* origin/pr/145: (119 commits)
qvm-template: fix downloading template for install
tests: add tests for other qvm-template functions
tests: improve TestProcess behavior
tests: add tests for qvm-template reinstall/up/downgrade when nothing needs to be done
tests: fix mock return values of get_dl_list when testing `qvm-template reinstall`
qvm-template: update comments to reflect e424c7d
qvm-template: only ask for confirmation during install if something is being done
tests: add more tests re. install, remove, and get_keys_for_repos
qvm-template: test != 1 instead of == 0 for template-dummy feature
tests: fix tests for verify_rpm involving incorrect template names
tests: add tests for qvm-template remove
tests: some more for qvm-template
qvm-template: mute pylint complains about typing.NamedTuple
tests: qvm-template-postprocess - template.conf handling
qvm-template-postprocess: fix allowed features list
qvm-template-postprocess: extract config handling into separate function
qvm-template-postprocess: treat missing appmenus files as warnings only
qvm-template: default confirm to 'n'
qvm-template: verify template package signature directly at download
qvm-template: improve error reporting
...
Allow running unattended, with qvm-backup-restore --passphrase-file.
This require few modifications:
- copy the passphrase file into the DisposableVM (that VM knows the
passphrase anyway, so there is no extra data leak)
- close the terminal when operation finishes
Closing the terminal would eliminate almost all the feedback (operation
log, errors, warnings etc), so write it into a file in DisposableVM and
later extract it and show on the stdout. Similar to qvm-run, color it
red as a content coming from a VM.
QubesOS/qubes-issues#5310
Having Admin API, it is possible to do this properly now:
- create DisposableVM
- assign it proper permissions to create VMs and control those created
VMs
- run restore process inside
- cleanup DisposableVM afterwards
Since the RestoreInDisposableVM class contains de facto reverse parser
for qvm-backup-restore command line, add a test that will spot when it
gets out of sync.
This feature depends on modifications in various other components,
including:
- linux-utils and core-agent-linux for update qfile-unpacker
- core-admin for qrexec policy modification
QubesOS/qubes-issues#5310
Allow setting alternative qrexec service to retrieve backup content. The
service API is slightly different than the default one: it will get only
list of files/directories to extract on its stdin, but not backup
location. The latter could be provided as a service argument, or using
other out-of-band mechanism.
This will be useful for paranoid backup restore mode, to take away
control over location/command from sandboxed qvm-backup-restore process.
QubesOS/qubes-issues#5310
Allow configuring options per VM or globally per GuiVM. The
qvm-start-daemon program reads the options from VM features, and
generates a configuration file for qubes-guid.
Requires QubesOS/qubes-gui-daemon#47 (customizing the configuration
file).
* origin/pr/111:
Add tests for --tree option of qvm-ls
Sort domains in network tree list
network tree manpage entry added
added feature to list domains as network tree
Previous commit introduced protection against uncommon (potentially
malicious) compression filters. This breaks restoring backups made with
a custom compression filter. Add an option to override this check, by
naming compression filter to use explicitly.
Add support for importing volume data with qvm-volume tool.
This could be also used to clear volume by issuing:
qvm-volume import --no-resize some-vm:private /dev/null
QubesOS/qubes-issues#5192
Addresses review comments, specifically:
* updates qvm-clone tests to handle ignore_errors option
* adds manpage reference to new --ignore-errors option
* trims line length in qvm-clone changes
All tests should now be passing, including the new qvm-clone
functionality.
Specify compression explicitly in the backup profile, not only when
requested with --compress or --compress-filter.
This will allow to disable compression with --no-compress option, as the
default if no compression is specified in the profile is to use gzip.
FixesQubesOS/qubes-issues#4803
