Do not fail if *-whitelisted-appmenus.list files are not included in the
template package, only log an error.
While at it, use pathlib there to make the code a bit nicer.
Skip initial generate, as it's done before actual menu entries are
extracted from the template. But do call it if we aren't going to
extract menu entries initially - it will create just "settings" menu
entry.
Reinstalling template is a recommended way to get it back to a clean
state after potential compromise. In that case it is essential to
discard any persistent storage of old template, as it could be used by
the attacker to re-compromise it after reinstall.
Do this similar as root volume is overridden - via volume import
function.
FixesQubesOS/qubes-issues#5192
If needs to be extended - do it before import. If needs to be reduced -
after. This way, if data import fails for any reason, previous data
won't be destroyed (truncated).
Also, convert error on shrinking volume to a warning, as it doesn't break
the template (just leave it with bigger disk than needed). Currently all
storage pool implementations refuse to shrink a volume (but it may
change in the future).
QubesOS/qubes-issues#3169
This is especially important on LVM thin pool, where space after
removing the file needs to be given back to the pool, to be reused for
other volumes (for example this template).
I don't know if any template currently hits this code path, even the
fedora-26-minimal root.img is large enough to be split into multiple
parts. Maybe Arch Linux?
Related to https://github.com/QubesOS/qubes-core-admin/pull/188
Do not close event loop in utility function - handle it only in main().
For this reason, change appropriate functions to coroutines.
FixesQubesOS/qubes-issues#2865
Don't fail the whole process when "just" appmenus import fails.
But if data import fails, remove the VM
Also update for vm.run_service_for_stdio raising CalledProcessError.
Enable 'qrexec' VM feature to wait for qrexec initialization - it is
required to call qubes.PostInstall service. If VM start fails, assume
there is no qrexec and drop that feature.