From 370ad33c4416cd6aac17fa1cf76a69d5021135f9 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Tue, 1 May 2012 01:12:19 +0200
Subject: [PATCH] dom0: provide service for VM to notify about updates
 availability (#475)

---
 dom0/aux-tools/qubes-notify-updates       | 74 +++++++++++++++++++++++
 dom0/aux-tools/qubes.NotifyUpdates        |  1 +
 dom0/aux-tools/qubes.NotifyUpdates.policy |  6 ++
 dom0/qvm-core/qubes.py                    |  1 +
 rpm_spec/core-dom0.spec                   |  6 ++
 5 files changed, 88 insertions(+)
 create mode 100755 dom0/aux-tools/qubes-notify-updates
 create mode 100644 dom0/aux-tools/qubes.NotifyUpdates
 create mode 100644 dom0/aux-tools/qubes.NotifyUpdates.policy

diff --git a/dom0/aux-tools/qubes-notify-updates b/dom0/aux-tools/qubes-notify-updates
new file mode 100755
index 00000000..53bc57cd
--- /dev/null
+++ b/dom0/aux-tools/qubes-notify-updates
@@ -0,0 +1,74 @@
+#!/usr/bin/python
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2012  Marek Marczykowski  <marmarek@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+import os
+import os.path
+import sys
+import subprocess
+import shutil
+from datetime import datetime
+from qubes.qubes import QubesVmCollection
+from qubes.qubes import updates_stat_file
+
+def main():
+
+    qvm_collection = QubesVmCollection()
+    qvm_collection.lock_db_for_reading()
+    qvm_collection.load()
+    qvm_collection.unlock_db()
+
+    source = os.getenv("QREXEC_REMOTE_DOMAIN")
+
+    source_vm = qvm_collection.get_vm_by_name(source)
+    if source_vm is None:
+        print >> sys.stderr, 'Domain ' + source + ' does not exists (?!)'
+        exit(1)
+
+    update_count = sys.stdin.readline(128).strip()
+    if not update_count.isdigit():
+        print >> sys.stderr, 'Domain ' + source + ' sent invalid number of updates: ' + update_count
+        exit(1)
+    if source_vm.updateable:
+        # Just trust information from VM itself
+        update_f = open(vm.dir_path + '/' + updates_stat_file, "w")
+        update_f.write(update_count)
+        update_f.close()
+    elif source_vm.template is not None:
+        # Hint about updates availability in template
+        # If template is running - it will notify about updates itself
+        if source_vm.template.is_running():
+            return
+        # Ignore no-updates info
+        if int(update_count) > 0:
+            stat_file = source_vm.template.dir_path + '/' + updates_stat_file
+            # If VM is started before last updates.stat - it means that updates
+            # already was installed (but VM still hasn't been restarted), or other
+            # VM has already notified about updates availability
+            if os.path.exists(stat_file) and \
+                source_vm.get_start_time() < datetime.fromtimestamp(os.path.getmtime(stat_file)):
+                    return
+            update_f = open(stat_file, "w")
+            update_f.write(update_count)
+            update_f.close()
+        else:
+            print >> sys.stderr, 'Ignoring notification of no updates'
+
+main()
diff --git a/dom0/aux-tools/qubes.NotifyUpdates b/dom0/aux-tools/qubes.NotifyUpdates
new file mode 100644
index 00000000..b2ea16ed
--- /dev/null
+++ b/dom0/aux-tools/qubes.NotifyUpdates
@@ -0,0 +1 @@
+/usr/lib/qubes/qubes-notify-updates
diff --git a/dom0/aux-tools/qubes.NotifyUpdates.policy b/dom0/aux-tools/qubes.NotifyUpdates.policy
new file mode 100644
index 00000000..0f00b0b6
--- /dev/null
+++ b/dom0/aux-tools/qubes.NotifyUpdates.policy
@@ -0,0 +1,6 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
+$anyvm	dom0	allow
diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 878d5c49..41a9cc32 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -82,6 +82,7 @@ config_template_pv = '/usr/share/qubes/vm-template.conf'
 qubes_whitelisted_appmenus = 'whitelisted-appmenus.list'
 
 dom0_update_check_interval = 6*3600
+updates_stat_file = 'updates.stat'
 
 # how long (in sec) to wait for VMs to shutdown
 # before killing them (when used qvm-run with --wait option)
diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec
index 2b56e349..5994aebd 100644
--- a/rpm_spec/core-dom0.spec
+++ b/rpm_spec/core-dom0.spec
@@ -108,6 +108,7 @@ cp ../qrexec/qrexec_daemon $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../qrexec/qrexec_client $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../qrexec/qrexec_policy $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/
+cp aux-tools/qubes-notify-updates $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qubes-receive-updates $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../misc/block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../misc/block_remove $RPM_BUILD_ROOT/usr/lib/qubes/
@@ -120,6 +121,8 @@ cp ../qubes_rpc/qubes.VMShell.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.
 cp qubes.SyncAppMenus.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.SyncAppMenus
 cp qubes.SyncAppMenus $RPM_BUILD_ROOT/etc/qubes_rpc/
 cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
+cp aux-tools/qubes.NotifyUpdates.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.NotifyUpdates
+cp aux-tools/qubes.NotifyUpdates $RPM_BUILD_ROOT/etc/qubes_rpc/
 cp aux-tools/qubes.ReceiveUpdates.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.ReceiveUpdates
 cp aux-tools/qubes.ReceiveUpdates $RPM_BUILD_ROOT/etc/qubes_rpc/
 install -D aux-tools/qubes-dom0.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes-dom0.modules
@@ -333,6 +336,7 @@ fi
 /usr/lib/qubes/qmemman_daemon.py*
 /usr/lib/qubes/meminfo-writer
 /usr/lib/qubes/qfile-daemon-dvm*
+/usr/lib/qubes/qubes-notify-updates
 /usr/lib/qubes/qubes-receive-updates
 /usr/lib/qubes/block_add_change
 /usr/lib/qubes/block_remove
@@ -376,9 +380,11 @@ fi
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.Filecopy
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.OpenInVM
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.SyncAppMenus
+%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.NotifyUpdates
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.ReceiveUpdates
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.VMShell
 /etc/qubes_rpc/qubes.SyncAppMenus
+/etc/qubes_rpc/qubes.NotifyUpdates
 /etc/qubes_rpc/qubes.ReceiveUpdates
 %attr(4750,root,qubes) /usr/lib/qubes/qrexec_daemon
 %attr(2770,root,qubes) %dir /var/log/qubes