Merged. Requires testing when new test images get available.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Aug 6 2015
Jul 7 2015
Jun 26 2015
Jun 23 2015
Jun 21 2015
Jun 20 2015
Yes, AppArmorProfile= is >= Debian version 9 codename Stretch only.
Jun 19 2015
Progress information on this feature in Debian:
Jessie has systemd 215, meaning this *should* be in there. If its not working its probably a bug.
Jun 18 2015
Looks like this option is not implemented.
Added
AppArmorProfile=/etc/apparmor.d/usr.sbin.cpfpd
in control-port-filter-python.service. It works as expected.
But with a typo
AppArmorProfile=/etc/apparmor.d/usr.sbin.cpf
It still works. sudo service control-port-filter-python status reports active (running), and the process is still enforced.
What's the ApparmorProfile= option good for?
Jun 17 2015
Jun 15 2015
Not required. T342 functional.
Jun 14 2015
OK I edited my comment and added those in under the Unit section.
How to find out? Look manually into /etc/init.d/virtualbox-guest-utils
(or systemd unit files if it had those) and/or 'grep -i provides
/etc/init.d/virtualbox-guest-utils'.
What is the name of the systemd vbox guest additions service so I can add it? KVM does not rely on spice or a guest additions equivalent to share folders.
In section [Unit] it should probably use After= something. I.e. make it run after VBox / KVM guest additions.- debian/rules modifications
- debian/control modifications
- use /lib/systemd/system/
- commit to shared-folder-help package
- build package, test if it actually works
Great news! automatic shared folders is now achieved :D
I don't think you need a separate script. Instead of running a single
line script, you could try running the mount command directly from the
systemd unit file.
Ok I see what you're talking about.
HulaHoop (HulaHoop):
A solution you probably won't like is patching the fstab file directly.
A solution you probably won't like is patching the fstab file directly.
Jun 13 2015
This option is dead because of some rare bug. There are only 4 search results for it and none of the situations really applies to our setup here.
How far I've gone:
I managed to debug errors until I corrected the parameters in the unit files so they should be correct. The remaining error has something to do with the 9p kernel module and I'm not sure where to go from here.
Nice. Much better than manually running mount from systemd.
Excellent example of shared folder mounting with systemd files in Arch documentation. It will take changing them from vmware to suit KVM and drop them in the same paths for testing:
If the manual mount command that does not involve /etc/fstab, i.e. mount -t 9p -o trans=virtio shared /mnt/shared -oversion=9p2000.L work for you in terminal, then a systemd unit file could do the same. Also without requiring /etc/fstab.
systemd can understand mount entries but they still have to be specified in /etc/fstab which won't solve anything.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666163 says fstab.d support has been removed. Not a great long term solution.
Jun 12 2015
fstab.d should be available in the libmount version in Jessie:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666163
Jun 11 2015
Jun 10 2015
Jun 6 2015
Fixed in Whonix 10.0.0.2.3.
May 30 2015
systemd unit: added 'Before=graphical.target' and 'Before=getty.target' - https://phabricator.whonix.org/T106:
https://github.com/Whonix/msgcollector/commit/ab24bd261d8ac2027f6a3ad85da4b4a3d416b044
May 28 2015
Using sd_notify for shell scripts seems difficult to not much benefit. Not doing that. Patches welcome.
systemd unit: added 'TimeoutSec=30' and 'Restart=always' - https://phabricator.whonix.org/T311:
https://github.com/Whonix/whonixcheck/commit/eccbb43021ace3a9d2144c63e1a3c99571006701
Tested by placing /lib/systemd/system/tor.service from https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in (removed spaces).
fixed 'insserv: script tor.anondist-orig: service tor already provided!' warning during upgrades - https://phabricator.whonix.org/T303:
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/12691426c9f0bfd561ce369e90158b9dcd1132ae
May 27 2015
I don't consider enable SystemdUnit hacks if there are no other deb-installer solutions to ensure a proper state.
May 26 2015
I don't consider enable SystemdUnit hacks if there are no other deb-installer solutions to ensure a proper state.
pull request...
clean mechanism to skip starting services network-manager, spice-vdagent, swap-file-creator and whonix-initializer in Qubes using /etc/systemd/system/unit.service.d directory - https://phabricator.whonix.org/T315:
https://github.com/nrgaway/qubes-whonix/pull/5
May 24 2015
Works fine in Whonix 11.0.0.2.0-developers-only.
Fixed in Whonix 11.0.0.2.0-developers-only.
May 23 2015
Tested restart instead of start reload before your post, working. Could not check if that solves the issue at first boot in Whonix Gateway, (tor active, exited) but I guess it does, because a manual sudo service tor restart works.
systemd unit: added 'Before=tor.service' and 'After=swap-file-creator.service' for better look and feel. - https://phabricator.whonix.org/T106:
https://github.com/Whonix/whonix-initializer/commit/0c1490942edd4c58207980785bb658afa163cb15
more work on systemd support - https://phabricator.whonix.org/T106:
Probably better not. Not required. Non-standard. Conflicts are unlikely, because name of package = name of sysvinit script = name of systemd unit file.
systemd unit: added 'StandardOutput=tty' for better look and feel. - https://phabricator.whonix.org/T106
https://github.com/Whonix/swap-file-creator/commit/f49f572e5a06ed33eeacc5647f0f85751cc611b9
Improved implementation. When there is enough RAM... On 'enter': instantly start login manager. On 'ctrl + c': instantly abort and do not start login manager. On 'timeout': start login manager. Thanks to 'dh_systemd_start --no-start' we can now use 'StandardInput=tty' and 'read' instead of 'systemd-ask-password'. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). - https://phabricator.whonix.org/T57:
https://github.com/Whonix/rads/commit/c8c94c3dfe625dee62bd0fcbe76c5480d4e94056
Doesn't look like we need one.
fix 'Tor fails after reload related to torrc DisableNetwork setting issue' by only restarting Tor, no longer trying to reload Tor - https://phabricator.whonix.org/T320:
https://github.com/Whonix/whonix-setup-wizard/commit/d5aacf5c58d5aad1c158e589b43d0dd5ccc9cc3f
Done in whonixsetup,
fix 'Tor fails after reload related to torrc DisableNetwork setting issue' by only restarting Tor, no longer trying to reload Tor - https://phabricator.whonix.org/T320
https://github.com/Whonix/whonixsetup/commit/bc8cb713430a655eb3bb8dd3f8397babce1b6d3e
Reported a bug upstream.
Tor dies on reload when swichting to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53':
https://trac.torproject.org/projects/tor/ticket/16161
The qubes-whonix-tor.service was implemented to solve the issue you were talking about where Tor would sometimes not start properly on boot.
Until upstream fixes that bug and until their fix landed in deb.torproject.org, which will take a while... Our options are:
Reported a bug upstream.
Tor dies on reload when swichting to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53':
https://trac.torproject.org/projects/tor/ticket/16161
Updated ticket description with instructions on how to reproduce this issue.
May 22 2015
more work on systemd support - https://phabricator.whonix.org/T106:
https://github.com/Whonix/timesync/commit/0a76d86a8e37ae9691374da69bdef452b6def7cc
May 21 2015
bug report,
deb-systemd-helper fails to enable systemd units when using 'WantedBy = ' with spaces:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786418
Judging by the system man pages that do not use spaces and info from a systemd contributor on systemd IRC, no spaces should be used.
May 20 2015
I guess just not using spaces would be the way to go. I used to not use spaces, but then added them as it seems like that should be supported and works with systemd, just not the deb-systemd-helper
That's a nasty upstream bug for deb-systemd-helper. You would have thought that would have been fixed for Jessie stable release.
That's a nasty upstream bug for deb-systemd-helper. You would have thought that would have been fixed for Jessie stable release. Do you know if there is a reported issue on it upstream?
pull request against @nrgaway/qubes-whonix,
systemd unit file remove spaces fix/workaround:
https://github.com/nrgaway/qubes-whonix/pull/3
This is fixed, but there is a similar outstanding issue. Created T320 for it.
This is fixed in 11.0.0.1.8-developers-only.
Quoting myself.
pull request against @nrgaway/qubes-whonix,
systemd unit file remove spaces fix/workaround:
https://github.com/nrgaway/qubes-whonix/pull/3
All these changes are available in 11.0.0.1.8-developers-only. Now testing a build.
For reference, this is what I used for debugging.
systemd unit: workaround/fix, removed spaces from 'WantedBy = ', likely bug in 'deb-systemd-helper' that prevents enabling the service by default - https://phabricator.whonix.org/T316
systemd unit: workaround/fix, removed spaces, likely bug in 'deb-systemd-helper' that prevents enabling the service by default - https://phabricator.whonix.org/T316
- https://github.com/Whonix/bootclockrandomization/commit/0a15a20467e1ef33307435fa2a7b415f940955d9
- https://github.com/Whonix/bootclockrandomization/commit/faa7fa520679f1beb3401d4dbceb288c57e84660
- https://github.com/Whonix/msgcollector/commit/4503b5e9f92a0af8e473f2ff5dbc8a0001c0de92
- https://github.com/Whonix/msgcollector/commit/6640b8f8816df633af8d339769127d4912cf6ba4
- https://github.com/Whonix/sdwdate/commit/fb1480d8ee7ba130579555f43944608b4fea2f34
- https://github.com/Whonix/swap-file-creator/commit/f3187350233c4c87ab1bddc7db2734d97efee237
- https://github.com/Whonix/timesanitycheck/commit/f9d8ceec88b87ba648d5231504dfaf145e8c7bf6
- https://github.com/Whonix/whonixcheck/commit/2a72ec4348ab1ba4ac718d4e4be25b105292dc7c
- https://github.com/Whonix/timesync/commit/0f344ca1363682aa75a23c1bc2732732f331bd10
Looks like a bug in deb-systemd-helper.
Asked on debian systemd mailing list.
systemd unit functional, but not enabled by default issue:
https://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2015-May/007271.html
The original issue of this ticket is solved for now as of 11.0.0.1.7-developers-only. The Tor daemon is automatically started on first boot.
Created a minimal package to reproduce this issue on a plain Debian jessie system:
https://github.com/adrelanos/hellodaemon
May 19 2015
Good point! That will help. I'll be comparing those packages. Preferably we can keep packages systemd-only.
systemd unit: added 'Before=control-port-filter-python.service:
https://github.com/Whonix/whonix-initializer/commit/ace6738ef5ebb00ac5bc645d80577011b873e506
For information, tried it out of curiosity some time ago. control-port -filter-python is working with systemd only (control-port-filter-python removed from /etc/init.d).