69 lines
2.9 KiB
Bash
69 lines
2.9 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
# 6h
|
||
|
UPDATES_SLEEP=21600
|
||
|
UPDATES_VM=`qvm-get-updatevm`
|
||
|
|
||
|
QREXEC_CLIENT=/usr/lib/qubes/qrexec_client
|
||
|
|
||
|
if [ -z "$UPDATES_VM" ]; then
|
||
|
echo "UpdateVM not set, exiting!" >&2
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
if ! xl domid "$UPDATES_VM" > /dev/null 2>&1; then
|
||
|
echo "UpdateVM not started, exiting!"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
(
|
||
|
# Allow only one instance
|
||
|
flock --nonblock -s 200 || exit 1
|
||
|
/usr/lib/qubes/sync_rpmdb_updatevm.sh
|
||
|
while true; do
|
||
|
# Output of this script is UNTRUSTED!
|
||
|
$QREXEC_CLIENT -d $UPDATES_VM "user:/usr/lib/qubes/qubes_check_for_updates.sh" |\
|
||
|
while IFS=: read -n 819200 domain packages; do
|
||
|
if [ "x$domain" = "xtemplate" -a -n "$packages" ]; then
|
||
|
TEMPLATE_UPDATE_COUNT=`echo "$packages" | wc -w`
|
||
|
NOTIFY_UPDATE_COUNT=`cat /var/run/qubes/template_update_last_notify_count 2> /dev/null`
|
||
|
if [ "$NOTIFY_UPDATE_COUNT" != "$TEMPLATE_UPDATE_COUNT" ]; then
|
||
|
echo -n $TEMPLATE_UPDATE_COUNT > /var/run/qubes/template_update_last_notify_count
|
||
|
NOTIFY_PID=`cat /var/run/qubes/template_update_notify.pid 2> /dev/null`
|
||
|
if [ -z "$NOTIFY_PID" ] || ! kill -0 $NOTIFY_PID; then
|
||
|
# Actually this is for one TemplateVM, the base of
|
||
|
# UpdatesVM. But most likely this can apply to other
|
||
|
# templates too (based on the same system - Fedora 14
|
||
|
# currently)
|
||
|
NOTIFY_TITLE="Template update"
|
||
|
NOTIFY_TEXT="There are $TEMPLATE_UPDATE_COUNT updates available for TemplateVM"
|
||
|
NOTIFY_INFO="$NOTIFY_TEXT. Start TemplateVM to update it."
|
||
|
( zenity --notification --text "$NOTIFY_TEXT"; zenity --warning --title "$NOTIFY_TITLE" --text "$NOTIFY_INFO") &
|
||
|
echo $! > /var/run/qubes/template_update_notify.pid
|
||
|
fi
|
||
|
fi
|
||
|
elif [ "x$domain" = "dom0" -a -n "$packages" ]; then
|
||
|
PKGCOUNT=`echo -- "$packages" | wc -w`
|
||
|
if zenity --question --title="Qubes Dom0 updates" \
|
||
|
--text="$PKGCOUNT updates for dom0 available. Do you want to download its now?"; then
|
||
|
$QREXEC_CLIENT -d $UPDATES_VM "user:/usr/lib/qubes/qubes_download_dom0_updates.sh --doit"
|
||
|
# Wait for download completed
|
||
|
while pidof -x qubes-receive-updates >/dev/null; do sleep 0.5; done
|
||
|
# Yes, I know that it will block future checking for updates,
|
||
|
# but it is intentional (to not flood user with updates
|
||
|
# notification)
|
||
|
gpk-update-viewer
|
||
|
fi
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
# At the end synchronize clock
|
||
|
UNTRUSTED_CURRENT_TIME="`$QREXEC_CLIENT -d $UPDATES_VM 'user:date +%s.%N'`"
|
||
|
# I believe that date has safe input parsing...
|
||
|
sudo date -s "$UNTRUSTED_CURRENT_TIME"
|
||
|
sleep $UPDATES_SLEEP
|
||
|
done
|
||
|
|
||
|
|
||
|
) 200> /var/run/qubes/updates-watch-lock
|