If domain was just removed, it the qrexec call may result in a
QubesVMNotFoundError exception. If it was removed earlier, and the
caller is in connecting via qrexec, the call will be rejected at the
policy level. Treat both situations uniformely - with
QubesPropertyAccessError. This allows using convenient `getattr()` to
define placeholder value (if appropriate), or try/except with a single
exception instead of two.
QubesOS/qubes-issues#5105
The cleanup requires XID of the domain, but when it's shut off already,
it's too late to retrieve it. Cache value retrieved when the domain was
still running (either domain-start event, or program startup).
* origin/pr/145: (119 commits)
qvm-template: fix downloading template for install
tests: add tests for other qvm-template functions
tests: improve TestProcess behavior
tests: add tests for qvm-template reinstall/up/downgrade when nothing needs to be done
tests: fix mock return values of get_dl_list when testing `qvm-template reinstall`
qvm-template: update comments to reflect e424c7d
qvm-template: only ask for confirmation during install if something is being done
tests: add more tests re. install, remove, and get_keys_for_repos
qvm-template: test != 1 instead of == 0 for template-dummy feature
tests: fix tests for verify_rpm involving incorrect template names
tests: add tests for qvm-template remove
tests: some more for qvm-template
qvm-template: mute pylint complains about typing.NamedTuple
tests: qvm-template-postprocess - template.conf handling
qvm-template-postprocess: fix allowed features list
qvm-template-postprocess: extract config handling into separate function
qvm-template-postprocess: treat missing appmenus files as warnings only
qvm-template: default confirm to 'n'
qvm-template: verify template package signature directly at download
qvm-template: improve error reporting
...
- Have it actually write to the given stdout handle.
- Return the return code for `poll` instead of returning `None`, so that
the process is observed to terminate.
Do not fail if *-whitelisted-appmenus.list files are not included in the
template package, only log an error.
While at it, use pathlib there to make the code a bit nicer.
Make the download() function save the package into a temporary space and
move to the target location only after checking the signature. This is
safer option than requiring all callers to explicitly verify the
signature. Also, make the download() function verify if the template
name inside the package matches what was requested.
Especially, make `qvm-template download` action verify the signature
too.
On `qvm-template install` avoid checking the signature again for
downloaded packages, by passing extra argument to the verify_rpm()
function. But still verify signature of packages loaded from disk.
Skip initial generate, as it's done before actual menu entries are
extracted from the template. But do call it if we aren't going to
extract menu entries initially - it will create just "settings" menu
entry.
This makes the package verified against _only_ the key specified in the
repo config, not all the trusted keys.
If repo does not specify a key, use the default one (change this to a
single file, instead of the whole directory). Existing 'gpgkey' entry
pointing at non-existing file will result in an error.
This allows reusing version filtering (getting only a single version per
template) in other places.
For equal versions packages, prefer the one from non-testing repository.
Use fcntl.flock() instead of just file existence check, so it won't fail
on a stale lock file. While at it, move locking to a function decorator,
to de-clutter the install function a bit. This will allow reducing
indentation level, but don't do it yet, to make the patch readable.
Move lock testing into a separate test, and remove it from install
tests.
QubesOS/qubes-issues#2534
- rename parser_gen to get_parser - for consistency with other tools
- clarify 'storage pool'
- move '-' to the end in regex characters list
QubesOS/qubes-issues#2534
Avoid risk of conflicting downloads to the same directory, reusing
partial downloads, leaving broken files etc. Move template package out
of temporary directory only after its verified.
QubesOS/qubes-issues#2534
RPM API is confusing and it's easy to get it wrong when verifying
package signatures.
Call 'rpmkeys --checksig' which is more rebust here - RPM authors should
know how to use their API.
QubesOS/qubes-issues#2534
This test uses three tricks to test /var/tmp space monitoring:
1. Creates a big uncompressed backup (2GB file instead of few bytes)
2. Mount small tmpfs over /var/tmp (650MB - minimal space that should
not deadlock the restore)
3. Artificially slow down data processing by adding sleep()
QubesOS/qubes-issues#4791
Instead of failing the restore process, pause data extracting, until
already extracted data gets processed.
This commit implements this for local tar extraction. Extracting data
received from a VM is handled in qfile-(dom0-)unpacker, which also has
similar feature, turned on in 6338b936e2.
FixesQubesOS/qubes-issues#4791