Merge branch 'master-for-hvm' into hvm

Conflicts: dom0/qvm-core/qubes.py dom0/qvm-tools/qvm-sync-clock
2012-10-04 05:45:41 +02:00 · 2012-10-04 05:45:41 +02:00 · d03bab3db2
commit d03bab3db2
parent 6419fea4ce 490a5e9e1a
11 changed files with 219 additions and 39 deletions
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@ -499,7 +499,7 @@ class QubesVm(object):
        return re.match(r"^[a-zA-Z0-9_-]*$", name) is not None

    def pre_rename(self, new_name):
-        pass
+        self.remove_appmenus()

    def set_name(self, name):
        if self.is_running():
@ -537,7 +537,7 @@ class QubesVm(object):
        self.post_rename(old_name)

    def post_rename(self, old_name):
-        pass
+        self.create_appmenus(verbose=False)

    def is_template(self):
        return isinstance(self, QubesTemplateVm)
@ -1113,8 +1113,8 @@ class QubesVm(object):

        if src_vm.icon_path is not None and self.icon_path is not None:
            if os.path.exists (src_vm.dir_path):
-                if os.path.islink(src_vm.dir_path):
-                    icon_path = os.readlink(src_vm.dir_path)
+                if os.path.islink(src_vm.icon_path):
+                    icon_path = os.readlink(src_vm.icon_path)
                    if verbose:
                        print >> sys.stderr, "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, icon_path)
                    os.symlink (icon_path, self.icon_path)
@ -1650,12 +1650,13 @@ class QubesTemplateVm(QubesVm):

        super(QubesTemplateVm, self).clone_disk_files(src_vm=src_vm, verbose=verbose)

-        if os.path.exists(src_vm.dir_path + '/vm-' + qubes_whitelisted_appmenus):
+        for whitelist in ['/vm-' + qubes_whitelisted_appmenus, '/netvm-' + qubes_whitelisted_appmenus]:
+            if os.path.exists(src_vm.dir_path + whitelist):
                if verbose:
                    print >> sys.stderr, "--> Copying default whitelisted apps list: {0}".\
-                    format(self.dir_path + '/vm-' + qubes_whitelisted_appmenus)
-            shutil.copy(src_vm.dir_path + '/vm-' + qubes_whitelisted_appmenus,
-                    self.dir_path + '/vm-' + qubes_whitelisted_appmenus)
+                        format(self.dir_path + whitelist)
+                shutil.copy(src_vm.dir_path + whitelist,
+                        self.dir_path + whitelist)

        if verbose:
            print >> sys.stderr, "--> Copying the template's clean volatile image:\n{0} ==>\n{1}".\
@ -2248,12 +2249,6 @@ class QubesAppVm(QubesVm):
        self.remove_appmenus()
        super(QubesAppVm, self).remove_from_disk()

-    def pre_rename(self, new_name):
-        self.remove_appmenus()
-
-    def post_rename(self, old_name):
-        self.create_appmenus(verbose=False)
-
 class QubesHVm(QubesVm):
    """
    A class that represents an HVM. A child of QubesVm.
@ -2349,12 +2344,6 @@ class QubesHVm(QubesVm):
        self.remove_appmenus()
        super(QubesHVm, self).remove_from_disk()

-    def pre_rename(self, new_name):
-        self.remove_appmenus()
-
-    def post_rename(self, old_name):
-        self.create_appmenus(False)
-
    def get_disk_utilization_private_img(self):
        return 0

--- a/dom0/qvm-tools/qvm-sync-clock
+++ b/dom0/qvm-tools/qvm-sync-clock
@ -71,18 +71,19 @@ def main():
        print >> sys.stderr, 'Time sync failed, aborting!'
        sys.exit(1)

-    p = clock_vm.run('DEFAULT:date -u', verbose=verbose, passio_popen=True, ignore_stderr=True)
+    # Use the date format based on RFC2822 to avoid localisation issues
+    p = clock_vm.run('DEFAULT:date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True)
    date_out = p.stdout.read(100)
    date_out = date_out.strip()
-    if not re.match(r'^[A-Za-z]* [A-Za-z]* [ 0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [A-Z]* [0-9][0-9][0-9][0-9]$', date_out):
-        print >> sys.stderr, 'Invalid date output, aborting!'
+    if not re.match(r'^[A-Za-z]+[,] [0-9][0-9] [A-Za-z]+ [0-9][0-9][0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [+]0000$', date_out):
+        print >> sys.stderr, date_out, 'Invalid date output, aborting!'
        sys.exit(1)

    # Sync dom0 time
    if verbose:
        print >> sys.stderr, '--> Syncing dom0 clock.'

-    subprocess.check_call(['sudo', 'date', '-u', '-s', date_out])
+    subprocess.check_call(['sudo', 'date', '-u', '-R', '-s', date_out])
    subprocess.check_call(['sudo', 'hwclock', '--systohc'])

    # Sync other VMs clock
@ -91,7 +92,7 @@ def main():
            if verbose:
                print >> sys.stderr, '--> Syncing \'%s\' clock.' % vm.name
            try:
-                vm.run('root:date -u -s "%s"' % date_out, verbose=verbose)
+                vm.run('root:date -u -R -s "%s"' % date_out, verbose=verbose)
            except Exception as e:
                print >> sys.stderr, "ERROR syncing time in VM '%s': %s" % (vm.name, str(e))
                pass
--- a/network/filter-qubes-yum
+++ b/network/filter-qubes-yum
@ -1,6 +1,6 @@
-.*/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$
-.*/repodata/repomd\.xml$
-.*\.rpm$
-.*\.drpm$
-mirrors.fedoraproject.org:443
-^http://mirrors\..*/mirrorlist
+/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$
+/repodata/repomd\.xml$
+\.rpm$
+\.drpm$
+^mirrors\.fedoraproject\.org:443$
+^http://mirrors\..*/mirrorlist\?
--- a/network/ip6tables
+++ b/network/ip6tables
@ -0,0 +1,8 @@
+# Generated by ip6tables-save v1.4.14 on Tue Sep 25 16:00:20 2012
+*filter
+:INPUT DROP [1:72]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i lo -j ACCEPT
+COMMIT
+# Completed on Tue Sep 25 16:00:20 2012
--- a/qubes_rpc/qvm-copy-to-vm.gnome
+++ b/qubes_rpc/qvm-copy-to-vm.gnome
@ -20,7 +20,7 @@
 #
 #

-VM=$(zenity --entry --title="File Copy" --text="Enter the destination domain name:")
+VM=$(qvm-mru-entry --title="File Copy" --text="Enter the destination domain name:" --mrufile "qvm-mru-filecopy")
 if [ X$VM = X ] ; then exit 0 ; fi

 SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
--- a/qubes_rpc/qvm-mru-entry
+++ b/qubes_rpc/qvm-mru-entry
@ -0,0 +1,165 @@
+#!/usr/bin/python
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2012 Bruce Downs <bruceadowns@gmail.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+import os
+from optparse import OptionParser
+import gtk
+
+class QubesMruDialog(gtk.Dialog):
+    entry = None
+    mrufile = None
+
+    def __init__(self, title, text, mrufile):
+        self.mrufile = mrufile
+
+        gtk.Dialog.__init__(
+            self,
+            title,
+            None,
+            0,
+            (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL,
+             gtk.STOCK_OK, gtk.RESPONSE_OK))
+
+        # setting the default response to 'ok'
+        # does not work as advertised
+        # using key-press-event instead
+        #self.set_default_response(gtk.RESPONSE_OK)
+        
+        self.connect("destroy", lambda *w: gtk.main_quit())
+        self.connect("response", self.response_callback)
+        self.connect("key-press-event", self.key_press_callback)
+
+        self.set_position(gtk.WIN_POS_CENTER)
+        self.set_resizable(True)
+
+        vbox = gtk.VBox(True, 5)
+        self.vbox.pack_start(vbox, True, True, 0)
+        vbox.set_border_width(5)
+
+        label = gtk.Label()
+        label.set_markup(text)
+        vbox.pack_start(label, False, False, 0)
+
+        # Create our entry
+        self.entry = gtk.Entry()
+        vbox.pack_start(self.entry, False, False, 0)
+
+        # Create the completion object
+        completion = gtk.EntryCompletion()
+
+        # Assign the completion to the entry
+        self.entry.set_completion(completion)
+
+        # Create a tree model and use it as the completion model
+        completion_model, firstline = self.create_completion_model()
+        completion.set_model(completion_model)
+
+        # Use model column 0 as the text column
+        completion.set_text_column(0)
+
+        if firstline:
+            self.entry.set_text(firstline)
+
+        self.show_all()
+
+    def create_completion_model(self):
+        store = gtk.ListStore(str)
+        firstline = None
+
+        if self.mrufile and os.access(self.mrufile, os.R_OK):
+            # read lines from mru file
+            lines = [line.strip() for line in open(self.mrufile)]
+            for line in lines:
+                if not firstline:
+                    firstline = line
+
+                iter = store.append()
+                store.set(iter, 0, line)
+
+        return store, firstline
+
+    def handle_ok(self):
+        my_entry = self.entry.get_text()
+
+        if len(my_entry) > 0:
+            linesorg = []
+            linesorg.insert(0, my_entry)
+
+            # calc mru lines
+            if os.access(self.mrufile, os.R_OK):
+                # read lines from existing mru file
+                fMru = open(self.mrufile, "r")
+                linesorg += [line.strip() for line in fMru]
+                fMru.close()
+
+            #uniqify
+            linesuniq = []
+            for lineuniq in linesorg:
+                if (len(lineuniq) > 0 and lineuniq not in linesuniq):
+                    linesuniq.append(lineuniq)
+
+            # write to mru
+            # up to 50 unique
+            fMru = file(self.mrufile, "w")
+            fMru.writelines( "%s\n" % line for line in linesuniq[:50] )
+            fMru.close()
+
+        # print entry to stdout
+        print my_entry
+
+    def response_callback(self, button, response_id):
+        if response_id == gtk.RESPONSE_OK:
+            self.handle_ok()
+        self.destroy()
+
+    def key_press_callback(self, button, event):
+        if event.keyval == gtk.keysyms.Return:
+            self.handle_ok()
+            self.destroy()
+
+def main():
+    usage = "usage: %prog [--title 'Qubes Title'] [--text 'Qubes Text'] [--mrufile 'mru file name']"
+    parser = OptionParser (usage)
+    parser.add_option ("-l", "--title",
+                       action="store",
+                       dest="title",
+                       default="Qubes MRU Dialog Entry",
+                       help="Set the dialog title [%default]")
+    parser.add_option ("-x", "--text",
+                       action="store",
+                       dest="text",
+                       default="Enter Qubes text:",
+                       help="Set the dialog text [%default]")
+    parser.add_option ("-f", "--mrufile",
+                       action="store",
+                       dest="mrufile",
+                       default='qvm-mru',
+                       help="MRU file name [%default]")
+    (options, args) = parser.parse_args ()
+
+    mrudir = os.path.expanduser('~') + os.sep + '.config'
+    if not os.path.exists(mrudir):
+        os.makedirs(mrudir)
+    QubesMruDialog(options.title, options.text, mrudir + os.sep + options.mrufile)
+    gtk.main()
+
+main()
+
--- a/qubes_rpc/vm-file-editor.c
+++ b/qubes_rpc/vm-file-editor.c
@ -57,7 +57,7 @@ main()
 {
 	struct stat stat_pre, stat_post, session_stat;
 	char *filename = get_filename();
-	int child, status, log_fd;
+	int child, status, log_fd, null_fd;
 	char var[1024], val[4096];
 	FILE *env_file;
 	FILE *waiter_pidfile;
@ -100,7 +100,9 @@ main()
 			perror("fork");
 			exit(1);
 		case 0:
-			close(0);
+			null_fd = open("/dev/null", O_RDONLY);
+			dup2(null_fd, 0);
+			close(null_fd);		

 			env_file = fopen("/tmp/qubes-session-env", "r");
 			while(fscanf(env_file, "%1024[^=]=%4096[^\n]\n", var, val) == 2) {
--- a/rpm_spec/core-dom0.spec
+++ b/rpm_spec/core-dom0.spec
@ -177,6 +177,7 @@ mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
 cp ../network/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
 mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
 cp ../network/iptables $RPM_BUILD_ROOT/etc/sysconfig
+cp ../network/ip6tables $RPM_BUILD_ROOT/etc/sysconfig
 mkdir -p $RPM_BUILD_ROOT/etc/security/limits.d
 cp misc/limits-qubes.conf $RPM_BUILD_ROOT/etc/security/limits.d/99-qubes.conf

@ -390,6 +391,7 @@ fi
 /etc/dhclient.d/qubes_setup_dnat_to_ns.sh
 /etc/NetworkManager/dispatcher.d/qubes_nmhook
 /etc/sysconfig/iptables
+/etc/sysconfig/ip6tables
 /etc/sysconfig/modules/qubes-dom0.modules
 /etc/sysconfig/modules/cpufreq-xen.modules
 /usr/lib64/pm-utils/sleep.d/01qubes-sync-vms-clock
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@ -139,7 +139,8 @@ ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes
 install -d $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
 install network/{qubes_nmhook,30-qubes_external_ip} $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
 install -D network/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts/vif-route-qubes
-install -m 0644 -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables
+install -m 0400 -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables
+install -m 0400 -D network/ip6tables $RPM_BUILD_ROOT/etc/sysconfig/ip6tables
 install -m 0644 -D network/tinyproxy-qubes-yum.conf $RPM_BUILD_ROOT/etc/tinyproxy/tinyproxy-qubes-yum.conf
 install -m 0644 -D network/filter-qubes-yum $RPM_BUILD_ROOT/etc/tinyproxy/filter-qubes-yum

@ -152,7 +153,7 @@ install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/

 install -d $RPM_BUILD_ROOT/usr/bin

-install qubes_rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-run} $RPM_BUILD_ROOT/usr/bin
+install qubes_rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-run,qvm-mru-entry} $RPM_BUILD_ROOT/usr/bin
 install qubes_rpc/wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes
@ -327,9 +328,13 @@ mkdir -p /rw
 %preun
 if [ "$1" = 0 ] ; then
    # no more packages left
+    if [ -e /var/lib/qubes/fstab.orig ] ; then
    mv /var/lib/qubes/fstab.orig /etc/fstab
+    fi
    mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
+    if [ -e /var/lib/qubes/serial.orig ] ; then
    mv /var/lib/qubes/serial.orig /etc/init/serial.conf
+    fi
 fi

 %postun
@ -371,6 +376,7 @@ rm -rf $RPM_BUILD_ROOT
 /etc/qubes_rpc/qubes.SuspendPost
 /etc/sudoers.d/qubes
 /etc/sysconfig/iptables
+/etc/sysconfig/ip6tables
 /etc/sysconfig/modules/qubes_core.modules
 /etc/tinyproxy/filter-qubes-yum
 /etc/tinyproxy/tinyproxy-qubes-yum.conf
@ -387,6 +393,7 @@ rm -rf $RPM_BUILD_ROOT
 /usr/bin/qvm-open-in-dvm
 /usr/bin/qvm-open-in-vm
 /usr/bin/qvm-run
+/usr/bin/qvm-mru-entry
 /usr/bin/xenstore-watch-qubes
 %dir /usr/lib/qubes
 /usr/lib/qubes/block_add_change
@ -489,6 +496,7 @@ chkconfig rsyslog on
 chkconfig haldaemon on
 chkconfig messagebus on
 chkconfig iptables on
+chkconfig ip6tables on
 chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
 chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
 chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core_netvm!"
@ -610,6 +618,7 @@ rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service

 # Enable some services
 /bin/systemctl enable iptables.service 2> /dev/null
+/bin/systemctl enable ip6tables.service 2> /dev/null
 /bin/systemctl enable rsyslog.service 2> /dev/null
 /bin/systemctl enable ntpd.service 2> /dev/null
 # Disable original service to enable overriden one
--- a/vm-systemd/misc-post.sh
+++ b/vm-systemd/misc-post.sh
@ -21,6 +21,7 @@ if [ -e /dev/xvdb ] ; then

        mkdir -p /rw/config
        touch /rw/config/rc.local
+        touch /rw/config/rc.local-early

        mkdir -p /rw/home
        cp -a /home.orig/user /home
--- a/vm-systemd/qubes-sysinit.sh
+++ b/vm-systemd/qubes-sysinit.sh
@ -69,3 +69,6 @@ debug_mode=`$XS_READ qubes-debug-mode 2> /dev/null`
 if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then
    echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment
 fi
+
+[ -x /rw/config/rc.local-early ] && /rw/config/rc.local-early
+