backups: hide VM names in encrypted backup

Even when encrypted backup is selected, file list isn't encrypted. Do
not leak VM names in the filenames.
This commit is contained in:
Marek Marczykowski-Górecki 2013-11-27 03:19:23 +01:00
parent 8bdea5b0ab
commit 10100767da
2 changed files with 43 additions and 27 deletions

View File

@ -50,19 +50,23 @@ def get_disk_usage(file_or_dir):
return sz return sz
def file_to_backup (file_path, sz = None): def file_to_backup (file_path, subdir = None):
if sz is None: sz = get_disk_usage (file_path)
sz = get_disk_usage (file_path)
abs_file_path = os.path.abspath (file_path) if subdir is None:
abs_base_dir = os.path.abspath (system_path["qubes_base_dir"]) + '/' abs_file_path = os.path.abspath (file_path)
abs_file_dir = os.path.dirname (abs_file_path) + '/' abs_base_dir = os.path.abspath (system_path["qubes_base_dir"]) + '/'
(nothing, dir, subdir) = abs_file_dir.partition (abs_base_dir) abs_file_dir = os.path.dirname (abs_file_path) + '/'
assert nothing == "" (nothing, dir, subdir) = abs_file_dir.partition (abs_base_dir)
assert dir == abs_base_dir assert nothing == ""
assert dir == abs_base_dir
else:
if len(subdir) > 0 and not subdir.endswith('/'):
subdir += '/'
return [ { "path" : file_path, "size": sz, "subdir": subdir} ] return [ { "path" : file_path, "size": sz, "subdir": subdir} ]
def backup_prepare(vms_list = None, exclude_list = [], print_callback = print_stdout): def backup_prepare(vms_list = None, exclude_list = [],
print_callback = print_stdout, hide_vm_names=True):
"""If vms = None, include all (sensible) VMs; exclude_list is always applied""" """If vms = None, include all (sensible) VMs; exclude_list is always applied"""
files_to_backup = file_to_backup (system_path["qubes_store_filename"]) files_to_backup = file_to_backup (system_path["qubes_store_filename"])
@ -119,33 +123,36 @@ def backup_prepare(vms_list = None, exclude_list = [], print_callback = print_st
# handle templates later # handle templates later
continue continue
if hide_vm_names:
subdir = 'vm%d' % vm.qid
else:
subdir = None
if vm.private_img is not None: if vm.private_img is not None:
vm_sz = vm.get_disk_usage (vm.private_img) files_to_backup += file_to_backup(vm.private_img, subdir)
files_to_backup += file_to_backup(vm.private_img, vm_sz )
if vm.is_appvm(): if vm.is_appvm():
files_to_backup += file_to_backup(vm.icon_path) files_to_backup += file_to_backup(vm.icon_path, subdir)
if vm.updateable: if vm.updateable:
if os.path.exists(vm.dir_path + "/apps.templates"): if os.path.exists(vm.dir_path + "/apps.templates"):
# template # template
files_to_backup += file_to_backup(vm.dir_path + "/apps.templates") files_to_backup += file_to_backup(vm.dir_path + "/apps.templates", subdir)
else: else:
# standaloneVM # standaloneVM
files_to_backup += file_to_backup(vm.dir_path + "/apps") files_to_backup += file_to_backup(vm.dir_path + "/apps", subdir)
if os.path.exists(vm.dir_path + "/kernels"): if os.path.exists(vm.dir_path + "/kernels"):
files_to_backup += file_to_backup(vm.dir_path + "/kernels") files_to_backup += file_to_backup(vm.dir_path + "/kernels", subdir)
if os.path.exists (vm.firewall_conf): if os.path.exists (vm.firewall_conf):
files_to_backup += file_to_backup(vm.firewall_conf) files_to_backup += file_to_backup(vm.firewall_conf, subdir)
if 'appmenus_whitelist' in vm_files and \ if 'appmenus_whitelist' in vm_files and \
os.path.exists(os.path.join(vm.dir_path, vm_files['appmenus_whitelist'])): os.path.exists(os.path.join(vm.dir_path, vm_files['appmenus_whitelist'])):
files_to_backup += file_to_backup( files_to_backup += file_to_backup(
os.path.join(vm.dir_path, vm_files['appmenus_whitelist'])) os.path.join(vm.dir_path, vm_files['appmenus_whitelist']),
subdir)
if vm.updateable: if vm.updateable:
sz = vm.get_disk_usage(vm.root_img) files_to_backup += file_to_backup(vm.root_img, subdir)
files_to_backup += file_to_backup(vm.root_img, sz)
vm_sz += sz
s = "" s = ""
fmt="{{0:>{0}}} |".format(fields_to_display[0]["width"] + 1) fmt="{{0:>{0}}} |".format(fields_to_display[0]["width"] + 1)
@ -158,7 +165,7 @@ def backup_prepare(vms_list = None, exclude_list = [], print_callback = print_st
s += fmt.format("AppVM" + (" + Sys" if vm.updateable else "")) s += fmt.format("AppVM" + (" + Sys" if vm.updateable else ""))
fmt="{{0:>{0}}} |".format(fields_to_display[2]["width"] + 1) fmt="{{0:>{0}}} |".format(fields_to_display[2]["width"] + 1)
s += fmt.format(size_to_human(vm_sz)) s += fmt.format(size_to_human(vm.get_disk_utilization()))
if vm.is_running(): if vm.is_running():
s += " <-- The VM is running, please shut it down before proceeding with the backup!" s += " <-- The VM is running, please shut it down before proceeding with the backup!"
@ -171,9 +178,12 @@ def backup_prepare(vms_list = None, exclude_list = [], print_callback = print_st
# already handled # already handled
continue continue
vm_sz = vm.get_disk_utilization() vm_sz = vm.get_disk_utilization()
template_subdir = os.path.relpath( if hide_vm_names:
vm.dir_path, template_subdir = 'vm%d' % vm.qid
system_path["qubes_base_dir"]) + '/' else:
template_subdir = os.path.relpath(
vm.dir_path,
system_path["qubes_base_dir"]) + '/'
template_to_backup = [ { template_to_backup = [ {
"path": vm.dir_path + '/.', "path": vm.dir_path + '/.',
"size": vm_sz, "size": vm_sz,
@ -204,7 +214,10 @@ def backup_prepare(vms_list = None, exclude_list = [], print_callback = print_st
if vm.qid in vms_for_backup_qid: if vm.qid in vms_for_backup_qid:
vm.backup_content = True vm.backup_content = True
vm.backup_size = vm.get_disk_utilization() vm.backup_size = vm.get_disk_utilization()
vm.backup_path = os.path.relpath(vm.dir_path, system_path["qubes_base_dir"]) if hide_vm_names:
vm.backup_path = 'vm%d' % vm.qid
else:
vm.backup_path = os.path.relpath(vm.dir_path, system_path["qubes_base_dir"])
# Dom0 user home # Dom0 user home
if not 'dom0' in exclude_list: if not 'dom0' in exclude_list:

View File

@ -72,7 +72,10 @@ def main():
files_to_backup = None files_to_backup = None
try: try:
files_to_backup = backup_prepare(vms_list=vms, exclude_list=options.exclude_list) files_to_backup = backup_prepare(
vms_list=vms,
exclude_list=options.exclude_list,
hide_vm_names=options.encrypt)
except QubesException as e: except QubesException as e:
print >>sys.stderr, "ERROR: %s" % str(e) print >>sys.stderr, "ERROR: %s" % str(e)
exit(1) exit(1)