Commit Graph

651 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
22bc5d880a
Merge remote-tracking branch 'origin/pr/105'
* origin/pr/105:
  Fixed error with VM being incorrectly listed as its own dependency
2019-09-21 03:34:31 +02:00
Marek Marczykowski-Górecki
556cec4e3f
Merge remote-tracking branch 'origin/pr/104'
* origin/pr/104:
  dochelpers: make PEP8 happier
  dochelpers: handle legacy sphinx library
  Fix Sphinx 2 new API for Fedora 31+
2019-09-21 03:34:27 +02:00
Marek Marczykowski-Górecki
1f1564dcf0
backup/restore: make pylint happy 2019-09-21 03:20:43 +02:00
Marta Marczykowska-Górecka
3e2b432644
Fixed error with VM being incorrectly listed as its own dependency
fixes QubesOS/qubes-issues#4224
2019-09-17 00:59:59 +02:00
Marek Marczykowski-Górecki
48ad8325d0
tests: check rejecting/accepting compression filters
3 new tests:
- custom (common) compression filter
- custom (uncommon) compression filter - should be rejected
- custom (uncommon) compression filter forced - accepted
2019-09-10 15:24:15 +02:00
Marek Marczykowski-Górecki
14f77860bf
backup/restore: add option to use uncommon compression filter anyway
Previous commit introduced protection against uncommon (potentially
malicious) compression filters. This breaks restoring backups made with
a custom compression filter. Add an option to override this check, by
naming compression filter to use explicitly.
2019-09-10 15:24:15 +02:00
Marek Marczykowski-Górecki
10f15e6669
backup/restore: reject uncommon compression filters and improve header validation
Compression filter named in a backup header is executed in restore
environment (commonly dom0). While this field is properly authenticated,
there may be cases where backup archive comes from less
trusted source, like migrating from potentially compromised
system.

Modify backup header parsing code to add field specific validators.
Whitelist only know crypto, hmac and compression algorithms.

Based on a patch by Jean-Philippe Ouellet <jpo@vt.edu>
Reported-by: Jean-Philippe Ouellet <jpo@vt.edu>
2019-09-10 15:24:15 +02:00
Frédéric Pierret (fepitre)
3ddeb2046a
dochelpers: make PEP8 happier 2019-09-06 16:29:56 +02:00
Frédéric Pierret (fepitre)
6df676c259
dochelpers: handle legacy sphinx library 2019-09-06 16:29:52 +02:00
Frédéric Pierret (fepitre)
ab8f487b50
Fix Sphinx 2 new API for Fedora 31+
QubesOS/qubes-issues#5289
2019-09-06 16:24:30 +02:00
Frédéric Pierret (fepitre)
8639034bb6
qvm-device: prevent parser allowing abbreviations 2019-08-24 13:39:37 +02:00
Frédéric Pierret (fepitre)
41c6fbed72
qvm-device: handle 'list-device-classes' and 'list-classes'
QubesOS/qubes-issues#5213
2019-08-24 13:39:36 +02:00
Frédéric Pierret (fepitre)
3dce4e9742
qubesadmin: define methods list_vmclass and list_devicesclass
Adapt also previous direct calls of qubesdb

QubesOS/qubes-issues#5213
2019-08-10 22:08:31 +02:00
Frédéric Pierret (fepitre)
a982e1e538
qubesadmin: make PEP8 happy 2019-08-10 19:03:41 +02:00
Marek Marczykowski-Górecki
769f8a5ee8
Merge remote-tracking branch 'origin/pr/98'
* origin/pr/98:
  qvm-check: fix from Marek's comment
  qvm-check: refactor check mechanism and add filter for checking netvm
2019-08-08 15:35:34 +02:00
Frédéric Pierret (fepitre)
eb461e4c3b
qvm-check: fix from Marek's comment 2019-08-08 14:29:35 +02:00
Frédéric Pierret (fepitre)
7d93377b78
qvm-check: refactor check mechanism and add filter for checking netvm
Fix QubesOS/qubes-issues#3496
2019-08-08 14:26:05 +02:00
Marek Marczykowski-Górecki
489efce9cb
Merge remote-tracking branch 'origin/pr/99'
* origin/pr/99:
  devices: add missing docstring for _get_device_classes
  devices: make iteration device classes compatible with Python2
  tools/qvm-device: make PEP8 happy
  tests/devices: add test for handling listing device classes
  tests/devices: make PEP8 happy
  devices: handle listing of available device classes
  devices: make PEP8 happy
2019-08-08 14:13:38 +02:00
Frédéric Pierret (fepitre)
08d746e119
devices: add missing docstring for _get_device_classes 2019-08-07 22:10:37 +02:00
Frédéric Pierret (fepitre)
268d11fbff
devices: make iteration device classes compatible with Python2 2019-08-07 20:38:30 +02:00
Frédéric Pierret (fepitre)
174f155d31
tools/qvm-device: make PEP8 happy 2019-08-06 15:15:12 +02:00
Frédéric Pierret (fepitre)
4d0545405f
tests/devices: add test for handling listing device classes 2019-08-06 15:15:12 +02:00
Frédéric Pierret (fepitre)
07ca511bd7
tests/devices: make PEP8 happy 2019-08-06 15:15:03 +02:00
Frédéric Pierret (fepitre)
f633dd9b40
devices: handle listing of available device classes
QubesOS/qubes-issues#5213
2019-08-06 15:09:44 +02:00
Frédéric Pierret (fepitre)
1052217973
devices: make PEP8 happy 2019-08-06 15:07:33 +02:00
Marek Marczykowski-Górecki
e700af9eb2
tools/qvm-volume: add 'import' action
Add support for importing volume data with qvm-volume tool.
This could be also used to clear volume by issuing:

    qvm-volume import --no-resize some-vm:private /dev/null

QubesOS/qubes-issues#5192
2019-07-29 22:20:06 +02:00
Marek Marczykowski-Górecki
fdc632c959
tools: reset private volume when importing template over existing one
Reinstalling template is a recommended way to get it back to a clean
state after potential compromise. In that case it is essential to
discard any persistent storage of old template, as it could be used by
the attacker to re-compromise it after reinstall.
Do this similar as root volume is overridden - via volume import
function.

Fixes QubesOS/qubes-issues#5192
2019-07-29 22:20:06 +02:00
Marek Marczykowski-Górecki
21569b3a31
tests: fix events tests on python3.7
Fix syntax workaround for python3.7 + python2.7. This code can't use
'yield from' to be still importable on python2.7, but asyncio.sleep() is
no longer iterable on python3.7. Workaround it by manually calling
coroutine.send(None) in a loop - ugly as hell, but works. I can't wait
until we could drop python2 support...
2019-07-29 21:56:32 +02:00
Marek Marczykowski-Górecki
b8ddb39752
Allow app.domains[vm] where vm is a QubesVM object
Similar as in the core-admin API.
2019-06-25 06:28:00 +02:00
Malte Leip
32538fa5ec
qvm-prefs: add --hide-default option 2019-05-29 20:32:13 +02:00
Marek Marczykowski-Górecki
c1be4cd062
Merge remote-tracking branch 'qubesos/pr/92'
* qubesos/pr/92:
  Adds docs for clone ignore_errors, feeds linter
  Adds support for `--ignore-errors` to qvm-clone CLI
2019-04-17 00:30:10 +02:00
Marek Marczykowski-Górecki
37e4e4c6ca
tests: update yaml syntax in qvm-backup tests
yaml.safe_dump() finally produces canonical yaml output, not a
one-liner.
2019-04-16 23:10:38 +02:00
Conor Schaefer
40eeddbfc8
Adds docs for clone ignore_errors, feeds linter
Addresses review comments, specifically:

  * updates qvm-clone tests to handle ignore_errors option
  * adds manpage reference to new --ignore-errors option
  * trims line length in qvm-clone changes

All tests should now be passing, including the new qvm-clone
functionality.
2019-04-16 10:44:47 -07:00
Conor Schaefer
55a22e7955
Adds support for --ignore-errors to qvm-clone CLI
The underlying API already supported the `ignore_errors` param in
Python, now we just expose that option to the `qvm-clone` CLI.
2019-04-15 17:33:41 -07:00
Marek Marczykowski-Górecki
d7430d42ce
Make pylint happy
no-else-raise warning
2019-03-07 03:17:29 +01:00
Marek Marczykowski-Górecki
05f0d4ca0f
Make vm.run_with_args working on python2
This part of the qubesadmin module still needs to be compatible with
python2.
2019-03-07 03:05:09 +01:00
Marek Marczykowski-Górecki
fb910a71cf
tools/qvm-start: validate output of losetup command
QubesOS/qubes-issues#4860
2019-03-07 02:53:52 +01:00
Marek Marczykowski-Górecki
a2629b1239
tools/qvm-start: use vm.run_with_args to call losetup in the VM
This will fix handling filenames with spaces and shell special
characters.

Reported by @v6ak

Fixes QubesOS/qubes-issues#4860
2019-03-07 02:53:45 +01:00
Marek Marczykowski-Górecki
a35cb46342
tests: vm.run, vm.run_with_args
QubesOS/qubes-issues#4850
2019-02-28 05:34:42 +01:00
Marek Marczykowski-Górecki
0092c0ac99
vm: add run_with_args method to call a single command with specific arguments
The method will ensure the parameters are properly handled as actual
separate arguments, regardless of shell special characters in them.
For now implement this with shlex.quote, later dedicated qrexec service
could be used.

QubesOS/qubes-issues#4850
2019-02-28 04:37:59 +01:00
Marek Marczykowski-Górecki
88ab55b940
events: simplify handling qubesd reconnect
Retry connection on any OSError, instead of only few selected error
types. For example PermissionError may happen too (when socket is
created, but before it gets appropriate mode), which wasn't listed.
2019-02-24 05:32:51 +01:00
Marek Marczykowski-Górecki
1145f70334
tools/qvm-backup: allow to disable compression
Specify compression explicitly in the backup profile, not only when
requested with --compress or --compress-filter.
This will allow to disable compression with --no-compress option, as the
default if no compression is specified in the profile is to use gzip.

Fixes QubesOS/qubes-issues#4803
2019-02-24 05:32:46 +01:00
Marek Marczykowski-Górecki
5e4831ede4
backup: Do not try to attach devices during backup verification
The "restored" VM object will be discarded anyway, and it doesn't have
real 'attach' method.

Fixes QubesOS/qubes-issues#4830
2019-02-24 02:26:05 +01:00
Marek Marczykowski-Górecki
2ad9b57961
utils: include management_dispvm property when checking where VM is used
Fixes QubesOS/qubes-issues#4812
2019-02-24 02:26:05 +01:00
Marek Marczykowski-Górecki
b1a191446a
tools/qvm-run: do not color the output unless --pass-io is used
Since no output from VM is passed (and even if it would, it's redirected
to /dev/null), there is no need to switch output color.
This fixes the case when qvm-run is started in background - the color
change would affect further shell output.

Fixes QubesOS/qubes-issues#4808
2019-02-11 19:23:35 +01:00
Marek Marczykowski-Górecki
89ee4931fb
backup: do not fail restore if scrypt anticipate more time needed
For various reasons, decryption may be slower than initial encryption
(different hardware, different system load etc). Do not fail the restore
operation if scrypt anticipate it will take considerably more time or
memory, than while creating the backup (where the scrypt parameters were
originally set).

Thanks to @jharveyb for the report and suggested solution.
Fixes QubesOS/qubes-issues#4683
2019-01-09 19:09:44 +01:00
Marek Marczykowski-Górecki
a65ef425e1
tools/qvm-run: make -q affect 'command failed with code' message
Fixes QubesOS/qubes-issues#4616
2018-12-16 05:51:41 +01:00
Marek Marczykowski-Górecki
9061169f90
Merge branch 'devel-20181206' 2018-12-09 18:08:25 +01:00
Marek Marczykowski-Górecki
0bb35193b4
doc: fix rst syntax in documentation, including docstrings 2018-12-08 23:53:55 +01:00
Marek Marczykowski-Górecki
558c5d4a7c
Merge remote-tracking branch 'origin/pr/84'
* origin/pr/84:
  Fixed typo in documentation
  Documentation is important! Added shortcuts to manpages
  added tests for shortcuts
  diff doesn't set template
  added --standalone and --disp shortcuts
2018-12-08 15:10:42 +01:00
GammaSQ
b848625428
added tests for shortcuts 2018-12-08 12:38:26 +01:00
GammaSQ
ce2fb96a4b
diff doesn't set template 2018-12-08 12:29:48 +01:00
Marek Marczykowski-Górecki
4a727f1dfa
Merge remote-tracking branch 'origin/pr/85'
* origin/pr/85:
  isinstance instead of type
  reverted to comparing .index
  forgot braces
  forgot braces
  get_label now accepts integer and has correct return-type
2018-12-08 12:28:36 +01:00
GammaSQ
2c836c5adc
isinstance instead of type 2018-12-08 12:00:15 +01:00
Marek Marczykowski-Górecki
415f5faae9
tools/qvm-run: factor out actual process running into separate function
Pylint complains that main() is too long and that's indeed true. Factor
out single process call (together with all the prepartion) into separate
function and keep only common code in main().
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
5fe6ffc04c
tools/qvm-create: reject --root-{move,copy}-from with template-based qubes
Fixes QubesOS/qubes-issues#4424
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
f03937c51e
tools: remove extra debug 2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
e827e47926
Clone VM's volume into the same pool, unless overridden specifically
When cloning VM, create it in the same pool as the source one.
Previously it always used default pool, which means for example renaming
a VM in non-default pool moved it back to the default one.

Fixes QubesOS/qubes-issues#4145
Fixes QubesOS/qubes-issues#4523
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
bee55a3bce
tools/qvm-device: allow detaching all devices
QubesOS/qubes-issues#4530
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
954ffc4bf2
tools/qvm-run: add error message if command in VM failed
Print some error even without --pass-io, otherwise the only way to learn
the failure is checking $?, as no other visual sign is there.

Fixes QubesOS/qubes-issues#4533
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
4b00ef7ec7
tools/qvm-run: fix error reporting on qvm-run -n on halted qube
Fixes QubesOS/qubes-issues#4476
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
d34b1bfc4f
tools/qvm-run: factor out print_no_color function
Will be useful for other messages that should not be in red.
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
32cbc59ba9
tools/qvm-run: handle Ctrl+C nicely
Do not exit with ugly python backtrace, simply interrupt the command
(propagate SIGINT) and exit.

QubesOS/qubes-issues#4532
2018-12-08 00:44:17 +01:00
Marek Marczykowski-Górecki
9acce13a35
tools: fix qvm-run --pass-io --localcmd=... vmname command
qubes.VMShell service, used by qvm-run, expects the command on the first
input line. Previously, when --localcmd was used, the command wasn't
written anywhere and the local command was connected directly to
qubes.VMShell service. And the first line of its output was interpreted
as a command.

Fix this by starting the local command separately, after sending the
command to qubes.VMShell service.

While at it, unify handling shell command and service calls in the process.
vm.run_service(..., localcmd= ) isn't that useful in general case,
because for qubes.VMShell the caller first need to send the command
before starting local process. Since the qvm-run tool needs to implement
manual starting localcmd anyway, don't use localcmd= run_service's
argument at all to unify calling methods.

There is slight behavior change: previously localcmd was started only
after establishing service connection (for example only if qrexec policy
allows), now it is started in all the cases.

Fixes QubesOS/qubes-issues#4040
2018-12-08 00:44:02 +01:00
Marek Marczykowski-Górecki
e6202d496d
tests/tools: improve qvm-run tests
Fix most FD/process leaks, make qvm-run --passio tests working (as much
as possible).
2018-12-07 23:55:03 +01:00
Marek Marczykowski-Górecki
1d877742ae
tests/tools: extend vm.run_service() mockup
Handle stdout/stderr arguments and provide file-like objects when
requested.
2018-12-07 04:25:00 +01:00
GammaSQ
aebc944704
reverted to comparing .index 2018-12-04 09:40:54 +01:00
Marek Marczykowski-Górecki
28067f70ac
backup: simplify test expressions to make pylint happy 2018-12-03 23:27:10 +01:00
Marek Marczykowski-Górecki
377c80d33d
Remove useless 'pass' to make pylint happy 2018-12-03 23:22:50 +01:00
Marek Marczykowski-Górecki
86fe230092
Clarify QubesBase(), Qubes() and QubesLocal/QubesRemote usage
Add note in QubesBase docstring it shouldn't be used directly.
Additionally add base qubesd_call and run_service methods raising
NotImplementedError with helpful message. Lack of qubesd_call in
QubesBase leads to infinite recursion, because one in PropertyHolder
calls itself then.

Fixes QubesOS/qubes-issues#4568
2018-12-03 23:09:23 +01:00
GammaSQ
39c2c7bcd2
forgot braces 2018-12-03 15:55:21 +01:00
GammaSQ
2e637b5631
get_label now accepts integer and has correct return-type 2018-12-03 15:29:06 +01:00
GammaSQ
e55b530865
added --standalone and --disp shortcuts 2018-12-03 09:21:01 +01:00
Marek Marczykowski-Górecki
861e4fb04f
tools: clarify qvm-service --help 2018-10-29 05:27:05 +01:00
Marek Marczykowski-Górecki
3d53e7e310
Code style fix 2018-10-29 05:27:05 +01:00
Marek Marczykowski-Górecki
67897e3f9f
Copy application menu on VM clone
The qubesd daemon have no information about clone source - from that
side it looks like a new VM.  This means application menu is created as
for a new VM.
To fix this re-initialize menu with --source option as part of the clone
operation. It will copy both list of available applications (if
applicable) and selected applications.

This fixes both qvm-clone case and rename.

Fixes QubesOS/qubes-issues#3902
Fixes QubesOS/qubes-issues#4124
2018-10-29 05:27:05 +01:00
Marek Marczykowski-Górecki
5078d75aa3
tools/qvm-create: fix handling invalid label 2018-10-18 03:24:24 +02:00
Marek Marczykowski-Górecki
759fafea63
tools/qvm-create: properly create template-based StandaloneVM
By definition StandaloneVM is not linked to the template. Creating one
from a template is a clone operation. It's already possible using
qvm-clone tool, but it's logical to do that using qvm-create tool too.
This was the case in R3.2 too.

While adding this special case, skip cloning private volume, to preserve
behaviour of TemplateBaseVMs which do not inherit private volume either.

Fixes QubesOS/qubes-issues#3793
2018-10-18 03:24:15 +02:00
Marek Marczykowski-Górecki
4ca6c32e6c
app: add option to ignore select volumes on app.clone_vm()
QubesOS/qubes-issues#3793
2018-10-18 02:43:09 +02:00
Patrik Hagara
4cd513757b
qvm-ls: add filtering by domain power state 2018-10-10 20:06:35 +02:00
Marek Marczykowski-Górecki
e7bc8f21d5
events: try reconnecting to qubesd also on BrokenPipeError
When qubesd exits while writing to it, not reading, the error is
BrokenPipe, not EOF. Handle it the same.
2018-10-07 02:46:28 +02:00
Marek Marczykowski-Górecki
0dfdab32e1
Merge branch 'devices-api'
* devices-api:
  devices: include devclass when comparing devices
  events: deserialize DeviceInfo class in device-* events
  devices: drop DeviceInfo.options
2018-10-07 02:46:14 +02:00
Marek Marczykowski-Górecki
5414739272
devices: include devclass when comparing devices 2018-09-29 14:13:06 +02:00
Marek Marczykowski-Górecki
907c8da005
Merge remote-tracking branch 'origin/pr/77'
* origin/pr/77:
  Exclude installed_by_rpm when Restoring VM from Backup
2018-09-27 14:57:08 +02:00
Marek Marczykowski-Górecki
5b02520ea4
Merge remote-tracking branch 'origin/pr/76'
* origin/pr/76:
  Fix typo
2018-09-27 14:56:25 +02:00
Marek Marczykowski-Górecki
4a1e90392b
events: deserialize DeviceInfo class in device-* events 2018-09-27 14:52:53 +02:00
jimtahu
5f868b4794
Exclude installed_by_rpm when Restoring VM from Backup
VMs listed as from an rpm when they were really from a backup
lead to a missleading error message when deleting.

Fixes QubesOS/qubes-issues#4192
2018-09-22 22:39:22 -05:00
Marek Marczykowski-Górecki
a8c24bee0f
devices: drop DeviceInfo.options
It's part of DeviceAssignment class, here it was leftover from draft
API.
2018-09-18 21:54:51 +02:00
Marek Marczykowski-Górecki
bf240cc928
devices: add DeviceInfo.devclass attribute
Have DeviceInfo also carry information about its class, to avoid the
need to iterate all the devices to get that information.
2018-09-18 16:50:00 +02:00
AJ Jordan
8b38a36de2
Fix typo 2018-09-14 14:48:22 -04:00
Marek Marczykowski-Górecki
0a8c6e2481
events: fix reconnecting to qubesd on its restart
Since now event listener reports proper QubesDaemonCommunicationError
exception instead of some form of IOError. Include it for automatic
reconnect logic.

Fixes a481490 "app: fix error reporting when connection to qubesd fails"
2018-09-13 14:29:27 +02:00
Marek Marczykowski-Górecki
fe73313da1
events: add support for wildcard event handlers
Port 5a39e777089d8bde6d0a620830a898c1cf3dd924 ("events: add support for
wildcard event handlers") from qubes-core-admin:

    Support registering handlers for more flexible wildcard events: not only
    '*', but also 'something*'. This allows to register handlers for
    'property-set:*' and such.
2018-09-07 18:59:05 +02:00
Marek Marczykowski-Górecki
045bad13e7
tools/qvm-create: resize root volume if needed before imporing data
If file to be imported is larger than the default root volume, resize
the volume first. It might be also a good idea to shrink it when needed,
but currently the backend refuse it.

Fixes QubesOS/qubes-issues#3422
2018-09-05 04:29:36 +02:00
Patrik Hagara
cd4424235b
qvm-ls: add filtering by tags 2018-08-26 22:08:32 +02:00
Marek Marczykowski-Górecki
584bd052ed
Adjust shell input for Windows shell, for qvm-run tool
Windows shell (cmd.exe) use '&' as a separator for multiple commands in
the same line.

Fixes QubesOS/qubes-issues#4165
2018-07-30 18:31:04 +02:00
Marta Marczykowska-Górecka
47b4e86736
Added test for qvm-remove dependency reporting 2018-07-20 01:35:00 +02:00
Marta Marczykowska-Górecka
ad2a6e3408
Better information on error in qvm-remove
If qvm-remove fails because the VM is in use, it will display
information about where it is used.

fixes QubesOS/qubes-issues#3193
2018-07-20 00:21:47 +02:00
Marta Marczykowska-Górecka
ca848ca7bd
Name change of vm dependencies helper function
As per @marmarek's request. Also docstrings.
2018-07-19 21:24:28 +02:00
Marta Marczykowska-Górecka
f9564ffa2b
Added tests and minor correction to vm_usage helper function
Now the function returns a list of tuples, not a list of lists.
2018-07-19 19:52:22 +02:00
Marta Marczykowska-Górecka
e6427f97dc
Helper function that lists where a given VM is used
A helper function to list vm's usage added to the utils.
2018-07-18 23:50:54 +02:00
Marek Marczykowski-Górecki
55c9a82c0a
Merge branch 'backup-logging-deadlock'
* backup-logging-deadlock:
  backup: avoid deadlock on logging during restore
2018-07-17 15:46:17 +02:00
Marek Marczykowski-Górecki
a7bfc03509
backup: avoid deadlock on logging during restore
When both threads and processes are used, logging module can deadlock.
Workaround this by re-initializating locks in logging module.
See https://bugs.python.org/issue6721 for details.
Revert this commit when the python issue is fixed (in the python version
used for backup restore).
2018-07-16 22:30:35 +02:00
Marek Marczykowski-Górecki
87122e54c9
Merge branch 'windows-tools'
* windows-tools:
  doc: add info what properties are inherited from template
  Add 'gui-emulated' feature
  qvm-start-gui: fix handlign rpc-clipboard feature
2018-07-16 22:06:44 +02:00
Marek Marczykowski-Górecki
4d61407f5d
Add 'gui-emulated' feature
Add an explicit method for forcing emulated VGA output. Previously it
was possible only by removing `gui` feature (setting it to false had a
different effect), or enabling debug mode.
Using lack of a feature as a third state was a bad idea.

QubesOS/qubes-issues#3585
2018-07-16 04:25:56 +02:00
Marek Marczykowski-Górecki
16064f6fb4
Fixes for pylint 2.0
Ignore most of them - we still support python 2.7 here.
Fix no-else-return.
2018-07-16 02:25:25 +02:00
Marek Marczykowski-Górecki
72a2fd646d
tools/qvm-start-gui: do not crash on qubesd restart
Do not crash if qubesd restart exactly the moment event handler was
called.
Event listener properly handle qubesd restarts (reconnects), but exists
if any handler raise an exception. Avoid this by logging such exceptions
but not propagating them.
2018-07-14 03:31:03 +02:00
Marek Marczykowski-Górecki
a481490d60
app: fix error reporting when connection to qubesd fails
Properly report QubesDaemonCommunicationError, instead of confusing
IOError or FileNotFoundError
2018-07-14 03:31:03 +02:00
Marek Marczykowski-Górecki
95ce30a9e3
qvm-start-gui: fix handlign rpc-clipboard feature
Pass -Q option to both stubdoman's gui daemon and actual VM's gui
daemon.

QubesOS/qubes-issues#3585
2018-07-11 23:39:37 +02:00
Marek Marczykowski-Górecki
d995e2b213
Merge remote-tracking branch 'qubesos/pr/68'
* qubesos/pr/68:
  Add test of qvm_prefs for specal case "None"
  Change "None" in qvm_prefs
  Change "None" to Property None

Fixes QubesOS/qubes-issues#3942
2018-06-27 03:02:34 +02:00
Marek Marczykowski-Górecki
b359f9ca5e
tools: don't fail qvm-template-postprocess on shutdown race condition
It may happen that shutdown timeout expires at exact time that template
has stopped.
2018-06-27 02:24:03 +02:00
Marek Marczykowski-Górecki
0caf6f735d
Fix reporting events even if its source is not available anymore
This is especially the case for domain-shutdown event for DispVM - when
handled, DispVM can be already removed. Give the handled VM object even
if actual VM is already removed. For this, avoid VM existence check by
using domains.get_blind() method.

And actually implement domains.get_blind() method - it was present only
in generic collection, but not VMCollection.
2018-06-27 02:24:02 +02:00
jimtahu
d1455ce6c3
Add test of qvm_prefs for specal case "None" 2018-06-13 23:38:25 -05:00
jimtahu
4156fa38a5
Change "None" in qvm_prefs
The string "none" is now changed to '' in qvm_prefs, and
only for certain properties (eg netvm).
2018-06-13 23:38:16 -05:00
jimtahu
c0373980af
Change "None" to Property None
This changes to accept the string none as the value None,
as if an empty string was entered. This allows setting the
netvm to "None" as described in QubesOS/qubes-issues#3942
2018-06-07 20:28:41 -05:00
Peter Gerber
b2a70f3794
tools/qvm-firewall: improve manpage and --help output 2018-05-03 01:03:35 +02:00
Peter Gerber
00fbfdd77a
tools/qvm-firewall: add dst4 and dst6 as synonyms for dsthost 2018-05-03 00:49:43 +02:00
Peter Gerber
ed9b42d5b4
tools/qvm-firewall: Show EXPIRE column in list output 2018-04-30 21:30:52 +02:00
Marek Marczykowski-Górecki
ab79bd2a44
tools/qvm-firewall: make 'list' a default action 2018-04-30 04:16:23 +02:00
Marek Marczykowski-Górecki
7f79075088
tools/qvm-firewall: add 'expire' rule support 2018-04-30 04:13:45 +02:00
Peter Gerber
e69b4fb1bd
tools/qvm-firewall: Describe available rules in --help output 2018-04-29 15:47:59 +02:00
Marek Marczykowski-Górecki
c75c0176dc
tools/qvm-template-postprocess: fix reinstall action
Do not remove template directory after reinstalling it in dom0.

Fixes QubesOS/qubes-issues#3169
2018-04-21 15:07:21 +02:00
Marek Marczykowski-Górecki
fbd5ca4150
tools/qvm-ls: add --kernel option for compatibility with R3.2
There was such option on Qubes 3.2, so add it here too. This is
especially useful for kernel package - preun script use it to verify if
given kernel isn't needed anymore.
2018-04-21 02:51:31 +02:00
Marek Marczykowski-Górecki
90df051f4f
tools/qvm-pool: add --set to modify pool properties
Fixes QubesOS/qubes-issues#3256
2018-04-13 00:26:25 +02:00
Marek Marczykowski-Górecki
471523167e
tools: fix error reporing on unknown storage pool 2018-04-12 23:19:34 +02:00
Marek Marczykowski-Górecki
efae2dfd38
Merge branch 'template-postprocess-fail'
* template-postprocess-fail:
  qvm-template-postprocess: do not remove VM on failed reinstall
  qvm-template-postprocess: resize volume only when needed
2018-03-20 19:22:33 +01:00
Marek Marczykowski-Górecki
a99acc68da
Merge branch 'improved-tools-messages'
* improved-tools-messages:
  tools: suppress full traceback in console tools
  tools: add SubParsersHelpAction, which include subcommands details in --help
2018-03-20 19:19:40 +01:00
Marek Marczykowski-Górecki
70b15c2eae
qvm-volume: refuse to shrink volume unless --force option is used
Right now Admin API backend will refuse to shrink volume anyway, but
we're planning to relax this restriction. Make sure the client side
(qvm-volume tool here, GUI VM settings already have this in place) will
employ appropriate safety check.

QubesOS/qubes-issues#3725
2018-03-20 17:53:36 +01:00
Marek Marczykowski-Górecki
4638a019e5
storage: make Pool.{size,usage} integers
And return None (instead of raising KeyError) when pool driver
does not provide such information.
2018-03-20 16:50:56 +01:00
Marek Marczykowski-Górecki
96a32bd096
qvm-template-postprocess: do not remove VM on failed reinstall
If root volume import fails on template reinstall, do not remove it -
keep it alone, with old volume content

QubesOS/qubes-issues#3169
2018-03-19 20:47:16 +01:00
Marek Marczykowski-Górecki
562137c36d
qvm-template-postprocess: resize volume only when needed
If needs to be extended - do it before import. If needs to be reduced -
after. This way, if data import fails for any reason, previous data
won't be destroyed (truncated).
Also, convert error on shrinking volume to a warning, as it doesn't break
the template (just leave it with bigger disk than needed). Currently all
storage pool implementations refuse to shrink a volume (but it may
change in the future).

QubesOS/qubes-issues#3169
2018-03-19 20:47:15 +01:00
Marek Marczykowski-Górecki
034e9b3a24
qvm-volume: add 'info' and 'config' actions
This allows to get and set volumes properties.

Fixes QubesOS/qubes-issues#3256
2018-03-18 23:38:10 +01:00
Marek Marczykowski-Górecki
6ca54e18a3
tools: suppress full traceback in console tools
QubesException class is used with meaningful messages and should be ok
to use it directly as error message. For other exceptions, still use
full traceback (most likely a bug somewhere, not user error).

Fixes QubesOS/qubes-issues#3610
2018-03-18 21:38:49 +01:00
Marek Marczykowski-Górecki
c70e440a6c
tools: add SubParsersHelpAction, which include subcommands details in --help 2018-03-18 21:38:31 +01:00
Marek Marczykowski-Górecki
b57b101b04
storage: add 'rw' and 'revision_to_keep' setters
QubesOS/qubes-issues#3256
2018-03-18 17:00:39 +01:00
Marek Marczykowski-Górecki
b1237bfe1f
tests: add tests for various 'qvm-prefs vm pref' cases 2018-03-04 03:43:07 +01:00
Marek Marczykowski-Górecki
2459b8108b
tools/qvm-prefs: fix printing None value
Don't print None value as 'None' string, but as empty one (same as at
API level). Otherwise it is indistinguishable from VM named 'None', or
same string property value.
2018-03-04 03:43:06 +01:00
Marek Marczykowski-Górecki
4a9b57f91f
qvm-template-postprocess: call fstrim after removing image file
This is especially important on LVM thin pool, where space after
removing the file needs to be given back to the pool, to be reused for
other volumes (for example this template).
2018-03-04 03:43:06 +01:00
Marek Marczykowski-Górecki
090cccd468
Merge remote-tracking branch 'qubesos/pr/56'
* qubesos/pr/56:
  qvm-backup-restore: also handle absent --ignore-missing
2018-02-27 02:32:37 +01:00
Marek Marczykowski-Górecki
9bf404f7bf
tools: terminate qvm-start-gui when X server is terminated
qvm-start-gui lifecycle should be bound to X server lifecycle. It should
be restarted when user logoff and login again, at least to start
gui-daemons again.
Do that by opening a connection to X server and reacting to breaking
that socket.

Fixes QubesOS/qubes-issues#3147
2018-02-26 22:11:25 +01:00
Rusty Bird
cf063a9638
qvm-backup-restore: also handle absent --ignore-missing
This was forgotten in 2d8bade.
2018-02-26 04:10:05 +00:00
Rusty Bird
0171269138
restore.py: add template-related debug log messages 2018-02-24 12:43:42 +00:00
Rusty Bird
ab65338cfb
restory.py: restore template_for_dispvms property early 2018-02-24 12:43:42 +00:00
Rusty Bird
c86b731d3e
restore.py: factor out _restore_property() helper 2018-02-24 12:43:42 +00:00
Rusty Bird
2ace32bb73
restore.py: deal with DispVM templates 2018-02-24 12:43:42 +00:00
Rusty Bird
68c8b7fafc
restore.py: sort into three tiers in _templates_first() 2018-02-24 12:43:42 +00:00
Rusty Bird
01ce5387d3
restore.py: don't try to restore dispid property 2018-02-23 17:15:20 +00:00
Rusty Bird
78571898da
qvm-backup: let backup core handle default VM selection
This takes the include_in_backups property into account, and does not
omit dom0.
2018-02-23 02:09:06 +00:00
Rusty Bird
2d8bade8b2
qvm-backup-restore: really pass options 2018-02-23 02:09:04 +00:00
Rusty Bird
a0d6327532
qvm-backup-restore: remove orphaned --replace-template option 2018-02-23 02:09:03 +00:00
Marek Marczykowski-Górecki
5a4577417f
Merge remote-tracking branch 'qubesos/pr/53'
* qubesos/pr/53:
  template-postprocess: fast path for file-reflink, like file
2018-02-14 04:45:59 +01:00
Marek Marczykowski-Górecki
d07475427f
Merge remote-tracking branch 'qubesos/pr/52'
* qubesos/pr/52:
  backup: don't crash when no 'qubes' group is present
  tests: dom0 backup restore, both v3 and v4
  backup: add support for openssl 1.1.0 options
  backup: skip dom0's properties while restoring core2 backup
  unused variable
  style issues
  Fix dom0 restore
  Fix dom0 handling
  Fix AdminVm class name
2018-02-14 04:45:12 +01:00
Marek Marczykowski-Górecki
56dc984507
backup: don't crash when no 'qubes' group is present
This is specifically the case on Travis-CI. But since dom0 backup is
restored into separate directory now, instead of directly overriding
user home, this check is much less relevant now.
2018-02-14 04:28:23 +01:00
Marek Marczykowski-Górecki
060171f19f
tests: dom0 backup restore, both v3 and v4
QubesOS/qubes-issues#3467
2018-02-14 04:28:23 +01:00
Marek Marczykowski-Górecki
a821034653
backup: add support for openssl 1.1.0 options
The command for listing available algorithms have changed:
old: openssl list-message-digest-algorithms
new: openssl list -digest-algorithms
2018-02-14 04:28:23 +01:00
Marek Marczykowski-Górecki
04635e7e80
backup: skip dom0's properties while restoring core2 backup
Fixes QubesOS/qubes-issues#3467
2018-02-14 04:28:22 +01:00
Marek Marczykowski-Górecki
24cfb4a581
vm: restore force_shutdown->kill deprecated alias
Apparently there are still users of this function - qubes manager.
2018-02-13 19:01:29 +01:00
Rusty Bird
e6466c3783
template-postprocess: fast path for file-reflink, like file
I don't know if any template currently hits this code path, even the
fedora-26-minimal root.img is large enough to be split into multiple
parts. Maybe Arch Linux?

Related to https://github.com/QubesOS/qubes-core-admin/pull/188
2018-02-12 21:51:01 +00:00
Christopher Laprise
e81c2f3cf6
unused variable 2018-02-01 23:20:31 -05:00
Christopher Laprise
e3d12fb96d
style issues 2018-02-01 23:00:06 -05:00
Christopher Laprise
30dd7acaa9
Fix dom0 restore 2018-02-01 22:21:24 -05:00
Christopher Laprise
60bfd63a25
Fix dom0 handling 2018-02-01 19:40:42 -05:00
Christopher Laprise
4b46d59179
Fix AdminVm class name 2018-01-24 20:42:15 -05:00
Marek Marczykowski-Górecki
2861d46dfa
backup/restore: do not shrink volumes on restore
This operation is blocked in current storage pool implementations.
2018-01-18 19:09:38 +01:00
Marek Marczykowski-Górecki
7211c7daff
storage: add size and usage properties
It's already available in config dict, but lets provide uniform API. And
also it's a bit weird to look for usage data in configuration...

QubesOS/qubes-issues#3240
2018-01-17 16:21:11 +01:00
Marek Marczykowski-Górecki
3d4f626515
Merge remote-tracking branch 'qubesos/pr/51'
* qubesos/pr/51:
  qvm-run: wait for X11 in --dispvm --gui case
  vm/DispVM: use 'qrexec_timeout' also for call connection timeout
2018-01-15 03:23:54 +01:00
Marek Marczykowski-Górecki
4a28c560d9
Merge remote-tracking branch 'qubesos/pr/50'
* qubesos/pr/50:
  Add property_get_default method
2018-01-15 03:23:00 +01:00
Rusty Bird
c83deccdd3
qvm-run: wait for X11 in --dispvm --gui case
'qvm-run --dispvm' cannot easily make a separate qubes.WaitForSession
call. Instead, if --gui is active, pass the new WaitForSession argument
to qubes.VMShell, which will do the equivalent.

The unit tests have been copied (in slightly adapted form) from commit
a620f02e2a

Fixes QubesOS/qubes-issues#3012
Closes QubesOS/qubes-core-admin-client#49
2018-01-14 18:36:46 +00:00
Marek Marczykowski-Górecki
c98b33bcd6
vm/DispVM: use 'qrexec_timeout' also for call connection timeout
When calling a service in DispVM, the connection is established only
after session is ready (if required for given service). qrexec-client by
default use 5s here, which is too low depending on hardware. Use
'qrexec_timeout' property here for DispVM case.

Fixes QubesOS/qubes-issues#3012
2018-01-14 18:36:24 +00:00
Marek Marczykowski-Górecki
ce0d230866
Add property_get_default method
It is useful to get property default value, without changing it to
default. For example to list it in GUI tools

Fixes QubesOS/qubes-issues#3197
2018-01-12 23:40:05 +01:00
Marek Marczykowski-Górecki
04f8d85819
base: make WrapperObjectsCollection behave like a dict
In core-admin matching collections are real dicts, so clone this API
behaviour here too. Specific changes:
 - iteration yields keys, not values
 - implement values and items methods

Additionally fix keys method, it was broken on python2 (list have no
copy method).
2018-01-12 05:29:40 +01:00
Marek Marczykowski-Górecki
8584ca4057
tools/qvm-ls: clarify that disk usage is in percents 2018-01-12 05:29:40 +01:00
Marek Marczykowski-Górecki
b16f3ab79b
tools/qvm-ls: add --network and --disk compatibility options
Shortcuts for new --format=...
2018-01-12 05:29:39 +01:00
Marek Marczykowski-Górecki
080b563ae2
tools/qvm-ls: add --raw-list option for compatibility with R3.2
There was an option to list just VM names, useful for scripting.
Preserve that for compatibility.
2018-01-12 05:29:39 +01:00
Marek Marczykowski-Górecki
0533703ddf
tools/qvm-ls: allow list only selected VMs
Restore possibility to list only some VMs, by naming them on command
line.
2018-01-12 05:29:39 +01:00
Marek Marczykowski-Górecki
4af13d5445
tools: fix handling optional domain list
It wasn't possible to use QubesArgumentParser(vmname_nargs=...) for
optional domain list - the option forced usage of either --all or
explicit domain list.
2018-01-12 05:27:57 +01:00
Marek Marczykowski-Górecki
9b5546f1b0
tools/qvm-start: add naive waiting for cdrom device
When starting a VM with --cdrom=some-vm:/some/path/to.iso, it can be
started only when loop device matching the path is available. For now,
add naive waiting (while ... sleep(1)) for it. Later it might worth
converting it to events handling.
2018-01-12 05:27:57 +01:00
Marek Marczykowski-Górecki
5b0e7123b8
storage: add volume.is_outdated() function
This is to match core-admin API. Logically it could be a property not a
method (as other things like usage or size), but it is already defined
(and used in various places) as a method in core-admin, so lets don't
change the API right now.
2018-01-12 05:27:56 +01:00
Marek Marczykowski-Górecki
626c764459
Merge remote-tracking branch 'qubesos/pr/47'
* qubesos/pr/47:
  qvm-device.rst: Document '--ro' option
  qvm-device/block: Alias '--ro' to '--option read-only=yes'
2018-01-11 01:57:57 +01:00
Marek Marczykowski-Górecki
97724a2e00
add QubesVM.connected_vms attribute
One more step to core-admin/core-admin-client API compatibility.
2018-01-11 01:55:54 +01:00
Rusty Bird
58cecf6b3f
qvm-device/block: Alias '--ro' to '--option read-only=yes'
It's quicker to type and compatible with pre-R4.0 habits/scripts.
2018-01-10 19:30:30 +00:00
Marek Marczykowski-Górecki
51a89a9e77
Merge remote-tracking branch 'qubesos/pr/44'
* qubesos/pr/44:
  Fix style else-return
  tests: update qvm-template-process and qvm-remove tests
  Add --force to manpage.
  Avoid cloning installed_by_rpm
  Print vm list before prompt
  Use --force instead of --yes
  Toggle installed_by_rpm in template tool
  Fix error message grammar
  Add --yes option and confirm prompt.
2018-01-06 14:54:32 +01:00
Christopher Laprise
297dec9c55 Merge branch 'tasket01' of https://github.com/tasket/qubes-core-admin-client into tasket01 2018-01-05 23:14:42 -05:00
Christopher Laprise
acd5f2e524
Fix style else-return 2018-01-05 23:13:24 -05:00
Marek Marczykowski-Górecki
75a433f07a
tests: update qvm-template-process and qvm-remove tests 2018-01-06 03:40:51 +01:00
Marek Marczykowski-Górecki
0e033645ad
backup: restore Qubes 3.x VMs as HVMs
Make use of better security of Qubes 4.x by using HVM by default. If
some VMs are incompatible with it (like MirageOS based), user can always
switch it to PV manually later.
2018-01-04 23:39:31 +01:00
Christopher Laprise
7a9b0c232c
Avoid cloning installed_by_rpm 2018-01-03 05:07:57 -05:00
Christopher Laprise
8b03c9cc9c
Print vm list before prompt 2018-01-02 01:51:01 -05:00
Christopher Laprise
91928ae0c6
Use --force instead of --yes 2018-01-02 01:33:20 -05:00
Christopher Laprise
f7d27cdcdc
Toggle installed_by_rpm in template tool 2018-01-02 01:19:06 -05:00
Christopher Laprise
ac7461d1e8
Fix error message grammar 2018-01-02 00:42:47 -05:00
Christopher Laprise
ed11346977
Add --yes option and confirm prompt. 2017-12-29 14:17:30 -05:00
Marek Marczykowski-Górecki
917df5a8c5
tools/qvm-ls: fix handling columns with underscore
Mangling column type was inconsistent, resulting in
KeyError('VIRT_MODE').
2017-12-29 03:24:22 +01:00
Marek Marczykowski-Górecki
c82d5b0a73
Make pylint happy
Updated pylint on Travis-CI is slightly stricter.
2017-12-22 18:38:24 +01:00
Marek Marczykowski-Górecki
796a3d43ae
backup: make pylint happy
Use 'vm_info' instead of restore_info['dom0'], as it is available inside
the loop. And break some lines to not exceed 80 chars..
2017-12-22 17:23:27 +01:00
Marek Marczykowski-Górecki
c2281fefc8
Merge remote-tracking branch 'qubesos/pr/43'
* qubesos/pr/43:
  Fix dom0-related issues
2017-12-22 17:19:59 +01:00
Christopher Laprise
c6bc4f05cb
Fix dom0-related issues 2017-12-11 10:16:53 -05:00
Marek Marczykowski-Górecki
bc9fd47aa0
Another approach for making qvm-shutdown nice for tests 2017-12-10 22:52:29 +01:00
Marek Marczykowski-Górecki
5944de1eed
Make pylint happy 2017-12-10 22:42:48 +01:00
Marek Marczykowski-Górecki
448fbb8309
make qvm-shutdown nice for unit tests
Make it deterministic.
2017-12-10 22:39:39 +01:00
Marek Marczykowski-Górecki
8ebcb438dd
tests: update tests for fixed verify_only handling 2017-12-10 22:39:19 +01:00
Marek Marczykowski-Górecki
3541b7d883
Merge remote-tracking branch 'qubesos/pr/42'
* qubesos/pr/42:
  verify-only avoid dom0 handler
  Fix verify-only
  Issue #3303
2017-12-10 22:24:55 +01:00
Christopher Laprise
d84423b0b2
verify-only avoid dom0 handler 2017-12-07 22:36:58 -05:00
Christopher Laprise
f86c640d65
Fix verify-only 2017-12-06 21:31:30 -05:00
Marek Marczykowski-Górecki
01114e828b
tests: fix tests after dropping unnecessary admin.label.List call 2017-12-05 22:56:37 +01:00
Marek Marczykowski-Górecki
5b7ea16808
tests: make filter-esc tests working also on travis
There stderr is not a tty, so filtering isn't turned on by default. Mock
os.isatty() to fake it.
2017-12-05 22:56:37 +01:00
qubesuser
14b3acec24
don't use ast.literal_eval, just directly convert to the desired type
It's slow and unnecessary
2017-12-05 22:40:40 +01:00
qubesuser
565bdf8549
don't lookup list of labels just to read VM properties
If qubesd returns a label name, we can just assume it's valid.

This makes qvm-ls take only one qubesd call.
2017-12-05 22:36:07 +01:00
Marek Marczykowski-Górecki
cb069367d5
Merge remote-tracking branch 'qubesos/pr/41'
* qubesos/pr/41:
  Remove dead code
2017-12-05 22:23:02 +01:00
Marek Marczykowski-Górecki
bd9016a2db
Merge remote-tracking branch 'qubesos/pr/40'
* qubesos/pr/40:
  Disable spinner if --raw-data
  Fix qvm-ls --raw-data
2017-12-05 22:22:30 +01:00
Marek Marczykowski-Górecki
afc9e645fa
tests: Update tests after fix for filtering stderr 2017-12-05 22:20:53 +01:00
Christopher Laprise
6fe5f8c0e7
Issue #3303 2017-12-01 18:21:59 -05:00
Jean-Philippe Ouellet
123aa28e87
Remove dead code 2017-11-30 06:57:03 -05:00
Jean-Philippe Ouellet
16ae4a64b6
Disable spinner if --raw-data 2017-11-30 06:48:03 -05:00
Jean-Philippe Ouellet
b52371f614
Fix qvm-ls --raw-data 2017-11-29 21:33:50 -05:00
Jean-Philippe Ouellet
87230fc042
Stop leaking terminal escapes via stderr
This restores Qubes R3.2 behavior

Before this patch, the following:

    qvm-run -p sys-firewall 'echo -e "\e[0;46mcyan!" >&2' | wc -l

leaks the escape sequences through to the dom0 terminal via stderr,
in this case demonstrated by the ability to change the text color while
it should be fixed to red.

This can also be abused with xterm reporting sequences to cause input
to be sent to the dom0 terminal. This is potentially a security issue.
2017-11-20 23:33:44 -05:00
Marek Marczykowski-Górecki
afe4eef15f
Merge remote-tracking branch 'qubesos/pr/38'
* qubesos/pr/38:
  Restore correct colors in verbose mode
  Fix setting stderr default coloring policy
2017-11-20 13:04:42 +01:00
Jean-Philippe Ouellet
6afe5a98c2
Restore correct colors in verbose mode
Restore stderr color when printing to stderr, not stdout color
2017-11-20 00:45:53 -05:00
Jean-Philippe Ouellet
57bf88aa30
Fix setting stderr default coloring policy
stderr default should be set if stderr is None, not if stdout is None
2017-11-20 00:44:07 -05:00
qubesuser
6e844940cc replace key in dir(self) with faster and better code 2017-11-10 16:31:45 +01:00
qubesuser
d08f1a58b7 don't import pkg_resources in the top of qubesadmin/utils.py
It's slow to import
2017-11-10 16:31:45 +01:00
qubesuser
dbd2f0ee06 remove format_doc and docutils import
This wastes 100-200ms loading and removing markup every run and none
of the strings contain any markup anyway...
2017-11-10 16:31:45 +01:00
Marek Marczykowski-Górecki
dc5afa56bf
Merge remote-tracking branch 'qubesos/pr/35'
* qubesos/pr/35:
  make qvm-run work for non-blocking stdin
2017-11-07 22:22:29 +01:00
qubesuser
cb644eb174 make qvm-run work for non-blocking stdin
The main process sometimes sets fd 1 to O_NONBLOCK, and since in the
terminal case fd 0 and 1 are the same fd, this also results in fd 0
being non-blocking, causing qvm-run to crash with EAGAIN.

So just make the code work for both blocking and non-blocking stdin.
2017-11-07 20:43:16 +01:00
Marek Marczykowski-Górecki
7f728e2dad
backup: fix handling labels in Qubes 4.0 backups
Labels can be referred as either id or name. Support both ways.

Fixes QubesOS/qubes-issues#3211
2017-10-29 02:58:37 +02:00
Marek Marczykowski-Górecki
7bcab46f96
tools/qvm-shutdown: fix handling shutdown timeout for multiple VMs
When some VM timeout on shutdown, the tool will try to kill all of them,
but at this point some of them may be already powered off (not all
hanged during shutdown, but only some). Handle this
situation instead of crashing. And add appropriate test.
2017-10-28 22:40:24 +02:00
Marek Marczykowski-Górecki
2fac77da6f
Document device attach options in man page
Fixes QubesOS/qubes-issues#3204
2017-10-24 03:24:43 +02:00
Marek Marczykowski-Górecki
7f269770d5
Merge branch 'fixes-20171019'
* fixes-20171019:
  tools: fix handling qvm-run --no-autostart
  backup: improve migrating templates from Qubes 3.x
2017-10-21 04:10:02 +02:00
Marek Marczykowski-Górecki
61ddccb6d6
Merge branch 'bug3179'
* bug3179:
  Drop log.DBusHandler
  vm: fix handling policy deny on admin.vm.List
2017-10-21 04:09:41 +02:00
Marek Marczykowski-Górecki
8981e71b88
tools: fix handling qvm-run --no-autostart
Fixes QubesOS/qubes-issues#3083
2017-10-19 14:55:33 +02:00
Marek Marczykowski-Górecki
f89d67c3e3
backup: improve migrating templates from Qubes 3.x
In Qubes 3.x any PV template had qrexec-agent and gui-agent installed.
Adjust features appropriately while restoring them.
2017-10-19 14:54:30 +02:00
Marek Marczykowski-Górecki
abc0d0063e
Fix DeviceInfo objects comparing
Do not crash if the other object is completely different type. Return
False ("unequal") instead.

This crashed preparing list of devices in qubes-vm-boot-from-device.

Fixes QubesOS/qubes-issues#3182
2017-10-17 20:40:16 +02:00
Marek Marczykowski-Górecki
a6ff459a1d
tests: multi-part volume in backup tests
Create on of VM's disk volumes big enough to split it into multiple
parts. To do that, add a test of uncompressed backup.

QubesOS/qubes-issues#3167
2017-10-16 04:11:04 +02:00
Marek Marczykowski-Górecki
513163276f
backup: do not try to read tar's stderr past EOF
If EOF is reached on tar's stderr, stop reading it, even if didn't found
expected data. Log this event.

This may happen when tar output some fatal error, instead of filelist.
2017-10-16 04:11:04 +02:00
Marek Marczykowski-Górecki
7a6e8d04b8
backup: improve restoring HVMs from Qubes 3.2
Set kernel to '' - boot from VM's own bootloader.
Keep it on MiniOS-based stubdomain - otherwise Windows would not boot.
2017-10-16 04:11:04 +02:00
Marek Marczykowski-Górecki
d1eab2d4f5
backup: update DispVM template property: template_for_dispvms
It was renamed from 'dispvm_allowed'.

QubesOS/qubes-issues#3047
2017-10-16 04:11:03 +02:00
Marek Marczykowski-Górecki
001b42f7d8
backup: fix name of meminfo-writer feature
It's 'service.meminfo-writer'.
2017-10-16 04:11:02 +02:00
Marek Marczykowski-Górecki
cbdc2170b4
tools: clarify that qvm-backup needs absolute path
Fixes QubesOS/qubes-issues#3066
2017-10-16 03:09:10 +02:00
Marek Marczykowski-Górecki
9cdb2a8152
backup: fix restoring template VMs
os.path.splitext fails on path without proper file base name, like
'/something/..000'. Use plain string methods (rsplit).

Fixes QubesOS/qubes-issues#3167
2017-10-16 03:04:59 +02:00
Marek Marczykowski-Górecki
654da7cb03
Drop log.DBusHandler
Packages had missing dependency on python-dbus. Since DBusHandler isn't
used anywhere, drop it, instead of introducing more dependencies.

Reported by @pietrushnic
QubesOS/qubes-issues#3179
2017-10-16 01:33:03 +02:00
Marek Marczykowski-Górecki
2f7d1ca476
vm: fix handling policy deny on admin.vm.List
vm.get_power_state() have specifically documented 'NA' state for cases
when it's unable to get VM's power state. Use this when qrexec policy
forbid checking it.

Reported by @pietrushnic
Fixes QubesOS/qubes-issues#3179
2017-10-16 01:32:56 +02:00
Marek Marczykowski-Górecki
0187588531
tools: adjust qvm-start message and logic, update tests
QubesOS/qubes-issues#3130
2017-10-08 18:17:03 +02:00
Marek Marczykowski-Górecki
bf4c9bacb4
Merge remote-tracking branch 'qubesos/pr/28'
* qubesos/pr/28:
  qvm-start: exit if domain running and no --skip-if-running
2017-10-08 17:14:47 +02:00
Marek Marczykowski-Górecki
98e39ca63b
vm: drop suspend and resume methods - not part of the Admin API 2017-10-04 15:26:57 +02:00
Marek Marczykowski-Górecki
559cc9b0d6
tools/qvm-start: fix starting a VM with cdrom image
1. Output of `losetup` command contains `\n` - strip it.
2. Provide read-only option - if device info hasn't propagated to qubesd
yet, it will not be set automatically.

Fixes QubesOS/qubes-issues#3146
2017-10-04 15:18:28 +02:00
Marek Marczykowski-Górecki
8476afc306
tools: finish 'qvm-volume revert' implementation, add tests
It wasn't aware of snapshot identifier, fix that. Also update to use
VM:VOLUME syntax, not POOL:VID.
2017-10-02 21:12:17 +02:00
Marek Marczykowski-Górecki
c87820fba8
Drop individual VM classes as python types completely
Since those are unused now, remove them from the source, so it is easier
to debug the code (avoid never matching isinstance(...)).
2017-10-02 21:12:16 +02:00
Marek Marczykowski-Górecki
b55f615942
Move vm.appvms to QubesVM
First, TemplateVM is not used anymore (see previous commit). Second,
don't harcode on client side that "only TemplateVM can be a template for
any VM" (which actually isn't true: AppVM can be a template for DispVM).
2017-10-02 21:12:16 +02:00
Marek Marczykowski-Górecki
edcaed537a
Always use QubesVM objects, instead of AppVM/TemplateVM etc
Very few calls at client side really needs VM class name. So, even in
non-blind mode use just QubesVM class, to avoid strange cases depending
on blind mode being enabled or not. Then, have VM class name in 'klass'
property. If known at object creation time, cache it, otherwise query
qubesd at first access.
2017-10-02 21:12:16 +02:00
Mindy Preston
76c4a6421b qvm-start: exit if domain running and no --skip-if-running 2017-09-27 17:15:52 -05:00
Marek Marczykowski-Górecki
ab9a57a544
tools: fix qvm-run --help
QubesOS/qubes-issues#
2017-09-20 22:53:30 +02:00
Marek Marczykowski-Górecki
0a06ad9152
events: ignore events from non-existing domains
It may happen that when client handle the event, domain no longer
exists. This is for example common for DispVMs, which get removed just
after shutdown.
This will cause some events to be dropped, but one can enable blind
mode, to get them anyway (because it will not cause KeyError, even if
domain is already removed).

QubesOS/qubes-issues#3100
2017-09-20 20:19:38 +02:00
Marek Marczykowski-Górecki
b28ddb6621
Implement "blind mode" to avoid listing objects
This allows to perform actions on objects (VM, storage etc), without
listing them. This is useful when calling VM have minimal permissions
and only selected actions are allowed.

This means that app.domains['some-name'] will not raise KeyError, even
when domain do not exists. But performing actual action (like
vm.start()) will fail in that case.
2017-09-20 20:18:59 +02:00
Marek Marczykowski-Górecki
5e2638ab5e
tools: restore qvm-start --cdrom and similar options
Booting a VM from cdrom require attaching the device before VM startup,
which is possible only in persistent mode. But for qvm-start --cdrom
adding a cdrom only temporarily, use new update_persistence() function
to convert the assignment to temporary one.

Fixes QubesOS/qubes-issues#3055
2017-09-05 08:33:47 +02:00
Marek Marczykowski-Górecki
1481dc4fb8
devices: client stub for DeviceCollection.update_persistent
QubesOS/qubes-issues#3055
2017-09-05 03:59:01 +02:00
Marek Marczykowski-Górecki
b895015274
tools: cleanup temporary files after qvm-template-postprocess 2017-09-05 03:57:55 +02:00
Marek Marczykowski-Górecki
336807e8da
tools: fix too long lines
QubesOS/qubes-issues#2983
2017-09-04 03:07:03 +02:00
Marek Marczykowski-Górecki
533fccfc10
Merge remote-tracking branch 'qubesos/pr/24'
* qubesos/pr/24:
  Fixed https://github.com/QubesOS/qubes-issues/issues/2983
2017-09-04 03:02:49 +02:00
Marek Marczykowski-Górecki
3c9e5f6630
Merge branch 'bug2986' 2017-08-30 17:33:32 +02:00
Marek Marczykowski-Górecki
0fa374264f
tools: add qvm-create --help-classes
List available VM classes

QubesOS/qubes-issues#3017
2017-08-30 16:54:24 +02:00
Marek Marczykowski-Górecki
0464a3ebfc
tools: implement qvm-create --root-move-from/--root-copy-from 2017-08-30 16:54:23 +02:00
Marek Marczykowski-Górecki
f98ea4a520
backup/restore: do not fail the whole restore when qvm-appmenus is missing
Fixes QubesOS/qubes-issues#2991
2017-08-30 16:00:00 +02:00
Marek Marczykowski-Górecki
6568d624cc
backup/restore: make backup header extraction faster
Abort tar process after extracting requested files - do not parse the
archive until the end (possibly tens of GB later).

Fixes QubesOS/qubes-issues#2986
2017-08-30 15:51:44 +02:00
Marek Marczykowski-Górecki
a260685bd1
tools: drop --delete and --unset aliases for --default option
This may be confiusing, for example one may think that
`qvm-prefs --unset vmname netvm` will make vmname network-disconnected.
This type of mistakes may have severe security consequence, so better
drop those option names.

QubesOS/qubes-issues#3002

cc @rootkovska
2017-08-12 22:33:36 +02:00
Marek Marczykowski-Górecki
5b7947b51a
Improve QubesDaemonNoResponseError error message
Include hint to look into dom0 logs

QubesOS/qubes-issues#3016
2017-08-12 15:15:52 +02:00
Marek Marczykowski-Górecki
188bc2799b
tests: add DispVM tests
Especially for one service call wrapper

QubesOS/qubes-issues#3016
2017-08-12 15:15:19 +02:00
Marek Marczykowski-Górecki
3d2d3a2974
vm/dispvm: fix dispvm.cleanup() when no service was called
In such a case (especially when running in dom0) there is nothing to
cleanup.

Fixes QubesOS/qubes-issues#3016
2017-08-12 15:15:06 +02:00
Marek Marczykowski-Górecki
596eb3d96c
tools/qvm-run: ignore --filter-esc/--no-filter-esc unless --pass-io is given
If no VM output is printed on terminal, those options doesn't make sense
anyway.

Fixes QubesOS/qubes-issues#3013
2017-08-12 14:19:41 +02:00
blackpit
6534f8c191 Fixed https://github.com/QubesOS/qubes-issues/issues/2983
qvm-create -l yellow backuptest-1-vm
qvm-create -l yellow backuptest-2-vm
echo -n passphrase >test.passphrase

qvm-backup --passphrase-file test.passphrase --yes `pwd` backuptest-1-vm backuptest-2-vm

qvm-remove backuptest-1-vm1 || true
qvm-remove backuptest-2-vm1 || true
qvm-backup-restore --rename-conflicting --passphrase-file test.passphrase qubes-2017-08-09T165253 backuptest-1-vm

qvm-remove backuptest-1-vm1 || true
qvm-remove backuptest-2-vm1 || true
qvm-backup-restore --rename-conflicting --passphrase-file test.passphrase qubes-2017-08-09T165253 backuptest-2-vm
2017-08-09 19:43:53 +02:00
Marek Marczykowski-Górecki
414be0945d
tools/qvm-device: list attach options 2017-08-09 04:04:27 +02:00
Marek Marczykowski-Górecki
430ff342d4
tools/qvm-run: do not use os.set_blocking
It's available only in python >= 3.5, but we do support tools on python
3.4 (Debian jessie).
2017-08-09 04:04:26 +02:00
Marek Marczykowski-Górecki
7d25f1bf2b
app: add VMCollection.values()
Let it behave more like a dict()
2017-08-09 04:04:26 +02:00
Marek Marczykowski-Górecki
37ae76823b
tools: add qvm-run --dispvm option
Add option to uniformly start new DispVM from either VM or Dom0. This
use DispVMWrapper, which translate it to either qrexec call to $dispvm,
or (in dom0) to appropriate Admin API call to create fresh DispVM
first.
This require abandoning registering --all and --exclude by
QubesArgumentParser, because we need to add --dispvm mutually exclusive
with those two. But actually handling those two options is still done by
QubesArgumentParser.

This also updates man page and tests.

Fixes QubesOS/qubes-issues#2974
2017-08-06 20:44:55 +02:00
Marek Marczykowski-Górecki
9bb59cdd20
vm: add DispVMWrapper for calling a single service in new DispVM
This is a wrapper to use `$dispvm` target of qrexec call, just like any
other service call in qubesadmin module - using vm.run_service().
When running in dom0, qrexec-client-vm is not available, so DispVM needs
to be created "manually", using appropriate Admin API call
(admin.vm.CreateDisposable).

QubesOS/qubes-issues#2974
2017-08-06 12:22:47 +02:00
Marek Marczykowski-Górecki
50bd9f5fab
tools/qvm-run: fix handling small data blocks
When data block is smaller than 4096 (and no EOF is reached), python's
io.read() will call read(2) again to get more data. This may deadlock if
the other end of connection will write anything only after receiveing
data (which is the case for qubes.Filecopy).
Disable this buffering by using syscall wrappers directly. To not affect
performance that much, increase buffer size to 64k.

Fixes QubesOS/qubes-issues#2948
2017-08-02 02:43:03 +02:00
Marek Marczykowski-Górecki
c4460751a9
tools/qvm-start-gui: do not start stubdomain GUI for VMs with gui-agent 2017-07-30 18:54:08 +02:00
Marek Marczykowski-Górecki
f48321dd98
Merge branch 'devel-6'
* devel-6:
  qvm-ls: fix total VM size reporting
  doc: update manpage of qvm-service
  tools: qvm-service tool
  tests: too much copy&paste
  features: serialize True as '1'
  tools/qvm-start-gui: add --force-stubdomain options
  tools/qvm-shutdown: fix help message
  tools/qvm-shutdown: drop --force option, it isn't supported anymore
2017-07-29 05:28:57 +02:00
Marek Marczykowski-Górecki
f25321bdcc
Merge branch 'events2'
* events2:
  events: add variable Admin API method name
2017-07-29 05:28:37 +02:00
Marek Marczykowski-Górecki
9210048673
backup/restore: add option to ignore size limit
Allow to restore backup which have miscalculated VMs size, but otherwise
is good.
2017-07-29 05:13:46 +02:00
Marek Marczykowski-Górecki
7db2ed82ea
qvm-ls: fix total VM size reporting
There is no vm.storage object in qubesadmin module.
2017-07-29 04:56:20 +02:00
Marek Marczykowski-Górecki
213760f263
backup/restore: improve error reporting 2017-07-29 04:48:46 +02:00
Marek Marczykowski-Górecki
9c5531c5ad
events: add variable Admin API method name
Add support for differnet methods, not only admin.Events. For example
admin.vm.Stats also return events.
2017-07-28 22:28:27 +02:00
Marek Marczykowski-Górecki
18153652f3
tools: qvm-service tool
This really use features, but keep compatibility with Qubes 3.x

Fixes QubesOS/qubes-issues#1227
2017-07-28 14:24:04 +02:00
Marek Marczykowski-Górecki
1000d7902d
tests: too much copy&paste 2017-07-28 13:56:39 +02:00
Marek Marczykowski-Górecki
0fae70be53
features: serialize True as '1'
Do the same as core-admin code.
2017-07-28 13:56:05 +02:00
Marek Marczykowski-Górecki
416ee0bd22
tools/qvm-start-gui: add --force-stubdomain options
Sometimes it's useful to access emulated VGA, without rebooting the VM
in debug mode
2017-07-27 19:17:47 +02:00
Marek Marczykowski-Górecki
5b0c8e84d8
tools/qvm-shutdown: fix help message 2017-07-27 19:17:47 +02:00
Marek Marczykowski-Górecki
5d0bd4f6dc
tools/qvm-shutdown: drop --force option, it isn't supported anymore
Admin API does not allow this action.
2017-07-27 19:17:47 +02:00
Marek Marczykowski-Górecki
2d5d9d6d7d
tools: add qvm-backup tool
New qvm-backup tool can either use pre-existing backup profile
(--profile), or - when running in dom0 - can create new one based on
used options (--save-profile).

This commit add a tool itself, update its man page, and add tests for
it.

Fixes QubesOS/qubes-issues#2931
2017-07-21 03:58:18 +02:00
Marek Marczykowski-Górecki
d8af76ed60
backup: move BackupRestore class and helpers to 'restore' submodule
This breaks cyclic imports and also allow cleaner separation between
backup make and restore code.

No functional change.
2017-07-21 03:54:04 +02:00
Marek Marczykowski-Górecki
8d884a52e6
tests: disable slow tests unless ENABLE_SLOW_TESTS=1 is set 2017-07-21 03:54:04 +02:00
Marek Marczykowski-Górecki
ea47701fe6
tools/qvm-backup-restore: fix restoring only specific VMs
Related to QubesOS/qubes-issues#2924
2017-07-21 03:54:04 +02:00
Marek Marczykowski-Górecki
c50fc21e44
tests: qvm-backup-restore tool tests
Very simple one, but also fix reporting errors detected by tests.
2017-07-21 03:54:04 +02:00
Marek Marczykowski-Górecki
3c9fb8dbac
tools/qvm-volume: fix default action handling 2017-07-21 03:10:02 +02:00
Marek Marczykowski-Górecki
ae0729fb53
storage: drop 'internal' volume property
Since external block devices use Devices API now, it isn't useful
anymore.

QubesOS/qubes-issues#2256
2017-07-21 03:10:01 +02:00
Marek Marczykowski-Górecki
c736395432
tools/qvm-backup-restore: fix default list of VMs to restore
By default restore all of them, not only the ones named "[" or "]"
(which are invalid name).

Fixes QubesOS/qubes-issues#2924
2017-07-19 23:52:11 +02:00
Marek Marczykowski-Górecki
756235d4f3
Change 'hvm' property to 'virt_mode'
QubesOS/qubes-issues#2912
2017-07-18 04:22:34 +02:00
Marek Marczykowski-Górecki
7b9ee45c07
Choose QubesLocal or QubesRemote based on /etc/qubes-release presence
Do not check for qubesd socket (at module import time), because if not
running at this precise time, it will lead to wrong choice. And a weird
error message in consequence (looking for qrexec-client-vm in dom0).

Fixes QubesOS/qubes-issues#2917
2017-07-18 01:58:33 +02:00
Marek Marczykowski-Górecki
0c0b625a70
Merge branch 'devel-backup' 2017-07-18 01:49:37 +02:00
Marek Marczykowski-Górecki
f058c48c92
Merge branch 'devel-2-qvm-run-1'
* devel-2-qvm-run-1:
  Make pylint happy
  tools/qvm-run: fix handling EOF
  tests: mark qvm-run tests with "expected failure"
  tools/qvm-run: fix handling copying stdin to the process
2017-07-18 01:49:16 +02:00
Marek Marczykowski-Górecki
5178029a3c
Make pylint happy 2017-07-18 01:32:06 +02:00