%%$3*}
^-- SC2295 (info): Expansions inside ${.....

f8a5028af0516f49256b89ef2035cdc48602b1b0 authored almost 2 years ago by Rusty Bird <[email protected]>

Ecosyste.ms: OpenCollective

github.com/QubesOS/qubes-core-agent-linux