If user just installed Qubes, the full templates can have updates
available. If user restored backups of templates and standalones, they
could also have updates available. Available updates can contain fixes
that if not applied, can make the states fail, such as a buggy salt
package and Qrexec service that can make a state fail in case the
full outdated templates and standalones are responsible for the
functionality specially of management_dispvm, updatevm, default_netvm
and qubes.UpdatesProxy service.
- Enforce uninstall in Fedora, it has been too problematic due to zchunk
checksum mismatch errors;
- Skip tagging and installing on unsupported qubes, before it tagged
every template that did not have the tag 'whonix-updatevm', this is
error prone as it would fail the installation on unsupported clients
such as Gentoo, Mirage.
Fixes: https://github.com/ben-grande/qusal/issues/54
Ability to read the program's manual from the terminal is much better
than to ask the user to search the manual page on the internet, we
already trust the installed program and documentation, but we should not
trust every manual page on the internet.
- Maim causes no errors and has region and window capabilities;
- Scrot region capture puts some weird borders when dragging the mouse;
- Spectacle allows editing but is too feature rich (complicated); and
- Xfce4-screenshooter does not allow selecting both region and window.
Fixes: https://github.com/ben-grande/qusal/issues/51
It is not possible to troubleshoot network module loading without
pciutils. Although it is a troubleshooting tools, it is not
troubleshooting the network, but to make the system itself be able to
load kernel modules and reach the network, therefore necessary.
Qubes that have the updates-proxy-service enabled will have the
repository definitions set to work with the proxy, being it a TemplateVM
or another type of qube. Qubes that have that same service disabled and
are based on templates that are being cached, will have the repository
definitions corrected for it to work like normal systems via the
networking instead of caching proxy.
Optimizations were done for a faster runtime, previously it would call
sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora
repositories (one extra for rpmfusion) and some more for PackageKit and
dnf.conf markers. Inexpensive runtime is a must for a script that may
run multiple times, such as when being called by a tool monitoring the
filesystem such as inotify.
Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use
case of the cacher, thus the license had to be changed.
For: https://github.com/ben-grande/qusal/issues/44
Fixes: https://github.com/ben-grande/qusal/issues/31
Very useful for template based qubes to uninstall the cacher definition
to reach remote repository definitions with direct connection.
https://github.com/ben-grande/qusal/issues/31
Updates happens multiple times, normally 2 to 3, even if we consider a
state without includes. On states with multiple includes, it could
easily get approximately 10 updates being ran. This behavior leads to
unnecessary network bandwidth being spent and more time to run the
installation state. When the connection is slow and not using the
cacher, such as torified connections on Whonix, the installation can
occurs much faster.
Adding external repositories has to be done prior to update to ensure it
is also fetched.
Fixes: https://github.com/ben-grande/qusal/issues/29
Provided in the default Dom0 installation as it brings a much better
usability and small packages.
KDE ships with kdialog but without a screenshot utility.
Xfce ships with xfce4-screenshooter but without a dialog utility.
Scrot and Zenity are minimal tools that works on both DEs and are very
small packages.
Fixes: https://github.com/ben-grande/qusal/issues/22
Git revision is specified in the git module to Salt not fail trying to
verify it is in HEAD when it is in a tag from a previous installation.
Fixes: https://github.com/ben-grande/qusal/issues/27
Comparison to upstream:
- POSIX compliant;
- Add more dialog tools: kdialog;
- Add more screenshot tools: spectacle, xfce4-screenshooter;
- Change work "Nautilus" to "File Manager";
- Fix all shellcheck messages;
- Fix wording of confusing options seen by the user;
- Fix variable names without meaning;
- Remove commented/unused code;
- Remove extraneous messages sent to the user;
- Remove Imgur support; and
- Remove ImageMagic, use tools that support editing: spectacle.
Fixes: https://github.com/ben-grande/qusal/issues/22
A Minimal Fedora template can't be the management qube or the targeted
qube of Salt as it is missing dependencies that are only available in
the full template. The management qube is temporarily changed to the
non-minimal version so the minimal template can be targeted once and
then it takes over the management disposable template.
Fixes: https://github.com/ben-grande/qusal/issues/28
- End qrexec policy with deny rules;
- Move the USB setup from sys-audio to sys-usb; and
- Document the pros and cons of the different types of USB devices
assignment to client qubes or to the server.
The target of qubes.ConnectTCP has 'socat' because it is a dependency of
qubes-core-agent-networking. In case the target has not networking
packages, this needs to be taken care by the formula that creates the
target, not from the client itself.