From d6bdb85883d858dbc942543a2ae2b5b11f37140d Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Thu, 31 Mar 2011 11:11:39 +0200 Subject: [PATCH 01/24] Start qrexec_daemon in vm.start() Instead of three separate places - qvm-start, qvm-run, manager. --- dom0/qvm-core/qubes.py | 9 +++++++++ dom0/qvm-tools/qvm-run | 9 --------- dom0/qvm-tools/qvm-start | 12 ------------ dom0/restore/qubes_prepare_saved_domain.sh | 2 +- 4 files changed, 10 insertions(+), 22 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 59f3a416..ea3e3b5a 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -46,6 +46,7 @@ if not dry_run: qubes_guid_path = "/usr/bin/qubes_guid" +qrexec_daemon_path = "/usr/lib/qubes/qrexec_daemon" qubes_base_dir = "/var/lib/qubes" @@ -618,6 +619,14 @@ class QubesVm(object): print "--> Starting the VM..." xend_session.session.xenapi.VM.unpause (self.session_uuid) + if not preparing_dvm: + if verbose: + print "--> Starting the qrexec daemon..." + retcode = subprocess.call ([qrexec_daemon_path, str(xid)]) + if (retcode != 0) : + self.force_shutdown() + raise OSError ("ERROR: Cannot execute qrexec_daemon!") + # perhaps we should move it before unpause and fork? if debug_console: from xen.xm import console diff --git a/dom0/qvm-tools/qvm-run b/dom0/qvm-tools/qvm-run index fe2ca357..bafe3a79 100755 --- a/dom0/qvm-tools/qvm-run +++ b/dom0/qvm-tools/qvm-run @@ -34,7 +34,6 @@ import os.path qubes_guid_path = "/usr/bin/qubes_guid" qubes_clipd_path = "/usr/bin/qclipd" -qrexec_daemon_path = "/usr/lib/qubes/qrexec_daemon" qrexec_client_path = "/usr/lib/qubes/qrexec_client" notify_object = None @@ -114,14 +113,6 @@ def vm_run_cmd(vm, cmd, options): tray_notify_error ("ERROR: Cannot start qubes_guid!") exit (1) - if options.verbose: - print "--> Starting Qubes rexec daemon..." - - retcode = subprocess.call ([qrexec_daemon_path, str(xid)]) - if (retcode != 0) : - print "ERROR: Cannot start qrexec_daemon!" - exit (1) - actually_execute(str(xid), cmd, options); else: # VM already running... diff --git a/dom0/qvm-tools/qvm-start b/dom0/qvm-tools/qvm-start index 8a3d277e..ff23e80a 100755 --- a/dom0/qvm-tools/qvm-start +++ b/dom0/qvm-tools/qvm-start @@ -27,7 +27,6 @@ import subprocess import os qubes_guid_path = "/usr/bin/qubes_guid" -qrexec_daemon_path = "/usr/lib/qubes/qrexec_daemon" def main(): usage = "usage: %prog [options] " @@ -35,8 +34,6 @@ def main(): parser.add_option ("-q", "--quiet", action="store_false", dest="verbose", default=True) parser.add_option ("--no-guid", action="store_true", dest="noguid", default=False, help="Do not start the GUId") - parser.add_option ("--no-rexec", action="store_true", dest="norexec", default=False, - help="Do not start rexec") parser.add_option ("--console", action="store_true", dest="debug_console", default=False, help="Attach debugging console to the newly started VM") parser.add_option ("--dvm", action="store_true", dest="preparing_dvm", default=False, @@ -73,14 +70,5 @@ def main(): print "ERROR: Cannot start qubes_guid!" exit (1) - if not options.norexec: - if options.verbose: - print "--> Starting Qubes rexec..." - - retcode = subprocess.call ([qrexec_daemon_path, str(xid)]) - if (retcode != 0) : - print "ERROR: Cannot start qrexec_daemon!" - exit (1) - main() diff --git a/dom0/restore/qubes_prepare_saved_domain.sh b/dom0/restore/qubes_prepare_saved_domain.sh index d920603e..a1bf0770 100755 --- a/dom0/restore/qubes_prepare_saved_domain.sh +++ b/dom0/restore/qubes_prepare_saved_domain.sh @@ -21,7 +21,7 @@ if ! [ -d $VMDIR ] ; then echo $VMDIR does not exist ? exit 1 fi -if ! qvm-start $1 --no-guid --no-rexec --dvm ; then +if ! qvm-start $1 --no-guid --dvm ; then exit 1 fi From b7698de251828d6391f63f28d454d6de5fbfeca6 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Thu, 31 Mar 2011 11:23:44 +0200 Subject: [PATCH 02/24] qrexec_daemon: print dots when waiting for agent --- qrexec/qrexec_daemon.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c index 1916254c..ee964437 100644 --- a/qrexec/qrexec_daemon.c +++ b/qrexec/qrexec_daemon.c @@ -53,6 +53,7 @@ int server_fd; void handle_usr1(int x) { + fprintf(stderr, "connected\n"); exit(0); } @@ -77,7 +78,11 @@ void init(int xid) case 0: break; default: - pause(); + fprintf(stderr, "Waiting for VM's qrexec agent."); + for (;;) { + sleep(1); + fprintf(stderr, "."); + } exit(0); } close(0); @@ -126,9 +131,9 @@ void flush_client(int fd) { int i; struct server_header s_hdr; - + if (fork_and_flush_stdin(fd, &clients[fd].buffer)) - children_count++; + children_count++; close(fd); clients[fd].state = CLIENT_INVALID; buffer_free(&clients[fd].buffer); From d5537b72a7fa60fd169625f38ff88eb43b2e9fd5 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 13:26:41 +0200 Subject: [PATCH 03/24] Use zenity instead of kdialog in appvm code --- appvm/dvm_file_editor.c | 6 ++++++ appvm/qvm-copy-to-vm2.gnome | 43 +++++++++++++++++++++++++++++++++++++ common/gui-fatal.c | 13 +++++++---- 3 files changed, 58 insertions(+), 4 deletions(-) create mode 100755 appvm/qvm-copy-to-vm2.gnome diff --git a/appvm/dvm_file_editor.c b/appvm/dvm_file_editor.c index 462d8535..283bb3e1 100644 --- a/appvm/dvm_file_editor.c +++ b/appvm/dvm_file_editor.c @@ -61,8 +61,14 @@ main() "HOME=/home/user DISPLAY=:0 /usr/bin/mimeopen -n -M '%s' > /tmp/kde-open.log 2>&1 /tmp/kdialog.log 2>&1 /tmp/kdialog.log 2>&1 +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# + +VM=$(zenity --entry --title="File Copy" --text="Enter the destination domain name:") +if [ X$VM = X ] ; then exit 0 ; fi + +SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1) + +export PROGRESS_FILE=$(mktemp) +/usr/lib/qubes/qvm-trigger-copy-to-vm $VM "$@" +while ! [ -s $PROGRESS_FILE ] ; do + sleep 0.1 +done +(while true ; do + read agentpid sentsize agentstatus < $PROGRESS_FILE + if [ "x"$agentstatus = x ] ; then continue ; fi + if ! [ -e /proc/$agentpid ] ; then break ; fi + if [ "x"$agentstatus = xdone ] ; then break ; fi + CURRSIZE=$(($sentsize/1024)) + echo $((100*$CURRSIZE/$SIZE)) + sleep 0.1 +done) | | zenity --progress --text="Copying..." + +rm -f $PROGRESS_FILE diff --git a/common/gui-fatal.c b/common/gui-fatal.c index ed2b3d47..9ce4cf23 100644 --- a/common/gui-fatal.c +++ b/common/gui-fatal.c @@ -15,18 +15,23 @@ static void fix_display() static void produce_message(char * type, const char *fmt, va_list args) { - char *kdialog_msg; + char *dialog_msg; char buf[1024]; (void) vsnprintf(buf, sizeof(buf), fmt, args); - asprintf(&kdialog_msg, "%s: %s: %s (error type: %s)", + asprintf(&dialog_msg, "%s: %s: %s (error type: %s)", program_invocation_short_name, type, buf, strerror(errno)); - fprintf(stderr, "%s", kdialog_msg); + fprintf(stderr, "%s", dialog_msg); switch (fork()) { case -1: exit(1); //what else case 0: fix_display(); - execlp("kdialog", "kdialog", "--sorry", kdialog_msg, NULL); +#ifdef USE_KDIALOG + execlp("kdialog", "kdialog", "--sorry", dialog_msg, NULL); +#else + + execlp("zenity", "zenity", "--error --text", dialog_msg, NULL); +#endif exit(1); default:; } From 57d33eea3c3a486ddea5222819cd0ced7d7bbc33 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 13:35:36 +0200 Subject: [PATCH 04/24] Add qvm-copy-to-vm2.gnome to core-appvm rpm --- rpm_spec/core-appvm.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 5b4005b0..8b0d3aa3 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -55,7 +55,7 @@ fi adduser --create-home user su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' -su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.kde /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' +su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' mkdir -p $RPM_BUILD_ROOT/var/lib/qubes @@ -77,6 +77,7 @@ cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes +cp qvm-copy-to-vm2.gnome $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-trigger-copy-to-vm $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes cp dvm_file_editor qfile-agent qfile-agent-dvm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes @@ -129,6 +130,7 @@ rm -rf $RPM_BUILD_ROOT /etc/init.d/qubes_core_appvm /usr/bin/qvm-copy-to-vm /usr/lib/qubes/qvm-copy-to-vm2.kde +/usr/lib/qubes/qvm-copy-to-vm2.gnome /usr/bin/qvm-open-in-dvm2 /usr/lib/qubes/meminfo-writer /usr/lib/qubes/dvm_file_editor From 9cf34a5c3009b50663e737d609408ca560135617 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 13:44:14 +0200 Subject: [PATCH 05/24] Ident fixes --- appvm/qubes_core_appvm | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/appvm/qubes_core_appvm b/appvm/qubes_core_appvm index ed250dd5..32c0833f 100755 --- a/appvm/qubes_core_appvm +++ b/appvm/qubes_core_appvm @@ -25,14 +25,14 @@ start() exit 1 fi - type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" != "AppVM" -a "$type" != "DisposableVM" ]; then - # This script runs only on AppVMs - return 0 - fi + type=$(/usr/bin/xenstore-read qubes_vm_type) + if [ "$type" != "AppVM" -a "$type" != "DisposableVM" ]; then + # This script runs only on AppVMs + return 0 + fi - # Start AppVM specific services - /sbin/service cups start + # Start AppVM specific services + /sbin/service cups start echo -n $"Executing Qubes Core scripts for AppVM:" @@ -52,9 +52,9 @@ start() echo Back to life. fi - MEM_CHANGE_THRESHOLD_KB=30000 - MEMINFO_DELAY_USEC=100000 - /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & + MEM_CHANGE_THRESHOLD_KB=30000 + MEMINFO_DELAY_USEC=100000 + /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & success echo "" From df8ac3ff7f05a36992e2181ce953bb31458a3266 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 13:53:04 +0200 Subject: [PATCH 06/24] On each startup check if user has symlinks for nautilus qubes-specific actions Create symlinks if not. This is useful when migrating from old templates (#163) --- appvm/qubes_core_appvm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/appvm/qubes_core_appvm b/appvm/qubes_core_appvm index 32c0833f..97229a5e 100755 --- a/appvm/qubes_core_appvm +++ b/appvm/qubes_core_appvm @@ -56,6 +56,13 @@ start() MEMINFO_DELAY_USEC=100000 /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & + if ! [ -f /home/user/.gnome2/nautilus-scripts/qvm-* ] ; then + echo "Creating symlinks for nautilus actions..." + su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' + su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' + su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' + fi + success echo "" return 0 From 4494878c2afcf38b670975a1f1ce21e14af07645 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 14:01:33 +0200 Subject: [PATCH 07/24] version 1.5.5 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 94fe62c2..9075be49 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.5.4 +1.5.5 diff --git a/version_vm b/version_vm index 94fe62c2..9075be49 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.4 +1.5.5 From 62acf277faaa8cdd4a6a5be691126ea34a05e2c2 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 14:43:47 +0200 Subject: [PATCH 08/24] Fix syntax error that prevent zenity copy progress dialog to appear --- appvm/qvm-copy-to-vm2.gnome | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appvm/qvm-copy-to-vm2.gnome b/appvm/qvm-copy-to-vm2.gnome index 51f5e69b..f8b3e5a9 100755 --- a/appvm/qvm-copy-to-vm2.gnome +++ b/appvm/qvm-copy-to-vm2.gnome @@ -38,6 +38,6 @@ done CURRSIZE=$(($sentsize/1024)) echo $((100*$CURRSIZE/$SIZE)) sleep 0.1 -done) | | zenity --progress --text="Copying..." +done) | zenity --progress --text="Copying..." rm -f $PROGRESS_FILE From c76d40b3fa298b12ed2e6fe486453f9ce4d820c0 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 14:44:48 +0200 Subject: [PATCH 09/24] Display name of the destVM in copy progress dialog --- appvm/qvm-copy-to-vm2.gnome | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appvm/qvm-copy-to-vm2.gnome b/appvm/qvm-copy-to-vm2.gnome index f8b3e5a9..3ad4431d 100755 --- a/appvm/qvm-copy-to-vm2.gnome +++ b/appvm/qvm-copy-to-vm2.gnome @@ -38,6 +38,6 @@ done CURRSIZE=$(($sentsize/1024)) echo $((100*$CURRSIZE/$SIZE)) sleep 0.1 -done) | zenity --progress --text="Copying..." +done) | zenity --progress --text="Copying files to domain: $VM..." rm -f $PROGRESS_FILE From bce4b225cfe4bd2c8a9ee7fed66b40da7f073862 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 15:03:25 +0200 Subject: [PATCH 10/24] Autoclose file copy progress dialog --- appvm/qvm-copy-to-vm2.gnome | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appvm/qvm-copy-to-vm2.gnome b/appvm/qvm-copy-to-vm2.gnome index 3ad4431d..8fabd2d0 100755 --- a/appvm/qvm-copy-to-vm2.gnome +++ b/appvm/qvm-copy-to-vm2.gnome @@ -38,6 +38,6 @@ done CURRSIZE=$(($sentsize/1024)) echo $((100*$CURRSIZE/$SIZE)) sleep 0.1 -done) | zenity --progress --text="Copying files to domain: $VM..." +done) | zenity --progress --text="Copying files to domain: $VM..." --auto-close rm -f $PROGRESS_FILE From f71372982680bf072155a2e47fec48666fec33f8 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 15:15:10 +0200 Subject: [PATCH 11/24] Move nautilus scripts creation to qubes_core qubes_core_appvm executes too early, when /home is still not symlinked to /rw/home. --- appvm/qubes_core_appvm | 7 ------- common/qubes_core | 9 +++++++++ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/appvm/qubes_core_appvm b/appvm/qubes_core_appvm index 97229a5e..32c0833f 100755 --- a/appvm/qubes_core_appvm +++ b/appvm/qubes_core_appvm @@ -56,13 +56,6 @@ start() MEMINFO_DELAY_USEC=100000 /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & - if ! [ -f /home/user/.gnome2/nautilus-scripts/qvm-* ] ; then - echo "Creating symlinks for nautilus actions..." - su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' - su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' - su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' - fi - success echo "" return 0 diff --git a/common/qubes_core b/common/qubes_core index c20f7d71..8fe0b2ea 100755 --- a/common/qubes_core +++ b/common/qubes_core @@ -57,6 +57,15 @@ start() /usr/lib/qubes/qrexec_agent 2>/var/log/qubes/qrexec_agent.log & [ -x /rw/config/rc.local ] && /rw/config/rc.local + + if ! [ -f /home/user/.gnome2/nautilus-scripts/.scripts_created ] ; then + echo "Creating symlinks for nautilus actions..." + su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' + su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' + su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' + su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created' + fi + success echo "" return 0 From 59e00482d1488425e6d4b602ec4bdb617641be83 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 15:25:33 +0200 Subject: [PATCH 12/24] Fix stupid synatx error that prevented displaing error messages --- common/gui-fatal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/gui-fatal.c b/common/gui-fatal.c index 9ce4cf23..40634acc 100644 --- a/common/gui-fatal.c +++ b/common/gui-fatal.c @@ -30,7 +30,7 @@ static void produce_message(char * type, const char *fmt, va_list args) execlp("kdialog", "kdialog", "--sorry", dialog_msg, NULL); #else - execlp("zenity", "zenity", "--error --text", dialog_msg, NULL); + execlp("zenity", "zenity", "--error", "--text", dialog_msg, NULL); #endif exit(1); default:; From 098294346612395abf635319db624db9dd3f5668 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Thu, 31 Mar 2011 15:25:47 +0200 Subject: [PATCH 13/24] version 1.5.6-appvm --- version_vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_vm b/version_vm index 9075be49..eac1e0ad 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.5 +1.5.6 From 0104e0eac0ea15b379107b8ebb7691156dbc520d Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sun, 3 Apr 2011 17:05:59 +0200 Subject: [PATCH 14/24] core-dom0 should not add qubes.repo -- this is a task of qubes-release package and installer --- rpm_spec/core-dom0.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 0fc1ab47..a34812f7 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -111,9 +111,6 @@ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata mkdir -p $RPM_BUILD_ROOT/usr/share/qubes/icons cp icons/*.png $RPM_BUILD_ROOT/usr/share/qubes/icons -mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d -cp ../dom0/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d - mkdir -p $RPM_BUILD_ROOT/usr/bin cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes cp ../common/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes @@ -145,11 +142,6 @@ echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf fi /usr/lib/qubes/qubes_fix_nm_conf.sh -if [ -e /etc/yum.repos.d/qubes-r1-dom0.repo ]; then -# we want the user to use the repo that comes with qubes-core-dom0 packages instead -rm -f /etc/yum.repos.d/qubes-r1-dom0.repo -fi - #if [ "$1" != 1 ] ; then ## do this whole %post thing only when updating for the first time... #exit 0 @@ -299,7 +291,6 @@ fi %attr(770,root,qubes) %dir /var/lib/qubes/backup %attr(770,root,qubes) %dir /var/lib/qubes/dvmdata %dir /usr/share/qubes/icons/*.png -/etc/yum.repos.d/qubes.repo /usr/lib/qubes/qubes_setup_dnat_to_ns /usr/lib/qubes/qubes_fix_nm_conf.sh /etc/dhclient.d/qubes_setup_dnat_to_ns.sh From 0e61bead87bd0ab0d3693d4b45946991463663e6 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 00:52:00 +0200 Subject: [PATCH 15/24] Do not restart netvms when upgrading qubes-core-dom0 (#175) --- rpm_spec/core-dom0.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index a34812f7..de2e34d6 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -201,11 +201,6 @@ done service qubes_core start -NETVM=$(qvm-get-default-netvm) -if [ "X"$NETVM = "X""dom0" ] ; then - service qubes_netvm start -fi - if [ "x"$HAD_SYSCONFIG_NETWORK = "xno" ]; then rm -f /etc/sysconfig/network fi @@ -220,10 +215,6 @@ fi if [ "$1" -gt 1 ] ; then # upgrading already installed package... - NETVM=$(qvm-get-default-netvm) - if [ "X"$NETVM = "X""dom0" ] ; then - /etc/init.d/qubes_netvm stop - fi /etc/init.d/qubes_core stop fi From 2f278b8647cf3fca0bce311490d3f25733935ba7 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 00:53:16 +0200 Subject: [PATCH 16/24] Do not try to disable 3rd party services in qubes-core-dom0 %post Leavit to the installer (firstboot). --- rpm_spec/core-dom0.spec | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index de2e34d6..d2d631e8 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -142,31 +142,6 @@ echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf fi /usr/lib/qubes/qubes_fix_nm_conf.sh -#if [ "$1" != 1 ] ; then -## do this whole %post thing only when updating for the first time... -#exit 0 -#fi - -## TODO: This is only temporary, until we will have our own installer -#for f in /etc/init.d/* -#do -# srv=`basename $f` -# [ $srv = 'functions' ] && continue -# [ $srv = 'killall' ] && continue -# [ $srv = 'halt' ] && continue -# [ $srv = 'single' ] && continue -# chkconfig $srv off -#done - -chkconfig iptables on -chkconfig NetworkManager on -chkconfig rsyslog on -chkconfig haldaemon on -chkconfig messagebus on -chkconfig xenstored on -chkconfig xend on -chkconfig xenconsoled on - sed 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward = 1/' -i /etc/sysctl.conf chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" From b779fadda64c7b8c0e841136290796ad6531c12b Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 09:35:48 +0200 Subject: [PATCH 17/24] Revert "Start qrexec daemon when VM is running (but qrexec not)" This functionality has already been implemented by: d6bdb85883d858dbc942543a2ae2b5b11f37140d This reverts commit 97403a8e45009cf2823126968337e4dd5a5fb928. --- dom0/qvm-tools/qvm-run | 9 --------- 1 file changed, 9 deletions(-) diff --git a/dom0/qvm-tools/qvm-run b/dom0/qvm-tools/qvm-run index bfae342f..bafe3a79 100755 --- a/dom0/qvm-tools/qvm-run +++ b/dom0/qvm-tools/qvm-run @@ -124,15 +124,6 @@ def vm_run_cmd(vm, cmd, options): if options.tray: tray_notify_error ("ERROR: Cannot start the GUI daemon for this VM!") exit (1) - - if not os.path.exists("/var/run/qubes/qrexec.{0}".format(xid)): - retcode = subprocess.call ([qrexec_daemon_path, str(xid)]) - if (retcode != 0) : - print "ERROR: Cannot start qrexec!" - if options.tray: - tray_notify_error ("ERROR: Cannot start the QRexec daemon for this VM!") - exit (1) - actually_execute(str(xid), cmd, options); def main(): From d3678d6307c7b2d758c5a9b3868727e311183875 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 09:40:53 +0200 Subject: [PATCH 18/24] version 1.5.7 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 9075be49..f01291b8 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.5.5 +1.5.7 diff --git a/version_vm b/version_vm index eac1e0ad..f01291b8 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.6 +1.5.7 From 6e747e98cbe919e13980331dad3ac832fb419c43 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 10:55:25 +0200 Subject: [PATCH 19/24] Makefile improvements for repo management * Sign only current version of the rpms generated * repo-update-{current,unstable} targets for new yum repo --- Makefile | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 70349959..b3f53486 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,13 @@ RPMS_DIR=rpm/ + +VERSION_DOM0 := $(shell cat version_dom0) +VERSION_VM := $(shell cat version_vm) + help: - @echo "make rpms -- generate binary rpm packages" - @echo "make update-repo -- copy newly generated rpms to qubes yum repo" - @echo "make update-repo-testing -- same, but to -testing repo" + @echo "make rpms -- generate binary rpm packages" + @echo "make update-repo-current -- copy newly generated rpms to qubes yum repo" + @echo "make update-repo-unstable -- same, but to -testing repo" + @echo "make clean -- cleanup" rpms: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-commonvm.spec @@ -10,23 +15,19 @@ rpms: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-netvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-proxyvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec - rpm --addsign $(RPMS_DIR)/x86_64/*.rpm - -update-repo: - ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1/appvm/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-commonvm-*.rpm ../yum/r1/netvm/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1/netvm/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-proxyvm-*.rpm ../yum/r1/netvm/rpm/ - -update-repo-testing: - ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1-testing/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1-testing/appvm/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-commonvm-*.rpm ../yum/r1-testing/netvm/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1-testing/netvm/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-proxyvm-*.rpm ../yum/r1-testing/netvm/rpm/ + rpm --addsign \ + $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*.rpm \ + $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_DOM0)*.rpm +update-repo-current: + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*.rpm ../yum/current-release/current/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*.rpm ../yum/current-release/current/vm/rpm/ + cd ../yum && ./update_repo.sh +update-repo-unstable: + ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*.rpm ../yum/current-release/unstable/dom0/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*.rpm ../yum/current-release/unstable/vm/rpm/ + cd ../yum && ./update_repo.sh clean: (cd appvm && make clean) From a83e8c2d2d73c43848bb2ac758dbb31f2ac1cf8f Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 11:22:32 +0200 Subject: [PATCH 20/24] commonvm: Update repo info, use local RPM keys --- appvm/qubes.repo | 13 ---------- common/RPM-GPG-KEY-qubes-1-primary | 40 ++++++++++++++++++++++++++++++ common/qubes.repo | 13 ++++++++++ rpm_spec/core-commonvm.spec | 5 +++- 4 files changed, 57 insertions(+), 14 deletions(-) delete mode 100644 appvm/qubes.repo create mode 100644 common/RPM-GPG-KEY-qubes-1-primary create mode 100644 common/qubes.repo diff --git a/appvm/qubes.repo b/appvm/qubes.repo deleted file mode 100644 index e08c2e2d..00000000 --- a/appvm/qubes.repo +++ /dev/null @@ -1,13 +0,0 @@ -[qubes-appvm] -name = Qubes OS Repository for AppVM -baseurl = http://qubes-os.org/yum/r1/appvm/rpm -gpgkey = http://qubes-os.org/keys/qubes-release-1-signing-key.asc -gpgcheck = 1 - -[qubes-appvm-testing] -name = Qubes OS Repository for AppVM -baseurl = http://qubes-os.org/yum/r1-testing/appvm/rpm -gpgkey = http://qubes-os.org/keys/qubes-release-1-signing-key.asc -gpgcheck = 1 -enabled=0 - diff --git a/common/RPM-GPG-KEY-qubes-1-primary b/common/RPM-GPG-KEY-qubes-1-primary new file mode 100644 index 00000000..321ed2ff --- /dev/null +++ b/common/RPM-GPG-KEY-qubes-1-primary @@ -0,0 +1,40 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.14 (GNU/Linux) + +mQINBE2WRnsBEAC+5Y2Rt/tFqlSiliQcZRKaFb7sOnsa3uuGvNgK2nIuFxQkxoBT ++UJjk5VL+oaCOno63QbwvuxUtBlqBGSN1dOmUJW4vUqVhXVSrNQhzl5GWIC8rfDK +1W0zk5H4esiSfUxvQfRHMg2pHUa3wpFhm6L4RA/kH88QXchhVXrKZd+HJSBNJIaX +F6aYfIv0W6+fs9+oCKVw/S/j+Wu3BS5n7UbPnBkhUHPfjHzAHkRBrSH3UQkgHRFi +bffq8tW9M8KVjI2btXn1RJMDoWp7V4aRVOVSxITv9uoRKJ9vDLkLfDr9uVVZ6hB0 +Q8oQGxzTDZeWTKt6JIlR672hwbvm28AT4TK6fnIj2jMYGtDaXB7wQc/w1MuBfOTW +nThYjKSyhlUY+SI8RF2fydVl+1lgQCGjmolyN9xFimKsPT/OkcNjwVAo7q6zFa4F +2gH3mPRruvOEJL0KGuvX11eaycuTb03AWXl6gndiS9QjA2Y6KF4rsAbfctJ/jwDn +tMAhSnR5x6AovAXpcFPu2cPDkNorSYU5A4gC5oU8x18ue8zXi4uiK9A/N75F80RY +qvPlknDXLMrV4qOR039oJMNodI0GktvgjK3vjual0Z1WX+kzQbcRepKrOOAvP7pr +sfH/fTQpQGZjYIiU1vGn1JHw6CcucwyDDM+rZUHfh4lZo5h60HSBhvBxUwARAQAB +tB5RdWJlcyBPUyBSZWxlYXNlIDEgU2lnbmluZyBLZXmJAj4EEwECACgFAk2WRnsC +GwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDr0TZ+sG/mzEoQP +/0o3iqUSc/wYFzr5O3JoertiG5Z2myTEy/o1L7LuzVVoQmqUhuuk+q5jF3DOpoUe +VBhEt5SZDaBD5GToLxvD84AFHh4m/82JSPZgO5/lMN2pXllx5jWKeeh+TZHukGHV +mCjBG74Bo+mS9MTFkEbksscgk54ihKRw3raCy1G8Ixtu8JkiHOZk+mCvDC6V04z3 +xbdN4geZHdkcDH3qeSy0jvvsDN5ichv/tLoRmUKSwFylSM2lilL6TnjdJgtr7a9X +ruDFPhFFofYHQEsXhXitJG2f7mXPcsd0kG063DHmzdzo+9AdPh6fvDpaHlMds5IX +Rqydf3NQ9zcHPXG8d6dy6Y6fCW2Xok7EQeBCaePxhlDSF9kc4+tcqFLx/jvdApLY +x0SksGwU0k1276+EtVaRK1C3AKaIuKamEjPLoOmJKtuazmCzD/tuL1Gg28v67k4r +fFznihvBctN0HS+X6lDAoI13HXA/ZonjdndS8Uf7lLdGajRlRhKR5HxWmX83darM +Z6hytuNqlxu3j4/GBitcTevo4QfP0NX5gTsz9kr00L3Gzyc+UNBspvCoVRlIND57 +7H8tWoFax7myXPFwsYpZK4WxyYTyUK3Z9QbwW+wwpduwSUNomCCYf1qD3QYgFkJ1 +9aL0fRbkMhsXU9iEvtsf1CwqdsZUhNi7q0f3ZG3ogdeCiQIcBBABAgAGBQJNlkgg +AAoJEN36Gj42h5SULZMP/1cUlx1mU807rmHNh8sJMtf7051MY3TJ7dClxnUFOTya +MeJz/SGwpF2PeQwzLacl74qXgzM5uDEKBpjqzExD3RM4iuoF3Lv71/JDzvlrSY2E +6nJMCq95ooq/QIm8XyVZBquYTw0AkZx76hT93VM2M1mTO+sloWmVpovmacOFafMH +SUymuLsnp4JpIcEXRTo49s2sTKV1tpVROogxOXS/4d19MMQhk2s3cxFRj+gHLZ2D +vRqvNVc+9/gbcf2u+49kfgVgiXlHEtLMFW0AGRlwc/eSLR4CWnwxEriIg8Nxbetr +7qJQ1s4oXb/VnuZo/6+WdUIxqizLKYDxQ92G3xEjgBbAM/pB3TzivnE/IsC6I4a0 +5L5xlIv68CgNAyi79MsMVAZPs6ZPdZkcXe0uYsC0rOiFmUVdVl/SA+LJsnvzfPcg +VaUt2HNk4lPIoH8YWAtEg0H918LgvBKPQ0frPwdxvmeVRcejpVXyAYgCLwk+9xUT +lZH9ykOtoD1JV3xwLo23gayd8ZmZIZGGJ+a5VhXZHlA5gl3XVmGGmc1OXT5E++VG +snHPXJQr8SC7I0sblBfOa0nnPwYXWMmrDvtzL+T/xtIrX02WhfS7BtQp3XDNvDcK +A07FsuJnC9jILnLgo6YhLcuXG6AsnoHVR6Lpr9N7iXxIZHHHUYOTjfHd1ZCuwK50 +=7fth +-----END PGP PUBLIC KEY BLOCK----- diff --git a/common/qubes.repo b/common/qubes.repo new file mode 100644 index 00000000..630388e0 --- /dev/null +++ b/common/qubes.repo @@ -0,0 +1,13 @@ +[qubes-vm-current] +name = Qubes OS Repository for VM (updates) +baseurl = http://yum.qubes-os.org/r1-beta1/current/vm +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-primary +gpgcheck = 1 + +[qubes-appvm-testing] +name = Qubes OS Repository for VM (unstable) +baseurl = http://yum.qubes-os.org/r1-beta1/unstable/vm +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-primary +gpgcheck = 1 +enabled=0 + diff --git a/rpm_spec/core-commonvm.spec b/rpm_spec/core-commonvm.spec index ea4bacca..0770ff55 100644 --- a/rpm_spec/core-commonvm.spec +++ b/rpm_spec/core-commonvm.spec @@ -65,7 +65,9 @@ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/etc/sysconfig cp iptables $RPM_BUILD_ROOT/etc/sysconfig/ mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d -cp ../appvm/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d +cp qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d +install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg +install -m 644 RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ mkdir -p $RPM_BUILD_ROOT/sbin cp qubes_serial_login $RPM_BUILD_ROOT/sbin mkdir -p $RPM_BUILD_ROOT/usr/bin @@ -170,5 +172,6 @@ rm -rf $RPM_BUILD_ROOT /etc/sysconfig/iptables /var/lib/qubes /etc/yum.repos.d/qubes.repo +/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes* /sbin/qubes_serial_login /usr/bin/xenstore-watch From bbec676076a5f7627d17d026f7f1c20c9d1cb75a Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 11:25:15 +0200 Subject: [PATCH 21/24] Fix rpm signing in Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b3f53486..e8b18205 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ rpms: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*.rpm \ - $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_DOM0)*.rpm + $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*.rpm update-repo-current: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*.rpm ../yum/current-release/current/dom0/rpm/ From 936ce590ac3e74151fa9d528f3288e6671e7a645 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 11:27:23 +0200 Subject: [PATCH 22/24] version 1.5.8-vm --- version_vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_vm b/version_vm index f01291b8..1cc9c180 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.7 +1.5.8 From 02514b1347706f947b31dcbd7c1ebe8c5594657a Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 4 Apr 2011 17:07:46 +0200 Subject: [PATCH 23/24] If the firewall rules file does not exist, assume ALLOW (#188) So that newly created appvms have net access. --- dom0/qvm-core/qubes.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 7726b057..3cb90d67 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -1390,13 +1390,16 @@ class QubesProxyVm(QubesNetVm): qvm_collection.load() qvm_collection.unlock_db() - vms = [vm for vm in qvm_collection.values() if vm.has_firewall()] + vms = [vm for vm in qvm_collection.values()] for vm in vms: # Process only VMs connected to this ProxyVM if not vm.netvm_vm or vm.netvm_vm.qid != self.qid: continue - conf = vm.get_firewall_conf() + if vm.has_firewall(): + conf = vm.get_firewall_conf() + else: + conf = { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True } xid = vm.get_xid() if xid < 0: # VM not active ATM From 183dbacc4b6f9101f0a9c75e558de9c14221879a Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Mon, 4 Apr 2011 18:48:58 +0200 Subject: [PATCH 24/24] version 1.5.8 --- version_dom0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_dom0 b/version_dom0 index f01291b8..1cc9c180 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.5.7 +1.5.8