diff --git a/Makefile b/Makefile index 881b6a4f..8f98ae4c 100644 --- a/Makefile +++ b/Makefile @@ -29,24 +29,26 @@ rpms-vaio-fixes: update-repo-current: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/current/vm/f13/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current/vm/f14/rpm/ - cd ../yum && ./update_repo.sh + for vmrepo in ../yum/current-release/current/vm/* ; do \ + dist=$$(basename $$vmrepo) ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ + done update-repo-current-testing: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/current-testing/vm/f13/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current-testing/vm/f14/rpm/ - cd ../yum && ./update_repo.sh - + for vmrepo in ../yum/current-release/current-testing/vm/* ; do \ + dist=$$(basename $$vmrepo) ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ + done update-repo-unstable: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/unstable/vm/f13/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/unstable/vm/f14/rpm/ - cd ../yum && ./update_repo.sh + for vmrepo in ../yum/current-release/unstable/vm/* ; do \ + dist=$$(basename $$vmrepo) ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ + done update-repo-installer: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/ diff --git a/common/qubes.fc13.repo b/common/qubes.fc13.repo index 982b095e..376b4908 100644 --- a/common/qubes.fc13.repo +++ b/common/qubes.fc13.repo @@ -1,19 +1,19 @@ [qubes-vm-current] name = Qubes OS Repository for VM (updates) -baseurl = http://yum.qubes-os.org/r1-beta1/current/vm/f13 +baseurl = http://yum.qubes-os.org/r1-beta2/current/vm/fc13 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 [qubes-vm-current-testing] name = Qubes OS Repository for VM (updates-testing) -baseurl = http://yum.qubes-os.org/r1-beta1/current-testing/vm/f13 +baseurl = http://yum.qubes-os.org/r1-beta2/current-testing/vm/fc13 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 enabled=0 [qubes-vm-unstable] name = Qubes OS Repository for VM (unstable) -baseurl = http://yum.qubes-os.org/r1-beta1/unstable/vm/f13 +baseurl = http://yum.qubes-os.org/r1-beta2/unstable/vm/fc13 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 enabled=0 diff --git a/common/qubes.fc14.repo b/common/qubes.fc14.repo index b10c80c9..2020d1e5 100644 --- a/common/qubes.fc14.repo +++ b/common/qubes.fc14.repo @@ -1,19 +1,19 @@ [qubes-vm-current] name = Qubes OS Repository for VM (updates) -baseurl = http://yum.qubes-os.org/r1-beta1/current/vm/f14 +baseurl = http://yum.qubes-os.org/r1-beta2/current/vm/fc14 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 [qubes-vm-current-testing] name = Qubes OS Repository for VM (updates-testing) -baseurl = http://yum.qubes-os.org/r1-beta1/current-testing/vm/f14 +baseurl = http://yum.qubes-os.org/r1-beta2/current-testing/vm/fc14 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 enabled=0 [qubes-vm-unstable] name = Qubes OS Repository for VM (unstable) -baseurl = http://yum.qubes-os.org/r1-beta1/unstable/vm/f14 +baseurl = http://yum.qubes-os.org/r1-beta2/unstable/vm/fc14 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 enabled=0 diff --git a/common/qubes_core b/common/qubes_core index 239a6845..357be8a4 100755 --- a/common/qubes_core +++ b/common/qubes_core @@ -15,8 +15,8 @@ start() exit 1 fi - # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read - chmod 666 /proc/xen/xenbus + # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read + chmod 666 /proc/xen/xenbus name=$(/usr/bin/xenstore-read name) if ! [ -f /etc/this_is_dvm ] ; then @@ -26,17 +26,6 @@ start() hostname $name fi - ip=$(/usr/bin/xenstore-read qubes_ip) - netmask=$(/usr/bin/xenstore-read qubes_netmask) - gateway=$(/usr/bin/xenstore-read qubes_gateway) - secondary_dns=$(/usr/bin/xenstore-read qubes_secondary_dns) - if [ x$ip != x ]; then - /sbin/ifconfig eth0 $ip netmask 255.255.255.255 up - /sbin/route add default dev eth0 - echo "nameserver $gateway" > /etc/resolv.conf - echo "nameserver $secondary_dns" >> /etc/resolv.conf - fi - if [ -e /dev/xvdb ] ; then mount /rw @@ -71,6 +60,11 @@ start() success echo "" + + type=$(/usr/bin/xenstore-read qubes_vm_type) + if [ "$type" == "ProxyVM" ]; then + /sbin/service ntpd start + fi return 0 } diff --git a/common/qubes_core.modules b/common/qubes_core.modules new file mode 100755 index 00000000..f5cb69cf --- /dev/null +++ b/common/qubes_core.modules @@ -0,0 +1 @@ +modprobe xen-evtchn || modprobe evtchn diff --git a/common/qubes_download_dom0_updates.sh b/common/qubes_download_dom0_updates.sh index 488eecb7..cb771a38 100755 --- a/common/qubes_download_dom0_updates.sh +++ b/common/qubes_download_dom0_updates.sh @@ -21,7 +21,26 @@ fi mkdir -p $DOM0_UPDATES_DIR/etc cp /etc/yum.conf $DOM0_UPDATES_DIR/etc/ -echo "Checking for updates..." +# check also for template updates +echo "Checking for template updates..." +TEMPLATEPKGLIST=`yum check-update -q | cut -f 1 -d ' '` +if [ -n "$TEMPLATEPKGLIST" ] && [ "$GUI" = 1 ]; then + TEMPLATE_UPDATE_COUNT=`echo "$TEMPLATEPKGLIST" | wc -w` + NOTIFY_UPDATE_COUNT=`cat /var/run/qubes/template_update_last_notify_count 2> /dev/null` + if [ "$NOTIFY_UPDATE_COUNT" != "$TEMPLATE_UPDATE_COUNT" ]; then + echo -n $TEMPLATE_UPDATE_COUNT > /var/run/qubes/template_update_last_notify_count + NOTIFY_PID=`cat /var/run/qubes/template_update_notify.pid 2> /dev/null` + if [ -z "$NOTIFY_PID" ] || ! kill -0 $NOTIFY_PID; then + NOTIFY_TITLE="Template update" + NOTIFY_TEXT="There are $TEMPLATE_UPDATE_COUNT updates available for TemplateVM" + NOTIFY_INFO="$NOTIFY_TEXT. Start TemplateVM to update it." + ( zenity --notification --text "$NOTIFY_TEXT"; zenity --warning --title "$NOTIFY_TITLE" --text "$NOTIFY_INFO") & + echo $! > /var/run/qubes/template_update_notify.pid + fi + fi +fi + +echo "Checking for dom0 updates..." PKGLIST=`yum --installroot $DOM0_UPDATES_DIR check-update -q | cut -f 1 -d ' '` if [ -z $PKGLIST ]; then diff --git a/dom0/aux-tools/unbind_all_network_devices b/dom0/aux-tools/unbind_all_network_devices index cea737b1..fd589ab4 100755 --- a/dom0/aux-tools/unbind_all_network_devices +++ b/dom0/aux-tools/unbind_all_network_devices @@ -53,12 +53,10 @@ def main(): if options.verbose: print "Loading Xen PCI Backend..." - retcode = subprocess.call (["/sbin/modprobe", "xen-pciback"]) + retcode = subprocess.call (["/sbin/modprobe", "pciback"]) if retcode != 0: - retcode = subprocess.call (["/sbin/modprobe", "pciback"]) - if retcode != 0: - print "ERROR: Cannot load xen-pciback module!" - exit(1) + print "ERROR: Cannot load the pciback module!" + exit(1) if options.verbose: print "Unbinding the following net devices:" diff --git a/dom0/init.d/qubes_core b/dom0/init.d/qubes_core index 24033469..b93a7571 100755 --- a/dom0/init.d/qubes_core +++ b/dom0/init.d/qubes_core @@ -23,8 +23,6 @@ start() modprobe evtchn chgrp qubes /etc/xen chmod 710 /etc/xen - chgrp qubes /var/run/xend - chmod 710 /var/run/xend chgrp qubes /var/run/xenstored/* chmod 660 /var/run/xenstored/* chgrp qubes /var/lib/xen diff --git a/dom0/init.d/qubes_netvm b/dom0/init.d/qubes_netvm index c27aad63..3a14411e 100755 --- a/dom0/init.d/qubes_netvm +++ b/dom0/init.d/qubes_netvm @@ -38,13 +38,6 @@ start() echo WARNING: Qubes NetVM not configured! echo -n $"Doing nothing:" - elif [ $NETVM = "dom0" ] ; then - - echo -n $"Setting up net backend in Dom0:" - echo "NS1=10.137.0.1" > /var/run/qubes/qubes_ns - echo "NS2=10.137.255.254" >> /var/run/qubes/qubes_ns - /usr/lib/qubes/qubes_setup_dnat_to_ns - echo "1" > /proc/sys/net/ipv4/ip_forward || exit 1 else echo -n $"Starting default NetVM:" @@ -65,9 +58,6 @@ stop() echo WARNING: Qubes NetVM not configured! echo -n $"Doing nothing:" - elif [ $NETVM = "dom0" ] ; then - - echo -n $"Stopping Qubes networking in Dom0:" else echo -n $"Stopping NetVMs:" diff --git a/dom0/misc/vm-template.conf b/dom0/misc/vm-template.conf index df138c85..e9f929e4 100644 --- a/dom0/misc/vm-template.conf +++ b/dom0/misc/vm-template.conf @@ -15,6 +15,7 @@ name = "{name}" disk = [ {rootdev} {privatedev} {volatiledev} + {otherdevs} ] vif = [ {netdev} ] diff --git a/dom0/qubes.sudoers b/dom0/qubes.sudoers index 43995f12..23086ede 100644 --- a/dom0/qubes.sudoers +++ b/dom0/qubes.sudoers @@ -27,3 +27,5 @@ # # joanna. # + +Defaults !requiretty diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 8e92b0fb..daa6802b 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -56,6 +56,7 @@ qubes_appvms_dir = qubes_base_dir + "/appvms" qubes_templates_dir = qubes_base_dir + "/vm-templates" qubes_servicevms_dir = qubes_base_dir + "/servicevms" qubes_store_filename = qubes_base_dir + "/qubes.xml" +qubes_kernels_base_dir = qubes_base_dir + "/vm-kernels" qubes_max_xid = 1024 qubes_max_qid = 254 @@ -194,7 +195,9 @@ class QubesVm(object): volatile_img = None, pcidevs = None, internal = False, - vcpus = None): + vcpus = None, + kernel = None, + uses_default_kernel = True): assert qid < qubes_max_qid, "VM id out of bounds!" @@ -277,11 +280,18 @@ class QubesVm(object): else: assert self.root_img is not None, "Missing root_img for standalone VM!" + self.kernel = kernel + if template_vm is not None: self.kernels_dir = template_vm.kernels_dir + elif self.kernel is not None: + self.kernels_dir = qubes_kernels_base_dir + "/" + self.kernel else: + # for backward compatibility (or another rare case): kernel=None -> kernel in VM dir self.kernels_dir = self.dir_path + "/" + default_kernels_subdir + self.uses_default_kernel = uses_default_kernel + if updateable: self.appmenus_templates_dir = self.dir_path + "/" + default_appmenus_templates_subdir @@ -644,6 +654,7 @@ class QubesVm(object): args['rootdev'] = self.get_rootdev(source_template=source_template) args['privatedev'] = "'script:file:{dir}/private.img,xvdb,w',".format(dir=self.dir_path) args['volatiledev'] = "'script:file:{dir}/volatile.img,xvdc,w',".format(dir=self.dir_path) + args['otherdevs'] = "'script:file:{dir}/modules.img,xvdd,r',".format(dir=self.kernels_dir) args['kernelopts'] = '' return args @@ -708,15 +719,8 @@ class QubesVm(object): raise IOError ("Error while copying {0} to {1}".\ format(template_root, self.root_img)) - kernels_dir = self.dir_path + '/' + default_kernels_subdir - if verbose: - print "--> Copying the template's kernel dir: {0}".\ - format(source_template.kernels_dir) - shutil.copytree (source_template.kernels_dir, kernels_dir) - - # Create volatile.img - self.reset_volatile_storage(source_template = source_template) + self.reset_volatile_storage(source_template = source_template, verbose=verbose) def create_appmenus(self, verbose, source_template = None): if source_template is None: @@ -749,9 +753,24 @@ class QubesVm(object): raise QubesException ( "VM private image file doesn't exist: {0}".\ format(self.private_img)) + + if not os.path.exists (self.kernels_dir + '/vmlinuz'): + raise QubesException ( + "VM kernel does not exists: {0}".\ + format(self.kernels_dir + '/vmlinuz')) + + if not os.path.exists (self.kernels_dir + '/initramfs'): + raise QubesException ( + "VM initramfs does not exists: {0}".\ + format(self.kernels_dir + '/initramfs')) + + if not os.path.exists (self.kernels_dir + '/modules.img'): + raise QubesException ( + "VM kernel modules image does not exists: {0}".\ + format(self.kernels_dir + '/modules.img')) return True - def reset_volatile_storage(self, source_template = None): + def reset_volatile_storage(self, source_template = None, verbose = False): assert not self.is_running(), "Attempt to clean volatile image of running VM!" if source_template is None: @@ -761,7 +780,8 @@ class QubesVm(object): if source_template is None: return - print "--> Cleaning volatile image: {0}...".format (self.volatile_img) + if verbose: + print "--> Cleaning volatile image: {0}...".format (self.volatile_img) if dry_run: return if os.path.exists (self.volatile_img): @@ -878,7 +898,7 @@ class QubesVm(object): print "--> Starting NetVM {0}...".format(self.netvm_vm.name) self.netvm_vm.start() - self.reset_volatile_storage() + self.reset_volatile_storage(verbose=verbose) if verbose: print "--> Loading the VM (type = {0})...".format(self.type) @@ -986,6 +1006,8 @@ class QubesVm(object): attrs["pcidevs"] = str(self.pcidevs) attrs["vcpus"] = str(self.vcpus) attrs["internal"] = str(self.internal) + attrs["uses_default_kernel"] = str(self.uses_default_kernel) + attrs["kernel"] = str(self.kernel) return attrs def create_xml_element(self): @@ -1020,7 +1042,7 @@ class QubesTemplateVm(QubesVm): # Clean image for root-cow and swap (AppVM side) self.clean_volatile_img = self.dir_path + "/" + default_clean_volatile_img - + # Image for template changes self.rootcow_img = self.dir_path + "/" + default_rootcow_img @@ -1097,11 +1119,6 @@ class QubesTemplateVm(QubesVm): if retcode != 0: raise IOError ("Error while copying {0} to {1}".\ format(self.clean_volatile_img, self.volatile_img)) - if verbose: - print "--> Copying the template's kernel dir:\n{0} ==>\n{1}".\ - format(src_template_vm.kernels_dir, self.kernels_dir) - shutil.copytree (src_template_vm.kernels_dir, self.kernels_dir) - if verbose: print "--> Copying the template's appmenus templates dir:\n{0} ==>\n{1}".\ format(src_template_vm.appmenus_templates_dir, self.appmenus_templates_dir) @@ -1118,7 +1135,7 @@ class QubesTemplateVm(QubesVm): os.symlink (icon_path, self.icon_path) # Create root-cow.img - self.commit_changes() + self.commit_changes(verbose=verbose) # Create appmenus self.create_appmenus(verbose, source_template = src_template_vm) @@ -1184,7 +1201,7 @@ class QubesTemplateVm(QubesVm): if dry_run: return - self.reset_volatile_storage() + self.reset_volatile_storage(verbose=verbose) if not self.is_updateable(): raise QubesException ("Cannot start Template VM that is marked \"nonupdatable\"") @@ -1193,10 +1210,11 @@ class QubesTemplateVm(QubesVm): return super(QubesTemplateVm, self).start(debug_console=debug_console, verbose=verbose) - def reset_volatile_storage(self): + def reset_volatile_storage(self, verbose = False): assert not self.is_running(), "Attempt to clean volatile image of running Template VM!" - print "--> Cleaning volatile image: {0}...".format (self.volatile_img) + if verbose: + print "--> Cleaning volatile image: {0}...".format (self.volatile_img) if dry_run: return if os.path.exists (self.volatile_img): @@ -1207,11 +1225,12 @@ class QubesTemplateVm(QubesVm): raise IOError ("Error while unpacking {0} to {1}".\ format(self.template_vm.clean_volatile_img, self.volatile_img)) - def commit_changes (self): + def commit_changes (self, verbose = False): assert not self.is_running(), "Attempt to commit changes on running Template VM!" - print "--> Commiting template updates... COW: {0}...".format (self.rootcow_img) + if verbose: + print "--> Commiting template updates... COW: {0}...".format (self.rootcow_img) if dry_run: return @@ -1647,6 +1666,8 @@ class QubesVmCollection(dict): dir_path=dir_path, conf_file=conf_file, private_img=private_img, netvm_vm = self.get_default_netvm_vm(), + kernel = self.get_default_kernel(), + uses_default_kernel = True, updateable=updateable, label=label) @@ -1678,7 +1699,9 @@ class QubesVmCollection(dict): dir_path=dir_path, conf_file=conf_file, root_img=root_img, private_img=private_img, installed_by_rpm=installed_by_rpm, - netvm_vm = self.get_default_netvm_vm()) + netvm_vm = self.get_default_netvm_vm(), + kernel = self.get_default_kernel(), + uses_default_kernel = True) if not self.verify_new_vm (vm): assert False, "Wrong VM description!" @@ -1709,6 +1732,8 @@ class QubesVmCollection(dict): netid=netid, label=label, private_img=private_img, installed_by_rpm=installed_by_rpm, updateable=updateable, + kernel = self.get_default_kernel(), + uses_default_kernel = True, dir_path=dir_path, conf_file=conf_file) if not self.verify_new_vm (vm): @@ -1732,6 +1757,8 @@ class QubesVmCollection(dict): private_img=private_img, installed_by_rpm=installed_by_rpm, dir_path=dir_path, conf_file=conf_file, updateable=updateable, + kernel = self.get_default_kernel(), + uses_default_kernel = True, netvm_vm = self.get_default_fw_netvm_vm()) if not self.verify_new_vm (vm): @@ -1766,6 +1793,13 @@ class QubesVmCollection(dict): else: return self[self.default_netvm_qid] + def set_default_kernel(self, kernel): + assert os.path.exists(qubes_kernels_base_dir + '/' + kernel), "Kerel {0} not installed!".format(kernel) + self.default_kernel = kernel + + def get_default_kernel(self): + return self.default_kernel + def set_default_fw_netvm_vm(self, vm): assert vm.is_netvm(), "VM {0} does not provide network!".format(vm.name) self.default_fw_netvm_qid = vm.qid @@ -1891,7 +1925,10 @@ class QubesVmCollection(dict): if self.default_fw_netvm_qid is not None else "None", updatevm=str(self.updatevm_qid) \ - if self.updatevm_qid is not None else "None" + if self.updatevm_qid is not None else "None", + + default_kernel=str(self.default_kernel) \ + if self.default_kernel is not None else "None", ) for vm in self.values(): @@ -1919,7 +1956,7 @@ class QubesVmCollection(dict): "private_img", "root_img", "template_qid", "installed_by_rpm", "updateable", "internal", "uses_default_netvm", "label", "memory", "vcpus", "pcidevs", - "maxmem" ) + "maxmem", "kernel", "uses_default_kernel" ) for attribute in common_attr_list: kwargs[attribute] = element.get(attribute) @@ -1953,6 +1990,20 @@ class QubesVmCollection(dict): else: kwargs["label"] = QubesVmLabels[kwargs["label"]] + if "kernel" in kwargs and kwargs["kernel"] == "None": + kwargs["kernel"] = None + if "uses_default_kernel" in kwargs: + kwargs["uses_default_kernel"] = True if kwargs["uses_default_kernel"] == "True" else False + else: + # For backward compatibility + kwargs["uses_default_kernel"] = False + if kwargs["uses_default_kernel"]: + kwargs["kernel"] = self.get_default_kernel() + else: + if "kernel" in kwargs and kwargs["kernel"]=="None": + kwargs["kernel"]=None + # for other cases - generic assigment is ok + return kwargs def set_netvm_dependency(self, element): @@ -2027,6 +2078,7 @@ class QubesVmCollection(dict): if updatevm != "None" else None #assert self.default_netvm_qid is not None + self.default_kernel = element.get("default_kernel") # Then, read in the TemplateVMs, because a reference to template VM # is needed to create each AppVM diff --git a/dom0/qvm-tools/qvm-prefs b/dom0/qvm-tools/qvm-prefs index c190cbb0..21a01dff 100755 --- a/dom0/qvm-tools/qvm-prefs +++ b/dom0/qvm-tools/qvm-prefs @@ -22,8 +22,10 @@ from qubes.qubes import QubesVmCollection from qubes.qubes import QubesVmLabels +from qubes.qubes import qubes_kernels_base_dir from optparse import OptionParser import subprocess +import os def do_list(vm): label_width = 18 @@ -41,7 +43,7 @@ def do_list(vm): print fmt.format ("dir", vm.dir_path) print fmt.format ("config", vm.conf_file) print fmt.format ("pcidevs", vm.pcidevs) - if not vm.is_appvm(): + if vm.template_vm is None: print fmt.format ("root img", vm.root_img) if vm.is_template(): print fmt.format ("root COW img", vm.rootcow_img) @@ -52,6 +54,10 @@ def do_list(vm): print fmt.format ("private img", vm.private_img) print fmt.format ("memory", vm.memory) print fmt.format ("maxmem", vm.maxmem) + if vm.uses_default_kernel: + print fmt.format ("kernel", "%s (default)" % vm.kernel) + else: + print fmt.format ("kernel", vm.kernel) def set_label(vms, vm, args): @@ -168,6 +174,37 @@ def set_nonupdateable(vms, vm, args): vm.set_nonupdateable() return True +def set_kernel(vms, vm, args): + if vm.template_vm is not None: + print "Cannot set kernel for template-based VM. Set it for template instead." + return False + + if len (args) != 1: + print "Missing kernel version argument!" + print "Possible values:" + print "1) default" + print "2) none (kernels subdir in VM)" + print "3) , one of:" + for k in os.listdir(qubes_kernels_base_dir): + print " -", k + return + + kernel = args[0] + if kernel == "default": + kernel = vms.get_default_kernel() + vm.uses_default_kernel = True + elif kernel == "none": + kernel = None + vm.uses_default_kernel = False + else: + if not os.path.exists(qubes_kernels_base_dir + '/' + kernel): + print "Kernel version {0} not installed.".format(kernel) + exit(1) + vm.uses_default_kernel = False + + vm.kernel = kernel + + properties = { "updateable": set_updateable, "nonupdateable": set_nonupdateable, @@ -176,6 +213,7 @@ properties = { "netvm" : set_netvm, "maxmem" : set_maxmem, "memory" : set_memory, + "kernel" : set_kernel, } diff --git a/dom0/qvm-tools/qvm-set-default-kernel b/dom0/qvm-tools/qvm-set-default-kernel new file mode 100755 index 00000000..37f85f54 --- /dev/null +++ b/dom0/qvm-tools/qvm-set-default-kernel @@ -0,0 +1,48 @@ +#!/usr/bin/python2.6 +# +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2011 Marek Marczykowski +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# + +from qubes.qubes import QubesVmCollection, qubes_kernels_base_dir +from optparse import OptionParser; +import os + +def main(): + usage = "usage: %prog " + parser = OptionParser (usage) + (options, args) = parser.parse_args () + if (len (args) != 1): + parser.error ("Missing argument!") + kernel = args[0] + + if not os.path.exists(qubes_kernels_base_dir + "/" + kernel): + print "Kernel {0} not installed".format(kernel) + exit(1) + + qvm_collection = QubesVmCollection() + qvm_collection.lock_db_for_writing() + qvm_collection.load() + + qvm_collection.set_default_kernel(kernel) + + qvm_collection.save() + qvm_collection.unlock_db() + +main() diff --git a/dom0/qvm-tools/qvm-sync-appmenus b/dom0/qvm-tools/qvm-sync-appmenus index daa70a79..f292c2f1 100755 --- a/dom0/qvm-tools/qvm-sync-appmenus +++ b/dom0/qvm-tools/qvm-sync-appmenus @@ -33,6 +33,10 @@ from qubes.qubes import qrexec_client_path # fields required to be present (and verified) in retrieved desktop file required_fields = [ "Name", "Exec" ] +#limits +appmenus_line_size = 1024 +appmenus_line_count = 100000 + # regexps for sanitization of retrieved values std_re = re.compile(r"^[/a-zA-Z0-9.,&() -]*$") fields_regexp = { @@ -44,15 +48,32 @@ fields_regexp = { } def get_appmenus(xid): + global appmenus_line_count + global appmenus_line_size untrusted_appmenulist = [] if xid == -1: - untrusted_appmenulist = sys.stdin.readlines() + while appmenus_line_count > 0: + line = sys.stdin.readline(appmenus_line_size) + if line == "": + break; + untrusted_appmenulist.append(line.strip()) + appmenus_line_count -= 1 + if appmenus_line_count == 0: + raise QubesException("Line count limit exceeded") else: p = subprocess.Popen ([qrexec_client_path, '-d', str(xid), 'user:grep -H = /usr/share/applications/*.desktop'], stdout=subprocess.PIPE) - untrusted_appmenulist = p.communicate()[0].split('\n') + while appmenus_line_count > 0: + line = p.stdout.readline(appmenus_line_size) + if line == "": + break; + untrusted_appmenulist.append(line.strip()) + appmenus_line_count -= 1 + p.wait() if p.returncode != 0: raise QubesException("Error getting application list") + if appmenus_line_count == 0: + raise QubesException("Line count limit exceeded") row_no = 0 appmenus = {} diff --git a/dom0/restore/qfile-daemon-dvm b/dom0/restore/qfile-daemon-dvm index 837db4d4..024c7eef 100755 --- a/dom0/restore/qfile-daemon-dvm +++ b/dom0/restore/qfile-daemon-dvm @@ -127,6 +127,7 @@ def main(): notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications") qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN")) lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a') + fcntl.fcntl(lockf, fcntl.F_SETFD, fcntl.FD_CLOEXEC) fcntl.flock(lockf, fcntl.LOCK_EX) dispname = qfile.get_dvm() lockf.close() diff --git a/dom0/restore/qubes_restore.c b/dom0/restore/qubes_restore.c index 5c5693a4..0adacd6d 100644 --- a/dom0/restore/qubes_restore.c +++ b/dom0/restore/qubes_restore.c @@ -166,14 +166,14 @@ void start_guid(int domid, int argc, char **argv) { int i; char dstr[40]; - char *guid_args[argc + 2]; + char *guid_args[argc + 1]; snprintf(dstr, sizeof(dstr), "%d", domid); guid_args[0] = "qubes_guid"; guid_args[1] = "-d"; guid_args[2] = dstr; for (i = 3; i < argc; i++) - guid_args[i + 1] = argv[i]; - guid_args[argc + 1] = NULL; + guid_args[i] = argv[i]; + guid_args[argc] = NULL; execv("/usr/bin/qubes_guid", guid_args); perror("execv"); } @@ -250,7 +250,7 @@ void fill_field(FILE *conf, char *field, int dispid, int netvm_id) // val - string to replace pattern with void fix_conffile(FILE *conf, int conf_templ, int dispid, int netvm_id) { - int buflen, cur_len = 0; + int buflen = 0, cur_len = 0; char buf[4096]; char *bufpos = buf; char *pattern, *patternend; diff --git a/rpm_spec/core-commonvm.spec b/rpm_spec/core-commonvm.spec index d754c361..624c470f 100644 --- a/rpm_spec/core-commonvm.spec +++ b/rpm_spec/core-commonvm.spec @@ -86,6 +86,11 @@ mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates +install -D qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules + +mkdir -p $RPM_BUILD_ROOT/lib/firmware +ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates + %triggerin -- initscripts cp /var/lib/qubes/serial.conf /etc/init/serial.conf @@ -232,7 +237,9 @@ rm -rf $RPM_BUILD_ROOT /sbin/qubes_serial_login /usr/bin/xenstore-watch-qubes /etc/udev/rules.d/qubes_network.rules +/etc/sysconfig/modules/qubes_core.modules /usr/lib/qubes/setup_ip /etc/yum/post-actions/qubes_trigger_sync_appmenus.action /usr/lib/qubes/qubes_trigger_sync_appmenus.sh /usr/lib/qubes/qubes_download_dom0_updates.sh +/lib/firmware/updates diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 3759e4e2..e5a74469 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -115,6 +115,7 @@ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-templates mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/appvms mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/servicevms +mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-kernels mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/backup mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata @@ -176,6 +177,9 @@ echo 'lockfile="/var/run/qubes/xl-lock"' >> /etc/xen/xl.conf sed '/^reposdir=/d' -i /etc/yum.conf echo reposdir=/etc/yum.real.repos.d >> /etc/yum.conf +sed '/^installonlypkgs=/d' -i /etc/yum.conf +echo 'installonlypkgs += kernel-qubes-vm' >> /etc/yum.conf + chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" chkconfig --add qubes_netvm || echo "WARNING: Cannot add service qubes_netvm!" chkconfig --add qubes_setupdvm || echo "WARNING: Cannot add service qubes_setupdvm!" @@ -295,6 +299,7 @@ fi %attr(770,root,qubes) %dir /var/lib/qubes/backup %attr(770,root,qubes) %dir /var/lib/qubes/dvmdata %attr(770,root,qubes) %dir /var/lib/qubes/updates +%attr(770,root,qubes) %dir /var/lib/qubes/vm-kernels %dir /usr/share/qubes/icons/*.png /usr/share/qubes/qubes-vm.directory.template /usr/share/qubes/qubes-templatevm.directory.template diff --git a/version_dom0 b/version_dom0 index 266146b8..ec70f755 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.6.3 +1.6.6 diff --git a/version_vm b/version_vm index fdd3be6d..ec70f755 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.6.2 +1.6.6