Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core

Browse Source
This commit is contained in:
Marek Marczykowski 2011-09-30 10:46:04 +02:00
commit 5fc5301cee
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dom0/aux-tools/qubes-receive-updates
View File

@ -20,6 +20,7 @@
# #
# #
import os import os
import os.path
import re import re
import sys import sys
import subprocess import subprocess
@ -33,6 +34,7 @@ updates_rpm_dir = updates_dir + "/rpm"
updates_repodata_dir = updates_dir + "/repodata" updates_repodata_dir = updates_dir + "/repodata"
package_regex = re.compile(r"^[abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._+-]{1,128}.rpm$") package_regex = re.compile(r"^[abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._+-]{1,128}.rpm$")
gpg_ok_regex = re.compile(r"pgp md5 OK$")
def dom0updates_fatal(msg): def dom0updates_fatal(msg):
print >> sys.stderr, msg print >> sys.stderr, msg
@ -56,13 +58,16 @@ def handle_dom0updates(updatevm):
subprocess.check_call(["/usr/lib/qubes/qfile-dom0-unpacker", str(os.getuid()), updates_rpm_dir]) subprocess.check_call(["/usr/lib/qubes/qfile-dom0-unpacker", str(os.getuid()), updates_rpm_dir])
# Verify received files # Verify received files
for f in os.listdir(updates_rpm_dir): for f in os.listdir(updates_rpm_dir):
full_path = updates_rpm_dir + "/" + f
if package_regex.match(f): if package_regex.match(f):
p = subprocess.Popen (["/bin/rpm", "-K", updates_rpm_dir + "/" + f], if os.path.islink(full_path) or not os.path.isfile(full_path):
dom0updates_fatal('Domain ' + source + ' sent not regular file')
p = subprocess.Popen (["/bin/rpm", "-K", full_path],
stdout=subprocess.PIPE) stdout=subprocess.PIPE)
output = p.communicate()[0] output = p.communicate()[0]
if p.returncode != 0: if p.returncode != 0:
dom0updates_fatal('Error while verifing %s signature: %s' % (f, output)) dom0updates_fatal('Error while verifing %s signature: %s' % (f, output))
if output.find("pgp") < 0: if not gpg_ok_regex.search(output.strip()):
dom0updates_fatal('Domain ' + source + ' sent not signed rpm: ' + f) dom0updates_fatal('Domain ' + source + ' sent not signed rpm: ' + f)
else: else:
dom0updates_fatal('Domain ' + source + ' sent unexpected file: ' + f) dom0updates_fatal('Domain ' + source + ' sent unexpected file: ' + f)

3
dom0/qvm-core/qubes.py
View File

@ -1452,8 +1452,7 @@ class QubesNetVm(QubesVm):
"/local/domain/{0}/qubes_netvm_external_ip".format(xid) "/local/domain/{0}/qubes_netvm_external_ip".format(xid)
] ]
command.append("r{0}".format(xid,xid)) command.append("n{0}".format(xid))
command.append("w{0}".format(xid,xid))
for id in self.__external_ip_allowed_xids: for id in self.__external_ip_allowed_xids:
command.append("r{0}".format(id)) command.append("r{0}".format(id))

2
version_dom0
View File

@ -1 +1 @@
1.6.30 1.6.32