From f01b1e50ad678d284717240f5058e0c6f0eefe76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 25 Sep 2015 22:23:29 +0200 Subject: [PATCH 01/32] docs: fix qvm-firewall description --- doc/qvm-tools/qvm-firewall.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/qvm-tools/qvm-firewall.rst b/doc/qvm-tools/qvm-firewall.rst index 903da725..4442ce6c 100644 --- a/doc/qvm-tools/qvm-firewall.rst +++ b/doc/qvm-tools/qvm-firewall.rst @@ -4,7 +4,7 @@ qvm-firewall NAME ==== -qvm-firewall +qvm-firewall - manage VM's firewall rules :Date: 2012-04-10 From cfbb786d7f0d7db440af9d2f68bb4f5f6b885592 Mon Sep 17 00:00:00 2001 From: Jasper Tron Date: Mon, 25 Jul 2016 20:55:46 -0500 Subject: [PATCH 02/32] Move /var/run/shm.id to /var/run/qubes/shm.id This allows the gui daemon to be run without root privileges. --- core-modules/000QubesVm.py | 2 +- core-modules/01QubesDisposableVm.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 3c0760a6..4ced3ce0 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -2012,7 +2012,7 @@ class QubesVm(object): # Run GUI daemon in "invisible" mode, so applications started by # prerun script will not disturb the user extra_guid_args = ['-I'] - elif not os.path.exists('/var/run/shm.id'): + elif not os.path.exists('/var/run/qubes/shm.id'): # Start GUI daemon only when shmoverride is loaded; unless # preparing DispVM, where it isn't needed because of "invisible" # mode diff --git a/core-modules/01QubesDisposableVm.py b/core-modules/01QubesDisposableVm.py index 4e3ebdd8..0e11aaa1 100644 --- a/core-modules/01QubesDisposableVm.py +++ b/core-modules/01QubesDisposableVm.py @@ -40,6 +40,7 @@ except ImportError: pass DISPID_STATE_FILE = '/var/run/qubes/dispid' +GUID_SHMID_FILE = '/var/run/qubes/shm.id' class QubesDisposableVm(QubesVm): """ @@ -222,7 +223,7 @@ class QubesDisposableVm(QubesVm): if qmemman_present: qmemman_client.close() - if kwargs.get('start_guid', True) and os.path.exists('/var/run/shm.id'): + if kwargs.get('start_guid', True) and os.path.exists(GUID_SHMID_FILE): self.start_guid(verbose=verbose, before_qrexec=True, notify_function=kwargs.get('notify_function', None)) @@ -230,7 +231,7 @@ class QubesDisposableVm(QubesVm): notify_function=kwargs.get('notify_function', None)) print >>sys.stderr, "time=%s, qrexec done" % (str(time.time())) - if kwargs.get('start_guid', True) and os.path.exists('/var/run/shm.id'): + if kwargs.get('start_guid', True) and os.path.exists(GUID_SHMID_FILE): self.start_guid(verbose=verbose, notify_function=kwargs.get('notify_function', None)) print >>sys.stderr, "time=%s, guid done" % (str(time.time())) From 4c1c57bcb7a57133f78649a21fa2c31e26977d1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 17 Aug 2016 13:48:12 +0200 Subject: [PATCH 03/32] qvm-backup-restore: add missing backslash Reported by Ivan --- qvm-tools/qvm-backup-restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qvm-tools/qvm-backup-restore b/qvm-tools/qvm-backup-restore index 1881fa6c..aa0c62a3 100755 --- a/qvm-tools/qvm-backup-restore +++ b/qvm-tools/qvm-backup-restore @@ -284,7 +284,7 @@ def main(): exit(1) else: print >> sys.stderr, "Continuing as directed." - print >> sys.stderr, "NOTE: Before restoring the dom0 home directory, " + print >> sys.stderr, "NOTE: Before restoring the dom0 home directory, "\ "a new directory named "\ "'home-pre-restore-' will be "\ "created inside the dom0 home directory. If any "\ From 3606fe64a48e5dd99c92bab831f7223341065a3f Mon Sep 17 00:00:00 2001 From: Rusty Bird Date: Thu, 18 Aug 2016 12:54:26 +0000 Subject: [PATCH 04/32] qubesutils.py: pass readonly mode to libvirt Fixes QubesOS/qubes-issues#2255 --- core/qubesutils.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/qubesutils.py b/core/qubesutils.py index 85dad0f1..ce15dc10 100644 --- a/core/qubesutils.py +++ b/core/qubesutils.py @@ -424,6 +424,8 @@ def block_attach(qvmc, vm, device, frontend=None, mode="w", auto_detach=False, w SubElement(disk, 'target').set('dev', frontend) if backend_vm.qid != 0: SubElement(disk, 'backenddomain').set('name', device['vm']) + if mode == "r": + SubElement(disk, 'readonly') vm.libvirt_domain.attachDevice(etree.tostring(disk, encoding='utf-8')) try: # trigger watches to update device status From b6416dcc4bd8188182f01be5503545a7e4a0a191 Mon Sep 17 00:00:00 2001 From: Nicklaus McClendon Date: Fri, 19 Aug 2016 01:51:41 -0500 Subject: [PATCH 05/32] Updated manpages to match current tool options --- doc/qvm-tools/qvm-add-appvm.rst | 4 ++- doc/qvm-tools/qvm-backup-restore.rst | 2 ++ doc/qvm-tools/qvm-backup.rst | 24 +++++++++++++++++- doc/qvm-tools/qvm-block.rst | 8 ++++-- doc/qvm-tools/qvm-check.rst | 32 ++++++++++++++++++++++++ doc/qvm-tools/qvm-clone-template.rst | 29 --------------------- doc/qvm-tools/qvm-clone.rst | 6 ++++- doc/qvm-tools/qvm-firewall.rst | 6 ++++- doc/qvm-tools/qvm-grow-root.rst | 26 +++++++++++++++++++ doc/qvm-tools/qvm-ls.rst | 2 ++ doc/qvm-tools/qvm-pci.rst | 4 ++- doc/qvm-tools/qvm-prefs.rst | 6 ++++- doc/qvm-tools/qvm-run.rst | 14 +++++++++++ doc/qvm-tools/qvm-shutdown.rst | 2 ++ doc/qvm-tools/qvm-start.rst | 18 +++++++++++--- doc/qvm-tools/qvm-template-commit.rst | 4 ++- doc/qvm-tools/qvm-usb.rst | 36 +++++++++++++++++++++++++++ 17 files changed, 182 insertions(+), 41 deletions(-) create mode 100644 doc/qvm-tools/qvm-check.rst delete mode 100644 doc/qvm-tools/qvm-clone-template.rst create mode 100644 doc/qvm-tools/qvm-grow-root.rst create mode 100644 doc/qvm-tools/qvm-usb.rst diff --git a/doc/qvm-tools/qvm-add-appvm.rst b/doc/qvm-tools/qvm-add-appvm.rst index 6d37b57d..2f028ec4 100644 --- a/doc/qvm-tools/qvm-add-appvm.rst +++ b/doc/qvm-tools/qvm-add-appvm.rst @@ -22,7 +22,9 @@ OPTIONS Specify path to the template directory -c CONF_FILE, --conf=CONF_FILE Specify the Xen VM .conf file to use(relative to the template dir path) - +--force-root + Force to run, even with root privileges + AUTHORS ======= | Joanna Rutkowska diff --git a/doc/qvm-tools/qvm-backup-restore.rst b/doc/qvm-tools/qvm-backup-restore.rst index 90201d63..034b472e 100644 --- a/doc/qvm-tools/qvm-backup-restore.rst +++ b/doc/qvm-tools/qvm-backup-restore.rst @@ -38,6 +38,8 @@ OPTIONS Restore from a backup located in a specific AppVM -e, --encrypted The backup is encrypted +-p, --passphrase-file + Read passphrase from file, or use '-' to read from stdin -z, --compressed The backup is compressed --debug diff --git a/doc/qvm-tools/qvm-backup.rst b/doc/qvm-tools/qvm-backup.rst index 9d4dba8e..876cc887 100644 --- a/doc/qvm-tools/qvm-backup.rst +++ b/doc/qvm-tools/qvm-backup.rst @@ -18,7 +18,29 @@ OPTIONS Show this help message and exit -x EXCLUDE_LIST, --exclude=EXCLUDE_LIST Exclude the specified VM from backup (might be repeated) - +--force-root + Force to run with root privileges +-d, --dest-vm + Specify the destination VM to which the backup will be set (implies -e) +-e, --encrypt + Encrypt the backup +--no-encrypt + Skip encryption even if sending the backup to a VM +-p, --passphrase-file + Read passphrase from a file, or use '-' to read from stdin +-E, --enc-algo + Specify a non-default encryption algorithm. For a list of supported algorithms, execute 'openssl list-cipher-algorithms' (implies -e) +-H, --hmac-algo + Specify a non-default HMAC algorithm. For a list of supported algorithms, execute 'openssl list-message-digest-algorithms' +-z, --compress + Compress the backup +-Z, --compress-filter + Specify a non-default compression filter program (default: gzip) +--tmpdir + Specify a temporary directory (if you have at least 1GB free RAM in dom0, use of /tmp is advised) (default: /var/tmp) +--debug + Enable (a lot of) debug output + AUTHORS ======= | Joanna Rutkowska diff --git a/doc/qvm-tools/qvm-block.rst b/doc/qvm-tools/qvm-block.rst index 839cfc6d..4110b0b7 100644 --- a/doc/qvm-tools/qvm-block.rst +++ b/doc/qvm-tools/qvm-block.rst @@ -6,7 +6,6 @@ NAME ==== qvm-block - list/set VM PCI devices. - :Date: 2012-04-10 SYNOPSIS @@ -16,13 +15,14 @@ SYNOPSIS | qvm-block -d [options] | qvm-block -d [options] - OPTIONS ======= -h, --help Show this help message and exit -l, --list List block devices +-A, --attach-file + Attach specified file instead of physical device -a, --attach Attach block device to specified VM -d, --detach @@ -33,6 +33,10 @@ OPTIONS Force read-only mode --no-auto-detach Fail when device already connected to other VM +--show-system-disks + List also system disks +--force-root + Force to run, even with root privileges AUTHORS ======= diff --git a/doc/qvm-tools/qvm-check.rst b/doc/qvm-tools/qvm-check.rst new file mode 100644 index 00000000..40fd060f --- /dev/null +++ b/doc/qvm-tools/qvm-check.rst @@ -0,0 +1,32 @@ +========= +qvm-check +========= + +NAME +==== +qvm-check - Specify no state options to check if VM exists + +:Date: 2013-06-23 + +SYNOPSIS +======== +| qvm-check [options] + +OPTIONS +======= +-h, --help + Show this help message and exit +-q, --quiet + Be quiet +--running + Determine if VM is running +--paused + Determine if VM is paused +--template + Determine if VM is a template + +AUTHORS +======= +| Joanna Rutkowska +| Rafal Wojtczuk +| Marek Marczykowski diff --git a/doc/qvm-tools/qvm-clone-template.rst b/doc/qvm-tools/qvm-clone-template.rst deleted file mode 100644 index b7808059..00000000 --- a/doc/qvm-tools/qvm-clone-template.rst +++ /dev/null @@ -1,29 +0,0 @@ -================== -qvm-clone-template -================== - -NAME -==== -qvm-clone-template - clones an existing template by copying all its disk files - -:Date: 2012-04-10 - -SYNOPSIS -======== -| qvm-clone-template [options] - -OPTIONS -======= --h, --help - Show this help message and exit --q, --quiet - Be quiet --p DIR_PATH, --path=DIR_PATH - Specify path to the template directory - -AUTHORS -======= -| Joanna Rutkowska -| Rafal Wojtczuk -| Marek Marczykowski - diff --git a/doc/qvm-tools/qvm-clone.rst b/doc/qvm-tools/qvm-clone.rst index 548a683f..1d0e1d6e 100644 --- a/doc/qvm-tools/qvm-clone.rst +++ b/doc/qvm-tools/qvm-clone.rst @@ -20,7 +20,11 @@ OPTIONS Be quiet -p DIR_PATH, --path=DIR_PATH Specify path to the template directory - +--force-root + Force to run, even with root privileges +-P, --pool + Specify in to which storage pool to clone + AUTHORS ======= | Joanna Rutkowska diff --git a/doc/qvm-tools/qvm-firewall.rst b/doc/qvm-tools/qvm-firewall.rst index 903da725..edb459df 100644 --- a/doc/qvm-tools/qvm-firewall.rst +++ b/doc/qvm-tools/qvm-firewall.rst @@ -36,9 +36,13 @@ OPTIONS -Y SET_YUM_PROXY, --yum-proxy=SET_YUM_PROXY Set access to Qubes yum proxy (allow/deny). *Note:* if set to "deny", access will be rejected even if policy set to "allow" +-r, --reload + Reload firewall (implied by any change action) -n, --numeric Display port numbers instead of services (makes sense only with --list) - +--force-root + Force to run, even with root privileges + AUTHORS ======= | Joanna Rutkowska diff --git a/doc/qvm-tools/qvm-grow-root.rst b/doc/qvm-tools/qvm-grow-root.rst new file mode 100644 index 00000000..b59535c6 --- /dev/null +++ b/doc/qvm-tools/qvm-grow-root.rst @@ -0,0 +1,26 @@ +============= +qvm-grow-root +============= + +NAME +==== +qvm-grow-root - increase root storage capacity of a specified VM + +:Date: 2014-03-21 + +SYNOPSIS +======== +| qvm-grow-root + +OPTIONS +======= +-h, --help + Show this help message and exit +--allow-start + Allow VM to be started to complete the operation + +AUTHORS +======= +| Joanna Rutkowska +| Rafal Wojtczuk +| Marek Marczykowski diff --git a/doc/qvm-tools/qvm-ls.rst b/doc/qvm-tools/qvm-ls.rst index 2abbd9bc..9867dd1d 100644 --- a/doc/qvm-tools/qvm-ls.rst +++ b/doc/qvm-tools/qvm-ls.rst @@ -32,6 +32,8 @@ OPTIONS Show date of last VM backup --raw-list List only VM names one per line +--raw-data + Display specify data of specified VMs. Intended for bash-parsing. AUTHORS ======= diff --git a/doc/qvm-tools/qvm-pci.rst b/doc/qvm-tools/qvm-pci.rst index 80e5272f..9af1bbc0 100644 --- a/doc/qvm-tools/qvm-pci.rst +++ b/doc/qvm-tools/qvm-pci.rst @@ -29,7 +29,9 @@ OPTIONS usb - USB controllers -d, --delete Remove a PCI device from specified VM - +--offline-mode + Offline mode + AUTHORS ======= | Joanna Rutkowska diff --git a/doc/qvm-tools/qvm-prefs.rst b/doc/qvm-tools/qvm-prefs.rst index 937b6264..da618baa 100644 --- a/doc/qvm-tools/qvm-prefs.rst +++ b/doc/qvm-tools/qvm-prefs.rst @@ -25,7 +25,11 @@ OPTIONS Get a single property of a specified VM -s, --set Set properties of a specified VM - +--force-root + Force to run, even with root privileges +--offline-mode + Offline mode + PROPERTIES ========== diff --git a/doc/qvm-tools/qvm-run.rst b/doc/qvm-tools/qvm-run.rst index 15eb6779..00ed150e 100644 --- a/doc/qvm-tools/qvm-run.rst +++ b/doc/qvm-tools/qvm-run.rst @@ -40,6 +40,20 @@ OPTIONS Pass stdin/stdout/stderr from remote program --localcmd=LOCALCMD With --pass-io, pass stdin/stdout/stderr to the given program +--nogui + Run command without gui +--filter-escape-chars + Filter terminal escape sequences (default if output is terminal) +--no-filter-escape-chars + Do not filter terminal escape sequences - overrides --filter-escape-chars, DANGEROUS when output is terminal +--no-color-output + Disable marking VM output with red color +--no-color-stderr + Disable marking VM stderr with red color +--color-output + Force marking VM output with given ANSI style (use 31 for red) +--color-stderr + Force marking VM stderr with given ANSI style (use 31 for red) --force Force operation, even if may damage other VMs (eg. shutdown of NetVM) diff --git a/doc/qvm-tools/qvm-shutdown.rst b/doc/qvm-tools/qvm-shutdown.rst index d38fc4ea..cefda324 100644 --- a/doc/qvm-tools/qvm-shutdown.rst +++ b/doc/qvm-tools/qvm-shutdown.rst @@ -22,6 +22,8 @@ OPTIONS Force operation, even if may damage other VMs (eg. shutdown of NetVM) --wait Wait for the VM(s) to shutdown +--wait-time + Timeout after which VM will be killed when --wait is used --all Shutdown all running VMs --exclude=EXCLUDE_LIST diff --git a/doc/qvm-tools/qvm-start.rst b/doc/qvm-tools/qvm-start.rst index 3645b169..0cd00575 100644 --- a/doc/qvm-tools/qvm-start.rst +++ b/doc/qvm-tools/qvm-start.rst @@ -18,15 +18,27 @@ OPTIONS Show this help message and exit -q, --quiet Be quiet +--tray + Use tray notifications instead of stdout --no-guid Do not start the GUId (ignored) ---console - Attach debugging console to the newly started VM +--drive + Temporarily attach specified drive as CD/DVD or hard disk (can be specified with prefix 'hd' or 'cdrom:', default is cdrom) +--hddisk + Temporarily attach specified drive as hard disk +--cdrom + Temporarily attach specified drive as CD/DVD +--install-windows-tools + Attach Windows tools CDROM to the VM --dvm Do actions necessary when preparing DVM image --custom-config=CUSTOM_CONFIG Use custom Xen config instead of Qubes-generated one - +--skip-if-running + Do no fail if the VM is already running +--debug + Enable debug mode for this VM (until its shutdown) + AUTHORS ======= | Joanna Rutkowska diff --git a/doc/qvm-tools/qvm-template-commit.rst b/doc/qvm-tools/qvm-template-commit.rst index bb2bf857..6ebb7e47 100644 --- a/doc/qvm-tools/qvm-template-commit.rst +++ b/doc/qvm-tools/qvm-template-commit.rst @@ -16,7 +16,9 @@ OPTIONS ======= -h, --help Show this help message and exit - +--offline-mode + Offline mode + AUTHORS ======= | Joanna Rutkowska diff --git a/doc/qvm-tools/qvm-usb.rst b/doc/qvm-tools/qvm-usb.rst new file mode 100644 index 00000000..50c92d22 --- /dev/null +++ b/doc/qvm-tools/qvm-usb.rst @@ -0,0 +1,36 @@ +======= +qvm-usb +======= + +NAME +==== +qvm-usb - List/set VM USB devices + +:Date: 2013-03-16 + +SYNOPSIS +======== +| qvm-usb -l [options] +| qvm-usb -a [options] : +| qvm-usb -d [options] : + +OPTIONS +======= +-h, --help + Show this help message and exit +-l, -list + List devices +-a, --attach + Attach specified device to specified VM +-d, --detach + Detach specified device +--no-auto-detach + Fail when device already connected to other VM +--force-root + Force to run, even with root privileges + +AUTHORS +======= +| Joanna Rutkowska +| Rafal Wojtczuk +| Marek Marczykowski From 0e24d803f5cdf563c2e9dd4b7280f9d3771ba45a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 31 Aug 2016 13:08:59 +0200 Subject: [PATCH 06/32] version 3.2.9 --- version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version b/version index f092941a..e650c01d 100644 --- a/version +++ b/version @@ -1 +1 @@ -3.2.8 +3.2.9 From 32b4f9d4a44671e6539ba75e0b714ca12b4de461 Mon Sep 17 00:00:00 2001 From: HW42 Date: Tue, 30 Aug 2016 12:08:45 +0200 Subject: [PATCH 07/32] qubes-hcl-report: add check for HAP/SLAT bassed on https://wiki.xenproject.org/wiki/Xen_Common_Problems#How_can_I_check_if_my_CPU_supports_HAP_.28Hardware_Assisted_Paging.29_.3F --- qvm-tools/qubes-hcl-report | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/qvm-tools/qubes-hcl-report b/qvm-tools/qubes-hcl-report index 671f0000..b484f666 100755 --- a/qvm-tools/qubes-hcl-report +++ b/qvm-tools/qubes-hcl-report @@ -101,6 +101,7 @@ XEN_EXTRA=`cat $TEMP_DIR/xl-info |grep xen_extra |cut -d: -f2 |tr -d ' '` QUBES=`cat $TEMP_DIR/qubes-release |cut -d '(' -f2 |cut -d ')' -f1` XL_VTX=`cat $TEMP_DIR/xl-info |grep xen_caps | grep hvm` XL_VTD=`cat $TEMP_DIR/xl-info |grep virt_caps |grep hvm_directio` +XL_HAP=`cat $TEMP_DIR/xl-dmesg |grep 'HVM: Hardware Assisted Paging (HAP) detected'` PCRS=`find /sys/devices/ -name pcrs` FILENAME="Qubes-HCL-${BRAND//[^[:alnum:]]/_}-${PRODUCT//[^[:alnum:]]/_}-$DATE" @@ -127,6 +128,12 @@ if [[ $XL_VTD ]] fi +if [ -n "$XL_HAP" ]; then + HAP="yes" +else + HAP="no" +fi + if [[ $PCRS ]] then # try tu run tcsd and: grep the logs, try get version info. @@ -152,6 +159,7 @@ echo -e "Net:\n$NET\n" echo -e "SCSI:\n$SCSI\n" echo -e "HVM:\t\t$VTX" echo -e "I/O MMU:\t$VTD" +echo -e "HAP/SLAT:\t${HAP^}" echo -e "TPM:\t\t$TPM" echo @@ -164,6 +172,8 @@ hvm: '$HVM' iommu: '$IOMMU' +slat: + '$HAP' tpm: '$TPM_s' brand: | From 00a96d1d5be44672edf0e10364ff8ff126d54128 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20=C5=A0est=C3=A1k?= Date: Thu, 8 Sep 2016 23:31:27 +0200 Subject: [PATCH 08/32] Change way of detection KDE so that it detects KWin in other environments --- core-modules/000QubesVm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 3c0760a6..e8d9b6ce 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -1783,8 +1783,8 @@ class QubesVm(object): # Avoid using environment variables for checking the current session, # because this script may be called with cleared env (like with sudo). if subprocess.check_output( - ['xprop', '-root', '-notype', 'KDE_SESSION_VERSION']) == \ - 'KDE_SESSION_VERSION = 5\n': + ['xprop', '-root', '-notype', 'KWIN_RUNNING']) == \ + 'KWIN_RUNNING = 0x1\n': # native decoration plugins is used, so adjust window properties # accordingly guid_cmd += ['-T'] # prefix window titles with VM name From 84528b30c1f7a9cfc61ef5638dc4baf4ae38cb4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 9 Sep 2016 12:47:11 +0200 Subject: [PATCH 09/32] qvm-remove: don't fail on removing template which was never started When a template never was started, it isn't defined in libvirt, so attempt to undefine it will fail. Fixes QubesOS/qubes-issues#2290 --- qvm-tools/qvm-remove | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qvm-tools/qvm-remove b/qvm-tools/qvm-remove index b574d0de..3e957d8f 100755 --- a/qvm-tools/qvm-remove +++ b/qvm-tools/qvm-remove @@ -22,7 +22,8 @@ # from qubes.qubes import QubesVmCollection -from optparse import OptionParser; +from optparse import OptionParser +import libvirt import os import sys @@ -82,7 +83,11 @@ def main(): if options.remove_from_db_only: # normally it is done by vm.remove_from_disk(), but it isn't # called in this case - vm.libvirt_domain.undefine() + try: + vm.libvirt_domain.undefine() + except libvirt.libvirtError: + # ignore the case when it was never defined + pass if vm.installed_by_rpm: if options.verbose: print >> sys.stderr, "--> VM installed by RPM, leaving all the files on disk" From a4db742077add71221518dbb47853b44d414a173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 19 Sep 2016 01:03:12 +0200 Subject: [PATCH 10/32] version 3.2.10 --- version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version b/version index e650c01d..f15386a5 100644 --- a/version +++ b/version @@ -1 +1 @@ -3.2.9 +3.2.10 From 3e668a62e2d637df18f95196207ad576aff8746a Mon Sep 17 00:00:00 2001 From: HW42 Date: Fri, 2 Sep 2016 03:17:11 +0200 Subject: [PATCH 11/32] qubes-hcl-report: SLAT detection: improve log parsing --- qvm-tools/qubes-hcl-report | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/qvm-tools/qubes-hcl-report b/qvm-tools/qubes-hcl-report index b484f666..e8cd38e3 100755 --- a/qvm-tools/qubes-hcl-report +++ b/qvm-tools/qubes-hcl-report @@ -22,6 +22,8 @@ VERSION=2.5 COPY2VM="dom0" SUPPORT_FILES=0 +XL_DMESG_PREFIX_REGEX='^(XEN) \(\[[^]]*\] \)\?' + while [ $# -gt 0 ]; do case "$1" in @@ -101,7 +103,7 @@ XEN_EXTRA=`cat $TEMP_DIR/xl-info |grep xen_extra |cut -d: -f2 |tr -d ' '` QUBES=`cat $TEMP_DIR/qubes-release |cut -d '(' -f2 |cut -d ')' -f1` XL_VTX=`cat $TEMP_DIR/xl-info |grep xen_caps | grep hvm` XL_VTD=`cat $TEMP_DIR/xl-info |grep virt_caps |grep hvm_directio` -XL_HAP=`cat $TEMP_DIR/xl-dmesg |grep 'HVM: Hardware Assisted Paging (HAP) detected'` +XL_HAP=`cat $TEMP_DIR/xl-dmesg |grep "$XL_DMESG_PREFIX_REGEX"'HVM: Hardware Assisted Paging (HAP) detected\( but disabled\)\?$'` PCRS=`find /sys/devices/ -name pcrs` FILENAME="Qubes-HCL-${BRAND//[^[:alnum:]]/_}-${PRODUCT//[^[:alnum:]]/_}-$DATE" @@ -130,8 +132,13 @@ fi if [ -n "$XL_HAP" ]; then HAP="yes" + HAP_VERBOSE="Yes" + if [[ "$XL_HAP" =~ "disabled" ]]; then + HAP_VERBOSE="Yes (disabled)" + fi else HAP="no" + HAP_VERBOSE="No" fi if [[ $PCRS ]] @@ -159,7 +166,7 @@ echo -e "Net:\n$NET\n" echo -e "SCSI:\n$SCSI\n" echo -e "HVM:\t\t$VTX" echo -e "I/O MMU:\t$VTD" -echo -e "HAP/SLAT:\t${HAP^}" +echo -e "HAP/SLAT:\t$HAP_VERBOSE" echo -e "TPM:\t\t$TPM" echo From 12644f218b3407fa5696e61ba8a779ff59cdfbcc Mon Sep 17 00:00:00 2001 From: HW42 Date: Fri, 2 Sep 2016 04:00:34 +0200 Subject: [PATCH 12/32] qubes-hcl-report: check for incomplete 'xl dmesg' --- qvm-tools/qubes-hcl-report | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/qvm-tools/qubes-hcl-report b/qvm-tools/qubes-hcl-report index e8cd38e3..9344520a 100755 --- a/qvm-tools/qubes-hcl-report +++ b/qvm-tools/qubes-hcl-report @@ -78,6 +78,13 @@ sudo dmidecode > $TEMP_DIR/dmidecode xl info > $TEMP_DIR/xl-info xl dmesg > $TEMP_DIR/xl-dmesg +if cat $TEMP_DIR/xl-dmesg | grep "$XL_DMESG_PREFIX_REGEX"'Xen version ' > /dev/null; then + XL_DMESG_INCOMPLETE=no +else + XL_DMESG_INCOMPLETE=yes + echo -e 'WARNING: "xl dmesg" is incomplete. Some information are missing. Please reboot and try again.\n' +fi + BRAND=`cat $TEMP_DIR/dmidecode |grep -A9 "System Information" |grep "Manufacturer:" |cut -d ' ' -f2-` PRODUCT=`cat $TEMP_DIR/dmidecode |grep -A9 "System Information" |grep "Product Name:" |cut -d ' ' -f3-` @@ -130,7 +137,10 @@ if [[ $XL_VTD ]] fi -if [ -n "$XL_HAP" ]; then +if [ $XL_DMESG_INCOMPLETE = yes ]; then + HAP="" + HAP_VERBOSE='Unknown ("xl dmesg" incomplete)' +elif [ -n "$XL_HAP" ]; then HAP="yes" HAP_VERBOSE="Yes" if [[ "$XL_HAP" =~ "disabled" ]]; then From f6dd71d103af8208a496ea68087608f1c9f6a5db Mon Sep 17 00:00:00 2001 From: HW42 Date: Fri, 23 Sep 2016 03:28:46 +0200 Subject: [PATCH 13/32] qmemman: actually use the dom0-mem-boost config value --- qmemman/qmemman_algo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qmemman/qmemman_algo.py b/qmemman/qmemman_algo.py index 7bd0960d..b88f4c1c 100755 --- a/qmemman/qmemman_algo.py +++ b/qmemman/qmemman_algo.py @@ -97,7 +97,7 @@ def refresh_meminfo_for_domain(domain, untrusted_xenstore_key): def prefmem(domain): #dom0 is special, as it must have large cache, for vbds. Thus, give it a special boost if domain.id == '0': - return min(domain.mem_used*CACHE_FACTOR + 350*1024*1024, domain.memory_maximum) + return min(domain.mem_used*CACHE_FACTOR + DOM0_MEM_BOOST, domain.memory_maximum) return max(min(domain.mem_used*CACHE_FACTOR, domain.memory_maximum), MIN_PREFMEM) def memory_needed(domain): From b20ce473d29a560b7d06b560d9d158c4e3a9efd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Oct 2016 11:33:03 +0200 Subject: [PATCH 14/32] tests: force hvc0 console in minimal HVM test system Regardless of kernel defauls, have kernel messages logged. --- tests/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/__init__.py b/tests/__init__.py index cc100bd1..be3aaea6 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -548,7 +548,7 @@ class SystemTestsMixin(object): "menuentry 'Default' {\n" " linux /vmlinuz root=/dev/xvda1 " "rd.driver.blacklist=bochs_drm " - "rd.driver.blacklist=uhci_hcd\n" + "rd.driver.blacklist=uhci_hcd console=hvc0\n" " initrd /initrd\n" "}" ) From f80e67391e5d83607decc15d612049eca1ee4798 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Oct 2016 11:47:13 +0200 Subject: [PATCH 15/32] version 3.2.11 --- version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version b/version index f15386a5..17ce9180 100644 --- a/version +++ b/version @@ -1 +1 @@ -3.2.10 +3.2.11 From 765ca6d47517cc6efd51ee48f7723fa4ef0c8ced Mon Sep 17 00:00:00 2001 From: Rudd-O Date: Sun, 23 Oct 2016 20:55:31 +0000 Subject: [PATCH 16/32] New plymouth disable stanza. --- vm-config/xen-vm-template.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vm-config/xen-vm-template.xml b/vm-config/xen-vm-template.xml index bbb7ee0a..4376a6e2 100644 --- a/vm-config/xen-vm-template.xml +++ b/vm-config/xen-vm-template.xml @@ -8,7 +8,7 @@ linux {kerneldir}/vmlinuz {kerneldir}/initramfs - root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH 3 {kernelopts} + root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH 3 plymouth.enable=0 {kernelopts} {features} From 8c270d8061dc330f3332f5762107d88be5ba607a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 28 Oct 2016 13:53:24 +0200 Subject: [PATCH 17/32] vm-config: drop '3' from kernel command line We set default systemd target anyway, so it isn't needed. But it breaks Fedora recommended system upgrade path. Fixes QubesOS/qubes-issues#2404 --- vm-config/xen-vm-template.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vm-config/xen-vm-template.xml b/vm-config/xen-vm-template.xml index 4376a6e2..d82b7181 100644 --- a/vm-config/xen-vm-template.xml +++ b/vm-config/xen-vm-template.xml @@ -8,7 +8,7 @@ linux {kerneldir}/vmlinuz {kerneldir}/initramfs - root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH 3 plymouth.enable=0 {kernelopts} + root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH plymouth.enable=0 {kernelopts} {features} From 63fd200abfc798ec0209a1541320c82310814055 Mon Sep 17 00:00:00 2001 From: Rudd-O Date: Fri, 28 Oct 2016 20:53:49 +0000 Subject: [PATCH 18/32] Better order for plymouth disabling stanza, as well as modern initrd plymouth disabling. --- vm-config/xen-vm-template.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vm-config/xen-vm-template.xml b/vm-config/xen-vm-template.xml index 4376a6e2..5307ecb0 100644 --- a/vm-config/xen-vm-template.xml +++ b/vm-config/xen-vm-template.xml @@ -8,7 +8,7 @@ linux {kerneldir}/vmlinuz {kerneldir}/initramfs - root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH 3 plymouth.enable=0 {kernelopts} + root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 3 {kernelopts} {features} From 800fcfd8801d2fdc3996b0983bb6a826d7475d80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 30 Oct 2016 01:31:53 +0200 Subject: [PATCH 19/32] Do not start guid if DISPLAY is not set Fixes QubesOS/qubes-issues#2408 --- core-modules/000QubesVm.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index e8d9b6ce..8e9978a8 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -2017,6 +2017,11 @@ class QubesVm(object): # preparing DispVM, where it isn't needed because of "invisible" # mode start_guid = False + if start_guid and 'DISPLAY' not in os.environ: + if verbose: + print >> sys.stderr, \ + "WARNING: not starting GUI, because DISPLAY not set" + start_guid = False if start_guid: self.start_guid(verbose=verbose, notify_function=notify_function, From bd35a1061b605b630adf628bc077dc1b098c34a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 30 Oct 2016 02:28:41 +0200 Subject: [PATCH 20/32] version 3.2.12 --- version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version b/version index 17ce9180..275e51e5 100644 --- a/version +++ b/version @@ -1 +1 @@ -3.2.11 +3.2.12 From fadaa64985deeee435df27b56fe1d2e388106c23 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Ouellet Date: Thu, 10 Nov 2016 06:24:42 -0500 Subject: [PATCH 21/32] Keep Makefile DRY --- doc/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/Makefile b/doc/Makefile index a8aec59c..2caaa691 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -24,7 +24,7 @@ install: manpages manpages: $(QVM_DOCS) $(QUBES_DOCS) $(VM_DOCS) preview: $(rst) - pandoc -s -f rst -t man $(rst) | groff -mandoc -Tlatin1 | less -R + $(PANDOC) $(rst) | groff -mandoc -Tlatin1 | less -R clean: rm -f $(QVM_DOCS) $(QUBES_DOCS) $(VM_DOCS) From 68a116e8a37b49e347ab457e905936bdf6ef5dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 18 Nov 2016 03:15:08 +0100 Subject: [PATCH 22/32] tests: check '$anyvm' parsing in qrexec policy Regression test for QubesOS/qubes-issues#2031 --- tests/vm_qrexec_gui.py | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/vm_qrexec_gui.py b/tests/vm_qrexec_gui.py index e3d3539a..625971c5 100644 --- a/tests/vm_qrexec_gui.py +++ b/tests/vm_qrexec_gui.py @@ -1007,6 +1007,44 @@ class TC_00_AppVMMixin(qubes.tests.SystemTestsMixin): if vm_image != dom0_image: self.fail("Dom0 window doesn't match VM window content") +class TC_10_Generic(qubes.tests.SystemTestsMixin, qubes.tests.QubesTestCase): + def setUp(self): + super(TC_10_Generic, self).setUp() + self.vm = self.qc.add_new_vm( + "QubesAppVm", + name=self.make_vm_name('vm'), + template=self.qc.get_default_template()) + self.vm.create_on_disk(verbose=False) + self.save_and_reload_db() + self.qc.unlock_db() + self.vm = self.qc[self.vm.qid] + + def test_000_anyvm_deny_dom0(self): + '''$anyvm in policy should not match dom0''' + policy = open("/etc/qubes-rpc/policy/test.AnyvmDeny", "w") + policy.write("%s $anyvm allow" % (self.vm.name,)) + policy.close() + self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.AnyvmDeny") + + flagfile = '/tmp/test-anyvmdeny-flag' + if os.path.exists(flagfile): + os.remove(flagfile) + with open('/etc/qubes-rpc/test.AnyvmDeny', 'w') as f: + f.write('touch {}\n'.format(flagfile)) + f.write('echo service output\n') + self.addCleanup(os.unlink, "/etc/qubes-rpc/test.AnyvmDeny") + + self.vm.start(verbose=False) + p = self.vm.run("/usr/lib/qubes/qrexec-client-vm dom0 test.AnyvmDeny", + passio_popen=True, passio_stderr=True) + (stdout, stderr) = p.communicate() + self.assertEqual(p.returncode, 1, + '$anyvm matched dom0, qrexec-client-vm output: {}'. + format(stdout + stderr)) + self.assertFalse(os.path.exists(flagfile), + 'Flag file created (service was run) even though should be denied,' + ' qrexec-client-vm output: {}'.format(stdout + stderr)) + def load_tests(loader, tests, pattern): try: From c4f30bc3ad2ed74aa261ab5492d58b3c2c8799b7 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Ouellet Date: Mon, 21 Nov 2016 22:38:59 -0500 Subject: [PATCH 23/32] Don't allow VM name ending in -dm This is used internally for device-model stubdomains (untrusted qemu) for HVMs, and causes conflicts when trying to boot foo (HVM) and foo-dm (any type). Partially fixes https://github.com/QubesOS/qubes-issues/issues/2422 --- core-modules/000QubesVm.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 9a950710..b0ec36b5 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -312,7 +312,7 @@ class QubesVm(object): if not self.verify_name(self.name): msg = ("'%s' is invalid VM name (invalid characters, over 31 chars long, " - "or one of 'none', 'true', 'false')") % self.name + "ends with '-dm', or one of 'none', 'true', 'false')") % self.name if 'xml_element' in kwargs: print >>sys.stderr, "WARNING: %s" % msg else: @@ -569,6 +569,9 @@ class QubesVm(object): # avoid conflict when /var/lib/qubes/appvms is mounted on # separate partition return False + if name.endswith('-dm'): + # avoid conflict with device model stubdomain names for HVMs + return False return re.match(r"^[a-zA-Z][a-zA-Z0-9_.-]*$", name) is not None def pre_rename(self, new_name): @@ -585,7 +588,7 @@ class QubesVm(object): raise QubesException("Cannot change name of running VM!") if not self.verify_name(name): - raise QubesException("Invalid characters in VM name") + raise QubesException("Invalid VM name") if self.installed_by_rpm: raise QubesException("Cannot rename VM installed by RPM -- first clone VM and then use yum to remove package.") From ba4dec5383902fb2e5d123568532f76758e7219b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 23 Nov 2016 03:25:03 +0100 Subject: [PATCH 24/32] qvm-block: fix checking attached status of disk image files Libvirt do not show actual block device (loop*) choosen for the device - only original (file) path. But file path is available in device description. Please note that VM can provide any description (withing allowed limits), effectively breaking this check again (hidding the attachment status). But even without this bug it could do that - by hidding the whole device from QubesDB. Fixes QubesOS/qubes-issues#2453 --- core/qubesutils.py | 4 +++- qvm-tools/qvm-block | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/core/qubesutils.py b/core/qubesutils.py index ce15dc10..bd080559 100644 --- a/core/qubesutils.py +++ b/core/qubesutils.py @@ -372,7 +372,9 @@ def block_check_attached(qvmc, device): "VM '%s'" % (source.get('type'), vm.name) continue - if backend_name == device['vm'] and path == device['device']: + if backend_name == device['vm'] and (path == device['device'] + or not path.startswith('/dev/') and path == device[ + 'desc']): return { "frontend": disk.find('target').get('dev'), "vm": vm} diff --git a/qvm-tools/qvm-block b/qvm-tools/qvm-block index 3d7a6df8..2a1e9578 100755 --- a/qvm-tools/qvm-block +++ b/qvm-tools/qvm-block @@ -87,6 +87,7 @@ def main(): if options.do_file_attach: dev = {} (dev['vm'], dev['device']) = args[1].split(":") + dev['desc'] = dev['device'] dev['mode'] = 'w' else: dev_list = block_list(qvm_collection) From 01b67a0af189b0ac035c447604ef1b794531997c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 23 Nov 2016 04:13:02 +0100 Subject: [PATCH 25/32] Handle both old and new shm.id path This ease transition (installing new package will not break system). --- core-modules/000QubesVm.py | 3 ++- core-modules/01QubesDisposableVm.py | 8 +++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 9a950710..45e9bade 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -2012,7 +2012,8 @@ class QubesVm(object): # Run GUI daemon in "invisible" mode, so applications started by # prerun script will not disturb the user extra_guid_args = ['-I'] - elif not os.path.exists('/var/run/qubes/shm.id'): + elif not os.path.exists('/var/run/qubes/shm.id') \ + and not os.path.exists('/var/run/shm.id'): # Start GUI daemon only when shmoverride is loaded; unless # preparing DispVM, where it isn't needed because of "invisible" # mode diff --git a/core-modules/01QubesDisposableVm.py b/core-modules/01QubesDisposableVm.py index 0e11aaa1..a0fe4e54 100644 --- a/core-modules/01QubesDisposableVm.py +++ b/core-modules/01QubesDisposableVm.py @@ -40,7 +40,7 @@ except ImportError: pass DISPID_STATE_FILE = '/var/run/qubes/dispid' -GUID_SHMID_FILE = '/var/run/qubes/shm.id' +GUID_SHMID_FILE = ['/var/run/qubes/shm.id', '/var/run/shm.id'] class QubesDisposableVm(QubesVm): """ @@ -223,7 +223,8 @@ class QubesDisposableVm(QubesVm): if qmemman_present: qmemman_client.close() - if kwargs.get('start_guid', True) and os.path.exists(GUID_SHMID_FILE): + if kwargs.get('start_guid', True) and \ + any(os.path.exists(x) for x in GUID_SHMID_FILE): self.start_guid(verbose=verbose, before_qrexec=True, notify_function=kwargs.get('notify_function', None)) @@ -231,7 +232,8 @@ class QubesDisposableVm(QubesVm): notify_function=kwargs.get('notify_function', None)) print >>sys.stderr, "time=%s, qrexec done" % (str(time.time())) - if kwargs.get('start_guid', True) and os.path.exists(GUID_SHMID_FILE): + if kwargs.get('start_guid', True) and \ + any(os.path.exists(x) for x in GUID_SHMID_FILE): self.start_guid(verbose=verbose, notify_function=kwargs.get('notify_function', None)) print >>sys.stderr, "time=%s, guid done" % (str(time.time())) From 4f2318fcc3ba09cbe6140376c99a2e6c43e61bae Mon Sep 17 00:00:00 2001 From: unman Date: Fri, 25 Nov 2016 01:02:32 +0000 Subject: [PATCH 26/32] Fixed regexp for MAC address in qvm-prefs --- qvm-tools/qvm-prefs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qvm-tools/qvm-prefs b/qvm-tools/qvm-prefs index a8180754..2a86fc08 100755 --- a/qvm-tools/qvm-prefs +++ b/qvm-tools/qvm-prefs @@ -196,7 +196,7 @@ def set_mac(vms, vm, args): print >> sys.stderr, "Missing MAC argument!" return False - if not re.match("[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}|auto", args[0]): + if not re.match("[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$|auto$", args[0]): print >> sys.stderr, "Invalid MAC argument!" print >> sys.stderr, "Possible values:" print >> sys.stderr, "1) auto" From 5ea129c1e018df966246093919886bc2d10d5615 Mon Sep 17 00:00:00 2001 From: unman Date: Fri, 25 Nov 2016 02:19:09 +0000 Subject: [PATCH 27/32] Fix handling attributes in qvm-prefs --- qvm-tools/qvm-prefs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/qvm-tools/qvm-prefs b/qvm-tools/qvm-prefs index 2a86fc08..589f6f72 100755 --- a/qvm-tools/qvm-prefs +++ b/qvm-tools/qvm-prefs @@ -122,6 +122,12 @@ def do_get(vms, vm, prop): prop = 'dir_path' elif prop == 'last_backup': prop = 'backup_timestamp' + elif prop == 'MAC': + prop = 'mac' + elif prop == 'root_cow_img': + prop = 'rootcow_img' + elif prop == 'root_volatile_img': + prop = 'volatile_img' if not hasattr(vm, prop): print >>sys.stderr, "VM '{}' has no attribute '{}'".format(vm.name, prop) @@ -521,7 +527,7 @@ properties = { def do_set(vms, vm, property, args): if property not in properties.keys(): - print >> sys.stderr, "ERROR: Wrong property name: '{0}'".format(property) + print >> sys.stderr, "ERROR: Cannot set property : '{0}'".format(property) return False if not hasattr(vm, property): @@ -601,6 +607,8 @@ def main(): exit (1) property = args[1] + if property == 'MAC': + property = 'mac' if do_set(qvm_collection, vm, property, args[2:]): qvm_collection.save() qvm_collection.unlock_db() From 5c08d0e2e3df358ffc79cf217f5998b84b0249c8 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Ouellet Date: Fri, 25 Nov 2016 00:03:05 -0500 Subject: [PATCH 28/32] DRY Qubes[Disp]VmLabels --- core/qubes.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/core/qubes.py b/core/qubes.py index f3be12d3..1ed74c1d 100755 --- a/core/qubes.py +++ b/core/qubes.py @@ -935,14 +935,8 @@ QubesVmLabels = { } QubesDispVmLabels = { - "red": QubesVmLabel(1, "0xcc0000", "red", dispvm=True), - "orange": QubesVmLabel(2, "0xf57900", "orange", dispvm=True), - "yellow": QubesVmLabel(3, "0xedd400", "yellow", dispvm=True), - "green": QubesVmLabel(4, "0x73d216", "green", dispvm=True), - "gray": QubesVmLabel(5, "0x555753", "gray", dispvm=True), - "blue": QubesVmLabel(6, "0x3465a4", "blue", dispvm=True), - "purple": QubesVmLabel(7, "0x75507b", "purple", dispvm=True), - "black": QubesVmLabel(8, "0x000000", "black", dispvm=True), + k: QubesVmLabel(index=v.index, color=v.color, name=v.name, dispvm=True) + for k, v in QubesVmLabels.iteritems() } defaults["appvm_label"] = QubesVmLabels["red"] From 6ddf1413762f92c7a742f3db5a83b96d02db5fd4 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Ouellet Date: Sun, 27 Nov 2016 01:12:53 -0500 Subject: [PATCH 29/32] Implement qvm-ls --list-fields --- doc/qvm-tools/qvm-ls.rst | 2 ++ qvm-tools/qvm-ls | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/doc/qvm-tools/qvm-ls.rst b/doc/qvm-tools/qvm-ls.rst index 9867dd1d..f359ffc8 100644 --- a/doc/qvm-tools/qvm-ls.rst +++ b/doc/qvm-tools/qvm-ls.rst @@ -34,6 +34,8 @@ OPTIONS List only VM names one per line --raw-data Display specify data of specified VMs. Intended for bash-parsing. +--list-fields + List field names valid for --raw-data AUTHORS ======= diff --git a/qvm-tools/qvm-ls b/qvm-tools/qvm-ls index ce8e8609..824e0665 100755 --- a/qvm-tools/qvm-ls +++ b/qvm-tools/qvm-ls @@ -134,9 +134,17 @@ def main(): help="Display specify data of specified VMs.\ Intended for bash-parsing.") + parser.add_argument("--list-fields", dest="list_fields", + action="store_true", default=False, + help="List field names valid for --raw-data") + arguments = parser.parse_args () + if arguments.list_fields: + print '\n'.join(sorted(fields.keys())) + return + qvm_collection = QubesVmCollection() qvm_collection.lock_db_for_reading() qvm_collection.load() From 7033f6a796d717c2c49bfd4df2dc2461e82f3bf8 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Ouellet Date: Mon, 28 Nov 2016 02:53:39 -0500 Subject: [PATCH 30/32] qvm-check: s/stdout/stderr/ --- qvm-tools/qvm-check | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/qvm-tools/qvm-check b/qvm-tools/qvm-check index cc69113b..b1f8fc85 100755 --- a/qvm-tools/qvm-check +++ b/qvm-tools/qvm-check @@ -52,30 +52,30 @@ Specify no state options to check if VM exists""" vm = qvm_collection.get_vm_by_name(vmname) if vm is None: if options.verbose: - print >> sys.stdout, "A VM with the name '{0}' does not exist in the system!".format(vmname) + print >> sys.stderr, "A VM with the name '{0}' does not exist in the system!".format(vmname) exit(1) elif options.running: vm_state = not vm.is_running() if options.verbose: - print >> sys.stdout, "A VM with the name {0} is {1}running.".format(vmname, "not " * vm_state) + print >> sys.stderr, "A VM with the name {0} is {1}running.".format(vmname, "not " * vm_state) exit(vm_state) elif options.paused: vm_state = not vm.is_paused() if options.verbose: - print >> sys.stdout, "A VM with the name {0} is {1}paused.".format(vmname, "not " * vm_state) + print >> sys.stderr, "A VM with the name {0} is {1}paused.".format(vmname, "not " * vm_state) exit(vm_state) elif options.template: vm_state = not vm.is_template() if options.verbose: - print >> sys.stdout, "A VM with the name {0} is {1}a template.".format(vmname, "not " * vm_state) + print >> sys.stderr, "A VM with the name {0} is {1}a template.".format(vmname, "not " * vm_state) exit(vm_state) else: if options.verbose: - print >> sys.stdout, "A VM with the name '{0}' does exist.".format(vmname) + print >> sys.stderr, "A VM with the name '{0}' does exist.".format(vmname) exit(0) main() From 80450dab924def78e9e6343e2296c308307d6c0e Mon Sep 17 00:00:00 2001 From: Jean-Philippe Ouellet Date: Sun, 27 Nov 2016 00:49:33 -0500 Subject: [PATCH 31/32] Add name-raw field for qvm-ls Useful to avoid needing to `... | tr -d '<>{}[]='` just to get clean VM names in scripts. Fixes https://github.com/QubesOS/qubes-issues/issues/2444 --- qvm-tools/qvm-ls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qvm-tools/qvm-ls b/qvm-tools/qvm-ls index ce8e8609..2c4f8f81 100755 --- a/qvm-tools/qvm-ls +++ b/qvm-tools/qvm-ls @@ -41,6 +41,8 @@ fields = { + ('>' if vm.is_disposablevm() else '')\ + ('}' if vm.is_netvm() else '')"}, + "name-raw": {"func": "vm.name"}, + "type": {"func": "'HVM' if vm.type == 'HVM' else \ ('Tpl' if vm.is_template() else \ ('' if vm.type in ['AppVM', 'DisposableVM'] else \ From 1b12df379c858a98b360488662488e19814f1152 Mon Sep 17 00:00:00 2001 From: Cyril LEVIS Date: Mon, 28 Nov 2016 13:53:36 +0100 Subject: [PATCH 32/32] add --help and -h on qvm-create-default-qvm --- qvm-tools/qvm-create-default-dvm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qvm-tools/qvm-create-default-dvm b/qvm-tools/qvm-create-default-dvm index 5e90cb79..792ba888 100755 --- a/qvm-tools/qvm-create-default-dvm +++ b/qvm-tools/qvm-create-default-dvm @@ -1,5 +1,5 @@ #!/bin/sh -if [ $# != 1 -a $# != 2 ] ; then +if [ $# != 1 -a $# != 2 -o $1 == "--help" -o $1 == "-h" ] ; then echo 'Usage: qvm-create-default-dvm templatename|--default-template|--used-template [script-name|--default-script]' exit 1 fi