Needed for QubesOS/qubes-issues#4867

We do have NetworkManager new enough to handle this feature already.
Enable both scan MAC addres...

* origin/pr/294:
remove trailing whitespaces; remove dest_vm argument
keep qvm-copy-to-vm bu...

It was needed for Debian stretch only.

It doesn't support bus-activation as the others notification daemons.

* origin/pr/292:
Avoid passing dom0-provided options to ‘dnf clean’

They are useless and can cause errors.

* origin/pr/291:
Install grub.qubes on Arch

This is necessary for in-VM kernels to work.

Red Hat- and Debian- derived distributions support SELinux, and so their
sudo packages are built...

* origin/pr/287:
qubes-early-vm-config.service: Wants=network-pre.target

qubes-core-agent-networking package brings in new systemd units, which
needs to be enabled. Stan...

The unit on the Before= side of network-pre.target also has to pull it
in as a dependency:

http...

By settinf Defaults role/type parameters, sudo starts asking for
password when called as root. I...

(cherry picked from commit 1fae41332219ba22d3e0bc2bfc73abea10f5bb97)

The setup-ip script requires extra parameters (action and interface) not
only env variables. Sin...

* network-wait-fix:
Increase upgrades-status-notify verbosity
network: fix waiting for VM ne...

* origin/pr/267:
fix for ArchLinux: notify dom0 about installed updates The launch of the qube...

* origin/pr/269:
Avoid spawning a Zenity progress meter
Harden shell scripts against metacha...

* origin/pr/272:
Allow SELinux to stay enabled

Print errors on stderr. yum_output variable isn't used anywhere, so
not capturing stderr wont be...

* origin/pr/280:
Ignore more options of qubes-dom0-update

* origin/pr/281:
Avoid deprecated /var/run directory

Fixes QubesOS/qubes-issues#6290

* origin/pr/283:
Handle UnicodeError in firewall when resolvi...

Fixes QubesOS/qubes-issues#6291

* origin/pr/282:
Fix comments in default qubes-firewall-user-...

It causes systemd to emit warnings.

The network-uplink-wait.sh script may be called before xen-netfront
module is even loaded (by ud...

Fixes 57b30d3 "Use /usr/lib instead of /lib"

* origin/pr/279:
Use 022 instead of 002 as sudo umask

* origin/pr/278:
“sudo” must remove SELinux restrictions
Only give the “qubes” group full Po...

* origin/pr/274:
Use /usr/lib instead of /lib

* origin/pr/268:
Don’t rely on an arbitrary length limit
Don’t assume dom0 will never have a...

Otherwise, if “user” has the SELinux user “staff_u”, the user will
typically need to write “sudo...

This is consistent with the rest of qubes-core-agent-passwordless-root,
and helps prevent sandbo...

The comment already mentions 022, which is presumably what was intended.

Newer versions of qubes-dom0-update will spawn
qubes-download-dom0-updates.sh in an xterm if GUI...

`qubes-download-dom0-updates.sh` can now handle spaces in its inputs,
for example.

DNF should never be used unattended without ‘-y’.

Users who have their own SELinux policies should be able to keep QubesOS
from disabling SELinux.

We can check for overlong domids without hardcoding the length in a
regex. Just check if the le...

In test setups, this actually happens!

Otherwise no vif-* interfaces come up.

Purely a cosmetic fix.

The code was correct, but shellcheck didn’t recognize that ‘n’ had been
assigned as a local vari...

We now have a newer qemu in the stubdomain, so checksum offloading
should work.

Pipelines can extend over multiple lines without needing line
continuation.

This ensures that a VM cannot use connection tracking entries created by
another VM.

Make sure NM config for uplink interface (eth0) is created before
starting NetworkManager itself...

... if it doesn't exist.
The /qubes-mac qubesdb entry is present on Qubes 4.1, but not 4.0. It i...

Initialize local variables.

There is no longer a case where $INTERFACE is not set.

Previously, network uplink (eth0) was configured in two places:
- udev (asynchronously)
- qube...

Stop IP forwarding when stopping qubes-network service (which initially
enables it). This makes ...

Fixes QubesOS/qubes-issues#5570

Fixes QubesOS/qubes-issues#5886

The launch of the qubes-update-check service failed on ArchLinux,
because the qubes-rpc uses the ...

* origin/pr/266:
Only allow known-safe characters in socket paths

* origin/pr/265:
Replace custom script reloading with sourcing /etc/profile in qubes.GetAppmen...

* origin/pr/232:
Use netvm_gw_ip instead of netvm_ip
Remove commented-out code
Add NetVM-f...

note: checkupdates return 2 when no updates are available
(source: man page and source code)

The socket path will be included in a shell command and then as a socat
argument, so only allow ...

* origin/pr/264:
qubes.ShowInTerminal requires socat

- python3-gobject-base (for PyGTK)
- ShellCheck

It isn't just shellcheck

They are usually identical, but this is not guaranteed.