From 369a8dc67e0e82fab7e216542931ed53149c75ff Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 19 Apr 2011 12:53:57 +0200 Subject: [PATCH 01/18] Down net ifaces on suspend (#146) NetworkManager stop isn't enough --- dom0/pm-utils/01qubes-suspend-netvm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom0/pm-utils/01qubes-suspend-netvm b/dom0/pm-utils/01qubes-suspend-netvm index cf635ae6..dca33246 100755 --- a/dom0/pm-utils/01qubes-suspend-netvm +++ b/dom0/pm-utils/01qubes-suspend-netvm @@ -16,7 +16,7 @@ get_running_netvms() { suspend_net() { for VM in `get_running_netvms`; do - qvm-run -u root --pass_io $VM "service NetworkManager stop" + qvm-run -u root --pass_io $VM 'service NetworkManager stop; for if in `ls /sys/class/net|grep -v "lo\|vif"`; do ip l s $if down; done' done # Ignore exit status from netvm... return 0 From 9dc819d7093b3638ea4032e57290b94991832e8a Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 2 May 2011 17:45:31 +0200 Subject: [PATCH 02/18] version 1.5.23-dom0 --- version_dom0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_dom0 b/version_dom0 index d532fd93..249319ed 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.5.22 +1.5.23 From adad94cb0901a8147245895ec9bfc0e046711bb3 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 9 May 2011 16:23:52 +0200 Subject: [PATCH 03/18] qubes_netwatcher: add a note about NETCFG untrusted origin --- proxyvm/bin/qubes_netwatcher | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/proxyvm/bin/qubes_netwatcher b/proxyvm/bin/qubes_netwatcher index a2568079..42ee4a1a 100755 --- a/proxyvm/bin/qubes_netwatcher +++ b/proxyvm/bin/qubes_netwatcher @@ -13,11 +13,12 @@ trap 'exit 0' SIGTERM while true; do NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid) if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then - NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip) - if [[ "$NETCFG" != "$CURR_NETCFG" ]]; then + UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip) + # UNTRUSTED_NETCFG is not parsed in any way + if [[ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]]; then /sbin/service qubes_firewall stop /sbin/service qubes_firewall start - CURR_NETCFG="$NETCFG" + CURR_NETCFG="$UNTRUSTED_NETCFG" /usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG" fi From 7bc7dc62941e491a1e6b93b086a7c396df8ad09c Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 9 May 2011 16:26:48 +0200 Subject: [PATCH 04/18] qubes_netwatcher: expand a note about NETCFG untrusted origin --- proxyvm/bin/qubes_netwatcher | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proxyvm/bin/qubes_netwatcher b/proxyvm/bin/qubes_netwatcher index 42ee4a1a..9b9f279d 100755 --- a/proxyvm/bin/qubes_netwatcher +++ b/proxyvm/bin/qubes_netwatcher @@ -15,6 +15,8 @@ while true; do if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip) # UNTRUSTED_NETCFG is not parsed in any way + # thus, no sanitization ready + # but be careful when passing it to other shell scripts if [[ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]]; then /sbin/service qubes_firewall stop /sbin/service qubes_firewall start From 07c7b6e1c212b54837a26a05a8af9eb3571acc68 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 9 May 2011 18:28:08 +0200 Subject: [PATCH 05/18] version 1.5.24 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 249319ed..81fb4f99 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.5.23 +1.5.24 diff --git a/version_vm b/version_vm index 07a45d78..81fb4f99 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.21 +1.5.24 From b77d2193f4e21fa75872e80d19d83419b75fb341 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 9 May 2011 18:40:51 +0200 Subject: [PATCH 06/18] Makefile: update-repo-current-testing target --- Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Makefile b/Makefile index b07baf6a..1a319181 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ VERSION_VM := $(shell cat version_vm) help: @echo "make rpms -- generate binary rpm packages" @echo "make update-repo-current -- copy newly generated rpms to qubes yum repo" + @echo "make update-repo-current-testing -- same, but to -current-testing repo" @echo "make update-repo-unstable -- same, but to -testing repo" @echo "make update-repo-installer -- copy dom0 rpms to installer repo" @echo "make clean -- cleanup" @@ -26,6 +27,13 @@ update-repo-current: ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current/vm/f14/rpm/ cd ../yum && ./update_repo.sh +update-repo-current-testing: + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/current-testing/vm/f13/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current-testing/vm/f14/rpm/ + cd ../yum && ./update_repo.sh + + update-repo-unstable: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/unstable/vm/f13/rpm/ From 1071e3a53c8ddec88c90e37de568851b99a5a93e Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 19 Apr 2011 13:07:13 +0200 Subject: [PATCH 07/18] Fix typo --- appvm/qvm-copy-to-vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appvm/qvm-copy-to-vm b/appvm/qvm-copy-to-vm index 4817b43b..ff4d620e 100755 --- a/appvm/qvm-copy-to-vm +++ b/appvm/qvm-copy-to-vm @@ -49,7 +49,7 @@ while true ; do read agentpid sentsize agentstatus < $PROGRESS_FILE if [ "x"$agentstatus = x ] ; then continue ; fi if ! [ -e /proc/$agentpid ] ; then break ; fi - if [ "x"$agentstatus = xdone ] ; then break ; fi + if [ "x"$agentstatus = xDONE ] ; then break ; fi CURRSIZE=$(($sentsize/1024)) if [ $DO_PROGRESS = 1 ] ; then echo -ne "\r sent $CURRSIZE/$SIZE KB " From f28407bca6ef2cd2ce099e9f3cf34dcca6c42867 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 19 Apr 2011 13:10:18 +0200 Subject: [PATCH 08/18] Run qubes_core_appvm also in TemplateVM (#222) --- appvm/qubes_core_appvm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appvm/qubes_core_appvm b/appvm/qubes_core_appvm index 32c0833f..a4c24651 100755 --- a/appvm/qubes_core_appvm +++ b/appvm/qubes_core_appvm @@ -26,7 +26,7 @@ start() fi type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" != "AppVM" -a "$type" != "DisposableVM" ]; then + if [ "$type" != "AppVM" -a "$type" != "DisposableVM" -a "$type" != "TemplateVM" ]; then # This script runs only on AppVMs return 0 fi From 3f28f1633642a4cd608835d6e6629fdd0da4a120 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 19 Apr 2011 15:56:00 +0200 Subject: [PATCH 09/18] Link to icon on template clone (#225) --- dom0/qvm-core/qubes.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 514deda6..707683c8 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -1130,6 +1130,11 @@ class QubesTemplateVm(QubesVm): format(src_template_vm.appmenus_templates_dir, self.appmenus_templates_dir) shutil.copytree (src_template_vm.appmenus_templates_dir, self.appmenus_templates_dir) + icon_path = "/usr/share/qubes/icons/template.png" + if verbose: + print "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, icon_path) + os.symlink (icon_path, self.icon_path) + # Create root-cow.img self.commit_changes() From 832289c53eb39b3bc06e32c4de86caba79a63e7e Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 20 Apr 2011 20:05:58 +0200 Subject: [PATCH 10/18] Catch more exceptions during VM restore (#212) --- dom0/qvm-tools/qvm-backup-restore | 41 ++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/dom0/qvm-tools/qvm-backup-restore b/dom0/qvm-tools/qvm-backup-restore index 991ebb4f..121956a8 100755 --- a/dom0/qvm-tools/qvm-backup-restore +++ b/dom0/qvm-tools/qvm-backup-restore @@ -318,18 +318,19 @@ def main(): for vm in [ vm for vm in vms_to_restore if vm.is_template()]: print "-> Adding Template VM {0}...".format(vm.name) updateable = vm.updateable - vm = host_collection.add_new_templatevm(vm.name, + try: + vm = host_collection.add_new_templatevm(vm.name, conf_file=vm.conf_file, dir_path=vm.dir_path, installed_by_rpm=False) - vm.updateable = updateable - try: + vm.updateable = updateable vm.verify_files() - except QubesException as err: + except Exception as err: print "ERROR: {0}".format(err) print "*** Skiping VM: {0}".vm.name - host_collection.pop(vm.qid) + if vm: + host_collection.pop(vm.qid) continue try: @@ -361,34 +362,50 @@ def main(): updateable = vm.updateable - vm = host_collection.add_new_appvm(vm.name, template_vm, + try: + vm = host_collection.add_new_appvm(vm.name, template_vm, conf_file=vm.conf_file, dir_path=vm.dir_path, updateable=updateable, label=vm.label) + except Exception as err: + print "ERROR: {0}".format(err) + print "*** Skiping VM: {0}".format(vm.name) + if vm: + host_collection.pop(vm.qid) + continue if not uses_default_netvm: vm.uses_default_netvm = False vm.netvm_vm = netvm_vm - if template_vm is not None and recreate_conf: - print "--> Recreating config file..." - vm.create_config_file() + try: + if template_vm is not None and recreate_conf: + print "--> Recreating config file..." + vm.create_config_file() + except QubesException as err: + print "ERROR xen config restore: {0}".format(err) + print "*** VM '{0}' will not boot until you manually fix it (or correctly restore this VM)!".format(vm.name) + + try: + vm.create_appmenus(verbose=True) + except QubesException as err: + print "ERROR during appmenu restore: {0}".format(err) + print "*** VM '{0}' will not have appmenus".format(vm.name) - vm.create_appmenus(verbose=True) try: vm.verify_files() except QubesException as err: print "ERROR: {0}".format(err) print "*** Skiping VM: {0}".format(vm.name) host_collection.pop(vm.qid) + continue try: vm.add_to_xen_storage() except (IOError, OSError) as err: print "ERROR: {0}".format(err) - print "*** Skiping VM: {0}".format(vm.name) - host_collection.pop(vm.qid) + print "*** VM '{0}' will not boot until you manually fix it (or correctly restore this VM)!".format(vm.name) backup_collection.unlock_db() From 761c774189c0f1bee0bb1ae7fbd8020605315736 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 27 Apr 2011 23:07:38 +0200 Subject: [PATCH 11/18] Remove correct lockfile on qubes_setupdvm stop --- dom0/init.d/qubes_setupdvm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom0/init.d/qubes_setupdvm b/dom0/init.d/qubes_setupdvm index 26390536..ba4e5d02 100755 --- a/dom0/init.d/qubes_setupdvm +++ b/dom0/init.d/qubes_setupdvm @@ -44,7 +44,7 @@ start() stop() { - rm -f /var/lock/subsys/qubes_netvm + rm -f /var/lock/subsys/qubes_setupdvm success echo } From 8c218c38a7fae7e913a211f48a255727af5280f0 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Tue, 10 May 2011 11:14:41 +0200 Subject: [PATCH 12/18] core-dom0-vaio-fixes is now a separate package Also fixes to postun scripts to properly handle updates --- Makefile | 16 ++++++++--- rpm_spec/core-dom0-vaio-fixes.spec | 46 ++++++++++++++++++++++++++++++ rpm_spec/core-dom0.spec | 29 ------------------- version_vaio_fixes | 1 + 4 files changed, 59 insertions(+), 33 deletions(-) create mode 100644 rpm_spec/core-dom0-vaio-fixes.spec create mode 100644 version_vaio_fixes diff --git a/Makefile b/Makefile index 1a319181..6df59981 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,7 @@ RPMS_DIR=rpm/ VERSION_DOM0 := $(shell cat version_dom0) +VERSION_VAIO_FIXES := $(shell cat version_vaio_fixes) VERSION_VM := $(shell cat version_vm) help: @@ -18,24 +19,31 @@ rpms: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-proxyvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ - $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*.rpm \ + $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm \ $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*.rpm +rpms-vaio-fixes: + rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0-vaio-fixes.spec + rpm --addsign $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*.rpm + update-repo-current: - ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/current/vm/f13/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current/vm/f14/rpm/ cd ../yum && ./update_repo.sh update-repo-current-testing: - ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/current-testing/vm/f13/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/current-testing/vm/f14/rpm/ cd ../yum && ./update_repo.sh update-repo-unstable: - ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc13*.rpm ../yum/current-release/unstable/vm/f13/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*fc14*.rpm ../yum/current-release/unstable/vm/f14/rpm/ cd ../yum && ./update_repo.sh diff --git a/rpm_spec/core-dom0-vaio-fixes.spec b/rpm_spec/core-dom0-vaio-fixes.spec new file mode 100644 index 00000000..640e8584 --- /dev/null +++ b/rpm_spec/core-dom0-vaio-fixes.spec @@ -0,0 +1,46 @@ +%{!?version: %define version %(cat version_vaio_fixes)} + +Name: qubes-core-dom0-vaio-fixes +Version: %{version} +Release: 1%{?dist} +Summary: Additional scripts for supporting suspend on Vaio Z laptops +Requires: alsa-utils + +Group: Qubes +Vendor: Invisible Things Lab +License: GPL +URL: http://www.qubes-os.org + +%define _builddir %(pwd)/dom0 + +%description +Additional scripts for supporting suspend on Vaio Z laptops. + +Due to broken Linux GPU drivers we need to do some additional actions during +suspend/resume. + +%install +mkdir -p $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d +cp vaio_fixes/00sony-vaio-audio $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ +cp vaio_fixes/99sony-vaio-audio $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ +cp vaio_fixes/01sony-vaio-display $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ +mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d/ +cp vaio_fixes/snd-hda-intel-sony-vaio.conf $RPM_BUILD_ROOT/etc/modprobe.d/ + +%post +grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --args="i8042.nopnp=1" + +%triggerin -- kernel +grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --args="i8042.nopnp=1" + +%postun +if [ "$1" = 0 ] ; then + # no more packages left + grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --remove-args="i8042.nopnp=1" +fi + +%files +/usr/lib64/pm-utils/sleep.d/00sony-vaio-audio +/usr/lib64/pm-utils/sleep.d/99sony-vaio-audio +/usr/lib64/pm-utils/sleep.d/01sony-vaio-display +/etc/modprobe.d/snd-hda-intel-sony-vaio.conf diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index e159543b..d3281e84 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -126,13 +126,6 @@ cp pm-utils/01qubes-sync-vms-clock $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ cp pm-utils/01qubes-suspend-netvm $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ cp pm-utils/02qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ -# Optional scripts for Vaio (they go into separate package) -cp vaio_fixes/00sony-vaio-audio $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ -cp vaio_fixes/99sony-vaio-audio $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ -cp vaio_fixes/01sony-vaio-display $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ -mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d/ -cp vaio_fixes/snd-hda-intel-sony-vaio.conf $RPM_BUILD_ROOT/etc/modprobe.d/ - mkdir -p $RPM_BUILD_ROOT/var/log/qubes mkdir -p $RPM_BUILD_ROOT/var/run/qubes @@ -297,25 +290,3 @@ fi %{_libdir}/libu2mfn.so /etc/sudoers.d/qubes /etc/xdg/autostart/qubes-guid.desktop - -%package vaio-fixes -Summary: Additional scripts for supporting suspend on Vaio Z laptops -Requires: alsa-utils - -%post vaio-fixes -grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --args="i8042.nopnp=1" - -%postun vaio-fixes -grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --remove-args="i8042.nopnp=1" - -%description vaio-fixes -Additional scripts for supporting suspend on Vaio Z laptops. - -Due to broken Linux GPU drivers we need to do some additional actions during -suspend/resume. - -%files vaio-fixes -/usr/lib64/pm-utils/sleep.d/00sony-vaio-audio -/usr/lib64/pm-utils/sleep.d/99sony-vaio-audio -/usr/lib64/pm-utils/sleep.d/01sony-vaio-display -/etc/modprobe.d/snd-hda-intel-sony-vaio.conf diff --git a/version_vaio_fixes b/version_vaio_fixes new file mode 100644 index 00000000..32461d59 --- /dev/null +++ b/version_vaio_fixes @@ -0,0 +1 @@ +1.5.25 From 4f0054529a8c46a86ce47bfd475bf67e965ae02d Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Tue, 10 May 2011 11:45:01 +0200 Subject: [PATCH 13/18] version 1.2.25 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 81fb4f99..32461d59 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.5.24 +1.5.25 diff --git a/version_vm b/version_vm index 81fb4f99..32461d59 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.24 +1.5.25 From c677f1cc4e606b7f20e9dce4b8dc03e397abcac1 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 10 May 2011 12:19:28 +0200 Subject: [PATCH 14/18] qrexec and qfile-*: compile with -pie For full ASLR. --- appvm/Makefile | 10 +++++----- qrexec/Makefile | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/appvm/Makefile b/appvm/Makefile index 4687de65..893e9e99 100644 --- a/appvm/Makefile +++ b/appvm/Makefile @@ -1,14 +1,14 @@ CC=gcc -CFLAGS=-g -Wall -I../common +CFLAGS=-g -Wall -I../common -fPIC -pie all: dvm_file_editor qfile-agent-dvm qfile-agent qfile-unpacker dvm_file_editor: dvm_file_editor.o ../common/ioall.o - $(CC) -g -o dvm_file_editor dvm_file_editor.o ../common/ioall.o + $(CC) -pie -g -o dvm_file_editor dvm_file_editor.o ../common/ioall.o qfile-agent-dvm: qfile-agent-dvm.o ../common/ioall.o ../common/gui-fatal.o - $(CC) -g -o qfile-agent-dvm qfile-agent-dvm.o ../common/ioall.o ../common/gui-fatal.o + $(CC) -pie -g -o qfile-agent-dvm qfile-agent-dvm.o ../common/ioall.o ../common/gui-fatal.o qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o copy_file.o - $(CC) -g -o qfile-agent qfile-agent.o ../common/ioall.o ../common/gui-fatal.o copy_file.o + $(CC) -pie -g -o qfile-agent qfile-agent.o ../common/ioall.o ../common/gui-fatal.o copy_file.o qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o copy_file.o unpack.o - $(CC) -g -o qfile-unpacker qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o copy_file.o unpack.o + $(CC) -pie -g -o qfile-unpacker qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o copy_file.o unpack.o clean: rm -f qfile-agent-dvm qfile-agent qfile-unpacker dvm_file_editor *.o *~ diff --git a/qrexec/Makefile b/qrexec/Makefile index 6ecd0711..fc2c8fdf 100644 --- a/qrexec/Makefile +++ b/qrexec/Makefile @@ -1,14 +1,14 @@ CC=gcc -CFLAGS+=-g -Wall -I../vchan -I../common +CFLAGS+=-g -Wall -I../vchan -I../common -pie -fPIC XENLIBS=-lvchan -lu2mfn -lxenstore -lxenctrl COMMONIOALL=../common/ioall.o all: qrexec_daemon qrexec_agent qrexec_client qrexec_daemon: qrexec_daemon.o unix_server.o $(COMMONIOALL) txrx-vchan.o buffer.o write_stdin.o - $(CC) -L../vchan -L../u2mfn -g -o qrexec_daemon qrexec_daemon.o unix_server.o $(COMMONIOALL) txrx-vchan.o write_stdin.o buffer.o $(XENLIBS) + $(CC) -pie -L../vchan -L../u2mfn -g -o qrexec_daemon qrexec_daemon.o unix_server.o $(COMMONIOALL) txrx-vchan.o write_stdin.o buffer.o $(XENLIBS) qrexec_agent: qrexec_agent.o exec.o txrx-vchan.o write_stdin.o buffer.o $(COMMONIOALL) - $(CC) -L../vchan -L../u2mfn -g -o qrexec_agent qrexec_agent.o exec.o txrx-vchan.o write_stdin.o buffer.o $(COMMONIOALL) $(XENLIBS) + $(CC) -pie -L../vchan -L../u2mfn -g -o qrexec_agent qrexec_agent.o exec.o txrx-vchan.o write_stdin.o buffer.o $(COMMONIOALL) $(XENLIBS) qrexec_client: qrexec_client.o $(COMMONIOALL) exec.o - $(CC) -g -o qrexec_client qrexec_client.o $(COMMONIOALL) exec.o + $(CC) -pie -g -o qrexec_client qrexec_client.o $(COMMONIOALL) exec.o clean: rm -f *.o *~ qrexec_daemon qrexec_agent qrexec_client From 5b286c8a2a6005e9e457e094ec59bfe9aecd36f3 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Tue, 10 May 2011 12:42:00 +0200 Subject: [PATCH 15/18] version 1.5.26 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 32461d59..5b5dc420 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.5.25 +1.5.26 diff --git a/version_vm b/version_vm index 32461d59..5b5dc420 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.25 +1.5.26 From e7d2eefecdbe80908db85805bc4b0700502109d5 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 23 May 2011 15:35:40 +0200 Subject: [PATCH 16/18] qrexec: fix stdout flush on process exit In case a child of qrexec_daemon has exited and there is still data in its stdout pipe, we need to flush it to the peer. Previously, the case when the peer is blocked was not handled; it is now. The bug impact was premature EOF. --- qrexec/qrexec_agent.c | 65 +++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 37 deletions(-) diff --git a/qrexec/qrexec_agent.c b/qrexec/qrexec_agent.c index 4f24b873..0e244678 100644 --- a/qrexec/qrexec_agent.c +++ b/qrexec/qrexec_agent.c @@ -51,6 +51,8 @@ struct _client_info { int stdout_fd; int stderr_fd; + int exit_status; + int is_exited; int pid; int is_blocked; int is_close_after_flush_needed; @@ -169,6 +171,8 @@ void handle_exec(int client_id, int len) client_info[client_id].stdin_fd = stdin_fd; client_info[client_id].stdout_fd = stdout_fd; client_info[client_id].stderr_fd = stderr_fd; + client_info[client_id].exit_status = 0; + client_info[client_id].is_exited = 0; client_info[client_id].pid = pid; client_info[client_id].is_blocked = 0; client_info[client_id].is_close_after_flush_needed = 0; @@ -233,6 +237,18 @@ void remove_process(int client_id, int status) update_max_process_fd(); } +// remove process not immediately after it has exited, but after its stdout and stderr has been drained +// previous method implemented in flush_out_err was broken - it cannot work when peer signalled it is blocked +void possibly_remove_process(int client_id) +{ + if (client_info[client_id].stdout_fd == -1 && + client_info[client_id].stderr_fd == -1 && + client_info[client_id].is_exited) + remove_process(client_id, + client_info[client_id].exit_status); +} + + void handle_input(int client_id, int len) { char buf[len]; @@ -243,8 +259,8 @@ void handle_input(int client_id, int len) if (len == 0) { if (client_info[client_id].is_blocked) - client_info[client_id]. - is_close_after_flush_needed = 1; + client_info[client_id].is_close_after_flush_needed + = 1; else { close(client_info[client_id].stdin_fd); client_info[client_id].stdin_fd = -1; @@ -339,11 +355,18 @@ void handle_process_data(int fd) write_all_vchan_ext(buf, ret); } if (ret == 0) { + int client_id = process_fd[fd].client_id; + if (process_fd[fd].type == FDTYPE_STDOUT) + client_info[client_id].stdout_fd = -1; + else + client_info[client_id].stderr_fd = -1; + process_fd[fd].type = FDTYPE_INVALID; process_fd[fd].client_id = -1; process_fd[fd].is_blocked = 0; close(fd); update_max_process_fd(); + possibly_remove_process(client_id); } if (ret < 0) remove_process(process_fd[fd].client_id, 127); @@ -376,39 +399,6 @@ void handle_process_data_all(fd_set * select_fds) handle_process_data(i); } - -void flush_out_err(int client_id) -{ - fd_set select_set; - int fd_max = -1; - int i; - int ret; - struct timeval tv; - for (;;) { - FD_ZERO(&select_set); - for (i = 0; i <= max_process_fd; i++) { - if (process_fd[i].type != FDTYPE_INVALID - && !process_fd[i].is_blocked - && process_fd[i].client_id == client_id) { - FD_SET(i, &select_set); - fd_max = i; - } - } - if (fd_max == -1) - return; - tv.tv_sec = 0; - tv.tv_usec = 0; - ret = select(fd_max + 1, &select_set, NULL, NULL, &tv); - if (ret < 0 && errno != EINTR) { - perror("select"); - exit(1); - } - if (!ret) - return; - handle_process_data_all(&select_set); - } -} - void reap_children() { int status; @@ -418,8 +408,9 @@ void reap_children() client_id = find_info(pid); if (client_id < 0) continue; - flush_out_err(client_id); - remove_process(client_id, status); + client_info[client_id].is_exited = 1; + client_info[client_id].exit_status = status; + possibly_remove_process(client_id); } child_exited = 0; } From 0aa82a91a7093a84630e200c9c70826ad6f0c192 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 23 May 2011 21:13:56 +0200 Subject: [PATCH 17/18] version 1.5.27-vm --- version_vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_vm b/version_vm index 5b5dc420..f93a854f 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.26 +1.5.27 From 957c32437168144b15c626e00082094cb20780bf Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 23 May 2011 21:39:48 +0200 Subject: [PATCH 18/18] vm: add current-testing repo definitions --- common/qubes.fc13.repo | 7 +++++++ common/qubes.fc14.repo | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/common/qubes.fc13.repo b/common/qubes.fc13.repo index 35313425..982b095e 100644 --- a/common/qubes.fc13.repo +++ b/common/qubes.fc13.repo @@ -4,6 +4,13 @@ baseurl = http://yum.qubes-os.org/r1-beta1/current/vm/f13 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 +[qubes-vm-current-testing] +name = Qubes OS Repository for VM (updates-testing) +baseurl = http://yum.qubes-os.org/r1-beta1/current-testing/vm/f13 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary +gpgcheck = 1 +enabled=0 + [qubes-vm-unstable] name = Qubes OS Repository for VM (unstable) baseurl = http://yum.qubes-os.org/r1-beta1/unstable/vm/f13 diff --git a/common/qubes.fc14.repo b/common/qubes.fc14.repo index f069148a..b10c80c9 100644 --- a/common/qubes.fc14.repo +++ b/common/qubes.fc14.repo @@ -4,6 +4,13 @@ baseurl = http://yum.qubes-os.org/r1-beta1/current/vm/f14 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary gpgcheck = 1 +[qubes-vm-current-testing] +name = Qubes OS Repository for VM (updates-testing) +baseurl = http://yum.qubes-os.org/r1-beta1/current-testing/vm/f14 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary +gpgcheck = 1 +enabled=0 + [qubes-vm-unstable] name = Qubes OS Repository for VM (unstable) baseurl = http://yum.qubes-os.org/r1-beta1/unstable/vm/f14