This test uses three tricks to test /var/tmp space monitoring:
1. Creates a big uncompressed backup (2GB file instead of few bytes)
2. Mount small tmpfs over /var/tmp (650MB - minimal space that should
not deadlock the restore)
3. Artificially slow down data processing by adding sleep()
QubesOS/qubes-issues#4791
Instead of failing the restore process, pause data extracting, until
already extracted data gets processed.
This commit implements this for local tar extraction. Extracting data
received from a VM is handled in qfile-(dom0-)unpacker, which also has
similar feature, turned on in 6338b936e2.
FixesQubesOS/qubes-issues#4791
Avoid failing restore after potentially lengthy processing - check
available space first.
This will be even more important after adding waiting for free space -
then if there won't be enough free space, the process will deadlock.
QubesOS/qubes-issues#4791
Rename QubesDaemonNoResponseError to more intuitive
QubesDaemonAccessError (keep legacy name still working).
Use QubesPropertyAccessError whenever the access is about @property -
this makes it easy to use `getattr` to use default value instead.
QubesOS/qubes-issues#5811
* paranoid-restore:
backup/restore: make error reporting work also for StandaloneVM based DispVM
backup/restore: better error detection for --paranoid-mode
doc: document 'tag-created-vm-with' feature
tests: add paranoid backup restore unit tests
tests: remove extra empty lines
tests: extend run_service mockup for pre-recorded output
rpm: add BR: python3-lxml and python3-xcffib
backup/restore: add option for unattended restore and extracting log
tools: remove obsolete _want_app argument
Add "paranoid restore" mode
rpm/deb: add dependency on scrypt
utils: add simple locking primitive
backup/restore: use qfile-unpacker in a VM, request disk space monitoring
backup/restore: option for alternative qrexec service
backup/restore: improve error message about restoring tags
backup/restore: distinguish dom0 by name
Xterm doesn't preserve exit code of the process running inside. This
means, the whole xterm always exits with 0, even if qvm-backup-restore
failed.
Fix this by printing the exit code at the end to the log and then extract
that last line from the log on the calling side. This way we can also
distinguish whether qvm-backup-restore or xterm failed.
Allow running unattended, with qvm-backup-restore --passphrase-file.
This require few modifications:
- copy the passphrase file into the DisposableVM (that VM knows the
passphrase anyway, so there is no extra data leak)
- close the terminal when operation finishes
Closing the terminal would eliminate almost all the feedback (operation
log, errors, warnings etc), so write it into a file in DisposableVM and
later extract it and show on the stdout. Similar to qvm-run, color it
red as a content coming from a VM.
QubesOS/qubes-issues#5310
Having Admin API, it is possible to do this properly now:
- create DisposableVM
- assign it proper permissions to create VMs and control those created
VMs
- run restore process inside
- cleanup DisposableVM afterwards
Since the RestoreInDisposableVM class contains de facto reverse parser
for qvm-backup-restore command line, add a test that will spot when it
gets out of sync.
This feature depends on modifications in various other components,
including:
- linux-utils and core-agent-linux for update qfile-unpacker
- core-admin for qrexec policy modification
QubesOS/qubes-issues#5310
Standard python locking modules do not provide detection if lock-holding
process is still alive. Add a simple wrapper around fcntl.lockf that do
just that.
Make it possible to use qvm-backup-restore in a VM. This commit is about
accessing backup itself, when stored in another VM. This involve using
qfile-unpacker instead of qfile-dom0-unpacker and also requesting disk
space monitoring, as a VM probably won't have enough space to hold the
whole backup at once.
QubesOS/qubes-issues#4791QubesOS/qubes-issues#5310
Allow setting alternative qrexec service to retrieve backup content. The
service API is slightly different than the default one: it will get only
list of files/directories to extract on its stdin, but not backup
location. The latter could be provided as a service argument, or using
other out-of-band mechanism.
This will be useful for paranoid backup restore mode, to take away
control over location/command from sandboxed qvm-backup-restore process.
QubesOS/qubes-issues#5310
Before reporting a tag as not restored, verify if it really wasn't
restored. Generally created-by-* tags cannot be created manually. But
when restoring a backup in dom0, created-by-dom0 tag is added, which in
many cases will match what want to be restored.
Adjust tests to check this too.
