Commit Graph

951 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
6c376d68c4
qvm-template: fix installing already cached templates
And also enhance tests to verify download() function return value.
2021-04-02 03:50:11 +02:00
Marek Marczykowski-Górecki
7978e17aeb
Merge remote-tracking branch 'origin/pr/145'
* origin/pr/145: (119 commits)
  qvm-template: fix downloading template for install
  tests: add tests for other qvm-template functions
  tests: improve TestProcess behavior
  tests: add tests for qvm-template reinstall/up/downgrade when nothing needs to be done
  tests: fix mock return values of get_dl_list when testing `qvm-template reinstall`
  qvm-template: update comments to reflect e424c7d
  qvm-template: only ask for confirmation during install if something is being done
  tests: add more tests re. install, remove, and get_keys_for_repos
  qvm-template: test != 1 instead of == 0 for template-dummy feature
  tests: fix tests for verify_rpm involving incorrect template names
  tests: add tests for qvm-template remove
  tests: some more for qvm-template
  qvm-template: mute pylint complains about typing.NamedTuple
  tests: qvm-template-postprocess - template.conf handling
  qvm-template-postprocess: fix allowed features list
  qvm-template-postprocess: extract config handling into separate function
  qvm-template-postprocess: treat missing appmenus files as warnings only
  qvm-template: default confirm to 'n'
  qvm-template: verify template package signature directly at download
  qvm-template: improve error reporting
  ...
2021-04-01 20:23:46 +02:00
Marek Marczykowski-Górecki
9020f2e1fd
qvm-template: fix downloading template for install
Donwload a template into a cache dir, not into default of `qvm-template
download` (current directory).
2021-04-01 01:48:29 +02:00
WillyPillow
d1ce8d3a95
tests: add tests for other qvm-template functions 2021-03-02 15:14:08 +08:00
WillyPillow
64e9c24054
tests: improve TestProcess behavior
- Have it actually write to the given stdout handle.
- Return the return code for `poll` instead of returning `None`, so that
the process is observed to terminate.
2021-03-02 15:12:23 +08:00
Marek Marczykowski-Górecki
0d2877bd9c
Merge remote-tracking branch 'origin/pr/166'
* origin/pr/166:
  qvm-backup: dom0 dst relative to cwd of tool, not qubesd
2021-02-24 02:04:10 +01:00
WillyPillow
4083b74284
tests: add tests for qvm-template reinstall/up/downgrade when nothing needs to be done 2021-02-21 02:19:43 +08:00
WillyPillow
a9d03d199b
tests: fix mock return values of get_dl_list when testing qvm-template reinstall 2021-02-21 02:13:16 +08:00
WillyPillow
fc520f8ed4
qvm-template: update comments to reflect e424c7d 2021-02-21 02:11:23 +08:00
WillyPillow
dedf5ac6e6
qvm-template: only ask for confirmation during install if something is being done 2021-02-21 02:09:23 +08:00
WillyPillow
764a56ade1
tests: add more tests re. install, remove, and get_keys_for_repos 2021-02-20 11:03:39 +08:00
WillyPillow
60f5ba0e23
qvm-template: test != 1 instead of == 0 for template-dummy feature 2021-02-20 09:57:59 +08:00
WillyPillow
33d205c1dd
tests: fix tests for verify_rpm involving incorrect template names 2021-02-20 09:56:36 +08:00
WillyPillow
ed3e368673
tests: add tests for qvm-template remove 2021-02-20 09:46:56 +08:00
Marek Marczykowski-Górecki
e00f35b9c3
tests: some more for qvm-template
QubesOS/qubes-issues#
2021-02-19 23:06:07 +01:00
Marek Marczykowski-Górecki
f4e826e65d
qvm-template: mute pylint complains about typing.NamedTuple
This is false positive, PyCQA/pylint#3732
2021-02-19 17:21:39 +01:00
Marek Marczykowski-Górecki
2c1e7927f6
gitlab-ci: fix codecov call 2021-02-19 16:54:19 +01:00
Marek Marczykowski-Górecki
b86408a36d
tests: qvm-template-postprocess - template.conf handling 2021-02-19 15:10:16 +01:00
Marek Marczykowski-Górecki
2c5572b3d9
qvm-template-postprocess: fix allowed features list
Add missing coma, otherwise 'gui-emulated' and 'qrexec' were glued
together.
2021-02-19 15:10:16 +01:00
Marek Marczykowski-Górecki
c4efdf41c5
qvm-template-postprocess: extract config handling into separate function
Keep post_install() short.
2021-02-19 15:10:15 +01:00
Marek Marczykowski-Górecki
bcf59579f1
qvm-template-postprocess: treat missing appmenus files as warnings only
Do not fail if *-whitelisted-appmenus.list files are not included in the
template package, only log an error.

While at it, use pathlib there to make the code a bit nicer.
2021-02-19 14:02:53 +01:00
Marek Marczykowski-Górecki
e6360da22e
qvm-template: default confirm to 'n'
Capital 'N' in the prompt suggests it is the default - really make it
the default.
2021-02-19 01:12:26 +01:00
Marek Marczykowski-Górecki
e424c7df9c
qvm-template: verify template package signature directly at download
Make the download() function save the package into a temporary space and
move to the target location only after checking the signature. This is
safer option than requiring all callers to explicitly verify the
signature. Also, make the download() function verify if the template
name inside the package matches what was requested.
Especially, make `qvm-template download` action verify the signature
too.

On `qvm-template install` avoid checking the signature again for
downloaded packages, by passing extra argument to the verify_rpm()
function. But still verify signature of packages loaded from disk.
2021-02-18 21:43:57 +01:00
Marek Marczykowski-Górecki
ce36dc55c5
qvm-template: improve error reporting
Do not print the whole traceback by default - do that only when
--verbose is used.
2021-02-07 03:35:17 +01:00
Marek Marczykowski-Górecki
8795668233
qvm-template-postprocess: do not generate appmenus twice
Skip initial generate, as it's done before actual menu entries are
extracted from the template. But do call it if we aren't going to
extract menu entries initially - it will create just "settings" menu
entry.
2021-02-07 03:35:16 +01:00
Marek Marczykowski-Górecki
b7446afe3b
qvm-template: use key specified in the repo definition if possible
This makes the package verified against _only_ the key specified in the
repo config, not all the trusted keys.
If repo does not specify a key, use the default one (change this to a
single file, instead of the whole directory). Existing 'gpgkey' entry
pointing at non-existing file will result in an error.
2021-02-07 03:35:16 +01:00
Marek Marczykowski-Górecki
4f9757ca88
qvm-template: by default list only latest available template
But add --all-versions option to get all the available versions.
2021-02-07 03:35:16 +01:00
Marek Marczykowski-Górecki
86326b53c4
qvm-template: factor filter_version() out of get_dl_list()
This allows reusing version filtering (getting only a single version per
template) in other places.

For equal versions packages, prefer the one from non-testing repository.
2021-02-07 03:35:16 +01:00
Marek Marczykowski-Górecki
10bea1b77e
qvm-template: allow global arguments after action name
It's convenient to use for example
`qvm-template list --enablerepo=*-testing`
Previously, _some_ options needed to be before action name.
2021-02-07 03:35:16 +01:00
Marek Marczykowski-Górecki
e0063d8808
qvm-template: use QubesArgumentParser
It produces consistent help for subcommands and already handles
--verbose/--quiet.
2021-02-07 03:35:15 +01:00
Marek Marczykowski-Górecki
6980e7ba14
Store template repo configuration in /etc
This way it's easier to permanently enable repos.
2021-02-06 16:03:40 +01:00
Marek Marczykowski-Górecki
ed6aff3b1e
qvm-template-preprocess: remove confusing message
Don't confuse user during normal template install.
2021-02-06 16:03:40 +01:00
Marek Marczykowski-Górecki
f053f51644
qvm-template: remove downloaded package after installation
At least by default. Otherwise they will pile up in the cache dir.
2021-02-06 16:03:39 +01:00
Marek Marczykowski-Górecki
fe369ce523
qvm-template: cleanup install function
Remove now unused try/finally in install() and reduce indentation.

No functional change.
2021-02-06 16:03:39 +01:00
Marek Marczykowski-Górecki
f1424812b0
qvm-template: improve install lock
Use fcntl.flock() instead of just file existence check, so it won't fail
on a stale lock file. While at it, move locking to a function decorator,
to de-clutter the install function a bit. This will allow reducing
indentation level, but don't do it yet, to make the patch readable.

Move lock testing into a separate test, and remove it from install
tests.

QubesOS/qubes-issues#2534
2021-02-06 16:03:39 +01:00
Marek Marczykowski-Górecki
febf014d14
qvm-template-postprocess: improve data validation
- validate if IP has correct syntax
- print warning if value is invalid

QubesOS/qubes-issues#2534
2021-02-06 16:03:39 +01:00
Marek Marczykowski-Górecki
b2e4d0ee34
deb,rpm: depend on qubes-repo-templates
For package repos definitions + keys.
2021-02-06 16:03:39 +01:00
Marek Marczykowski-Górecki
940124948a
qvm-template: minor improvements
- rename parser_gen to get_parser - for consistency with other tools
- clarify 'storage pool'
- move '-' to the end in regex characters list

QubesOS/qubes-issues#2534
2021-02-06 16:03:38 +01:00
Marek Marczykowski-Górecki
8aede943cc
qvm-template: add copyright header 2021-02-06 16:03:38 +01:00
Marek Marczykowski-Górecki
aeeb3daa80
qvm-template: handle template extraction failure
QubesOS/qubes-issues#2534
2021-02-06 16:03:38 +01:00
Marek Marczykowski-Górecki
f3954fb225
qvm-template: download templates to a temporary directory
Avoid risk of conflicting downloads to the same directory, reusing
partial downloads, leaving broken files etc. Move template package out
of temporary directory only after its verified.

QubesOS/qubes-issues#2534
2021-02-06 16:03:38 +01:00
Marek Marczykowski-Górecki
f3f6750a3f
qvm-template: call rpmkeys --checksig for signature verification
RPM API is confusing and it's easy to get it wrong when verifying
package signatures.
Call 'rpmkeys --checksig' which is more rebust here - RPM authors should
know how to use their API.

QubesOS/qubes-issues#2534
2021-02-06 16:03:38 +01:00
Marek Marczykowski-Górecki
b500462abb
qvm-template: use UpdateVM by default
Do not hardcode sys-firewall
2021-02-06 16:03:37 +01:00
Rusty Bird
e78512b4b1
qvm-backup: dom0 dst relative to cwd of tool, not qubesd 2021-02-02 19:05:12 +00:00
Marek Marczykowski-Górecki
0f42fd0580
tests: restoring a backup bigger than available space in /var/tmp
This test uses three tricks to test /var/tmp space monitoring:
1. Creates a big uncompressed backup (2GB file instead of few bytes)
2. Mount small tmpfs over /var/tmp (650MB - minimal space that should
   not deadlock the restore)
3. Artificially slow down data processing by adding sleep()

QubesOS/qubes-issues#4791
2021-01-05 04:50:59 +01:00
Marek Marczykowski-Górecki
af13c198be
tests: fix preparing multi-part disk volume
Storing encrypted filename into f_name shadowed unencrypted source file
name.
2021-01-05 04:46:12 +01:00
Marek Marczykowski-Górecki
93608658a9
backup: throttle backup extracting if there is not enough disk space
Instead of failing the restore process, pause data extracting, until
already extracted data gets processed.
This commit implements this for local tar extraction. Extracting data
received from a VM is handled in qfile-(dom0-)unpacker, which also has
similar feature, turned on in 6338b936e2.

Fixes QubesOS/qubes-issues#4791
2021-01-05 04:46:12 +01:00
Marek Marczykowski-Górecki
10d4381c14
backup: check if there is enough disk space available to restore
Avoid failing restore after potentially lengthy processing - check
available space first.

This will be even more important after adding waiting for free space -
then if there won't be enough free space, the process will deadlock.

QubesOS/qubes-issues#4791
2021-01-05 03:33:21 +01:00
Marek Marczykowski-Górecki
16ff6d0552
backup: cleanup retrieve_proc on failure 2021-01-05 03:32:21 +01:00
Marek Marczykowski-Górecki
d906fbc4bb
backup: add function parameter for override temp directory
This will be useful for tests.

QubesOS/qubes-issues#
2021-01-05 03:31:09 +01:00