123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 |
- # -*- encoding: utf8 -*-
- #
- # The Qubes OS Project, http://www.qubes-os.org
- #
- # Copyright (C) 2017 Marek Marczykowski-Górecki
- # <marmarek@invisiblethingslab.com>
- #
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU Lesser General Public License as published by
- # the Free Software Foundation; either version 2.1 of the License, or
- # (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU Lesser General Public License for more details.
- #
- # You should have received a copy of the GNU Lesser General Public License along
- # with this program; if not, see <http://www.gnu.org/licenses/>.
- '''qvm-backup tool'''
- import asyncio
- import functools
- import getpass
- import os
- import signal
- import sys
- import yaml
- try:
- import qubesadmin.events
- have_events = True
- except ImportError:
- have_events = False
- import qubesadmin.tools
- from qubesadmin.exc import QubesException
- backup_profile_dir = '/etc/qubes/backup'
- parser = qubesadmin.tools.QubesArgumentParser()
- parser.add_argument("--yes", "-y", action="store_true",
- dest="yes", default=False,
- help="Do not ask for confirmation")
- group = parser.add_mutually_exclusive_group()
- group.add_argument('--profile', action='store',
- help='Perform backup defined by a given profile')
- no_profile = group.add_argument_group('Profile setup',
- 'Manually specify profile options')
- no_profile.add_argument("--exclude", "-x", action="append",
- dest="exclude_list", default=[],
- help="Exclude the specified VM from the backup (may be "
- "repeated)")
- no_profile.add_argument("--dest-vm", "-d", action="store",
- dest="appvm", default=None,
- help="Specify the destination VM to which the backup "
- "will be sent (implies -e)")
- no_profile.add_argument("--encrypt", "-e", action="store_true",
- dest="encrypted", default=True,
- help="Ignored, backup is always encrypted")
- no_profile.add_argument("--passphrase-file", "-p", action="store",
- dest="passphrase_file", default=None,
- help="Read passphrase from a file, or use '-' to read "
- "from stdin")
- no_profile.add_argument("--compress", "-z", action="store_true",
- dest="compression", default=False,
- help="Compress the backup")
- no_profile.add_argument("--compress-filter", "-Z", action="store",
- dest="compression",
- help="Specify a non-default compression filter program "
- "(default: gzip)")
- no_profile.add_argument('--save-profile', action='store',
- help='Save profile under selected name for further use.'
- 'Available only in dom0.')
- no_profile.add_argument("backup_location", action="store", default=None,
- nargs='?',
- help="Backup location (absolute directory path, "
- "or command to pipe backup to)")
- no_profile.add_argument("vms", nargs="*", action=qubesadmin.tools.VmNameAction,
- help="Backup only those VMs")
- def write_backup_profile(output_stream, args, passphrase=None):
- '''Format backup profile and print it to *output_stream* (a file or
- stdout)
- :param output_stream: file-like object ro print the profile to
- :param args: parsed arguments
- :param passphrase: passphrase to use
- '''
- profile_data = {}
- profile_data['include'] = args.vms or None
- if args.exclude_list:
- profile_data['exclude'] = args.exclude_list
- if passphrase:
- profile_data['passphrase_text'] = passphrase
- if args.compression:
- profile_data['compression'] = args.compression
- if args.appvm:
- profile_data['destination_vm'] = args.appvm
- else:
- profile_data['destination_vm'] = 'dom0'
- profile_data['destination_path'] = args.backup_location
- yaml.safe_dump(profile_data, output_stream)
- def print_progress(expected_profile, _subject, _event, backup_profile,
- progress):
- '''Event handler for reporting backup progress'''
- if backup_profile != expected_profile:
- return
- sys.stderr.write('\rMaking a backup... {:.02f}%'.format(float(progress)))
- def main(args=None, app=None):
- '''Main function of qvm-backup tool'''
- args = parser.parse_args(args, app=app)
- profile_path = None
- if args.profile is None:
- if args.backup_location is None:
- parser.error('either --profile or \'backup_location\' is required')
- if args.app.qubesd_connection_type == 'socket':
- # when running in dom0, we can create backup profile, including
- # passphrase
- if args.save_profile:
- profile_name = args.save_profile
- else:
- # don't care about collisions because only the user in dom0 can
- # trigger this, and qrexec policy should not allow random VM
- # to execute the same backup in the meantime
- profile_name = 'backup-run-{}'.format(os.getpid())
- # first write the backup profile without passphrase, to display
- # summary
- profile_path = os.path.join(
- backup_profile_dir, profile_name + '.conf')
- with open(profile_path, 'w') as f_profile:
- write_backup_profile(f_profile, args)
- else:
- if args.save_profile:
- parser.error(
- 'Cannot save backup profile when running not in dom0')
- # unreachable - parser.error terminate the process
- return 1
- print('To perform the backup according to selected options, '
- 'create backup profile ({}) in dom0 with following '
- 'content:'.format(
- os.path.join(backup_profile_dir, 'profile_name.conf')))
- write_backup_profile(sys.stdout, args)
- print('# specify backup passphrase below')
- print('passphrase_text: ...')
- return 1
- else:
- profile_name = args.profile
- backup_summary = args.app.qubesd_call(
- 'dom0', 'admin.backup.Info', profile_name)
- print(backup_summary.decode())
- if not args.yes:
- if input("Do you want to proceed? [y/N] ").upper() != "Y":
- if args.profile is None and not args.save_profile:
- os.unlink(profile_path)
- return 0
- if args.profile is None:
- if args.passphrase_file is not None:
- pass_f = open(args.passphrase_file) \
- if args.passphrase_file != "-" else sys.stdin
- passphrase = pass_f.readline().rstrip()
- if pass_f is not sys.stdin:
- pass_f.close()
- else:
- prompt = ("Please enter the passphrase that will be used to "
- "encrypt and verify the backup: ")
- passphrase = getpass.getpass(prompt)
- if getpass.getpass("Enter again for verification: ") != passphrase:
- parser.error_runtime("Passphrase mismatch!")
- with open(profile_path, 'w') as f_profile:
- write_backup_profile(f_profile, args, passphrase)
- loop = asyncio.get_event_loop()
- if have_events:
- # pylint: disable=no-member
- events_dispatcher = qubesadmin.events.EventsDispatcher(args.app)
- events_dispatcher.add_handler('backup-progress',
- functools.partial(print_progress, profile_name))
- events_task = asyncio.ensure_future(
- events_dispatcher.listen_for_events())
- loop.add_signal_handler(signal.SIGINT,
- args.app.qubesd_call, 'dom0', 'admin.backup.Cancel', profile_name)
- try:
- loop.run_until_complete(loop.run_in_executor(None,
- args.app.qubesd_call, 'dom0', 'admin.backup.Execute', profile_name))
- except QubesException as err:
- print('\nBackup error: {}'.format(err), file=sys.stderr)
- return 1
- finally:
- if have_events:
- events_task.cancel()
- try:
- loop.run_until_complete(events_task)
- except asyncio.CancelledError:
- pass
- loop.close()
- if args.profile is None and not args.save_profile:
- os.unlink(profile_path)
- print('\n')
- return 0
- if __name__ == '__main__':
- sys.exit(main())
|