diff --git a/dom0/aux-tools/qubes-watch-updates.sh b/dom0/aux-tools/qubes-watch-updates.sh new file mode 100755 index 00000000..9f5111f6 --- /dev/null +++ b/dom0/aux-tools/qubes-watch-updates.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +# 6h +UPDATES_SLEEP=21600 +UPDATES_VM=`qvm-get-updatevm` + +QREXEC_CLIENT=/usr/lib/qubes/qrexec_client + +if [ -z "$UPDATES_VM" ]; then + echo "UpdateVM not set, exiting!" >&2 + exit 1 +fi + +if ! xl domid "$UPDATES_VM" > /dev/null 2>&1; then + echo "UpdateVM not started, exiting!" + exit 1 +fi + +( +# Allow only one instance +flock --nonblock -s 200 || exit 1 +/usr/lib/qubes/sync_rpmdb_updatevm.sh +while true; do + # Output of this script is UNTRUSTED! + $QREXEC_CLIENT -d $UPDATES_VM "user:/usr/lib/qubes/qubes_check_for_updates.sh" |\ + while IFS=: read -n 819200 domain packages; do + if [ "x$domain" = "xtemplate" -a -n "$packages" ]; then + TEMPLATE_UPDATE_COUNT=`echo "$packages" | wc -w` + NOTIFY_UPDATE_COUNT=`cat /var/run/qubes/template_update_last_notify_count 2> /dev/null` + if [ "$NOTIFY_UPDATE_COUNT" != "$TEMPLATE_UPDATE_COUNT" ]; then + echo -n $TEMPLATE_UPDATE_COUNT > /var/run/qubes/template_update_last_notify_count + NOTIFY_PID=`cat /var/run/qubes/template_update_notify.pid 2> /dev/null` + if [ -z "$NOTIFY_PID" ] || ! kill -0 $NOTIFY_PID; then + # Actually this is for one TemplateVM, the base of + # UpdatesVM. But most likely this can apply to other + # templates too (based on the same system - Fedora 14 + # currently) + NOTIFY_TITLE="Template update" + NOTIFY_TEXT="There are $TEMPLATE_UPDATE_COUNT updates available for TemplateVM" + NOTIFY_INFO="$NOTIFY_TEXT. Start TemplateVM to update it." + ( zenity --notification --text "$NOTIFY_TEXT"; zenity --warning --title "$NOTIFY_TITLE" --text "$NOTIFY_INFO") & + echo $! > /var/run/qubes/template_update_notify.pid + fi + fi + elif [ "x$domain" = "dom0" -a -n "$packages" ]; then + PKGCOUNT=`echo -- "$packages" | wc -w` + if zenity --question --title="Qubes Dom0 updates" \ + --text="$PKGCOUNT updates for dom0 available. Do you want to download its now?"; then + $QREXEC_CLIENT -d $UPDATES_VM "user:/usr/lib/qubes/qubes_download_dom0_updates.sh --doit" + # Wait for download completed + while pidof -x qubes-receive-updates >/dev/null; do sleep 0.5; done + # Yes, I know that it will block future checking for updates, + # but it is intentional (to not flood user with updates + # notification) + gpk-update-viewer + fi + fi + done + + # At the end synchronize clock + UNTRUSTED_CURRENT_TIME="`$QREXEC_CLIENT -d $UPDATES_VM 'user:date +%s.%N'`" + # I believe that date has safe input parsing... + sudo date -s "$UNTRUSTED_CURRENT_TIME" + sleep $UPDATES_SLEEP +done + + +) 200> /var/run/qubes/updates-watch-lock diff --git a/dom0/qubes-update-watch.desktop b/dom0/qubes-update-watch.desktop new file mode 100644 index 00000000..56864613 --- /dev/null +++ b/dom0/qubes-update-watch.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Qubes Updates watch +Comment=Starts watching for dom0 updates +Icon=qubes +Exec=/usr/lib/qubes/qubes-watch-updates.sh +Terminal=false +Type=Application diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 93bbe8db..7f169de6 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -975,13 +975,6 @@ class QubesVm(object): print "--> Preparing config template for DispVM" self.create_config_file(file_path = self.dir_path + '/dvm.conf', prepare_dvm = True) - if qvm_collection.updatevm_qid == self.qid: - # Sync RPMDB - subprocess.call(["/usr/lib/qubes/sync_rpmdb_updatevm.sh"]) - # Start polling - subprocess.call([qrexec_client_path, '-d', str(xid), '-e', - "while true; do sleep %d; /usr/lib/qubes/qubes_download_dom0_updates.sh; done" % dom0_update_check_interval]) - # perhaps we should move it before unpause and fork? # FIXME: this uses obsolete xm api if debug_console: diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index e809551e..b29e7540 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -42,6 +42,7 @@ Conflicts: qubes-gui-dom0 < 1.1.13 Requires: yum-plugin-post-transaction-actions Requires: NetworkManager >= 0.8.1-1 Requires: xen >= 4.1.0-2 +Requires: createrepo %define _builddir %(pwd)/dom0 %description @@ -100,6 +101,7 @@ cp ../qrexec/qrexec_client $RPM_BUILD_ROOT/usr/lib/qubes/ cp ../qrexec/qrexec_policy $RPM_BUILD_ROOT/usr/lib/qubes/ cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/ cp aux-tools/qubes-receive-updates $RPM_BUILD_ROOT/usr/lib/qubes/ +cp aux-tools/qubes-watch-updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/ mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy cp ../appvm/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy @@ -169,6 +171,7 @@ install -m 0440 qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes install -d $RPM_BUILD_ROOT/etc/xdg/autostart install -m 0644 qubes-guid.desktop $RPM_BUILD_ROOT/etc/xdg/autostart/ +install -m 0644 qubes-update-watch.desktop $RPM_BUILD_ROOT/etc/xdg/autostart/ %post @@ -228,7 +231,6 @@ done # and we decided not to restart core during upgrade #service qubes_core start - if [ "x"$HAD_SYSCONFIG_NETWORK = "xno" ]; then rm -f /etc/sysconfig/network fi @@ -305,6 +307,7 @@ fi /usr/lib/qubes/sync_rpmdb_updatevm.sh /usr/lib/qubes/qubes-receive-updates %attr(4750,root,qubes) /usr/lib/qubes/qfile-dom0-unpacker +/usr/lib/qubes/qubes-watch-updates.sh %attr(770,root,qubes) %dir /var/lib/qubes %attr(770,root,qubes) %dir /var/lib/qubes/vm-templates %attr(770,root,qubes) %dir /var/lib/qubes/appvms @@ -353,5 +356,6 @@ fi /etc/yum.real.repos.d/qubes-cached.repo /etc/sudoers.d/qubes /etc/xdg/autostart/qubes-guid.desktop +/etc/xdg/autostart/qubes-update-watch.desktop /etc/security/limits.d/99-qubes.conf /etc/yum/post-actions/qubes_sync_rpmdb_updatevm.action