Qubes/core-admin-client
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
781 Commits 1 Branch 0 Tags 2.3 MiB
b7eca976b5
Commit Graph

781 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
1fcb031192
Add support for run_service(..., filter_esc=True) in a VM 
Since qrexec-client-vm got support for filtering escape characters, use
it here too.

QubesOS/qubes-issues#5322
 2019-09-21 04:55:18 +02:00
Marek Marczykowski-Górecki
d7dcdd3a0b
rpm: fix release number 2019-09-21 04:54:54 +02:00
Marek Marczykowski-Górecki
22bc5d880a
Merge remote-tracking branch 'origin/pr/105' 
* origin/pr/105:
  Fixed error with VM being incorrectly listed as its own dependency
 2019-09-21 03:34:31 +02:00
Marek Marczykowski-Górecki
556cec4e3f
Merge remote-tracking branch 'origin/pr/104' 
* origin/pr/104:
  dochelpers: make PEP8 happier
  dochelpers: handle legacy sphinx library
  Fix Sphinx 2 new API for Fedora 31+
 2019-09-21 03:34:27 +02:00
Marek Marczykowski-Górecki
1f1564dcf0
backup/restore: make pylint happy 2019-09-21 03:20:43 +02:00
Marta Marczykowska-Górecka
3e2b432644
Fixed error with VM being incorrectly listed as its own dependency 
fixes QubesOS/qubes-issues#4224
 2019-09-17 00:59:59 +02:00
Marek Marczykowski-Górecki
48ad8325d0
tests: check rejecting/accepting compression filters 
3 new tests:
- custom (common) compression filter
- custom (uncommon) compression filter - should be rejected
- custom (uncommon) compression filter forced - accepted
 2019-09-10 15:24:15 +02:00
Marek Marczykowski-Górecki
14f77860bf
backup/restore: add option to use uncommon compression filter anyway 
Previous commit introduced protection against uncommon (potentially
malicious) compression filters. This breaks restoring backups made with
a custom compression filter. Add an option to override this check, by
naming compression filter to use explicitly.
 2019-09-10 15:24:15 +02:00
Marek Marczykowski-Górecki
10f15e6669
backup/restore: reject uncommon compression filters and improve header validation 
Compression filter named in a backup header is executed in restore
environment (commonly dom0). While this field is properly authenticated,
there may be cases where backup archive comes from less
trusted source, like migrating from potentially compromised
system.

Modify backup header parsing code to add field specific validators.
Whitelist only know crypto, hmac and compression algorithms.

Based on a patch by Jean-Philippe Ouellet <jpo@vt.edu>
Reported-by: Jean-Philippe Ouellet <jpo@vt.edu>
 2019-09-10 15:24:15 +02:00
Frédéric Pierret (fepitre)
3ddeb2046a
dochelpers: make PEP8 happier 2019-09-06 16:29:56 +02:00
Frédéric Pierret (fepitre)
6df676c259
dochelpers: handle legacy sphinx library 2019-09-06 16:29:52 +02:00
Frédéric Pierret (fepitre)
ab8f487b50
Fix Sphinx 2 new API for Fedora 31+ 
QubesOS/qubes-issues#5289
 2019-09-06 16:24:30 +02:00
Marek Marczykowski-Górecki
9158412a24
Merge remote-tracking branch 'origin/pr/100' 
* origin/pr/100:
  qvm-device: add manpage entry
  qvm-device: prevent parser allowing abbreviations
  qvm-device: handle 'list-device-classes' and 'list-classes'
  qubesadmin: define methods list_vmclass and list_devicesclass
  qubesadmin: make PEP8 happy
 2019-09-06 13:08:32 +02:00
Marek Marczykowski-Górecki
165497d697
Merge remote-tracking branch 'origin/pr/102' 
* origin/pr/102:
  Correct network-manager qubes service default
  Clarify the network-manager qubes service default
 2019-09-06 05:51:13 +02:00
hexagonrecursion
51d9d6983e
Fix a pref name in the qvm-prefs man page 2019-09-04 20:21:26 +00:00
hexagonrecursion
2c4cb44b5c
Correct network-manager qubes service default 2019-08-30 07:33:27 +00:00
hexagonrecursion
cef300b0c7
Clarify the network-manager qubes service default 2019-08-30 07:22:35 +00:00
Frédéric Pierret (fepitre)
d96db420ba
qvm-device: add manpage entry 2019-08-24 13:39:37 +02:00
Frédéric Pierret (fepitre)
8639034bb6
qvm-device: prevent parser allowing abbreviations 2019-08-24 13:39:37 +02:00
Frédéric Pierret (fepitre)
41c6fbed72
qvm-device: handle 'list-device-classes' and 'list-classes' 
QubesOS/qubes-issues#5213
 2019-08-24 13:39:36 +02:00
Frédéric Pierret (fepitre)
3dce4e9742
qubesadmin: define methods list_vmclass and list_devicesclass 
Adapt also previous direct calls of qubesdb

QubesOS/qubes-issues#5213
 2019-08-10 22:08:31 +02:00
Frédéric Pierret (fepitre)
a982e1e538
qubesadmin: make PEP8 happy 2019-08-10 19:03:41 +02:00
Marek Marczykowski-Górecki
769f8a5ee8
Merge remote-tracking branch 'origin/pr/98' 
* origin/pr/98:
  qvm-check: fix from Marek's comment
  qvm-check: refactor check mechanism and add filter for checking netvm
 2019-08-08 15:35:34 +02:00
Frédéric Pierret (fepitre)
eb461e4c3b
qvm-check: fix from Marek's comment 2019-08-08 14:29:35 +02:00
Frédéric Pierret (fepitre)
7d93377b78
qvm-check: refactor check mechanism and add filter for checking netvm 
Fix QubesOS/qubes-issues#3496
 2019-08-08 14:26:05 +02:00
Marek Marczykowski-Górecki
489efce9cb
Merge remote-tracking branch 'origin/pr/99' 
* origin/pr/99:
  devices: add missing docstring for _get_device_classes
  devices: make iteration device classes compatible with Python2
  tools/qvm-device: make PEP8 happy
  tests/devices: add test for handling listing device classes
  tests/devices: make PEP8 happy
  devices: handle listing of available device classes
  devices: make PEP8 happy
 2019-08-08 14:13:38 +02:00
Frédéric Pierret (fepitre)
08d746e119
devices: add missing docstring for _get_device_classes 2019-08-07 22:10:37 +02:00
Frédéric Pierret (fepitre)
268d11fbff
devices: make iteration device classes compatible with Python2 2019-08-07 20:38:30 +02:00
Frédéric Pierret (fepitre)
174f155d31
tools/qvm-device: make PEP8 happy 2019-08-06 15:15:12 +02:00
Frédéric Pierret (fepitre)
4d0545405f
tests/devices: add test for handling listing device classes 2019-08-06 15:15:12 +02:00
Frédéric Pierret (fepitre)
07ca511bd7
tests/devices: make PEP8 happy 2019-08-06 15:15:03 +02:00
Frédéric Pierret (fepitre)
f633dd9b40
devices: handle listing of available device classes 
QubesOS/qubes-issues#5213
 2019-08-06 15:09:44 +02:00
Frédéric Pierret (fepitre)
1052217973
devices: make PEP8 happy 2019-08-06 15:07:33 +02:00
Marek Marczykowski-Górecki
6f784650ae
version 4.0.26 2019-07-30 16:29:31 +02:00
Marek Marczykowski-Górecki
e700af9eb2
tools/qvm-volume: add 'import' action 
Add support for importing volume data with qvm-volume tool.
This could be also used to clear volume by issuing:

    qvm-volume import --no-resize some-vm:private /dev/null

QubesOS/qubes-issues#5192
 2019-07-29 22:20:06 +02:00
Marek Marczykowski-Górecki
fdc632c959
tools: reset private volume when importing template over existing one 
Reinstalling template is a recommended way to get it back to a clean
state after potential compromise. In that case it is essential to
discard any persistent storage of old template, as it could be used by
the attacker to re-compromise it after reinstall.
Do this similar as root volume is overridden - via volume import
function.

Fixes QubesOS/qubes-issues#5192
 2019-07-29 22:20:06 +02:00
Marek Marczykowski-Górecki
21569b3a31
tests: fix events tests on python3.7 
Fix syntax workaround for python3.7 + python2.7. This code can't use
'yield from' to be still importable on python2.7, but asyncio.sleep() is
no longer iterable on python3.7. Workaround it by manually calling
coroutine.send(None) in a loop - ugly as hell, but works. I can't wait
until we could drop python2 support...
 2019-07-29 21:56:32 +02:00
Marek Marczykowski-Górecki
291382c6b9
travis: drop python 3.4, add python 3.6 and 3.7 
Python 3.4 is EOL, and not supported by recent lxml already.
This also means dropping jessie tests.
 2019-07-29 21:56:28 +02:00
Marek Marczykowski-Górecki
b8ddb39752
Allow app.domains[vm] where vm is a QubesVM object 
Similar as in the core-admin API.
 2019-06-25 06:28:00 +02:00
Marek Marczykowski-Górecki
7bca004532
Merge remote-tracking branch 'origin/pr/95' 
* origin/pr/95:
  Remove unnecessary comma in qvm-backup.rst
 2019-06-14 18:20:55 +02:00
unman
6f8ee53cef
Remove unnecessary comma in qvm-backup.rst 2019-06-14 14:53:05 +00:00
Marek Marczykowski-Górecki
19e286e382
travis: switch to xenial, update distributions 
QubesOS/qubes-issues#4613
 2019-05-30 00:39:28 +02:00
Malte Leip
32538fa5ec
qvm-prefs: add --hide-default option 2019-05-29 20:32:13 +02:00
Marek Marczykowski-Górecki
c1be4cd062
Merge remote-tracking branch 'qubesos/pr/92' 
* qubesos/pr/92:
  Adds docs for clone ignore_errors, feeds linter
  Adds support for `--ignore-errors` to qvm-clone CLI
 2019-04-17 00:30:10 +02:00
Marek Marczykowski-Górecki
37e4e4c6ca
tests: update yaml syntax in qvm-backup tests 
yaml.safe_dump() finally produces canonical yaml output, not a
one-liner.
 2019-04-16 23:10:38 +02:00
Conor Schaefer
40eeddbfc8
Adds docs for clone ignore_errors, feeds linter 
Addresses review comments, specifically:

  * updates qvm-clone tests to handle ignore_errors option
  * adds manpage reference to new --ignore-errors option
  * trims line length in qvm-clone changes

All tests should now be passing, including the new qvm-clone
functionality.
 2019-04-16 10:44:47 -07:00
Conor Schaefer
55a22e7955
Adds support for --ignore-errors to qvm-clone CLI 
The underlying API already supported the `ignore_errors` param in
Python, now we just expose that option to the `qvm-clone` CLI.
 2019-04-15 17:33:41 -07:00
anadahz
2f1be16635
Remove policy option from man page 
Firewall policy is now hardcoded to 'drop'.

QubesOS/qubes-issues#2869
 2019-03-09 11:53:44 +00:00
Marek Marczykowski-Górecki
080935a6fd
doc: typo fix 2019-03-07 04:46:53 +01:00
Marek Marczykowski-Górecki
310a4f2090
version 4.0.25 2019-03-07 03:58:08 +01:00