dom0: watch for updates from dom0 (#198)

Additionally synchronize clock every 6h. This is started by xdg-autostart (not
qvm-core) to have running Xorg - needed to prompt user for updates download.

dom0/aux-tools/qubes-watch-updates.sh

@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# 6h
+UPDATES_SLEEP=21600
+UPDATES_VM=`qvm-get-updatevm`
+
+QREXEC_CLIENT=/usr/lib/qubes/qrexec_client
+
+if [ -z "$UPDATES_VM" ]; then
+    echo "UpdateVM not set, exiting!" >&2
+    exit 1
+fi
+
+if ! xl domid "$UPDATES_VM" > /dev/null 2>&1; then
+    echo "UpdateVM not started, exiting!"
+    exit 1
+fi
+
+(
+# Allow only one instance
+flock --nonblock -s 200 || exit 1
+/usr/lib/qubes/sync_rpmdb_updatevm.sh
+while true; do
+    # Output of this script is UNTRUSTED!
+    $QREXEC_CLIENT -d $UPDATES_VM "user:/usr/lib/qubes/qubes_check_for_updates.sh" |\
+    while IFS=: read -n 819200 domain packages; do
+        if [ "x$domain" = "xtemplate" -a -n "$packages" ]; then
+            TEMPLATE_UPDATE_COUNT=`echo "$packages" | wc -w`
+            NOTIFY_UPDATE_COUNT=`cat /var/run/qubes/template_update_last_notify_count 2> /dev/null`
+            if [ "$NOTIFY_UPDATE_COUNT" != "$TEMPLATE_UPDATE_COUNT" ]; then
+                echo -n $TEMPLATE_UPDATE_COUNT > /var/run/qubes/template_update_last_notify_count
+                NOTIFY_PID=`cat /var/run/qubes/template_update_notify.pid 2> /dev/null`
+                if [ -z "$NOTIFY_PID" ] || ! kill -0 $NOTIFY_PID; then
+                    # Actually this is for one TemplateVM, the base of
+                    # UpdatesVM. But most likely this can apply to other
+                    # templates too (based on the same system - Fedora 14
+                    # currently)
+                    NOTIFY_TITLE="Template update"
+                    NOTIFY_TEXT="There are $TEMPLATE_UPDATE_COUNT updates available for TemplateVM"
+                    NOTIFY_INFO="$NOTIFY_TEXT. Start TemplateVM to update it."
+                    ( zenity --notification --text "$NOTIFY_TEXT"; zenity --warning --title "$NOTIFY_TITLE" --text "$NOTIFY_INFO") &
+                    echo $! > /var/run/qubes/template_update_notify.pid
+                fi
+            fi
+        elif [ "x$domain" = "dom0" -a -n "$packages" ]; then
+            PKGCOUNT=`echo -- "$packages" | wc -w`
+            if zenity --question --title="Qubes Dom0 updates" \
+               --text="$PKGCOUNT updates for dom0 available. Do you want to download its now?"; then
+                $QREXEC_CLIENT -d $UPDATES_VM "user:/usr/lib/qubes/qubes_download_dom0_updates.sh --doit"
+                # Wait for download completed
+                while pidof -x qubes-receive-updates >/dev/null; do sleep 0.5; done
+                # Yes, I know that it will block future checking for updates,
+                # but it is intentional (to not flood user with updates
+                # notification)
+                gpk-update-viewer
+            fi
+        fi
+    done
+    
+    # At the end synchronize clock
+    UNTRUSTED_CURRENT_TIME="`$QREXEC_CLIENT -d $UPDATES_VM 'user:date +%s.%N'`"
+    # I believe that date has safe input parsing...
+    sudo date -s "$UNTRUSTED_CURRENT_TIME"
+    sleep $UPDATES_SLEEP
+done
+
+
+) 200> /var/run/qubes/updates-watch-lock

dom0/qubes-update-watch.desktop

@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=Qubes Updates watch
+Comment=Starts watching for dom0 updates
+Icon=qubes
+Exec=/usr/lib/qubes/qubes-watch-updates.sh
+Terminal=false
+Type=Application

dom0/qvm-core/qubes.py

@@ -975,13 +975,6 @@ class QubesVm(object):
                 print "--> Preparing config template for DispVM"
             self.create_config_file(file_path = self.dir_path + '/dvm.conf', prepare_dvm = True)
 
-        if qvm_collection.updatevm_qid == self.qid:
-            # Sync RPMDB
-            subprocess.call(["/usr/lib/qubes/sync_rpmdb_updatevm.sh"])
-            # Start polling
-            subprocess.call([qrexec_client_path, '-d', str(xid), '-e',
-                    "while true; do sleep %d; /usr/lib/qubes/qubes_download_dom0_updates.sh; done" % dom0_update_check_interval])
-
         # perhaps we should move it before unpause and fork?
         # FIXME: this uses obsolete xm api
         if debug_console:

rpm_spec/core-dom0.spec

@@ -42,6 +42,7 @@ Conflicts:      qubes-gui-dom0 < 1.1.13
 Requires:       yum-plugin-post-transaction-actions
 Requires:       NetworkManager >= 0.8.1-1
 Requires:       xen >= 4.1.0-2
+Requires:       createrepo
 %define _builddir %(pwd)/dom0
 
 %description
@@ -100,6 +101,7 @@ cp ../qrexec/qrexec_client $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../qrexec/qrexec_policy $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qubes-receive-updates $RPM_BUILD_ROOT/usr/lib/qubes/
+cp aux-tools/qubes-watch-updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
 
 mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy
 cp ../appvm/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy
@@ -169,6 +171,7 @@ install -m 0440 qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
 
 install -d $RPM_BUILD_ROOT/etc/xdg/autostart
 install -m 0644 qubes-guid.desktop $RPM_BUILD_ROOT/etc/xdg/autostart/
+install -m 0644 qubes-update-watch.desktop $RPM_BUILD_ROOT/etc/xdg/autostart/
 
 %post
 
@@ -228,7 +231,6 @@ done
 # and we decided not to restart core during upgrade
 #service qubes_core start
 
-
 if [ "x"$HAD_SYSCONFIG_NETWORK = "xno" ]; then
     rm -f /etc/sysconfig/network
 fi
@@ -305,6 +307,7 @@ fi
 /usr/lib/qubes/sync_rpmdb_updatevm.sh
 /usr/lib/qubes/qubes-receive-updates
 %attr(4750,root,qubes) /usr/lib/qubes/qfile-dom0-unpacker
+/usr/lib/qubes/qubes-watch-updates.sh
 %attr(770,root,qubes) %dir /var/lib/qubes
 %attr(770,root,qubes) %dir /var/lib/qubes/vm-templates
 %attr(770,root,qubes) %dir /var/lib/qubes/appvms
@@ -353,5 +356,6 @@ fi
 /etc/yum.real.repos.d/qubes-cached.repo
 /etc/sudoers.d/qubes
 /etc/xdg/autostart/qubes-guid.desktop
+/etc/xdg/autostart/qubes-update-watch.desktop
 /etc/security/limits.d/99-qubes.conf
 /etc/yum/post-actions/qubes_sync_rpmdb_updatevm.action