From 981549fad8f27fbe2483077a2eb381e9e2de1bad Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 12 Nov 2012 13:44:10 +0100 Subject: [PATCH 01/15] vm/dispvm: use of user-provided DispVM settings (#651) When /rw/home/user/.qubes-dispvm-customized is present use /rw/home/user instead of default /etc/dispvm-dotfiles.tbz. Also make sure that /rw will not remain mounted during DispVM creation. --- misc/dispvm-prerun.sh | 13 +++++++++++-- vm-init.d/qubes_core_appvm | 4 +++- vm-systemd/misc-post.sh | 2 +- vm-systemd/prepare-dvm.sh | 4 +++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/misc/dispvm-prerun.sh b/misc/dispvm-prerun.sh index c0453f22..fc071e74 100755 --- a/misc/dispvm-prerun.sh +++ b/misc/dispvm-prerun.sh @@ -2,7 +2,12 @@ apps="evince /usr/libexec/evinced soffice firefox" -cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >/tmp/dispvm-dotfiles-errors.log +#If user have customized DispVM settings, use its home instead of default dotfiles +if [ -e /rw/home/user/.qubes-dispvm-customized ]; then + cp -af /rw/home/user /home/ +else + cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >/tmp/dispvm-dotfiles-errors.log +fi for app in $apps ; do echo "Launching: $app..." @@ -22,6 +27,10 @@ done ps ax > /tmp/dispvm-prerun-proclist.log -cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >>/tmp/dispvm-dotfiles-errors.log +if [ -e /rw/home/user/.qubes-dispvm-customized ]; then + cp -af /rw/home/user /home/ +else + cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >>/tmp/dispvm-dotfiles-errors.log +fi echo done. diff --git a/vm-init.d/qubes_core_appvm b/vm-init.d/qubes_core_appvm index ebd3e010..a0cfe062 100755 --- a/vm-init.d/qubes_core_appvm +++ b/vm-init.d/qubes_core_appvm @@ -46,8 +46,10 @@ start() if xenstore-read qubes_save_request 2>/dev/null ; then ln -sf /home_volatile /home - possibly_run_save_script touch /etc/this_is_dvm + mount /rw + possibly_run_save_script + umount /rw dmesg -c >/dev/null free | grep Mem: | (read a b c d ; xenstore-write device/qubes_used_mem $c) diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh index 7db58d2c..df4c8a4d 100755 --- a/vm-systemd/misc-post.sh +++ b/vm-systemd/misc-post.sh @@ -12,7 +12,7 @@ fi # xenstore-read fails INTERFACE=eth0 /usr/lib/qubes/setup_ip -if [ -e /dev/xvdb ] ; then +if [ -e /dev/xvdb -a ! -e /etc/this_is_dvm ] ; then mount /rw if ! [ -d /rw/home ] ; then diff --git a/vm-systemd/prepare-dvm.sh b/vm-systemd/prepare-dvm.sh index d0f45709..2229afc7 100755 --- a/vm-systemd/prepare-dvm.sh +++ b/vm-systemd/prepare-dvm.sh @@ -14,8 +14,10 @@ possibly_run_save_script() if xenstore-read qubes_save_request 2>/dev/null ; then ln -sf /home_volatile /home - possibly_run_save_script touch /etc/this_is_dvm + mount /rw + possibly_run_save_script + umount /rw dmesg -c >/dev/null free | grep Mem: | (read a b c d ; xenstore-write device/qubes_used_mem $c) From 9396c25568e91e21fbf07f538b76db22dfc4806b Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 12 Nov 2012 14:08:09 +0100 Subject: [PATCH 02/15] version 2.1.2 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 3e3c2f1e..eca07e4c 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -2.1.1 +2.1.2 diff --git a/version_vm b/version_vm index 3e3c2f1e..eca07e4c 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -2.1.1 +2.1.2 From 504b37e378b97e89650a62fa80555b668f7e2306 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 13 Nov 2012 03:45:12 +0100 Subject: [PATCH 03/15] dom0/spec: remove obsoleted patch_appvm_initramfs.sh For a long time dracut module is used instead. --- dom0/aux-tools/patch_appvm_initramfs.sh | 82 ------------------------- rpm_spec/core-dom0.spec | 2 - 2 files changed, 84 deletions(-) delete mode 100755 dom0/aux-tools/patch_appvm_initramfs.sh diff --git a/dom0/aux-tools/patch_appvm_initramfs.sh b/dom0/aux-tools/patch_appvm_initramfs.sh deleted file mode 100755 index f43b20c5..00000000 --- a/dom0/aux-tools/patch_appvm_initramfs.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Joanna Rutkowska -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -# -# This script can be used to patch the initramfs of the Qubes AppVM -# It inserts an additional script that is responsible for setting up -# COW-based root fs and VM private fs -# - -INITRAMFS=$1 -INITRAMFS_QUBES=$2 -QUBES_COW_SETUP_FILE=$3 - - -TMP_DIR=`mktemp -d /tmp/qubes-initramfs-patching-XXXXXXX` - -if [ $# != 3 ] ; then - echo "usage: $0 " - exit 0 -fi - -if [ x$INITRAMFS = x ] ; then - echo "INITRAMFS missing!" - exit 1 -fi - -if [ x$INITRAMFS_QUBES = x ] ; then - echo "INITRAMFS_QUBES missing!" - exit 1 -fi - -if [ x$QUBES_COW_SETUP_FILE = x ] ; then - echo "$QUBES_COW_SETUP_FILE missing!" - exit 1 -fi - - -ID=$(id -ur) - -if [ $ID != 0 ] ; then - echo "This script should be run as root user. Apparently the initramfs files must have root.root owener..." - exit 1 -fi - -mkdir $TMP_DIR/initramfs.qubes || exit 1 - -cp $INITRAMFS $TMP_DIR/initramfs.cpio.gz - -pushd $TMP_DIR/initramfs.qubes - -gunzip < ../initramfs.cpio.gz | cpio -i --quiet || exit 1 - -cp $QUBES_COW_SETUP_FILE pre-udev/90_qubes_cow_setup.sh || exit 1 - -find ./ | cpio -H newc -o --quiet > $TMP_DIR/initramfs.qubes.cpio || exit 1 - -popd - -gzip $TMP_DIR/initramfs.qubes.cpio || exit 1 - -mv $TMP_DIR/initramfs.qubes.cpio.gz $INITRAMFS_QUBES || exit 1 - -rm -fr $TMP_DIR || exit 1 diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 6845cf31..129be25b 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -99,7 +99,6 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/qubes cp misc/qmemman.conf $RPM_BUILD_ROOT%{_sysconfdir}/qubes/ mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes -cp aux-tools/patch_appvm_initramfs.sh $RPM_BUILD_ROOT/usr/lib/qubes cp aux-tools/unbind_pci_device.sh $RPM_BUILD_ROOT/usr/lib/qubes cp aux-tools/unbind_all_network_devices $RPM_BUILD_ROOT/usr/lib/qubes cp aux-tools/convert_apptemplate2vm.sh $RPM_BUILD_ROOT/usr/lib/qubes @@ -357,7 +356,6 @@ fi %{python_sitearch}/qubes/__init__.pyc %{python_sitearch}/qubes/__init__.pyo %{python_sitearch}/qubes/qmemman*.py* -/usr/lib/qubes/patch_appvm_initramfs.sh /usr/lib/qubes/unbind_pci_device.sh /usr/lib/qubes/unbind_all_network_devices /usr/lib/qubes/cleanup_dispvms From d3f1860bd0503221894bf97e869782538d7fd48b Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 13 Nov 2012 04:00:51 +0100 Subject: [PATCH 04/15] dom0: use default user in "DispVM: Web browser" launcher (#577) --- dom0/misc/qubes-dispvm-firefox.desktop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom0/misc/qubes-dispvm-firefox.desktop b/dom0/misc/qubes-dispvm-firefox.desktop index 021bda61..6e36ffd8 100644 --- a/dom0/misc/qubes-dispvm-firefox.desktop +++ b/dom0/misc/qubes-dispvm-firefox.desktop @@ -1,7 +1,7 @@ [Desktop Entry] Version=1.0 Type=Application -Exec=sh -c 'echo firefox | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 user red' +Exec=sh -c 'echo firefox | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red' Icon=/usr/share/qubes/icons/dispvm-red.png Terminal=false Name=DispVM: Firefox web browser From f47f8e7c8f324ab96173d414627fbabe9fe47d3b Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 13 Nov 2012 04:02:49 +0100 Subject: [PATCH 05/15] dom0/dispvm: enable use of default_user setting for DispVM (#577) --- dom0/restore/qfile-daemon-dvm | 1 + dom0/restore/qubes_restore.c | 22 ++++++++++++++-------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/dom0/restore/qfile-daemon-dvm b/dom0/restore/qfile-daemon-dvm index 59b492f9..8b2a195b 100755 --- a/dom0/restore/qfile-daemon-dvm +++ b/dom0/restore/qfile-daemon-dvm @@ -68,6 +68,7 @@ class QfileDaemonDvm: retcode = subprocess.call(['/usr/lib/qubes/qubes_restore', current_savefile, current_dvm_conf, + '-u', str(vm.default_user), '-c', label.color, '-i', label.icon, '-l', str(label.index)]) diff --git a/dom0/restore/qubes_restore.c b/dom0/restore/qubes_restore.c index 25a09ba2..f3492851 100644 --- a/dom0/restore/qubes_restore.c +++ b/dom0/restore/qubes_restore.c @@ -139,7 +139,7 @@ void preload_cache(int fd) } } -void start_rexec(int domid) +void start_rexec(int domid, char *default_user) { int pid, status; char dstr[40]; @@ -150,7 +150,7 @@ void start_rexec(int domid) exit(1); case 0: execl("/usr/lib/qubes/qrexec_daemon", "qrexec_daemon", - dstr, NULL); + dstr, default_user, NULL); perror("execl"); exit(1); default:; @@ -171,9 +171,9 @@ void start_guid(int domid, int argc, char **argv) guid_args[0] = "qubes_guid"; guid_args[1] = "-d"; guid_args[2] = dstr; - for (i = 3; i < argc; i++) - guid_args[i] = argv[i]; - guid_args[argc] = NULL; + for (i = 0; i < argc; i++) + guid_args[i+3] = argv[i]; + guid_args[argc+3] = NULL; execv("/usr/bin/qubes_guid", guid_args); perror("execv"); } @@ -434,9 +434,11 @@ int main(int argc, char **argv) FILE *conf; char *name; char confname[256]; + char *default_user = NULL; + int guid_args_start = 3; if (argc < 3) { fprintf(stderr, - "usage: %s savefile conf_templ [guid args] \n", argv[0]); + "usage: %s savefile conf_templ [-u default_user] [guid args] \n", argv[0]); exit(1); } redirect_stderr(); @@ -448,6 +450,10 @@ int main(int argc, char **argv) perror("fopen vm conf"); exit(1); } + if (argc > 4 && strcmp(argv[3], "-u")==0) { + default_user = argv[4]; + guid_args_start += 2; + } dispid = get_next_disposable_id(); name = get_vmname_from_savefile(conf_templ); netvm_id = get_netvm_id_from_name(name); @@ -472,7 +478,7 @@ int main(int argc, char **argv) setup_xenstore(netvm_id, domid, dispid, name); fprintf(stderr, "time=%s, starting qubes_guid\n", gettime()); rm_fast_flag(); - start_rexec(domid); - start_guid(domid, argc, argv); + start_rexec(domid, default_user); + start_guid(domid, argc-guid_args_start, argv+guid_args_start); return 0; } From 69b803f286d248ac77f6e217575822a5b6c99e40 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 13 Nov 2012 04:03:30 +0100 Subject: [PATCH 06/15] dom0/appmenus-receive: use common API for running commands in VM Do not use qrexec_client directly. --- dom0/qubes_rpc/qubes-receive-appmenus | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/dom0/qubes_rpc/qubes-receive-appmenus b/dom0/qubes_rpc/qubes-receive-appmenus index 14515b63..97fcc796 100755 --- a/dom0/qubes_rpc/qubes-receive-appmenus +++ b/dom0/qubes_rpc/qubes-receive-appmenus @@ -47,11 +47,11 @@ fields_regexp = { "Exec": re.compile(r"^[a-zA-Z0-9%>/:.= -]*$"), } -def get_appmenus(xid): +def get_appmenus(vm): global appmenus_line_count global appmenus_line_size untrusted_appmenulist = [] - if xid == -1: + if vm is None: while appmenus_line_count > 0: untrusted_line = sys.stdin.readline(appmenus_line_size) if untrusted_line == "": @@ -61,8 +61,7 @@ def get_appmenus(xid): if appmenus_line_count == 0: raise QubesException("Line count limit exceeded") else: - p = subprocess.Popen ([qrexec_client_path, '-d', str(xid), - 'user:QUBESRPC qubes.GetAppmenus dom0'], stdout=subprocess.PIPE) + p = vm.run('DEFAULT:QUBESRPC qubes.GetAppmenus dom0', passio_popen=True) while appmenus_line_count > 0: untrusted_line = p.stdout.readline(appmenus_line_size) if untrusted_line == "": @@ -184,14 +183,10 @@ def main(): new_appmenus = {} if env_vmname is None: - # Get appmenus from VM - xid = vm.get_xid() - assert xid > 0 - - new_appmenus = get_appmenus(xid) + new_appmenus = get_appmenus(vm) else: options.verbose = False - new_appmenus = get_appmenus(-1) + new_appmenus = get_appmenus(None) if len(new_appmenus) == 0: print >>sys.stderr, "ERROR: No appmenus received, terminating" From e8e14f3fadb21e151c45fa9d7e3234b532951e2c Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 13 Nov 2012 04:28:09 +0100 Subject: [PATCH 07/15] dom0/core: API CHANGE: pass username as keyword param to vm.run() (#577) Get rid of ugly embedding username into commandline. This will make much easier avoid hardcoding username in dom0 code. Currently dom0 is free of hardcoded "user" username ("root" still is used). --- dom0/qubes_rpc/qubes-receive-appmenus | 2 +- dom0/qvm-core/qubes.py | 18 ++++++++++-------- dom0/qvm-tools/qvm-run | 9 ++------- dom0/qvm-tools/qvm-sync-clock | 8 ++++---- misc/xl-qvm-usb-attach.py | 2 +- misc/xl-qvm-usb-detach.py | 2 +- 6 files changed, 19 insertions(+), 22 deletions(-) diff --git a/dom0/qubes_rpc/qubes-receive-appmenus b/dom0/qubes_rpc/qubes-receive-appmenus index 97fcc796..860c221b 100755 --- a/dom0/qubes_rpc/qubes-receive-appmenus +++ b/dom0/qubes_rpc/qubes-receive-appmenus @@ -61,7 +61,7 @@ def get_appmenus(vm): if appmenus_line_count == 0: raise QubesException("Line count limit exceeded") else: - p = vm.run('DEFAULT:QUBESRPC qubes.GetAppmenus dom0', passio_popen=True) + p = vm.run('QUBESRPC qubes.GetAppmenus dom0', passio_popen=True) while appmenus_line_count > 0: untrusted_line = p.stdout.readline(appmenus_line_size) if untrusted_line == "": diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 82d6fbf7..7603c166 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -778,8 +778,8 @@ class QubesVm(object): # resize loop device subprocess.check_call(["sudo", "losetup", "--set-capacity", loop_dev]) - retcode = self.run("root:while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) + - "head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", wait=True) + retcode = self.run("while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) + + "head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", user="root", wait=True) else: retcode = subprocess.check_call(["sudo", "resize2fs", "-f", self.private_img]) if retcode != 0: @@ -1326,13 +1326,15 @@ class QubesVm(object): return conf - def run(self, command, verbose = True, autostart = False, notify_function = None, passio = False, passio_popen = False, passio_stderr=False, ignore_stderr=False, localcmd = None, wait = False, gui = True): - """command should be in form 'user:cmdline' + def run(self, command, user = None, verbose = True, autostart = False, notify_function = None, passio = False, passio_popen = False, passio_stderr=False, ignore_stderr=False, localcmd = None, wait = False, gui = True): + """command should be in form 'cmdline' When passio_popen=True, popen object with stdout connected to pipe. When additionally passio_stderr=True, stderr also is connected to pipe. When ignore_stderr=True, stderr is connected to /dev/null. """ + if user is None: + user = self.default_user null = None if not self.is_running(): if not autostart: @@ -1354,7 +1356,7 @@ class QubesVm(object): if gui and os.getenv("DISPLAY") is not None and not self.is_guid_running(): self.start_guid(verbose = verbose, notify_function = notify_function) - args = [qrexec_client_path, "-d", str(xid), command] + args = [qrexec_client_path, "-d", str(xid), "%s:%s" % (user, command)] if localcmd is not None: args += [ "-l", localcmd] if passio: @@ -1437,7 +1439,7 @@ class QubesVm(object): if verbose: print >> sys.stderr, "--> Waiting for qubes-session..." - self.run('%s:echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d' % self.default_user, ignore_stderr=True, gui=False, wait=True) + self.run('echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d', ignore_stderr=True, gui=False, wait=True) retcode = subprocess.call([qubes_clipd_path]) if retcode != 0: @@ -1895,7 +1897,7 @@ class QubesNetVm(QubesVm): # force frontend to forget about this device # module actually will be loaded back by udev, as soon as network is attached - vm.run("root:modprobe -r xen-netfront xennet") + vm.run("modprobe -r xen-netfront xennet", user="root") try: vm.attach_network(wait=False) @@ -2474,7 +2476,7 @@ class QubesHVm(QubesVm): if kwargs.get('verbose'): print >> sys.stderr, "--> Waiting for user '%s' login..." % self.default_user - p = self.run('SYSTEM:QUBESRPC qubes.WaitForSession', passio_popen=True, gui=False, wait=True) + p = self.run('QUBESRPC qubes.WaitForSession', user="SYSTEM", passio_popen=True, gui=False, wait=True) p.communicate(input=self.default_user) retcode = subprocess.call([qubes_clipd_path]) diff --git a/dom0/qvm-tools/qvm-run b/dom0/qvm-tools/qvm-run index 6ed9f747..ddfa8406 100755 --- a/dom0/qvm-tools/qvm-run +++ b/dom0/qvm-tools/qvm-run @@ -85,6 +85,7 @@ def vm_run_cmd(vm, cmd, options): return vm.run(cmd, autostart = options.auto, verbose = options.verbose, + user = options.user, notify_function = tray_notify_generic if options.tray else None, passio = options.passio, localcmd = options.localcmd, gui = options.gui) except QubesException as err: @@ -194,13 +195,7 @@ def main(): vms_list.append(vm) for vm in vms_list: - if takes_cmd_argument: - cmd = "{user}:{cmd}".format(user=options.user if options.user else vm.default_user, cmd=cmdstr) - else: - cmd = None - - vm_run_cmd(vm, cmd, options) - + vm_run_cmd(vm, cmdstr, options) if options.wait_for_shutdown: if options.verbose: diff --git a/dom0/qvm-tools/qvm-sync-clock b/dom0/qvm-tools/qvm-sync-clock index 08a537fa..9378b29d 100755 --- a/dom0/qvm-tools/qvm-sync-clock +++ b/dom0/qvm-tools/qvm-sync-clock @@ -64,15 +64,15 @@ def main(): # Ignore retcode, try even if nm-online failed - user can setup network manually # on-online has timeout 30sec by default - net_vm.run('DEFAULT:nm-online -x', verbose=verbose, wait=True, ignore_stderr=True) + net_vm.run('nm-online -x', verbose=verbose, wait=True, ignore_stderr=True) # Sync clock - if clock_vm.run('root:QUBESRPC qubes.SyncNtpClock dom0', verbose=verbose, wait=True, ignore_stderr=True) != 0: + if clock_vm.run('QUBESRPC qubes.SyncNtpClock dom0', user="root", verbose=verbose, wait=True, ignore_stderr=True) != 0: print >> sys.stderr, 'Time sync failed, aborting!' sys.exit(1) # Use the date format based on RFC2822 to avoid localisation issues - p = clock_vm.run('DEFAULT:date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True) + p = clock_vm.run('date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True) date_out = p.stdout.read(100) date_out = date_out.strip() if not re.match(r'^[A-Za-z]+[,] [0-9][0-9] [A-Za-z]+ [0-9][0-9][0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [+]0000$', date_out): @@ -92,7 +92,7 @@ def main(): if verbose: print >> sys.stderr, '--> Syncing \'%s\' clock.' % vm.name try: - vm.run('root:date -u -R -s "%s"' % date_out, verbose=verbose) + vm.run('date -u -R -s "%s"' % date_out, user="root", verbose=verbose) except Exception as e: print >> sys.stderr, "ERROR syncing time in VM '%s': %s" % (vm.name, str(e)) pass diff --git a/misc/xl-qvm-usb-attach.py b/misc/xl-qvm-usb-attach.py index e854229f..58ac2a8c 100755 --- a/misc/xl-qvm-usb-attach.py +++ b/misc/xl-qvm-usb-attach.py @@ -45,4 +45,4 @@ else: qvm_collection.unlock_db() # launch - qvm_collection.get_vm_by_name(backendvm_name).run("root: %s" % cmd) + qvm_collection.get_vm_by_name(backendvm_name).run(cmd, user="root") diff --git a/misc/xl-qvm-usb-detach.py b/misc/xl-qvm-usb-detach.py index 478d8bb5..e32fe479 100755 --- a/misc/xl-qvm-usb-detach.py +++ b/misc/xl-qvm-usb-detach.py @@ -41,7 +41,7 @@ else: qvm_collection.unlock_db() # launch - qvm_collection.get_vm_by_name(backendvm_name).run("root: %s" % cmd) + qvm_collection.get_vm_by_name(backendvm_name).run(cmd, user="root") # FIXME: command injection os.system("xenstore-write /local/domain/%s/backend/vusb/%s/%s/port/%s ''" From bd1e7620d2cc97c2f145c4530f3c78e1cafb4cf0 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 14 Nov 2012 01:41:21 +0100 Subject: [PATCH 08/15] makefile: generic rpms-dom0 and rpms-vm targets --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0ae46dd1..69da5891 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,8 @@ VERSION_VM := $(shell cat version_vm) help: @echo "make rpms -- generate binary rpm packages" + @echo "make rpms-vm -- generate binary rpm packages for VM" + @echo "make rpms-dom0 -- generate binary rpm packages for Dom0" @echo "make update-repo-current -- copy newly generated rpms to qubes yum repo" @echo "make update-repo-current-testing -- same, but to -current-testing repo" @echo "make update-repo-unstable -- same, but to -testing repo" @@ -21,7 +23,7 @@ rpms-vm: $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm \ $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*.rpm -rpms-dom0: +rpms-dom0: rpms-vaio-fixes rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm From 629038e76d1c331e19842a2f6afd9f39c9e49c51 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 14 Nov 2012 13:12:51 +0100 Subject: [PATCH 09/15] spec: extract core libs from qubes-core-vm This libs are required by both dom0 and VM so it's better to have it separately. Previously in VM it was separate package, but dom0 have them embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build qubes-gui-dom0. Now we do not build all packages for all distros (especially do not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it explicit which package is needed by which system. --- Makefile | 16 +++++++-- rpm_spec/core-dom0.spec | 6 +--- rpm_spec/core-libs.spec | 73 +++++++++++++++++++++++++++++++++++++++++ rpm_spec/core-vm.spec | 34 +------------------ version_libs | 1 + 5 files changed, 90 insertions(+), 40 deletions(-) create mode 100644 rpm_spec/core-libs.spec create mode 100644 version_libs diff --git a/Makefile b/Makefile index 69da5891..989f15ee 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,7 @@ RPMS_DIR=rpm/ VERSION_DOM0 := $(shell cat version_dom0) VERSION_VAIO_FIXES := $(shell cat version_vaio_fixes) VERSION_VM := $(shell cat version_vm) +VERSION_LIBS := $(shell cat version_libs) help: @echo "make rpms -- generate binary rpm packages" @@ -16,14 +17,18 @@ help: rpms: rpms-vm rpms-dom0 -rpms-vm: +rpms-libs: + rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-libs.spec + rpm --addsign $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*.rpm + +rpms-vm: rpms-libs rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm-kernel-placeholder.spec rpm --addsign \ $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm \ $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*.rpm -rpms-dom0: rpms-vaio-fixes +rpms-dom0: rpms-libs rpms-vaio-fixes rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm @@ -35,32 +40,39 @@ rpms-vaio-fixes: update-repo-current: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ for vmrepo in ../yum/current-release/current/vm/* ; do \ dist=$$(basename $$vmrepo) ;\ ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ done update-repo-current-testing: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ for vmrepo in ../yum/current-release/current-testing/vm/* ; do \ dist=$$(basename $$vmrepo) ;\ ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ done update-repo-unstable: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ for vmrepo in ../yum/current-release/unstable/vm/* ; do \ dist=$$(basename $$vmrepo) ;\ ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ done update-repo-installer: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/ clean: make -C dom0/qmemman clean diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 129be25b..4390d3e3 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -38,6 +38,7 @@ License: GPL URL: http://www.qubes-os.org BuildRequires: xen-devel Requires: python, xen-runtime, pciutils, python-inotify, python-daemon, kernel-qubes-dom0 +Requires: qubes-core-libs Requires: python-lxml Conflicts: qubes-gui-dom0 < 1.1.13 Requires: xen >= 4.1.0-2 @@ -197,9 +198,6 @@ cp pm-utils/52qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ mkdir -p $RPM_BUILD_ROOT/var/log/qubes mkdir -p $RPM_BUILD_ROOT/var/run/qubes -install -D ../vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so -install -D ../u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so - install -d $RPM_BUILD_ROOT/etc/sudoers.d install -m 0440 qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes @@ -434,8 +432,6 @@ fi %attr(4750,root,qubes) /usr/lib/qubes/qrexec_daemon %attr(2770,root,qubes) %dir /var/log/qubes %attr(0770,root,qubes) %dir /var/run/qubes -%{_libdir}/libvchan.so -%{_libdir}/libu2mfn.so /etc/yum.real.repos.d/qubes-cached.repo /etc/sudoers.d/qubes /etc/xdg/autostart/qubes-guid.desktop diff --git a/rpm_spec/core-libs.spec b/rpm_spec/core-libs.spec new file mode 100644 index 00000000..a2931bf3 --- /dev/null +++ b/rpm_spec/core-libs.spec @@ -0,0 +1,73 @@ +# +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2010 Joanna Rutkowska +# Copyright (C) 2010 Rafal Wojtczuk +# Copyright (C) 2012 Marek Marczykowski +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# + +%{!?version: %define version %(cat version_libs)} + +Name: qubes-core-libs +Version: %{version} +Release: 1%{dist} + +Summary: Qubes core libraries +License: GPL v2 only +Group: Development/Sources +Group: Qubes +Vendor: Invisible Things Lab +URL: http://www.qubes-os.org +Obsoletes: qubes-core-appvm-libs +Obsoletes: qubes-core-vm-libs +BuildRequires: xen-devel + +%define _builddir %(pwd) + +%description +The Qubes core libraries for installation inside a Qubes Dom0 and VM. + +%build +make -C u2mfn +make -C vchan -f Makefile.linux + +%install +install -D -m 0644 vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h +install -D -m 0644 u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h +install -D -m 0644 u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h + +install -D vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so +install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so + +%files +%{_libdir}/libvchan.so +%{_libdir}/libu2mfn.so + +%package devel +Summary: Include files for qubes core libraries +License: GPL v2 only +Group: Development/Sources +Obsoletes: qubes-core-appvm-devel +Obsoletes: qubes-core-vm-devel + +%description devel + +%files devel +/usr/include/libvchan.h +/usr/include/u2mfnlib.h +/usr/include/u2mfn-kernel.h diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 64884eac..3baab14d 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -40,6 +40,7 @@ Requires: ethtool Requires: tinyproxy Requires: ntpdate Requires: qubes-core-vm-kernel-placeholder +Requires: qubes-core-libs Provides: qubes-core-vm Obsoletes: qubes-core-commonvm Obsoletes: qubes-core-appvm @@ -183,13 +184,6 @@ install -D -m 0644 misc/xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11/xorg-prel install -d $RPM_BUILD_ROOT/var/run/qubes install -d $RPM_BUILD_ROOT/home_volatile/user -install -D -m 0644 vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h -install -D -m 0644 u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h -install -D -m 0644 u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h - -install -D vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so -install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so - %triggerin -- initscripts cp /usr/lib/qubes/serial.conf /etc/init/serial.conf @@ -440,32 +434,6 @@ rm -rf $RPM_BUILD_ROOT %attr(700,user,user) /home_volatile/user %dir /mnt/removable - -%package devel -Summary: Include files for qubes core libraries -License: GPL v2 only -Group: Development/Sources -Obsoletes: qubes-core-appvm-devel - -%description devel - -%files devel -/usr/include/libvchan.h -/usr/include/u2mfnlib.h -/usr/include/u2mfn-kernel.h - -%package libs -Summary: Qubes core libraries -License: GPL v2 only -Group: Development/Sources -Obsoletes: qubes-core-appvm-libs - -%description libs - -%files libs -%{_libdir}/libvchan.so -%{_libdir}/libu2mfn.so - %package sysvinit Summary: Qubes unit files for SysV init style or upstart License: GPL v2 only diff --git a/version_libs b/version_libs new file mode 100644 index 00000000..7ec1d6db --- /dev/null +++ b/version_libs @@ -0,0 +1 @@ +2.1.0 From 1cb40005d3d27f7fd7348b1751f670d6acc05c0f Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 14 Nov 2012 13:31:47 +0100 Subject: [PATCH 10/15] dom0/u2mfn: fix compile warning --- u2mfn/u2mfnlib.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/u2mfn/u2mfnlib.c b/u2mfn/u2mfnlib.c index dff06e43..75dcf5b3 100644 --- a/u2mfn/u2mfnlib.c +++ b/u2mfn/u2mfnlib.c @@ -29,6 +29,11 @@ static int u2mfn_fd = -1; +int u2mfn_get_fd() +{ + return open("/proc/u2mfn", O_RDWR); +} + static int get_fd() { if (u2mfn_fd == -1) @@ -38,11 +43,6 @@ static int get_fd() return 0; } -int u2mfn_get_fd() -{ - return open("/proc/u2mfn", O_RDWR); -} - int u2mfn_get_mfn_for_page_with_fd(int fd, long va, int *mfn) { *mfn = ioctl(fd, U2MFN_GET_MFN_FOR_PAGE, va); From dba9193801078cc7b743ce1f2de49b2bb7733d6b Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 14 Nov 2012 15:53:42 +0100 Subject: [PATCH 11/15] makefile: update-repo-template target --- Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Makefile b/Makefile index 989f15ee..2c22afea 100644 --- a/Makefile +++ b/Makefile @@ -74,6 +74,14 @@ update-repo-installer: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/ +update-repo-template: + for vmrepo in ../template-builder/yum_repo_qubes/* ; do \ + dist=$$(basename $$vmrepo) ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ + done + clean: make -C dom0/qmemman clean make -C dom0/restore clean From 9d92b0df5cc5890e6a88ebb2e09e5d5718a43571 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 15 Nov 2012 16:42:58 +0100 Subject: [PATCH 12/15] version 2.1.3 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index eca07e4c..ac2cdeba 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -2.1.2 +2.1.3 diff --git a/version_vm b/version_vm index eca07e4c..ac2cdeba 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -2.1.2 +2.1.3 From 05222c165b20716f7c9e9e2eed563ea4446a58fb Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 15 Nov 2012 20:35:29 +0100 Subject: [PATCH 13/15] vm: release 2 yum repository and verification keys (#671) --- misc/RPM-GPG-KEY-qubes-1-primary | 29 ----------------- misc/RPM-GPG-KEY-qubes-1-unstable | 31 ------------------ misc/RPM-GPG-KEY-qubes-2-primary | 39 +++++++++++++++++++++++ misc/RPM-GPG-KEY-qubes-2-unstable | 52 +++++++++++++++++++++++++++++++ misc/qubes.repo | 12 +++---- 5 files changed, 97 insertions(+), 66 deletions(-) delete mode 100644 misc/RPM-GPG-KEY-qubes-1-primary delete mode 100644 misc/RPM-GPG-KEY-qubes-1-unstable create mode 100644 misc/RPM-GPG-KEY-qubes-2-primary create mode 100644 misc/RPM-GPG-KEY-qubes-2-unstable diff --git a/misc/RPM-GPG-KEY-qubes-1-primary b/misc/RPM-GPG-KEY-qubes-1-primary deleted file mode 100644 index 2749c64e..00000000 --- a/misc/RPM-GPG-KEY-qubes-1-primary +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.12 (GNU/Linux) - -mQINBE92zX4BEADEOLD8SH3qZunNWnE0IFg4L0m7N33AfIjs8m0CdHi0xKFq8+aA -VOq+Bu2c/v56PSChpYRYqFymt4k7U254uta+bKhUve150Ov5ukCYIPNS/Fx5rRjY -uDLP9zQwlfrABpKNzP4PP9TKOcnb/B8aI8x0GtIa7hTPeBbuJSx6yeazzjHc5bco -8mL1x4nWTqD2n0Ze37B0e5VaVwJyP7+d17amQAWlDAWD/hus/GvTxGX6dT22UBXx -r4WWAGSjx2zT4xe25yysWg3CS0S3Z7ib3xSqdCILN7eCAX7baXTB7s+aziGw3cJJ -cUU2fzTGfGKJ4lAnQeI0gu2XBbHjygC6Kvp1HiyBNGHJ1FvoWqT1KDntFe/xKzTg -akcbqBaMqoUtcbkWNDb7TjrCh3xiwG9oQREuc6RbmMCR4De6fJhton2F9QGMJKg6 -WXeA915v8cdHE4SSyZzXq/VdiMFZ9PX0tmFBBy4H7JfRv1bUZg4LStuosZHc9fBI -McV6ohokkWNDNRBrc86+3Pif+v1QqmQu4kjI+G+zXc27sVag/umh9BqziT03F0O4 -Jq4cvgfTLj62PCqF+7vVJcBiezOE+NGqWkuDMBvcEX8fVrElhaRDsEqhlRfQUm+k -atene95aQ2vki6C7VqqYoJnSgN3D4WiF2psMRlwbfV7JRHkYkNbE6Oc7BQARAQAB -tB5RdWJlcyBPUyBSZWxlYXNlIDEgU2lnbmluZyBLZXmJAjgEEwECACIFAk92zX4C -GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOoBIBshEJOnafcQALoC5azP -rp5GQa87OKcSUCWY8u/PqUDnlrA708GpAi1cehR4eJKzAp9KEb6EWDTxRQYPFZSr -ijycLfCje8G0/owckEIcmIAkB1cMgY7a8JcM5G0Fvm0Rcr9mLfIVc++l0O4UAXgk -wAN7V3qGfVVIu8iMTO/2VJaTUdppWmK5RK0HxsOlPw/p9WyaFLe8koql1LwvrnqH -/Y7FV2O7w8Ha3nBpnWyn4wlBh39LRo/45WJx6iliyQweia32z3QywS5GzbdTqO9Z -oOIJNBHUu9GjGC3NC1tu3LPj2QrxJJaaysikvvYjsacUIviTDnUoZ0uNNSWSCUIF -Wgxn3PFn6hb+EiTa4T2XJGPNKnky0v7FAEWK1zfQzaGlsIHrCjHTk3xPliWqpRDY -DoBirg7Kd/mEZd8jjs8PFFs3QnolUV587642e6H/1w+zevE3GwD+M7cLD4XishRx -khfBYFr8HRRrHLJEszSOEod3yeYCHooxXY7589kGnGDY3E/qz2iOd6ee7RUslzwp -SURVaOCrM3sK1wL3kB9NiJ/b4vbggUMEpLrSqaaQF3Uc9Qi7teLev1L594Sgywoe -GWfVomnaV8KYy51k6Or+wVtB3Wx4FvZCI7Vy05BYMbrbbVD9H5b4+Vtrozj22wAj -Fe4itDzWHJUnZy6CNagwhz271QPh3GT/K58W -=2dJF ------END PGP PUBLIC KEY BLOCK----- diff --git a/misc/RPM-GPG-KEY-qubes-1-unstable b/misc/RPM-GPG-KEY-qubes-1-unstable deleted file mode 100644 index 97d55826..00000000 --- a/misc/RPM-GPG-KEY-qubes-1-unstable +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQENBE9KHjMBCADgs1Zw+Gag5MXDqAHzVfo/JSJ0q7Oj096l+/TU0/P2qpoF7sTo -uLpDLCfOOSqil7omOKMjn6yl/73RAd4oWIRivJMQKjgD4Tk8qlLI1NrBGhEdwyLm -SZ+7CU79HzahN8w8+l9H978obIN6S0UD36z7su42QnFmKQqT0EnD1NVZpqvq1iKC -0o0TqhZ90QE8YqWxjnbjDkk1mX2K4iHNJJ2mS/r1+4fXqvHzcmSB+vopGGGXxNB7 -fbNM6nI9RTpPecmnfKrqKrXYfHfyaLVUFXf2xZW/V85qq70dmEPi5g3YpRCXadJ+ -wKt1uZvi4xomPCxymHooF9Fplzv9MpKVIDNlABEBAAG0J1F1YmVzIE9TIFJlbGVh -c2UgMSBVbnN0YWJsZSBTaWduaW5nIEtleYkBPgQTAQIAKAUCT0ogagIbAwUJAeEz -gAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ77E0ZaTirKEbpgf8C9zqmkqo -u+dudzcrPPUW12FjK2WAYQd7WNYpBY4wOmvOUkvq68FUJ0mwNyjEkNhvLnrxlMqn -Z9vraqw1m2FwIAJfmbpnvJ6LeldNj/SYbutY9Y320eQDgLDZp5Xk0w6z1+Q1RXVJ -AkU935sXhtmVYVa4Cnk7Su6lG0Une3b5dpE90M5ewehYllqsqmtKIwqbRaBmvM6y -QHVqOJwNNo9XK78r0dKvXigXBObqatwItM2gan2oF0dplwTD//DqjldBzZ4mgrN8 -M/SZtynfTnoV8Yw7+JlsPCHIfcIXXWqJtLhNO3LqFAG6PwJX032eHNSrT+4UWIbP -q8Ccvhbxa7iNabkBDQRPSh4zAQgA7OyPodlWz93OuP8/Bh83dHDd1xV7tXByBDUX -O9am5uGKybcx3V8kBqJXbefds/aem1w2MLtDG+CxDC8Gi5gfNQNeCnIw3mpnZnMU -ZNjtXIn3VfKRyhmaHNvaNZiBzKovfjw152UuMsHfzsSMaWldj5J8oFz+eBthGJTT -uxktijIxHiZ/9RqzJLPMBQ5qRPbpqUn9piWEGxx2c4FbqeEOzzV49rX92adBPmUJ -KBo96vW+L6izE0RcQoTMhicbAqF+K2QUGzy0uTp5+G2V0q5HAfrCMIr1Zx93yuz0 -yQZNNLsGYGnYjrFjYiRpJRBbxerlCdGjlwnfXCk5EKRNuqr5twARAQABiQElBBgB -AgAPBQJPSh4zAhsMBQkB4TOAAAoJEO+xNGWk4qyh33MIAIOS9A0rkmBTPZwAsdJv -sz/J9+8AvfwMisN2sKTfEBTO8kEnSPcBZuau3JxKCGHxaPwXhGmnc9xnz/TY3JCj -6ZUgjgQQ3iT/BJk+h6n4xom9NRw5hn4j4NeIpboC6p6JfcYzZyapUNFmAsrSjakw -RxxpaVLb4moOfYzS7i7JqsEetBwoYAeFZoPYZpo4VH9PUPVAih6psmO/bz6Y8W+/ -tkXzViq15bwPUmDwBzX0nX0T8nQqMl85nCLDM2rVMs/lnVxfJas4QjTfzgeZOHQ6 -0ikGqwlnyWk/oUzUXFV/P7sKAXoOaMSEVHtfSxLjVH0RYsAv6SotjHwPAatrynyp -gYY= -=UROF ------END PGP PUBLIC KEY BLOCK----- diff --git a/misc/RPM-GPG-KEY-qubes-2-primary b/misc/RPM-GPG-KEY-qubes-2-primary new file mode 100644 index 00000000..8b3a7647 --- /dev/null +++ b/misc/RPM-GPG-KEY-qubes-2-primary @@ -0,0 +1,39 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFClJWMBEADyAZgyocTmLQA0VpEXJKNvziKwaRWWrfzHw992okqRH/7wHfLn +uXZCSeLnFH/u2r7fOearUBajI879YeG8EpQ71wfAybQYGF5ZJWoW4fOEAZKVP8bC +1z65kKZguPcLfBiOWMAhLd8qxB3Zx5vVBM+8pGZ5ToRYxK6ivNTGOJfkz0GMxWCT +q7kMhVpd9xO62pNbDYC884lXk/24CMDy9QDAhTiAPIB+6rN74zw0XYHo5BId9SuL +ougyO3SZObkLOnfaWWEfZGbyFwvZWXigdZ/OPR2EvynBRF/ruJNlmS0EkxGEOMO8 +ASeeik4HblNhdVDgnUG1zsQ6AqS7tKsy/il55gE9teCAnAL7nPLW7YJmnbzdl6nF +HKiHp7rZ+AtbDjkFpGmcbemvD+9gneUhuCzO8YQygqApdTXlcC5bY14SRyFtVDMp +wD9XX0cVHyapMAbWedVTXqhcdQ88kWGZ85jHCaFXkl8JyGNsVYMchJF9D8iemgW+ +IhwveVEN+5FA9Mrd9NrlgxxO9+BuOgGUPKuw3425cOI47Z3hwGrKm35poZfKqA3U +o1Dwz/JbKM7yNXaZeKrj7Sa0zkzMKXff6PRQTZKqnu/ooyOeNziXgulxLMl2qgYg +ZGijQ/VPwhoaoQtThfyUKc/ttozguAWj5K3Se/BUJJyn0as87RA+8mQD8wARAQAB +tB5RdWJlcyBPUyBSZWxlYXNlIDIgU2lnbmluZyBLZXmJAjgEEwECACIFAlClJWMC +GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAxzudQKQORYvqUQAPAMwdFu +vyR98Q18jzgW6k+5OXNOW53xET+zSZyO/Na7oHC7l8uSOrA8Cu054zeVPzaKMfmr +9bnmb6pfk73Yd/P5AMWXd7h7xZ27Jwi0lhLmxsjMB1fJEJ/bA65m//PxqgIC9PNT +alg0yVE66GdHCVsXJA2XFBTuRyJbLphU8dY1kNesHVdW+Msm+prGOrv+FFzTZDxT +jp87L+xKqTYKgmpphPeM5OzaEj3bOHg3SK1VTVrzRgVVRRKNJKuLIprx5SOpGZxf +5xoPqqdotR4PbM0HQ2gvWy/JlIntN+btVAvwS7e+gcr15oBVsU6uvVJQERZsBDFV +dDffkgOgGVimv21zcxj5RKaUYEpBTqkKZaV23iZ6SQPFBhrjNmljDganTe5tioVQ +mo52s875hYV9VSOLVFOn+pkS0kV5/kFVxoPwHZ+SRKsVcSrRnd9t/et4+VcOCdaC +jX9rYPVQOP019V94dNQWLHYZDBcUZE6zX3xujH2BY+iw5EtjkNl5flaLw+yEUp1o +fbPjOgu0oA6qfoeK/3JtV12RnA08yi35fPKEQ45Qx/Rfs3fMNxiTxD9qZIM3rzXD +nLiNb3cXzqO29iLjhohC17IZrNfSgL81c9NeZ17eKVbUmKicM70BzJyJUvum3bHB +CvO5f7WECZP8UKiqmT4ys6yIyRz1ZrnaY5O7iQIcBBABAgAGBQJQpScRAAoJEN36 +Gj42h5SUMHYP/2orT2b87YIXkOa1fwnaJtvLbMOisdscCn5kOU+30oQF0HLcCvdT +3iHokH9qFAr2slFAHDumkXu/iMordpR1lGItwLF1v6+9yHor03p/LP1JcVl/0PDf +nH4q6P9gQwHjq3RYVOdgYHJsDz2VSbvcsIfODKSxr95TsR1LgYasab4gre64gW3Y +kS4ao9W3QUeglbcYUbeYR+mbZvzq1yMg2qIrv89cYcXGdJFrIrlc6biD7v1V5pRH +CbAX9oWNoaUzPeg99w13Adt2e9PBJoq4hhouk87xnBg1QrMnL2ubUHvgTaH28J7U +V2hAwiCcSUwlY5zLs0QVUr13cfvvbGwHSU4avP15Xzgn1VKv+PRlfXPriU3HgG4R +td/Fdz7C+sBMwf7lb+fQSqJdJyB9SojHYMdpz3HmYuGJCySgC59iV5LX1i3AWAMo +7CvFSfqdiKSsHUH4Nl2jnduEcq2Q0uODCXIVcsIlNK/KWEE8CoadKLl55Efdc9JJ +miiW+iHwyHsPM6pqVV4F2R9IL4Wl8Rveaplbj/+TGGblVVO293VhswUGeOSLbXx2 +xzFkTUWU/OrmVOLj6aqId6EinWB5oGJaiuKgZt66sLTs1niUnIzOmqi7R/dZ2mUf +QX62MfVWCv8NfkyMhrOft6ggS0Axo4F8fAcIInVXalvs2YScLSWdq54k +=4+bD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/misc/RPM-GPG-KEY-qubes-2-unstable b/misc/RPM-GPG-KEY-qubes-2-unstable new file mode 100644 index 00000000..3d06e366 --- /dev/null +++ b/misc/RPM-GPG-KEY-qubes-2-unstable @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQINBFClIUgBEACp0upqK7inupk52+8PHmIZFbm4lkV7IL2S9b285x579s1qysq7 +az0JMekouPzNCu9MGFzSktIWT2ti6JHsGgXmY2PoCMDnBCubx5/nPA2fial7yoKg +ZxzpXGb6ZMtx5GOjXgpryUrNukYwORVR/jZS0noDb8rNnbeKi8R0SgaxRTYyJPvB +ChMl1kVX6R15nHsd43ndkgcgSOGT22f/mxqOka9t2cB3HevfDvEJvz8PMkxRgb3n +GOHFJRLYNIGmSegMllkMjUhZpu1e7T940WC3TWzJfpTNIo1Dsj0GIhGGniebGn/L +BvUrmANxQ5rGMjTFOkSb/vKa/w9ss0OECeIL/K4+A6NQTKXLAoKJYA/bx75Dh2dU +E3H8e4KoYuP3Q1lmLfcU3sX7s/MeszTpYHoUWTKyQXZYJged4ihP/RKz5iHRuAu2 +0fjPdb6RGJYYi/3TDEoVHkkYyL88wETygXeJW2XtBz33ITLyiB3qfxh8eO4tVre2 +QCus0nTpW+dblbfpG1Eb77OJTGlOF3rYx1oEEokochROEstN4bn3fMGMl6zHwBID +tVNPvnQTjrBj7wksvc4xoJNe6Om0kNB7w58l6tCpa/oknW/N9XbwTgm1CI7lMWKD +paieqfJbSYifCHEt0uVzsitoV992xZ8PRoooghGhBGWqTOSC3UDvJuajwwARAQAB +tCdRdWJlcyBPUyBSZWxlYXNlIDIgVW5zdGFibGUgU2lnbmluZyBLZXmJAjgEEwEC +ACIFAlClIUgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECMUDzj1Me+n +h7wP/At7TBmp5R9fDVKulLfHM9xDMwNCjmdDcKNwF7xy7c18uzhOpA7ENzgZWTR1 +lkLrr+OlqXVlThzN1YRgvSx0KghSAIf0wuu8eeNKX+r1QFxEtxNrCobzK4ToNTiT +xuPrycJgJBThj0gfq2jaSYGuhi79HYkgFYiRDOfaTms3hL8+oSq0HmDsu3/JSfse +LAHiXbNyNvn1vpt09JH40me4RNTN0N3pUm9c5+7G0jwcE8OQZkjS7h04rpjbrDQE +DHxadqgkwzP4aJm3l3u/OZF7npI16jpCYpV/mWyDbEj047EN/sJjV3KfuN+AdeAT +9C7HJlGKcobeQztjzJuvzIILuzPewn77d7gua5kezM89nM6TK7T48upizNrCHxbw +l2Z2DdzHfSHMWYT0LS4JAjvUyuu2iTWkMGmh8r3SrAmUecFk2/bP0A2MTb10z17K +mzMzRU/u1n5DEsWlHzkXLmHJCKgid0UHuRbPabPWEK3E0yNid9MBkJWMZTFaALx7 +QMdF7QUc/2mEj2ILuNO4V0KHIBVHDwT+SYGXJ+wPY6nHSo5pIeiSWdNpozvKB24y +8OWc1ST/rA6RaEDajSRMUxEkTtH7rGeueTVMhG8JCWWhmgNeMusg5Jq6OTrSooys +c6EDJsD44QaHrJUn6fXwOuyAgmzjX9p04fga67npSFoNUm7vuQINBFClIUgBEADQ +gWsxXqwIpuLVvcaiIo9pvO3wkt2nzXpLr93vzy+0+DTO11ejRDj9fuIA/9h55Yz5 +8snI9+aIKryDedhY+3/iv1izN9tsWyLms1V0xHdKC0RgmBxtJoHyPVdwgDu/86bd +61zbhZAsaVmtP2vOdRD4dgR8wtTDbKnr9j4S8mRLkPJnjp+9e+H+akVVYbTx+Qki +l5XU7ogZejZnTaAonK/jMsbIUF2d1iFdvkMr1I9xFqqHTLwO0tmH/ZDP/9jcMnf4 +dmVWDA4ykegn9RY+24YZ0mLaZrkDpvtfUrzxcZnvHuLVfROnQzOcIoP27Ut1v9s6 +A1uLq8zxy8+pyHBi/DPz2ae1/fMDNJnZcdo8qQFY2NzRnzL6SRZ1YBzWR8t8B0m4 +AginEa+/61UNNyXjkHzqqkVPv1EZ01c44MhB1P8/HZXF7YX80c6N2TUuGhH9dVRa +5S7JWaee8Ib6MT7Nafn/rmLoXPtU5lLzo1SbcEBHbkZXw365BCzp9X+LfesXF9xj +h4ISrCTcjaE20QoE1cNOsvuiuVK9fRqKsfMxuju0SpvZl5cAGM603WPZBMehbJ8e +i2J4CXHOr7mF/ecAlTAr08nYuQTEEpAx7ad/BtrmHFa8IqEhsEqBNC7xuzwAuPI7 +xiiO7/KgDyS0mJ8Xm+9DMP/1q/QxT7Z4Ni4x2U+/swARAQABiQIfBBgBAgAJBQJQ +pSFIAhsMAAoJECMUDzj1Me+nD80P/0HLsF0BfxPgm/raoYS9Cqve6/aP9pHtAODD +SVGrb//PKAddVqJnsCu0TPbULx0cAYztQHw8n7rAO6iNbrxhOa6kin2vvdO0mVQY +kl3a/bDyo8rP/xyMS8K4EE2DfCL1HSDAS2r37mzi8RZED2Yj9F0aBgTO7rGhSXWt +WsDzsPzP46b8mr8BLQ8NfxKlJFpyIq8DwPEasrS5sKXEVXvnY4ZQMa5C2qzg1+LC +c6lbQHPIOaUnENy9ApBepZT8a09Ol3/2Z75UOe2AM5vynT5iST8fdFJlpI1+Z/hs +b+ZQ2uoMVW+O1VVtq+20o1WQVu9pORIKIq7wbBsIq6mejCC+KIZ5RDUPehs97+sL +il546IMqllX0LP40hBM/JP7vZEknYhkGl/HuJyrhaNi8NI4ryrIO8VL2rSx/1eUP +5Yn7jC5T+7twk6yKnzLZYfAG3F3HMTVrp5QwygBc+xmInwqbgHf4fJgT1WOVelKq +1wfoF7DYRT7+J5gAJboYOvS4cIqXAgeeslW76jRKbaK0X/Fa06fiRw3vGSEWdr+A +r4Kv/RAEB5z4da5MT88CB3OtgiJofnsPb+A+TmjTPcmaV2LHH30U/1aD/3RERBHb +cpKz+AV6MQ/7XpQiusXK14ospdTScEVwruXlCyt0hbqTsijiReNV4lV9nXtfmrEL +L0XnT71B +=o46N +-----END PGP PUBLIC KEY BLOCK----- diff --git a/misc/qubes.repo b/misc/qubes.repo index 4a763bcb..75dd6003 100644 --- a/misc/qubes.repo +++ b/misc/qubes.repo @@ -1,20 +1,20 @@ [qubes-vm-current] name = Qubes OS Repository for VM (updates) -baseurl = http://yum.qubes-os.org/r1/current/vm/fc$releasever -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary +baseurl = http://yum.qubes-os.org/r2/current/vm/fc$releasever +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-primary gpgcheck = 1 [qubes-vm-current-testing] name = Qubes OS Repository for VM (updates-testing) -baseurl = http://yum.qubes-os.org/r1/current-testing/vm/fc$releasever -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary +baseurl = http://yum.qubes-os.org/r2/current-testing/vm/fc$releasever +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-primary gpgcheck = 1 enabled=0 [qubes-vm-unstable] name = Qubes OS Repository for VM (unstable) -baseurl = http://yum.qubes-os.org/r1/unstable/vm/fc$releasever -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-unstable +baseurl = http://yum.qubes-os.org/r2/unstable/vm/fc$releasever +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-unstable gpgcheck = 1 enabled=0 From 0a6e95225a9fdfd87bdac8a378e5d86e8486c4c2 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 15 Nov 2012 21:38:39 +0100 Subject: [PATCH 14/15] vm: remove qubes-upgrade-vm after upgrade --- rpm_spec/core-vm.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 3baab14d..c48fce2f 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -46,6 +46,7 @@ Obsoletes: qubes-core-commonvm Obsoletes: qubes-core-appvm Obsoletes: qubes-core-netvm Obsoletes: qubes-core-proxyvm +Obsoletes: qubes-upgrade-vm < 2.0 BuildRequires: xen-devel %define _builddir %(pwd) From 2c9fe0803daf49c108053bc13ab9b322a6acff9b Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Fri, 16 Nov 2012 14:03:36 +0100 Subject: [PATCH 15/15] vm/core: use mount --bind instead of symlink for /home Many applications doesn't like /home as symlink ($HOME differs from real location). --- misc/fstab | 1 + vm-init.d/qubes_core | 9 +++++++-- vm-init.d/qubes_core_appvm | 6 +++++- vm-systemd/misc-post.sh | 13 +++++++++---- vm-systemd/prepare-dvm.sh | 6 +++++- 5 files changed, 27 insertions(+), 8 deletions(-) diff --git a/misc/fstab b/misc/fstab index b7d0feec..80121207 100644 --- a/misc/fstab +++ b/misc/fstab @@ -8,6 +8,7 @@ # /dev/mapper/dmroot / ext4 defaults,noatime 1 1 /dev/xvdb /rw ext4 noauto,defaults 1 2 +/rw/home /home none noauto,bind,defaults 0 0 /dev/xvdc1 swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 diff --git a/vm-init.d/qubes_core b/vm-init.d/qubes_core index 4830587b..b3927fd3 100755 --- a/vm-init.d/qubes_core +++ b/vm-init.d/qubes_core @@ -65,14 +65,19 @@ start() touch /rw/config/rc.local mkdir -p /rw/home - cp -a /home.orig/user /home + cp -a /home.orig/user /rw/home mkdir -p /rw/usrlocal - cp -a /usr/local.orig/* /usr/local + cp -a /usr/local.orig/* /rw/usrlocal touch /var/lib/qubes/first_boot_completed fi fi + if [ -L /home ]; then + rm /home + mkdir /home + fi + mount /home /usr/lib/qubes/qrexec_agent 2>/var/log/qubes/qrexec_agent.log & diff --git a/vm-init.d/qubes_core_appvm b/vm-init.d/qubes_core_appvm index a0cfe062..6e851d17 100755 --- a/vm-init.d/qubes_core_appvm +++ b/vm-init.d/qubes_core_appvm @@ -45,7 +45,11 @@ start() echo -n $"Executing Qubes Core scripts for AppVM:" if xenstore-read qubes_save_request 2>/dev/null ; then - ln -sf /home_volatile /home + if [ -L /home ]; then + rm /home + mkdir /home + fi + mount --bind /home_volatile /home touch /etc/this_is_dvm mount /rw possibly_run_save_script diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh index df4c8a4d..cbd0c633 100755 --- a/vm-systemd/misc-post.sh +++ b/vm-systemd/misc-post.sh @@ -24,18 +24,23 @@ if [ -e /dev/xvdb -a ! -e /etc/this_is_dvm ] ; then touch /rw/config/rc.local-early mkdir -p /rw/home - cp -a /home.orig/user /home + cp -a /home.orig/user /rw/home mkdir -p /rw/usrlocal - cp -a /usr/local.orig/* /usr/local + cp -a /usr/local.orig/* /rw/usrlocal touch /var/lib/qubes/first_boot_completed fi # Chown home if user UID have changed - can be the case on template switch - HOME_USER_UID=`ls -dn /home/user | awk '{print $3}'` + HOME_USER_UID=`ls -dn /rw/home/user | awk '{print $3}'` if [ "`id -u user`" -ne "$HOME_USER_UID" ]; then - find /home/user -uid "$HOME_USER_UID" -print0 | xargs -0 chown user:user + find /rw/home/user -uid "$HOME_USER_UID" -print0 | xargs -0 chown user:user fi + if [ -L /home ]; then + rm /home + mkdir /home + fi + mount /home fi [ -x /rw/config/rc.local ] && /rw/config/rc.local diff --git a/vm-systemd/prepare-dvm.sh b/vm-systemd/prepare-dvm.sh index 2229afc7..ae578296 100755 --- a/vm-systemd/prepare-dvm.sh +++ b/vm-systemd/prepare-dvm.sh @@ -13,7 +13,11 @@ possibly_run_save_script() } if xenstore-read qubes_save_request 2>/dev/null ; then - ln -sf /home_volatile /home + if [ -L /home ]; then + rm /home + mkdir /home + fi + mount --bind /home_volatile /home touch /etc/this_is_dvm mount /rw possibly_run_save_script