diff --git a/developer/releases/todo.md b/developer/releases/todo.md index 23d370ed..bcac1b17 100644 --- a/developer/releases/todo.md +++ b/developer/releases/todo.md @@ -37,6 +37,7 @@ On final release * finish release notes * update InstallationInstructions * build ISO and push to mirrors +* push `qubes-release` package to `current` * notify @Rudd-O about the new ISO for new torrent hosting -* write blog post -* announce on Twitter +* write news post +* announce diff --git a/developer/services/qrexec.md b/developer/services/qrexec.md index 44cdd506..f0620f2a 100644 --- a/developer/services/qrexec.md +++ b/developer/services/qrexec.md @@ -109,11 +109,6 @@ whether to allow the request, what VM to redirect the execution to, and what use Note that if the request is redirected (`target=` parameter), policy action remains the same -- even if there is another rule which would otherwise deny such request. If no policy rule is matched, the action is denied. -In the target VM, a file in either of the following locations must exist, containing the file name of the program that will be invoked, or being that program itself -- in which case it must have executable permission set (`chmod +x`): - - - `/etc/qubes-rpc/RPC_ACTION_NAME` when you make it in the template qube; - - `/usr/local/etc/qubes-rpc/RPC_ACTION_NAME` for making it only in an app qube. - Files in `/run/qubes/policy.d/` are deleted when the system is rebooted. This is useful for temporary policy that contains the name or UUID of a disposable VM, which will not be meaningful after the system has rebooted. Such policy files can be created manually, but they are usually created automatically by a Qrexec call to dom0. @@ -141,6 +136,17 @@ It is also possible to call service without specific client program -- in which $ qrexec-client-vm target_vm_name RPC_ACTION_NAME ``` +### Answering an RPC call + +In other for a RPC call to be answered in the target VM, a file in either of the following locations must exist, containing the file name of the program that will be invoked, or being that program itself -- in which case it must have executable permission set (`chmod +x`): + - `/etc/qubes-rpc/RPC_ACTION_NAME` when you make it in the template qube; + - `/usr/local/etc/qubes-rpc/RPC_ACTION_NAME` for making it only in an app qube. + +The source VM name can then be accessed in the server process via +`QREXEC_REMOTE_DOMAIN` environment variable. (Note the source VM has *no* +control over the name provided in this variable--the name of the VM is +provided by dom0, and so is trusted.) + ### Specifying VMs: tags, types, targets, etc. There are severals methods for specifying source/target VMs in RPC policies. diff --git a/user/advanced-topics/how-to-install-software-in-dom0.md b/user/advanced-topics/how-to-install-software-in-dom0.md index b7040a6c..bcf606f5 100644 --- a/user/advanced-topics/how-to-install-software-in-dom0.md +++ b/user/advanced-topics/how-to-install-software-in-dom0.md @@ -65,44 +65,15 @@ commands to `dnf` using `--action=...`. **WARNING:** Downgrading a package can expose your system to security vulnerabilities. -1. Download an older version of the package: +To downgrade a specific package in dom0: - ~~~ - sudo qubes-dom0-update package-version - ~~~ - - Dnf will say that there is no update, but the package will nonetheless be - downloaded to dom0. - -2. Downgrade the package: - - ~~~ - sudo dnf downgrade package-version - ~~~ + sudo qubes-dom0-update --action=downgrade package-version ## How to re-install a package -You can re-install in a similar fashion to downgrading. +To re-install a package in dom0: -1. Download the package: - - ~~~ - sudo qubes-dom0-update package - ~~~ - - Dnf will say that there is no update, but the package will nonetheless be - downloaded to dom0. - -2. Re-install the package: - - ~~~ - sudo dnf reinstall package - ~~~ - - Note that `dnf` will only re-install if the installed and downloaded - versions match. You can ensure they match by either updating the package to - the latest version, or specifying the package version in the first step - using the form `package-version`. + sudo qubes-dom0-update --action=reinstall package ## How to uninstall a package diff --git a/user/downloading-installing-upgrading/installation-guide.md b/user/downloading-installing-upgrading/installation-guide.md index 8623d185..12bc4426 100644 --- a/user/downloading-installing-upgrading/installation-guide.md +++ b/user/downloading-installing-upgrading/installation-guide.md @@ -74,7 +74,7 @@ Change `Qubes-RX-x86_64.iso` to the filename of the version you're installing, a #### Windows ISO to USB -On Windows, you can use the [Rufus](https://rufus.akeo.ie/) tool to write the ISO to a USB key. Be sure to select "Write in DD Image mode" *after* selecting the Qubes ISO and pressing "START" on the Rufus main window. +On Windows, you can use the [Rufus](https://rufus.ie/) tool to write the ISO to a USB key. Be sure to select "Write in DD Image mode" *after* selecting the Qubes ISO and pressing "START" on the Rufus main window.