From 18c9af90c7d710752af6588a7312b767ed93ce3c Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 28 Jul 2012 00:51:19 +0200
Subject: [PATCH 1/7] dom0/core: fix qubes-session wait code

---
 dom0/qvm-core/qubes.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index fbf878ac..0fd7df6f 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -1405,7 +1405,7 @@ class QubesVm(object):
         if verbose:
             print >> sys.stderr, "--> Waiting for qubes-session..."
 
-        self.run('echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d', ignore_stderr=True, gui=False, wait=True)
+        self.run('%s:echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d' % self.default_user, ignore_stderr=True, gui=False, wait=True)
 
         retcode = subprocess.call([qubes_clipd_path])
         if retcode != 0:

From be389bddb9dba76c644dec0ed83f105c8ee7eb05 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 28 Jul 2012 01:39:59 +0200
Subject: [PATCH 2/7] dom0/core: allow custom kernel for non-updateable VMs

---
 dom0/qvm-core/qubes.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 0fd7df6f..2fb702b7 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -905,7 +905,7 @@ class QubesVm(object):
         args['volatiledev'] = "'script:file:{dir}/volatile.img,xvdc,w',".format(dir=self.dir_path)
         if hasattr(self, 'kernel'):
             modulesmode='r'
-            if self.updateable and self.kernel is None:
+            if self.kernel is None:
                 modulesmode='w'
             args['otherdevs'] = "'script:file:{dir}/modules.img,xvdd,{mode}',".format(dir=self.kernels_dir, mode=modulesmode)
         if hasattr(self, 'kernelopts'):

From 65a08f7bae71e66ca83a0825221cd6c9db8f3246 Mon Sep 17 00:00:00 2001
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Date: Mon, 30 Jul 2012 16:59:19 +0200
Subject: [PATCH 3/7] version 1.7.42

---
 version_dom0 | 2 +-
 version_vm   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/version_dom0 b/version_dom0
index 2860802d..2d29ee14 100644
--- a/version_dom0
+++ b/version_dom0
@@ -1 +1 @@
-1.7.41
+1.7.42
diff --git a/version_vm b/version_vm
index be2c5f14..2d29ee14 100644
--- a/version_vm
+++ b/version_vm
@@ -1 +1 @@
-1.7.36
+1.7.42

From c2d4b0de6291c3d715402b9de809a83b2e66fa91 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sun, 29 Jul 2012 02:34:45 +0200
Subject: [PATCH 4/7] dom0/updates: typo fix in qubes-manager statfile handling

---
 dom0/qvm-tools/qubes-dom0-update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom0/qvm-tools/qubes-dom0-update b/dom0/qvm-tools/qubes-dom0-update
index 6a31ad22..e7f1b953 100755
--- a/dom0/qvm-tools/qubes-dom0-update
+++ b/dom0/qvm-tools/qubes-dom0-update
@@ -99,7 +99,7 @@ elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then
             yum $YUM_OPTS update
         fi
     fi
-    yum -q check-updates && rm $UPDATES_STAT_FILE
+    yum -q check-update && rm -f $UPDATES_STAT_FILE
 else
     echo "No updates avaliable" >&2
 fi

From 4ffe3e0391f0a38baeee5ff6098567815610a4cb Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 30 Jul 2012 20:38:45 +0200
Subject: [PATCH 5/7] dom0/qvm-block: fix error handler

---
 dom0/qvm-core/qubesutils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom0/qvm-core/qubesutils.py b/dom0/qvm-core/qubesutils.py
index c94f8cb5..c054f182 100644
--- a/dom0/qvm-core/qubesutils.py
+++ b/dom0/qvm-core/qubesutils.py
@@ -342,7 +342,7 @@ def block_attach(vm, backend_vm, device, frontend=None, mode="w", auto_detach=Fa
             elif int(be_state) > 4:
                 # Error
                 error = xs.read('', '/local/domain/%d/error/backend/vbd/%d/%d/error' % (backend_vm.xid, vm.xid, block_name_to_devid(frontend)))
-                if error is None:
+                if error is not None:
                     raise QubesException("Error while connecting block device: " + error)
                 else:
                     raise QubesException("Unknown error while connecting block device")

From a680976f1e48664c543272c2f4ce6ef08b024c50 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 30 Jul 2012 22:45:05 +0200
Subject: [PATCH 6/7] dom0/updates: show errors from qubes-receive-updates

Especially when signature verification failed, show message about it, not
enigmatic "Could not open/read
file:///var/lib/qubes/updates/repodata/repomd.xml"
---
 dom0/aux-tools/qubes-receive-updates | 27 +++++++++++++++++++--------
 dom0/qvm-tools/qubes-dom0-update     |  7 +++++++
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/dom0/aux-tools/qubes-receive-updates b/dom0/aux-tools/qubes-receive-updates
index 6db39d4e..78d9027c 100755
--- a/dom0/aux-tools/qubes-receive-updates
+++ b/dom0/aux-tools/qubes-receive-updates
@@ -32,25 +32,34 @@ from qubes.qubes import QubesVmCollection
 updates_dir = "/var/lib/qubes/updates"
 updates_rpm_dir = updates_dir + "/rpm"
 updates_repodata_dir = updates_dir + "/repodata"
+updates_error_file = updates_dir + "/errors"
+updates_error_file_handle = None
 
 package_regex = re.compile(r"^[abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._+-]{1,128}.rpm$")
 gpg_ok_regex = re.compile(r"pgp md5 OK$")
 
-def dom0updates_fatal(msg):
+def dom0updates_fatal(pkg, msg):
+    global updates_error_file_handle
     print >> sys.stderr, msg
-    shutil.rmtree(updates_rpm_dir)
-    exit(1)
+    if updates_error_file_handle is None:
+        updates_error_file_handle = open(updates_error_file, "a")
+    updates_error_file_handle.write(msg + "\n")
+    os.remove(pkg)
 
 def handle_dom0updates(updatevm):
+    global updates_error_file_handle
+
     source=os.getenv("QREXEC_REMOTE_DOMAIN")
     if source != updatevm.name:
-        print >> sys.stderr, 'Domain ' + source + ' not allowed to send dom0 updates'
+        print >> sys.stderr, 'Domain ' + str(source) + ' not allowed to send dom0 updates'
         exit(1)
     # Clean old packages
     if os.path.exists(updates_rpm_dir):
         shutil.rmtree(updates_rpm_dir)
     if os.path.exists(updates_repodata_dir):
         shutil.rmtree(updates_repodata_dir)
+    if os.path.exists(updates_error_file):
+        os.remove(updates_error_file)
     qubes_gid = grp.getgrnam('qubes').gr_gid
     os.mkdir(updates_rpm_dir)
     os.chown(updates_rpm_dir, -1, qubes_gid)
@@ -61,16 +70,18 @@ def handle_dom0updates(updatevm):
         full_path = updates_rpm_dir + "/" + f
         if package_regex.match(f):
             if os.path.islink(full_path) or not os.path.isfile(full_path):
-                dom0updates_fatal('Domain ' + source + ' sent not regular file')
+                dom0updates_fatal(f, 'Domain ' + source + ' sent not regular file')
             p = subprocess.Popen (["/bin/rpm", "-K", full_path],
                     stdout=subprocess.PIPE)
             output = p.communicate()[0]
             if p.returncode != 0:
-                dom0updates_fatal('Error while verifing %s signature: %s' % (f, output))
+                dom0updates_fatal(f, 'Error while verifing %s signature: %s' % (f, output))
             if not gpg_ok_regex.search(output.strip()):
-                dom0updates_fatal('Domain ' + source + ' sent not signed rpm: ' + f)
+                dom0updates_fatal(f, 'Domain ' + source + ' sent not signed rpm: ' + f)
         else:
-            dom0updates_fatal('Domain ' + source + ' sent unexpected file: ' + f)
+            dom0updates_fatal(f, 'Domain ' + source + ' sent unexpected file: ' + f)
+    if updates_error_file_handle is not None:
+        updates_error_file_handle.close()
     # After updates received - create repo metadata
     subprocess.check_call(["/usr/bin/createrepo", "-q", updates_dir])
     os.chown(updates_repodata_dir, -1, qubes_gid)
diff --git a/dom0/qvm-tools/qubes-dom0-update b/dom0/qvm-tools/qubes-dom0-update
index e7f1b953..e8087b09 100755
--- a/dom0/qvm-tools/qubes-dom0-update
+++ b/dom0/qvm-tools/qubes-dom0-update
@@ -87,6 +87,13 @@ fi
 # Wait for download completed
 while pidof -x qubes-receive-updates >/dev/null; do sleep 0.5; done
 
+if [ -r /var/lib/qubes/updates/errors ]; then
+    echo "*** ERROR while receiving updates:" >&2
+    cat /var/lib/qubes/updates/errors >&2
+    echo "--> if you want to use packages that were downloaded correctly, use yum directly now" >&2
+    exit 1
+fi
+
 if [ "x$PKGS" != "x" ]; then
     yum $YUM_OPTS install $PKGS
 elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then

From b7d2667b1d6707e552d98ae277d9b296175b589d Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 30 Jul 2012 22:54:42 +0200
Subject: [PATCH 7/7] vm/kernel-placeholder: simplify upgrade

---
 rpm_spec/core-vm-kernel-placeholder.spec | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rpm_spec/core-vm-kernel-placeholder.spec b/rpm_spec/core-vm-kernel-placeholder.spec
index 2533d474..2b4f4598 100644
--- a/rpm_spec/core-vm-kernel-placeholder.spec
+++ b/rpm_spec/core-vm-kernel-placeholder.spec
@@ -10,6 +10,12 @@ Vendor:		Invisible Things Lab
 License:	GPL
 Group:		Qubes
 URL:		http://www.qubes-os.org
+#  template released with 1.0-rc1 have kernel-debug installed by mistake. This
+#  line is required to smooth upgrade.
+Obsoletes:  kernel-debug
+#  this driver require exact kernel-drm-nouveau version; as isn't needed in VM,
+#  just remove it
+Obsoletes:  xorg-x11-drv-nouveau
 #  choose the oldest Qubes-supported VM kernel
 Provides:   kernel = 3.2.7