Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into syncmarek

Browse Source 
Conflicts:
	dom0/init.d/qubes_core
This commit is contained in:
Rafal Wojtczuk 2011-07-04 15:28:40 +02:00
commit 60a435eb1e
21 changed files with 260 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Makefile
View File

@ -29,24 +29,26 @@ rpms-vaio-fixes:
update-repo-current: update-repo-current:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/current/vm/f13/rpm/ for vmrepo in ../yum/current-release/current/vm/* ; do \
ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current/vm/f14/rpm/ dist=$$(basename $$vmrepo) ;\
cd ../yum && ./update_repo.sh ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
done
update-repo-current-testing: update-repo-current-testing:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/current-testing/vm/f13/rpm/ for vmrepo in ../yum/current-release/current-testing/vm/* ; do \
ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current-testing/vm/f14/rpm/ dist=$$(basename $$vmrepo) ;\
cd ../yum && ./update_repo.sh ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
done
update-repo-unstable: update-repo-unstable:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/unstable/vm/f13/rpm/ for vmrepo in ../yum/current-release/unstable/vm/* ; do \
ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/unstable/vm/f14/rpm/ dist=$$(basename $$vmrepo) ;\
cd ../yum && ./update_repo.sh ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
done
update-repo-installer: update-repo-installer:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/

6
common/qubes.fc13.repo
View File

@ -1,19 +1,19 @@
[qubes-vm-current] [qubes-vm-current]
name = Qubes OS Repository for VM (updates) name = Qubes OS Repository for VM (updates)
baseurl = http://yum.qubes-os.org/r1-beta1/current/vm/f13 baseurl = http://yum.qubes-os.org/r1-beta2/current/vm/fc13
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
gpgcheck = 1 gpgcheck = 1
[qubes-vm-current-testing] [qubes-vm-current-testing]
name = Qubes OS Repository for VM (updates-testing) name = Qubes OS Repository for VM (updates-testing)
baseurl = http://yum.qubes-os.org/r1-beta1/current-testing/vm/f13 baseurl = http://yum.qubes-os.org/r1-beta2/current-testing/vm/fc13
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
gpgcheck = 1 gpgcheck = 1
enabled=0 enabled=0
[qubes-vm-unstable] [qubes-vm-unstable]
name = Qubes OS Repository for VM (unstable) name = Qubes OS Repository for VM (unstable)
baseurl = http://yum.qubes-os.org/r1-beta1/unstable/vm/f13 baseurl = http://yum.qubes-os.org/r1-beta2/unstable/vm/fc13
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
gpgcheck = 1 gpgcheck = 1
enabled=0 enabled=0

6
common/qubes.fc14.repo
View File

@ -1,19 +1,19 @@
[qubes-vm-current] [qubes-vm-current]
name = Qubes OS Repository for VM (updates) name = Qubes OS Repository for VM (updates)
baseurl = http://yum.qubes-os.org/r1-beta1/current/vm/f14 baseurl = http://yum.qubes-os.org/r1-beta2/current/vm/fc14
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
gpgcheck = 1 gpgcheck = 1
[qubes-vm-current-testing] [qubes-vm-current-testing]
name = Qubes OS Repository for VM (updates-testing) name = Qubes OS Repository for VM (updates-testing)
baseurl = http://yum.qubes-os.org/r1-beta1/current-testing/vm/f14 baseurl = http://yum.qubes-os.org/r1-beta2/current-testing/vm/fc14
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
gpgcheck = 1 gpgcheck = 1
enabled=0 enabled=0
[qubes-vm-unstable] [qubes-vm-unstable]
name = Qubes OS Repository for VM (unstable) name = Qubes OS Repository for VM (unstable)
baseurl = http://yum.qubes-os.org/r1-beta1/unstable/vm/f14 baseurl = http://yum.qubes-os.org/r1-beta2/unstable/vm/fc14
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
gpgcheck = 1 gpgcheck = 1
enabled=0 enabled=0

20
common/qubes_core
View File

@ -15,8 +15,8 @@ start()
exit 1 exit 1
fi fi
# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read
chmod 666 /proc/xen/xenbus chmod 666 /proc/xen/xenbus
name=$(/usr/bin/xenstore-read name) name=$(/usr/bin/xenstore-read name)
if ! [ -f /etc/this_is_dvm ] ; then if ! [ -f /etc/this_is_dvm ] ; then
@ -26,17 +26,6 @@ start()
hostname $name hostname $name
fi fi
ip=$(/usr/bin/xenstore-read qubes_ip)
netmask=$(/usr/bin/xenstore-read qubes_netmask)
gateway=$(/usr/bin/xenstore-read qubes_gateway)
secondary_dns=$(/usr/bin/xenstore-read qubes_secondary_dns)
if [ x$ip != x ]; then
/sbin/ifconfig eth0 $ip netmask 255.255.255.255 up
/sbin/route add default dev eth0
echo "nameserver $gateway" > /etc/resolv.conf
echo "nameserver $secondary_dns" >> /etc/resolv.conf
fi
if [ -e /dev/xvdb ] ; then if [ -e /dev/xvdb ] ; then
mount /rw mount /rw
@ -71,6 +60,11 @@ start()
success success
echo "" echo ""
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" == "ProxyVM" ]; then
/sbin/service ntpd start
fi
return 0 return 0
} }

1
common/qubes_core.modules Executable file
View File

@ -0,0 +1 @@
modprobe xen-evtchn || modprobe evtchn

21
common/qubes_download_dom0_updates.sh
View File

@ -21,7 +21,26 @@ fi
mkdir -p $DOM0_UPDATES_DIR/etc mkdir -p $DOM0_UPDATES_DIR/etc
cp /etc/yum.conf $DOM0_UPDATES_DIR/etc/ cp /etc/yum.conf $DOM0_UPDATES_DIR/etc/
echo "Checking for updates..." # check also for template updates
echo "Checking for template updates..."
TEMPLATEPKGLIST=`yum check-update -q | cut -f 1 -d ' '`
if [ -n "$TEMPLATEPKGLIST" ] && [ "$GUI" = 1 ]; then
TEMPLATE_UPDATE_COUNT=`echo "$TEMPLATEPKGLIST" | wc -w`
NOTIFY_UPDATE_COUNT=`cat /var/run/qubes/template_update_last_notify_count 2> /dev/null`
if [ "$NOTIFY_UPDATE_COUNT" != "$TEMPLATE_UPDATE_COUNT" ]; then
echo -n $TEMPLATE_UPDATE_COUNT > /var/run/qubes/template_update_last_notify_count
NOTIFY_PID=`cat /var/run/qubes/template_update_notify.pid 2> /dev/null`
if [ -z "$NOTIFY_PID" ] || ! kill -0 $NOTIFY_PID; then
NOTIFY_TITLE="Template update"
NOTIFY_TEXT="There are $TEMPLATE_UPDATE_COUNT updates available for TemplateVM"
NOTIFY_INFO="$NOTIFY_TEXT. Start TemplateVM to update it."
( zenity --notification --text "$NOTIFY_TEXT"; zenity --warning --title "$NOTIFY_TITLE" --text "$NOTIFY_INFO") &
echo $! > /var/run/qubes/template_update_notify.pid
fi
fi
fi
echo "Checking for dom0 updates..."
PKGLIST=`yum --installroot $DOM0_UPDATES_DIR check-update -q | cut -f 1 -d ' '` PKGLIST=`yum --installroot $DOM0_UPDATES_DIR check-update -q | cut -f 1 -d ' '`
if [ -z $PKGLIST ]; then if [ -z $PKGLIST ]; then

8
dom0/aux-tools/unbind_all_network_devices
View File

@ -53,12 +53,10 @@ def main():
if options.verbose: if options.verbose:
print "Loading Xen PCI Backend..." print "Loading Xen PCI Backend..."
retcode = subprocess.call (["/sbin/modprobe", "xen-pciback"]) retcode = subprocess.call (["/sbin/modprobe", "pciback"])
if retcode != 0: if retcode != 0:
retcode = subprocess.call (["/sbin/modprobe", "pciback"]) print "ERROR: Cannot load the pciback module!"
if retcode != 0: exit(1)
print "ERROR: Cannot load xen-pciback module!"
exit(1)
if options.verbose: if options.verbose:
print "Unbinding the following net devices:" print "Unbinding the following net devices:"

2
dom0/init.d/qubes_core
View File

@ -23,8 +23,6 @@ start()
modprobe evtchn modprobe evtchn
chgrp qubes /etc/xen chgrp qubes /etc/xen
chmod 710 /etc/xen chmod 710 /etc/xen
chgrp qubes /var/run/xend
chmod 710 /var/run/xend
chgrp qubes /var/run/xenstored/* chgrp qubes /var/run/xenstored/*
chmod 660 /var/run/xenstored/* chmod 660 /var/run/xenstored/*
chgrp qubes /var/lib/xen chgrp qubes /var/lib/xen

10
dom0/init.d/qubes_netvm
View File

@ -38,13 +38,6 @@ start()
echo WARNING: Qubes NetVM not configured! echo WARNING: Qubes NetVM not configured!
echo -n $"Doing nothing:" echo -n $"Doing nothing:"
elif [ $NETVM = "dom0" ] ; then
echo -n $"Setting up net backend in Dom0:"
echo "NS1=10.137.0.1" > /var/run/qubes/qubes_ns
echo "NS2=10.137.255.254" >> /var/run/qubes/qubes_ns
/usr/lib/qubes/qubes_setup_dnat_to_ns
echo "1" > /proc/sys/net/ipv4/ip_forward || exit 1
else else
echo -n $"Starting default NetVM:" echo -n $"Starting default NetVM:"
@ -65,9 +58,6 @@ stop()
echo WARNING: Qubes NetVM not configured! echo WARNING: Qubes NetVM not configured!
echo -n $"Doing nothing:" echo -n $"Doing nothing:"
elif [ $NETVM = "dom0" ] ; then
echo -n $"Stopping Qubes networking in Dom0:"
else else
echo -n $"Stopping NetVMs:" echo -n $"Stopping NetVMs:"

1
dom0/misc/vm-template.conf
View File

@ -15,6 +15,7 @@ name = "{name}"
disk = [ {rootdev} disk = [ {rootdev}
{privatedev} {privatedev}
{volatiledev} {volatiledev}
{otherdevs}
] ]
vif = [ {netdev} ] vif = [ {netdev} ]

2
dom0/qubes.sudoers
View File

@ -27,3 +27,5 @@
# #
# joanna. # joanna.
# #
Defaults !requiretty

106
dom0/qvm-core/qubes.py
View File

@ -56,6 +56,7 @@ qubes_appvms_dir = qubes_base_dir + "/appvms"
qubes_templates_dir = qubes_base_dir + "/vm-templates" qubes_templates_dir = qubes_base_dir + "/vm-templates"
qubes_servicevms_dir = qubes_base_dir + "/servicevms" qubes_servicevms_dir = qubes_base_dir + "/servicevms"
qubes_store_filename = qubes_base_dir + "/qubes.xml" qubes_store_filename = qubes_base_dir + "/qubes.xml"
qubes_kernels_base_dir = qubes_base_dir + "/vm-kernels"
qubes_max_xid = 1024 qubes_max_xid = 1024
qubes_max_qid = 254 qubes_max_qid = 254
@ -194,7 +195,9 @@ class QubesVm(object):
volatile_img = None, volatile_img = None,
pcidevs = None, pcidevs = None,
internal = False, internal = False,
vcpus = None): vcpus = None,
kernel = None,
uses_default_kernel = True):
assert qid < qubes_max_qid, "VM id out of bounds!" assert qid < qubes_max_qid, "VM id out of bounds!"
@ -277,11 +280,18 @@ class QubesVm(object):
else: else:
assert self.root_img is not None, "Missing root_img for standalone VM!" assert self.root_img is not None, "Missing root_img for standalone VM!"
self.kernel = kernel
if template_vm is not None: if template_vm is not None:
self.kernels_dir = template_vm.kernels_dir self.kernels_dir = template_vm.kernels_dir
elif self.kernel is not None:
self.kernels_dir = qubes_kernels_base_dir + "/" + self.kernel
else: else:
# for backward compatibility (or another rare case): kernel=None -> kernel in VM dir
self.kernels_dir = self.dir_path + "/" + default_kernels_subdir self.kernels_dir = self.dir_path + "/" + default_kernels_subdir
self.uses_default_kernel = uses_default_kernel
if updateable: if updateable:
self.appmenus_templates_dir = self.dir_path + "/" + default_appmenus_templates_subdir self.appmenus_templates_dir = self.dir_path + "/" + default_appmenus_templates_subdir
@ -644,6 +654,7 @@ class QubesVm(object):
args['rootdev'] = self.get_rootdev(source_template=source_template) args['rootdev'] = self.get_rootdev(source_template=source_template)
args['privatedev'] = "'script:file:{dir}/private.img,xvdb,w',".format(dir=self.dir_path) args['privatedev'] = "'script:file:{dir}/private.img,xvdb,w',".format(dir=self.dir_path)
args['volatiledev'] = "'script:file:{dir}/volatile.img,xvdc,w',".format(dir=self.dir_path) args['volatiledev'] = "'script:file:{dir}/volatile.img,xvdc,w',".format(dir=self.dir_path)
args['otherdevs'] = "'script:file:{dir}/modules.img,xvdd,r',".format(dir=self.kernels_dir)
args['kernelopts'] = '' args['kernelopts'] = ''
return args return args
@ -708,15 +719,8 @@ class QubesVm(object):
raise IOError ("Error while copying {0} to {1}".\ raise IOError ("Error while copying {0} to {1}".\
format(template_root, self.root_img)) format(template_root, self.root_img))
kernels_dir = self.dir_path + '/' + default_kernels_subdir
if verbose:
print "--> Copying the template's kernel dir: {0}".\
format(source_template.kernels_dir)
shutil.copytree (source_template.kernels_dir, kernels_dir)
# Create volatile.img # Create volatile.img
self.reset_volatile_storage(source_template = source_template) self.reset_volatile_storage(source_template = source_template, verbose=verbose)
def create_appmenus(self, verbose, source_template = None): def create_appmenus(self, verbose, source_template = None):
if source_template is None: if source_template is None:
@ -749,9 +753,24 @@ class QubesVm(object):
raise QubesException ( raise QubesException (
"VM private image file doesn't exist: {0}".\ "VM private image file doesn't exist: {0}".\
format(self.private_img)) format(self.private_img))
if not os.path.exists (self.kernels_dir + '/vmlinuz'):
raise QubesException (
"VM kernel does not exists: {0}".\
format(self.kernels_dir + '/vmlinuz'))
if not os.path.exists (self.kernels_dir + '/initramfs'):
raise QubesException (
"VM initramfs does not exists: {0}".\
format(self.kernels_dir + '/initramfs'))
if not os.path.exists (self.kernels_dir + '/modules.img'):
raise QubesException (
"VM kernel modules image does not exists: {0}".\
format(self.kernels_dir + '/modules.img'))
return True return True
def reset_volatile_storage(self, source_template = None): def reset_volatile_storage(self, source_template = None, verbose = False):
assert not self.is_running(), "Attempt to clean volatile image of running VM!" assert not self.is_running(), "Attempt to clean volatile image of running VM!"
if source_template is None: if source_template is None:
@ -761,7 +780,8 @@ class QubesVm(object):
if source_template is None: if source_template is None:
return return
print "--> Cleaning volatile image: {0}...".format (self.volatile_img) if verbose:
print "--> Cleaning volatile image: {0}...".format (self.volatile_img)
if dry_run: if dry_run:
return return
if os.path.exists (self.volatile_img): if os.path.exists (self.volatile_img):
@ -878,7 +898,7 @@ class QubesVm(object):
print "--> Starting NetVM {0}...".format(self.netvm_vm.name) print "--> Starting NetVM {0}...".format(self.netvm_vm.name)
self.netvm_vm.start() self.netvm_vm.start()
self.reset_volatile_storage() self.reset_volatile_storage(verbose=verbose)
if verbose: if verbose:
print "--> Loading the VM (type = {0})...".format(self.type) print "--> Loading the VM (type = {0})...".format(self.type)
@ -986,6 +1006,8 @@ class QubesVm(object):
attrs["pcidevs"] = str(self.pcidevs) attrs["pcidevs"] = str(self.pcidevs)
attrs["vcpus"] = str(self.vcpus) attrs["vcpus"] = str(self.vcpus)
attrs["internal"] = str(self.internal) attrs["internal"] = str(self.internal)
attrs["uses_default_kernel"] = str(self.uses_default_kernel)
attrs["kernel"] = str(self.kernel)
return attrs return attrs
def create_xml_element(self): def create_xml_element(self):
@ -1020,7 +1042,7 @@ class QubesTemplateVm(QubesVm):
# Clean image for root-cow and swap (AppVM side) # Clean image for root-cow and swap (AppVM side)
self.clean_volatile_img = self.dir_path + "/" + default_clean_volatile_img self.clean_volatile_img = self.dir_path + "/" + default_clean_volatile_img
# Image for template changes # Image for template changes
self.rootcow_img = self.dir_path + "/" + default_rootcow_img self.rootcow_img = self.dir_path + "/" + default_rootcow_img
@ -1097,11 +1119,6 @@ class QubesTemplateVm(QubesVm):
if retcode != 0: if retcode != 0:
raise IOError ("Error while copying {0} to {1}".\ raise IOError ("Error while copying {0} to {1}".\
format(self.clean_volatile_img, self.volatile_img)) format(self.clean_volatile_img, self.volatile_img))
if verbose:
print "--> Copying the template's kernel dir:\n{0} ==>\n{1}".\
format(src_template_vm.kernels_dir, self.kernels_dir)
shutil.copytree (src_template_vm.kernels_dir, self.kernels_dir)
if verbose: if verbose:
print "--> Copying the template's appmenus templates dir:\n{0} ==>\n{1}".\ print "--> Copying the template's appmenus templates dir:\n{0} ==>\n{1}".\
format(src_template_vm.appmenus_templates_dir, self.appmenus_templates_dir) format(src_template_vm.appmenus_templates_dir, self.appmenus_templates_dir)
@ -1118,7 +1135,7 @@ class QubesTemplateVm(QubesVm):
os.symlink (icon_path, self.icon_path) os.symlink (icon_path, self.icon_path)
# Create root-cow.img # Create root-cow.img
self.commit_changes() self.commit_changes(verbose=verbose)
# Create appmenus # Create appmenus
self.create_appmenus(verbose, source_template = src_template_vm) self.create_appmenus(verbose, source_template = src_template_vm)
@ -1184,7 +1201,7 @@ class QubesTemplateVm(QubesVm):
if dry_run: if dry_run:
return return
self.reset_volatile_storage() self.reset_volatile_storage(verbose=verbose)
if not self.is_updateable(): if not self.is_updateable():
raise QubesException ("Cannot start Template VM that is marked \"nonupdatable\"") raise QubesException ("Cannot start Template VM that is marked \"nonupdatable\"")
@ -1193,10 +1210,11 @@ class QubesTemplateVm(QubesVm):
return super(QubesTemplateVm, self).start(debug_console=debug_console, verbose=verbose) return super(QubesTemplateVm, self).start(debug_console=debug_console, verbose=verbose)
def reset_volatile_storage(self): def reset_volatile_storage(self, verbose = False):
assert not self.is_running(), "Attempt to clean volatile image of running Template VM!" assert not self.is_running(), "Attempt to clean volatile image of running Template VM!"
print "--> Cleaning volatile image: {0}...".format (self.volatile_img) if verbose:
print "--> Cleaning volatile image: {0}...".format (self.volatile_img)
if dry_run: if dry_run:
return return
if os.path.exists (self.volatile_img): if os.path.exists (self.volatile_img):
@ -1207,11 +1225,12 @@ class QubesTemplateVm(QubesVm):
raise IOError ("Error while unpacking {0} to {1}".\ raise IOError ("Error while unpacking {0} to {1}".\
format(self.template_vm.clean_volatile_img, self.volatile_img)) format(self.template_vm.clean_volatile_img, self.volatile_img))
def commit_changes (self): def commit_changes (self, verbose = False):
assert not self.is_running(), "Attempt to commit changes on running Template VM!" assert not self.is_running(), "Attempt to commit changes on running Template VM!"
print "--> Commiting template updates... COW: {0}...".format (self.rootcow_img) if verbose:
print "--> Commiting template updates... COW: {0}...".format (self.rootcow_img)
if dry_run: if dry_run:
return return
@ -1647,6 +1666,8 @@ class QubesVmCollection(dict):
dir_path=dir_path, conf_file=conf_file, dir_path=dir_path, conf_file=conf_file,
private_img=private_img, private_img=private_img,
netvm_vm = self.get_default_netvm_vm(), netvm_vm = self.get_default_netvm_vm(),
kernel = self.get_default_kernel(),
uses_default_kernel = True,
updateable=updateable, updateable=updateable,
label=label) label=label)
@ -1678,7 +1699,9 @@ class QubesVmCollection(dict):
dir_path=dir_path, conf_file=conf_file, dir_path=dir_path, conf_file=conf_file,
root_img=root_img, private_img=private_img, root_img=root_img, private_img=private_img,
installed_by_rpm=installed_by_rpm, installed_by_rpm=installed_by_rpm,
netvm_vm = self.get_default_netvm_vm()) netvm_vm = self.get_default_netvm_vm(),
kernel = self.get_default_kernel(),
uses_default_kernel = True)
if not self.verify_new_vm (vm): if not self.verify_new_vm (vm):
assert False, "Wrong VM description!" assert False, "Wrong VM description!"
@ -1709,6 +1732,8 @@ class QubesVmCollection(dict):
netid=netid, label=label, netid=netid, label=label,
private_img=private_img, installed_by_rpm=installed_by_rpm, private_img=private_img, installed_by_rpm=installed_by_rpm,
updateable=updateable, updateable=updateable,
kernel = self.get_default_kernel(),
uses_default_kernel = True,
dir_path=dir_path, conf_file=conf_file) dir_path=dir_path, conf_file=conf_file)
if not self.verify_new_vm (vm): if not self.verify_new_vm (vm):
@ -1732,6 +1757,8 @@ class QubesVmCollection(dict):
private_img=private_img, installed_by_rpm=installed_by_rpm, private_img=private_img, installed_by_rpm=installed_by_rpm,
dir_path=dir_path, conf_file=conf_file, dir_path=dir_path, conf_file=conf_file,
updateable=updateable, updateable=updateable,
kernel = self.get_default_kernel(),
uses_default_kernel = True,
netvm_vm = self.get_default_fw_netvm_vm()) netvm_vm = self.get_default_fw_netvm_vm())
if not self.verify_new_vm (vm): if not self.verify_new_vm (vm):
@ -1766,6 +1793,13 @@ class QubesVmCollection(dict):
else: else:
return self[self.default_netvm_qid] return self[self.default_netvm_qid]
def set_default_kernel(self, kernel):
assert os.path.exists(qubes_kernels_base_dir + '/' + kernel), "Kerel {0} not installed!".format(kernel)
self.default_kernel = kernel
def get_default_kernel(self):
return self.default_kernel
def set_default_fw_netvm_vm(self, vm): def set_default_fw_netvm_vm(self, vm):
assert vm.is_netvm(), "VM {0} does not provide network!".format(vm.name) assert vm.is_netvm(), "VM {0} does not provide network!".format(vm.name)
self.default_fw_netvm_qid = vm.qid self.default_fw_netvm_qid = vm.qid
@ -1891,7 +1925,10 @@ class QubesVmCollection(dict):
if self.default_fw_netvm_qid is not None else "None", if self.default_fw_netvm_qid is not None else "None",
updatevm=str(self.updatevm_qid) \ updatevm=str(self.updatevm_qid) \
if self.updatevm_qid is not None else "None" if self.updatevm_qid is not None else "None",
default_kernel=str(self.default_kernel) \
if self.default_kernel is not None else "None",
) )
for vm in self.values(): for vm in self.values():
@ -1919,7 +1956,7 @@ class QubesVmCollection(dict):
"private_img", "root_img", "template_qid", "private_img", "root_img", "template_qid",
"installed_by_rpm", "updateable", "internal", "installed_by_rpm", "updateable", "internal",
"uses_default_netvm", "label", "memory", "vcpus", "pcidevs", "uses_default_netvm", "label", "memory", "vcpus", "pcidevs",
"maxmem" ) "maxmem", "kernel", "uses_default_kernel" )
for attribute in common_attr_list: for attribute in common_attr_list:
kwargs[attribute] = element.get(attribute) kwargs[attribute] = element.get(attribute)
@ -1953,6 +1990,20 @@ class QubesVmCollection(dict):
else: else:
kwargs["label"] = QubesVmLabels[kwargs["label"]] kwargs["label"] = QubesVmLabels[kwargs["label"]]
if "kernel" in kwargs and kwargs["kernel"] == "None":
kwargs["kernel"] = None
if "uses_default_kernel" in kwargs:
kwargs["uses_default_kernel"] = True if kwargs["uses_default_kernel"] == "True" else False
else:
# For backward compatibility
kwargs["uses_default_kernel"] = False
if kwargs["uses_default_kernel"]:
kwargs["kernel"] = self.get_default_kernel()
else:
if "kernel" in kwargs and kwargs["kernel"]=="None":
kwargs["kernel"]=None
# for other cases - generic assigment is ok
return kwargs return kwargs
def set_netvm_dependency(self, element): def set_netvm_dependency(self, element):
@ -2027,6 +2078,7 @@ class QubesVmCollection(dict):
if updatevm != "None" else None if updatevm != "None" else None
#assert self.default_netvm_qid is not None #assert self.default_netvm_qid is not None
self.default_kernel = element.get("default_kernel")
# Then, read in the TemplateVMs, because a reference to template VM # Then, read in the TemplateVMs, because a reference to template VM
# is needed to create each AppVM # is needed to create each AppVM

40
dom0/qvm-tools/qvm-prefs
View File

@ -22,8 +22,10 @@
from qubes.qubes import QubesVmCollection from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesVmLabels from qubes.qubes import QubesVmLabels
from qubes.qubes import qubes_kernels_base_dir
from optparse import OptionParser from optparse import OptionParser
import subprocess import subprocess
import os
def do_list(vm): def do_list(vm):
label_width = 18 label_width = 18
@ -41,7 +43,7 @@ def do_list(vm):
print fmt.format ("dir", vm.dir_path) print fmt.format ("dir", vm.dir_path)
print fmt.format ("config", vm.conf_file) print fmt.format ("config", vm.conf_file)
print fmt.format ("pcidevs", vm.pcidevs) print fmt.format ("pcidevs", vm.pcidevs)
if not vm.is_appvm(): if vm.template_vm is None:
print fmt.format ("root img", vm.root_img) print fmt.format ("root img", vm.root_img)
if vm.is_template(): if vm.is_template():
print fmt.format ("root COW img", vm.rootcow_img) print fmt.format ("root COW img", vm.rootcow_img)
@ -52,6 +54,10 @@ def do_list(vm):
print fmt.format ("private img", vm.private_img) print fmt.format ("private img", vm.private_img)
print fmt.format ("memory", vm.memory) print fmt.format ("memory", vm.memory)
print fmt.format ("maxmem", vm.maxmem) print fmt.format ("maxmem", vm.maxmem)
if vm.uses_default_kernel:
print fmt.format ("kernel", "%s (default)" % vm.kernel)
else:
print fmt.format ("kernel", vm.kernel)
def set_label(vms, vm, args): def set_label(vms, vm, args):
@ -168,6 +174,37 @@ def set_nonupdateable(vms, vm, args):
vm.set_nonupdateable() vm.set_nonupdateable()
return True return True
def set_kernel(vms, vm, args):
if vm.template_vm is not None:
print "Cannot set kernel for template-based VM. Set it for template instead."
return False
if len (args) != 1:
print "Missing kernel version argument!"
print "Possible values:"
print "1) default"
print "2) none (kernels subdir in VM)"
print "3) <kernel version>, one of:"
for k in os.listdir(qubes_kernels_base_dir):
print " -", k
return
kernel = args[0]
if kernel == "default":
kernel = vms.get_default_kernel()
vm.uses_default_kernel = True
elif kernel == "none":
kernel = None
vm.uses_default_kernel = False
else:
if not os.path.exists(qubes_kernels_base_dir + '/' + kernel):
print "Kernel version {0} not installed.".format(kernel)
exit(1)
vm.uses_default_kernel = False
vm.kernel = kernel
properties = { properties = {
"updateable": set_updateable, "updateable": set_updateable,
"nonupdateable": set_nonupdateable, "nonupdateable": set_nonupdateable,
@ -176,6 +213,7 @@ properties = {
"netvm" : set_netvm, "netvm" : set_netvm,
"maxmem" : set_maxmem, "maxmem" : set_maxmem,
"memory" : set_memory, "memory" : set_memory,
"kernel" : set_kernel,
} }

48
dom0/qvm-tools/qvm-set-default-kernel Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/python2.6
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2011 Marek Marczykowski <marmarek@mimuw.edu.pl>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
from qubes.qubes import QubesVmCollection, qubes_kernels_base_dir
from optparse import OptionParser;
import os
def main():
usage = "usage: %prog <kernel>"
parser = OptionParser (usage)
(options, args) = parser.parse_args ()
if (len (args) != 1):
parser.error ("Missing argument!")
kernel = args[0]
if not os.path.exists(qubes_kernels_base_dir + "/" + kernel):
print "Kernel {0} not installed".format(kernel)
exit(1)
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_writing()
qvm_collection.load()
qvm_collection.set_default_kernel(kernel)
qvm_collection.save()
qvm_collection.unlock_db()
main()

25
dom0/qvm-tools/qvm-sync-appmenus
View File

@ -33,6 +33,10 @@ from qubes.qubes import qrexec_client_path
# fields required to be present (and verified) in retrieved desktop file # fields required to be present (and verified) in retrieved desktop file
required_fields = [ "Name", "Exec" ] required_fields = [ "Name", "Exec" ]
#limits
appmenus_line_size = 1024
appmenus_line_count = 100000
# regexps for sanitization of retrieved values # regexps for sanitization of retrieved values
std_re = re.compile(r"^[/a-zA-Z0-9.,&() -]*$") std_re = re.compile(r"^[/a-zA-Z0-9.,&() -]*$")
fields_regexp = { fields_regexp = {
@ -44,15 +48,32 @@ fields_regexp = {
} }
def get_appmenus(xid): def get_appmenus(xid):
global appmenus_line_count
global appmenus_line_size
untrusted_appmenulist = [] untrusted_appmenulist = []
if xid == -1: if xid == -1:
untrusted_appmenulist = sys.stdin.readlines() while appmenus_line_count > 0:
line = sys.stdin.readline(appmenus_line_size)
if line == "":
break;
untrusted_appmenulist.append(line.strip())
appmenus_line_count -= 1
if appmenus_line_count == 0:
raise QubesException("Line count limit exceeded")
else: else:
p = subprocess.Popen ([qrexec_client_path, '-d', str(xid), p = subprocess.Popen ([qrexec_client_path, '-d', str(xid),
'user:grep -H = /usr/share/applications/*.desktop'], stdout=subprocess.PIPE) 'user:grep -H = /usr/share/applications/*.desktop'], stdout=subprocess.PIPE)
untrusted_appmenulist = p.communicate()[0].split('\n') while appmenus_line_count > 0:
line = p.stdout.readline(appmenus_line_size)
if line == "":
break;
untrusted_appmenulist.append(line.strip())
appmenus_line_count -= 1
p.wait()
if p.returncode != 0: if p.returncode != 0:
raise QubesException("Error getting application list") raise QubesException("Error getting application list")
if appmenus_line_count == 0:
raise QubesException("Line count limit exceeded")
row_no = 0 row_no = 0
appmenus = {} appmenus = {}

1
dom0/restore/qfile-daemon-dvm
View File

@ -127,6 +127,7 @@ def main():
notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications") notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN")) qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN"))
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a') lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
fcntl.fcntl(lockf, fcntl.F_SETFD, fcntl.FD_CLOEXEC)
fcntl.flock(lockf, fcntl.LOCK_EX) fcntl.flock(lockf, fcntl.LOCK_EX)
dispname = qfile.get_dvm() dispname = qfile.get_dvm()
lockf.close() lockf.close()

8
dom0/restore/qubes_restore.c
View File

@ -166,14 +166,14 @@ void start_guid(int domid, int argc, char **argv)
{ {
int i; int i;
char dstr[40]; char dstr[40];
char *guid_args[argc + 2]; char *guid_args[argc + 1];
snprintf(dstr, sizeof(dstr), "%d", domid); snprintf(dstr, sizeof(dstr), "%d", domid);
guid_args[0] = "qubes_guid"; guid_args[0] = "qubes_guid";
guid_args[1] = "-d"; guid_args[1] = "-d";
guid_args[2] = dstr; guid_args[2] = dstr;
for (i = 3; i < argc; i++) for (i = 3; i < argc; i++)
guid_args[i + 1] = argv[i]; guid_args[i] = argv[i];
guid_args[argc + 1] = NULL; guid_args[argc] = NULL;
execv("/usr/bin/qubes_guid", guid_args); execv("/usr/bin/qubes_guid", guid_args);
perror("execv"); perror("execv");
} }
@ -250,7 +250,7 @@ void fill_field(FILE *conf, char *field, int dispid, int netvm_id)
// val - string to replace pattern with // val - string to replace pattern with
void fix_conffile(FILE *conf, int conf_templ, int dispid, int netvm_id) void fix_conffile(FILE *conf, int conf_templ, int dispid, int netvm_id)
{ {
int buflen, cur_len = 0; int buflen = 0, cur_len = 0;
char buf[4096]; char buf[4096];
char *bufpos = buf; char *bufpos = buf;
char *pattern, *patternend; char *pattern, *patternend;

7
rpm_spec/core-commonvm.spec
View File

@ -86,6 +86,11 @@ mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/ cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
install -D qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules
mkdir -p $RPM_BUILD_ROOT/lib/firmware
ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates
%triggerin -- initscripts %triggerin -- initscripts
cp /var/lib/qubes/serial.conf /etc/init/serial.conf cp /var/lib/qubes/serial.conf /etc/init/serial.conf
@ -232,7 +237,9 @@ rm -rf $RPM_BUILD_ROOT
/sbin/qubes_serial_login /sbin/qubes_serial_login
/usr/bin/xenstore-watch-qubes /usr/bin/xenstore-watch-qubes
/etc/udev/rules.d/qubes_network.rules /etc/udev/rules.d/qubes_network.rules
/etc/sysconfig/modules/qubes_core.modules
/usr/lib/qubes/setup_ip /usr/lib/qubes/setup_ip
/etc/yum/post-actions/qubes_trigger_sync_appmenus.action /etc/yum/post-actions/qubes_trigger_sync_appmenus.action
/usr/lib/qubes/qubes_trigger_sync_appmenus.sh /usr/lib/qubes/qubes_trigger_sync_appmenus.sh
/usr/lib/qubes/qubes_download_dom0_updates.sh /usr/lib/qubes/qubes_download_dom0_updates.sh
/lib/firmware/updates

5
rpm_spec/core-dom0.spec
View File

@ -115,6 +115,7 @@ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-templates mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-templates
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/appvms mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/appvms
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/servicevms mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/servicevms
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-kernels
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/backup mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/backup
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata
@ -176,6 +177,9 @@ echo 'lockfile="/var/run/qubes/xl-lock"' >> /etc/xen/xl.conf
sed '/^reposdir=/d' -i /etc/yum.conf sed '/^reposdir=/d' -i /etc/yum.conf
echo reposdir=/etc/yum.real.repos.d >> /etc/yum.conf echo reposdir=/etc/yum.real.repos.d >> /etc/yum.conf
sed '/^installonlypkgs=/d' -i /etc/yum.conf
echo 'installonlypkgs += kernel-qubes-vm' >> /etc/yum.conf
chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
chkconfig --add qubes_netvm || echo "WARNING: Cannot add service qubes_netvm!" chkconfig --add qubes_netvm || echo "WARNING: Cannot add service qubes_netvm!"
chkconfig --add qubes_setupdvm || echo "WARNING: Cannot add service qubes_setupdvm!" chkconfig --add qubes_setupdvm || echo "WARNING: Cannot add service qubes_setupdvm!"
@ -295,6 +299,7 @@ fi
%attr(770,root,qubes) %dir /var/lib/qubes/backup %attr(770,root,qubes) %dir /var/lib/qubes/backup
%attr(770,root,qubes) %dir /var/lib/qubes/dvmdata %attr(770,root,qubes) %dir /var/lib/qubes/dvmdata
%attr(770,root,qubes) %dir /var/lib/qubes/updates %attr(770,root,qubes) %dir /var/lib/qubes/updates
%attr(770,root,qubes) %dir /var/lib/qubes/vm-kernels
%dir /usr/share/qubes/icons/*.png %dir /usr/share/qubes/icons/*.png
/usr/share/qubes/qubes-vm.directory.template /usr/share/qubes/qubes-vm.directory.template
/usr/share/qubes/qubes-templatevm.directory.template /usr/share/qubes/qubes-templatevm.directory.template

2
version_dom0
View File

@ -1 +1 @@
1.6.3 1.6.6

2
version_vm
View File

@ -1 +1 @@
1.6.2 1.6.6