This isn’t Qubes 1 anymore 🙂.

The updatevm already downloads packages only (either using
--downloadonly option internally, or ...

* origin/pr/81:
spec: add BR make

* origin/pr/78:
Remove option to bypass rpmcanon

QubesOS/qubes-issues#6982

qvm-template is now a canonical tool to management. Redirect all
requests related to templates t...

The code to bypass rpmcanon didn’t actually work. Furthermore, R4.1
uses the stock Fedora 32 RP...

These contain attacker-controlled data and must not be scanned by udev

It used to be called by cron, but now it has its own timer.

This is what the base distribution now uses.

even if all other udev scanning should skip them.

Avoid an extra fork/exec :)

This prevents block devices from being scanned during boot.

This involves ensuring that dom0 swap is marked ready for systemd.

This used to be impossible, but it works now.

This is what Fedora recommends.

Others might hold attacker-controlled data, such as TemplateVM or
StandaloneVM package caches.

* origin/pr/76:
dracut: move config to system dir
Reduce dracut verbosity

* origin/pr/74:
Enable LVM autoextend and set default value to 90 for thin_pool
makefile: re...

Move all Qubes-related configs to /usr/lib/dracut, as system defaults
should be. Put them into a...

Fixes QubesOS/qubes-issues#6691

Fixes QubesOS/qubes-issues#5826

So that next RPM vuln will not make us issue a QSB 🙂.

This is the long-awaited rpmcanon integra...

The old version was secure, but this is better 🙂:

- It doesn’t fail to detect a symlink in the ...

Harden the package verification to make RPM reject packages that are not
signed, not only based ...

Do not accept output format of old rpm - this simplifies the regex and
makes it easier to read.

qubes-dom0-update won't display output from UpdateVM unless --console
and --show-output are used...

qubes-dom0-update has some options that affects only its dom0 part, for
example --show-output or...

The exact command run in the UpdateVM isn’t particularly useful to
humans and causes confusion.

‘script’ loops forever if it has an unexpected child process.

Salt needs this output, and is careful to not trust it.

Previously this wasn’t possible.

* throttle-restore:
qfile-dom0-unpacker: use spaces to indent
qfile-dom0-unpacker: support w...

Make it compliant with our code style.

Fedora 33 introduces an SQLite-based RPM database, whereas dom0 still
uses a BerkeleyDB based on...

Add support for -w option, which makes the extract process to wait for
enough free space in the ...

UpdateVM output is not trusted, so it should not be written on stdout by
default.

This is necessary for metadata verification.

We don’t use -e yet, but this makes us ready for it.

This is useful if the GUI is not working, for example.

It won’t be parsed correctly.

A trailing ‘--’ must be ignored, rather than setting ‘YUM_ACTION’ to
‘update’. Furthermore, th...

It isn’t guaranteed to work.

Instead, we can just display a generic message.

This adds proper quoting and replaces strings with arrays where
applicable. It also protects do...

* origin/pr/66:
dom0-updates: use 'incoming_dir' for getting freespace
Fix from Marek's comm...

If initramfs generation/copying fails, abort (`set -e` is in use) and do
not switch to non-funct...

Add a safety mesure to ensure we have enought place on dom0 rootfs

If multiple xen-libs packages are downloaded, don't fail as long as all
of them are about the sa...

Major Xen versions do not have compatible ABI for toolstack. This means
with new xen-libs you ca...

* origin/pr/64:
qubes-dom0-update: fix missing '&&'

Fixes QubesOS/qubes-issues#5901

QubesOS/qubes-issues#5901

- Update travis

* origin/pr/60:
Fix kernel install script clobbering kernel params ending in default=

Fixes Q...

* origin/pr/57:
dracut: add roadrunner2/macbook12-spi-driver on MacBook HW

Avoid pointless indirection with a script

QubesOS/qubes-issues#5686

The 'script' utility redirects stderr to stdout, and changes line
endings to \n\r. It makes the ...

The actions are already supported at the remote end
(qubes-download-dom0-updates.sh).

This is i...

Workaround for dracutdevs/dracut#712 causing cirrus and bochs_drm
modules being skipped when col...

Fixes side note of QubesOS/qubes-issues#5562

Fixes QubesOS/qubes-issues#5562

QubesOS/qubes-issues#5529

* origin/pr/53:
Added enabling of qrexec-policy-daemon.service

Since EFI boot now also use grub2, update its config too when present.

Reported-by: @JarrahG
Qu...

used by https://github.com/QubesOS/qubes-core-qrexec/pull/6
references QubesOS/qubes-issues#5125

qvm-remove got confirmation prompt, add -f to avoid it.

QubesOS/qubes-issues#4613

- fix unescaped dot in package_regex
- if any package fails verification, remove the whole direc...

Since we have new enough dnf version, native write_raw_configfile() can
be used, instead of exte...

This commit ensures that all arguments to qubes-download-dom0-updates.sh
are properly quoted. Th...

Even if EFI directory is present it may not be populated. kernel-install
part care specifically ...