dom0: provide service for VM to notify about updates availability (#475)

dom0/aux-tools/qubes-notify-updates

@@ -0,0 +1,74 @@
+#!/usr/bin/python
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2012  Marek Marczykowski  <marmarek@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+import os
+import os.path
+import sys
+import subprocess
+import shutil
+from datetime import datetime
+from qubes.qubes import QubesVmCollection
+from qubes.qubes import updates_stat_file
+
+def main():
+
+    qvm_collection = QubesVmCollection()
+    qvm_collection.lock_db_for_reading()
+    qvm_collection.load()
+    qvm_collection.unlock_db()
+
+    source = os.getenv("QREXEC_REMOTE_DOMAIN")
+
+    source_vm = qvm_collection.get_vm_by_name(source)
+    if source_vm is None:
+        print >> sys.stderr, 'Domain ' + source + ' does not exists (?!)'
+        exit(1)
+
+    update_count = sys.stdin.readline(128).strip()
+    if not update_count.isdigit():
+        print >> sys.stderr, 'Domain ' + source + ' sent invalid number of updates: ' + update_count
+        exit(1)
+    if source_vm.updateable:
+        # Just trust information from VM itself
+        update_f = open(vm.dir_path + '/' + updates_stat_file, "w")
+        update_f.write(update_count)
+        update_f.close()
+    elif source_vm.template is not None:
+        # Hint about updates availability in template
+        # If template is running - it will notify about updates itself
+        if source_vm.template.is_running():
+            return
+        # Ignore no-updates info
+        if int(update_count) > 0:
+            stat_file = source_vm.template.dir_path + '/' + updates_stat_file
+            # If VM is started before last updates.stat - it means that updates
+            # already was installed (but VM still hasn't been restarted), or other
+            # VM has already notified about updates availability
+            if os.path.exists(stat_file) and \
+                source_vm.get_start_time() < datetime.fromtimestamp(os.path.getmtime(stat_file)):
+                    return
+            update_f = open(stat_file, "w")
+            update_f.write(update_count)
+            update_f.close()
+        else:
+            print >> sys.stderr, 'Ignoring notification of no updates'
+
+main()

dom0/aux-tools/qubes.NotifyUpdates

@@ -0,0 +1 @@
+/usr/lib/qubes/qubes-notify-updates

dom0/aux-tools/qubes.NotifyUpdates.policy

@@ -0,0 +1,6 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
+$anyvm	dom0	allow

dom0/qvm-core/qubes.py

@@ -90,6 +90,7 @@ start_appmenu_template = '/usr/share/qubes/qubes-start.desktop'
 qubes_whitelisted_appmenus = 'whitelisted-appmenus.list'
 
 dom0_update_check_interval = 6*3600
+updates_stat_file = 'updates.stat'
 
 # how long (in sec) to wait for VMs to shutdown
 # before killing them (when used qvm-run with --wait option)

rpm_spec/core-dom0.spec

@@ -109,6 +109,7 @@ cp ../qrexec/qrexec_daemon $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../qrexec/qrexec_client $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../qrexec/qrexec_policy $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/
+cp aux-tools/qubes-notify-updates $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qubes-receive-updates $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../misc/block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../misc/block_remove $RPM_BUILD_ROOT/usr/lib/qubes/
@@ -121,6 +122,8 @@ cp ../qubes_rpc/qubes.VMShell.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.
 cp qubes.SyncAppMenus.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.SyncAppMenus
 cp qubes.SyncAppMenus $RPM_BUILD_ROOT/etc/qubes_rpc/
 cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
+cp aux-tools/qubes.NotifyUpdates.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.NotifyUpdates
+cp aux-tools/qubes.NotifyUpdates $RPM_BUILD_ROOT/etc/qubes_rpc/
 cp aux-tools/qubes.ReceiveUpdates.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.ReceiveUpdates
 cp aux-tools/qubes.ReceiveUpdates $RPM_BUILD_ROOT/etc/qubes_rpc/
 install -D aux-tools/qubes-dom0.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes-dom0.modules
@@ -336,6 +339,7 @@ fi
 /usr/lib/qubes/qmemman_daemon.py*
 /usr/lib/qubes/meminfo-writer
 /usr/lib/qubes/qfile-daemon-dvm*
+/usr/lib/qubes/qubes-notify-updates
 /usr/lib/qubes/qubes-receive-updates
 /usr/lib/qubes/block_add_change
 /usr/lib/qubes/block_remove
@@ -381,9 +385,11 @@ fi
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.Filecopy
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.OpenInVM
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.SyncAppMenus
+%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.NotifyUpdates
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.ReceiveUpdates
 %attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.VMShell
 /etc/qubes_rpc/qubes.SyncAppMenus
+/etc/qubes_rpc/qubes.NotifyUpdates
 /etc/qubes_rpc/qubes.ReceiveUpdates
 %attr(4750,root,qubes) /usr/lib/qubes/qrexec_daemon
 %attr(2770,root,qubes) %dir /var/log/qubes