Since now event listener reports proper QubesDaemonCommunicationError
exception instead of some form of IOError. Include it for automatic
reconnect logic.
Fixes a481490 "app: fix error reporting when connection to qubesd fails"
Port 5a39e777089d8bde6d0a620830a898c1cf3dd924 ("events: add support for
wildcard event handlers") from qubes-core-admin:
Support registering handlers for more flexible wildcard events: not only
'*', but also 'something*'. This allows to register handlers for
'property-set:*' and such.
If file to be imported is larger than the default root volume, resize
the volume first. It might be also a good idea to shrink it when needed,
but currently the backend refuse it.
FixesQubesOS/qubes-issues#3422
When both threads and processes are used, logging module can deadlock.
Workaround this by re-initializating locks in logging module.
See https://bugs.python.org/issue6721 for details.
Revert this commit when the python issue is fixed (in the python version
used for backup restore).
* windows-tools:
doc: add info what properties are inherited from template
Add 'gui-emulated' feature
qvm-start-gui: fix handlign rpc-clipboard feature
Add an explicit method for forcing emulated VGA output. Previously it
was possible only by removing `gui` feature (setting it to false had a
different effect), or enabling debug mode.
Using lack of a feature as a third state was a bad idea.
QubesOS/qubes-issues#3585
Do not crash if qubesd restart exactly the moment event handler was
called.
Event listener properly handle qubesd restarts (reconnects), but exists
if any handler raise an exception. Avoid this by logging such exceptions
but not propagating them.
This is especially the case for domain-shutdown event for DispVM - when
handled, DispVM can be already removed. Give the handled VM object even
if actual VM is already removed. For this, avoid VM existence check by
using domains.get_blind() method.
And actually implement domains.get_blind() method - it was present only
in generic collection, but not VMCollection.
This changes to accept the string none as the value None,
as if an empty string was entered. This allows setting the
netvm to "None" as described in QubesOS/qubes-issues#3942
There was such option on Qubes 3.2, so add it here too. This is
especially useful for kernel package - preun script use it to verify if
given kernel isn't needed anymore.
* improved-tools-messages:
tools: suppress full traceback in console tools
tools: add SubParsersHelpAction, which include subcommands details in --help
Right now Admin API backend will refuse to shrink volume anyway, but
we're planning to relax this restriction. Make sure the client side
(qvm-volume tool here, GUI VM settings already have this in place) will
employ appropriate safety check.
QubesOS/qubes-issues#3725
If needs to be extended - do it before import. If needs to be reduced -
after. This way, if data import fails for any reason, previous data
won't be destroyed (truncated).
Also, convert error on shrinking volume to a warning, as it doesn't break
the template (just leave it with bigger disk than needed). Currently all
storage pool implementations refuse to shrink a volume (but it may
change in the future).
QubesOS/qubes-issues#3169
QubesException class is used with meaningful messages and should be ok
to use it directly as error message. For other exceptions, still use
full traceback (most likely a bug somewhere, not user error).
FixesQubesOS/qubes-issues#3610
Don't print None value as 'None' string, but as empty one (same as at
API level). Otherwise it is indistinguishable from VM named 'None', or
same string property value.
This is especially important on LVM thin pool, where space after
removing the file needs to be given back to the pool, to be reused for
other volumes (for example this template).
qvm-start-gui lifecycle should be bound to X server lifecycle. It should
be restarted when user logoff and login again, at least to start
gui-daemons again.
Do that by opening a connection to X server and reacting to breaking
that socket.
FixesQubesOS/qubes-issues#3147
* qubesos/pr/52:
backup: don't crash when no 'qubes' group is present
tests: dom0 backup restore, both v3 and v4
backup: add support for openssl 1.1.0 options
backup: skip dom0's properties while restoring core2 backup
unused variable
style issues
Fix dom0 restore
Fix dom0 handling
Fix AdminVm class name
This is specifically the case on Travis-CI. But since dom0 backup is
restored into separate directory now, instead of directly overriding
user home, this check is much less relevant now.
I don't know if any template currently hits this code path, even the
fedora-26-minimal root.img is large enough to be split into multiple
parts. Maybe Arch Linux?
Related to https://github.com/QubesOS/qubes-core-admin/pull/188
It's already available in config dict, but lets provide uniform API. And
also it's a bit weird to look for usage data in configuration...
QubesOS/qubes-issues#3240
'qvm-run --dispvm' cannot easily make a separate qubes.WaitForSession
call. Instead, if --gui is active, pass the new WaitForSession argument
to qubes.VMShell, which will do the equivalent.
The unit tests have been copied (in slightly adapted form) from commit
a620f02e2aFixesQubesOS/qubes-issues#3012ClosesQubesOS/qubes-core-admin-client#49
When calling a service in DispVM, the connection is established only
after session is ready (if required for given service). qrexec-client by
default use 5s here, which is too low depending on hardware. Use
'qrexec_timeout' property here for DispVM case.
FixesQubesOS/qubes-issues#3012
In core-admin matching collections are real dicts, so clone this API
behaviour here too. Specific changes:
- iteration yields keys, not values
- implement values and items methods
Additionally fix keys method, it was broken on python2 (list have no
copy method).
It wasn't possible to use QubesArgumentParser(vmname_nargs=...) for
optional domain list - the option forced usage of either --all or
explicit domain list.
When starting a VM with --cdrom=some-vm:/some/path/to.iso, it can be
started only when loop device matching the path is available. For now,
add naive waiting (while ... sleep(1)) for it. Later it might worth
converting it to events handling.
This is to match core-admin API. Logically it could be a property not a
method (as other things like usage or size), but it is already defined
(and used in various places) as a method in core-admin, so lets don't
change the API right now.
* qubesos/pr/44:
Fix style else-return
tests: update qvm-template-process and qvm-remove tests
Add --force to manpage.
Avoid cloning installed_by_rpm
Print vm list before prompt
Use --force instead of --yes
Toggle installed_by_rpm in template tool
Fix error message grammar
Add --yes option and confirm prompt.
Make use of better security of Qubes 4.x by using HVM by default. If
some VMs are incompatible with it (like MirageOS based), user can always
switch it to PV manually later.
This restores Qubes R3.2 behavior
Before this patch, the following:
qvm-run -p sys-firewall 'echo -e "\e[0;46mcyan!" >&2' | wc -l
leaks the escape sequences through to the dom0 terminal via stderr,
in this case demonstrated by the ability to change the text color while
it should be fixed to red.
This can also be abused with xterm reporting sequences to cause input
to be sent to the dom0 terminal. This is potentially a security issue.
The main process sometimes sets fd 1 to O_NONBLOCK, and since in the
terminal case fd 0 and 1 are the same fd, this also results in fd 0
being non-blocking, causing qvm-run to crash with EAGAIN.
So just make the code work for both blocking and non-blocking stdin.
When some VM timeout on shutdown, the tool will try to kill all of them,
but at this point some of them may be already powered off (not all
hanged during shutdown, but only some). Handle this
situation instead of crashing. And add appropriate test.
Do not crash if the other object is completely different type. Return
False ("unequal") instead.
This crashed preparing list of devices in qubes-vm-boot-from-device.
FixesQubesOS/qubes-issues#3182
If EOF is reached on tar's stderr, stop reading it, even if didn't found
expected data. Log this event.
This may happen when tar output some fatal error, instead of filelist.
