Commit Graph

342 Commits

Author SHA1 Message Date
Wojtek Porczyk
0f1672dc63 Revert "backup: use 'scrypt' tool for backup encryption and integrity protection"
This reverts commit 418d749680.

Package `scrypt` is currently not installable (not present in any repo).

Cc: @marmarek
2016-12-05 18:36:13 +01:00
Wojtek Porczyk
25912f5787 qubes/tools: add qvm-tags
QubesOS/qubes-issues#865
2016-12-02 14:17:09 +01:00
Marek Marczykowski-Górecki
194fb9b99b
rpm: disable prelink only when present
It isn't installed by default.

QubesOS/qubes-issues#2412
2016-11-26 04:08:59 +01:00
Marek Marczykowski-Górecki
badc58837a
Add qvm-template-postprocess tool
This is intended to call to finish template installation/removal.
Template RPM package is basically container for root.img, nothing more.
Other parts needs to be generated after root.img extraction. Previously
it was open coded in rpm post-install script, but lets keep it as qvm
tool to ease supporting multiple version in template builder

QubesOS/qubes-issues#2412
2016-11-26 04:08:08 +01:00
Marek Marczykowski-Górecki
408606e0f0
rpm: adjust post-installation script for new tools
QubesOS/qubes-issues#2412
2016-11-26 04:08:08 +01:00
Wojtek Porczyk
a4d50409df Merge remote-tracking branch 'marmarek/core3-storage-fixes' into core3-devel 2016-11-15 17:36:53 +01:00
Marek Marczykowski-Górecki
b011cef8af
tests/storage: add tests for basic volumes properties
Things like if read-only volume is really read-only, volatile is
volatile etc.

QubesOS/qubes-issues#2256
2016-11-04 14:18:56 +01:00
Marek Marczykowski-Górecki
0471453773
storage/lvm: call lvm directly, don't use qubes-lvm wrapper
The wrapper doesn't do anything else than translating command
parameters, but it's load time is significant (because of python imports
mostly). Since we can't use python lvm API from non-root user anyway,
lets drop the wrapper and call `lvm` directly (or through sudo when
necessary).

This makes VM startup much faster - storage preparation is down from
over 10s to about 3s.

QubesOS/qubes-issues#2256
2016-11-04 14:18:55 +01:00
Marek Marczykowski-Górecki
418d749680
backup: use 'scrypt' tool for backup encryption and integrity protection
`openssl dgst` and `openssl enc` used previously poorly handle key
stretching - in case of `openssl enc` encryption key is derived using
single MD5 iteration, without even any salt. This hardly prevent
brute force or even rainbow tables attacks. To make things worse, the
same key is used for encryption and integrity protection which ease
brute force even further.
All this is still about brute force attacks, so when using long, high
entropy passphrase, it should be still relatively safe. But lets do
better.
According to discussion in QubesOS/qubes-issues#971, scrypt algorithm is
a good choice for key stretching (it isn't the best of all existing, but
a good one and widely adopted). At the same time, lets switch away from
`openssl` tool, as it is very limited and apparently not designed for
production use. Use `scrypt` tool, which is very simple and does exactly
what we need - encrypt the data and integrity protect it. Its archive
format have own (simple) header with data required by the `scrypt`
algorithm, including salt. Internally data is encrypted with AES256-CTR
and integrity protected with HMAC-SHA256. For details see:
https://github.com/tarsnap/scrypt/blob/master/FORMAT

This means change of backup format. Mainly:

1. HMAC is stored in scrypt header, so don't use separate file for it.
Instead have data in files with `.enc` extension.
2. For compatibility leave `backup-header` and `backup-header.hmac`. But
`backup-header.hmac` is really scrypt-encrypted version of `backup-header`.
3. For each file, prepend its identifier to the passphrase, to
authenticate filename itself too. Having this we can guard against
reordering archive files within a single backup and across backups. This
identifier is built as:

        backup ID (from backup-header)!filename!

For backup-header itself, there is no backup ID (just 'backup-header!').

Fixes QubesOS/qubes-issues#971
2016-10-28 11:53:32 +02:00
Marek Marczykowski-Górecki
36eb7f923f
qubes/tarwriter: add simple sparse-tar writer module
tar can't write archive with _contents_ of block device. We need this to
backup LVM-based disk images. To avoid dumping image to a file first,
create a simple tar archiver just for this purpose.

Python is not the fastest possible technology, it's 3 times slower than
equivalent written in C. But it's much easier to read, much less
error-prone, and still process 1GB image under 1s (CPU time, leaving
along actual disk reads). So, it's acceptable.
2016-10-05 01:54:41 +02:00
Marek Marczykowski-Górecki
96a4bb650b
qubes/tools: qvm-backup and qvm-backup-restore tools
Fixes QubesOS/qubes-issues#1213
Fixes QubesOS/qubes-issues#1214
2016-09-21 16:02:50 +02:00
Marek Marczykowski-Górecki
d4f29bb8b7
qubes: add qvm-firewall tool
Fixes QubesOS/qubes-issues#1815
2016-09-19 20:36:32 +02:00
Marek Marczykowski-Górecki
1da75a676f
qubes/firewall: new firewall interface
First part - handling firewall.xml and rules formatting.
Specification on https://qubes-os.org/doc/vm-interface/

TODO (for dom0):
 - plug into QubesVM object
 - expose rules in QubesDB (including reloading)
 - drop old functions (vm.get_firewall_conf etc)

QubesOS/qubes-issues#1815
2016-09-19 20:36:30 +02:00
Marek Marczykowski-Górecki
e8d011b83f
qubes/tools: add qvm-device tool (and tests)
Add a tool to manipulate various devices.

QubesOS/qubes-issues#2257
2016-09-03 20:41:05 +02:00
Marek Marczykowski-Górecki
fbb086aed5
tests: PCI devices tests
Just basic things for now.

QubesOS/qubes-issues#2257
2016-09-03 20:41:04 +02:00
Marek Marczykowski-Górecki
aa67a4512e
qubes/ext/pci: move PCI devices handling to an extension
Implement required event handlers according to documentation in
qubes.devices.

A modification of qubes.devices.DeviceInfo is needed to allow dynamic,
read-only properties.

QubesOS/qubes-issues#2257
2016-09-03 20:41:03 +02:00
Marek Marczykowski-Górecki
d8286b6dab
tests: port vm_qrexec_gui to core3 API 2016-08-17 22:41:57 +02:00
Marek Marczykowski-Górecki
e19df4c5b6
tests: port dispvm tests to core3 API
Some tests do not apply, as there is no savefile and attributes
propagation is much simpler. Dropped tests:
 - test_000_firewall_propagation
 - test_001_firewall_propagation
 - test_000_prepare_dvm

QubesOS/qubes-issues#2253
2016-08-17 04:15:35 +02:00
Marek Marczykowski-Górecki
660c726315
tests: add qvm-check 2016-08-09 05:14:13 +02:00
Marek Marczykowski-Górecki
f17f80ee9d
qubes/tools: add qvm-template-commit
This tool is called from /etc/xen/scripts/block-origin script at VM
shutdown.
2016-08-09 05:14:11 +02:00
Bahtiar `kalkin-` Gadimov
3ae6530cd8
Add lvm thin pool storage implementation 2016-08-03 02:57:42 +02:00
Bahtiar `kalkin-` Gadimov
7d11a7afbd
Add lvm tests 2016-08-03 02:57:41 +02:00
Bahtiar `kalkin-` Gadimov
8972254e22
Add qvm-check 2016-07-21 23:40:24 +02:00
Wojtek Porczyk
36e5bcd766 Merge remote-tracking branch 'origin/pull/39/head' into core3-devel 2016-07-21 16:43:25 +02:00
Bahtiar `kalkin-` Gadimov
e8d0e53f41 Remove duplicate entry from core-dom0.spec 2016-07-21 12:10:19 +02:00
Bahtiar `kalkin-` Gadimov
bcf1cfcb1f
Add qvm-clone(1) 2016-07-13 22:35:58 +02:00
Bahtiar `kalkin-` Gadimov
b9ddc00741
Add qvm-block 2016-06-23 13:16:08 +02:00
Wojtek Porczyk
677a3e51f4 Move libvirt XML network device to jinja 2016-06-16 13:29:15 +02:00
Wojtek Porczyk
ba20254888 Rewrite PCI attaching/detaching from xl to libvirt
The only remaining part is querying vm-side BDF. That can't be done
in libvirt.
2016-06-16 13:29:15 +02:00
Wojtek Porczyk
6a10daf7be Merge branch 'master' into core3-devel
Remains to be fixed:
  88cb62fc
  d2640b51
  958c2926
2016-06-13 19:03:46 +02:00
Marek Marczykowski-Górecki
a857ac3afb
Install dom0 qvm-* tools man pages by default 2016-06-04 16:57:13 +02:00
Marek Marczykowski-Górecki
88cb62fcf6
core: add pci_e820_host property
Enable e820_host option for VMs with PCI devices (to allow VM kernel to
deal with address space conflicts). But add a property to allow
disabling it.

Fixes QubesOS/qubes-issues#2019
2016-06-04 16:52:02 +02:00
Wojtek Porczyk
a615a45ecd Merge remote-tracking branch 'woju/pull/13/head' into core3-devel 2016-06-02 13:24:15 +02:00
Bahtiar `kalkin-` Gadimov
d703f2f44b
Add qvm-pool and manpage for it
- Use full import paths in qvm-pool
- Add, Remove, Info and List options set `Namespace.command`. This fixes a crash
  when `-o dir_path=/mnt/foo` is specified after `-a foo xen`.
- Remove `_List`
- Remove 'added pool' and 'removed pool' messages. Unix tools are quiet
- qvm-pool call app.save()
- Rename create_parser in get_parser
- Rename local_parser variables to just parser
- qvm-pool uses print_table
2016-05-30 13:31:54 +02:00
Bahtiar `kalkin-` Gadimov
baaac858bc
Add DomainPool
- All domain pool volumes are removable volumes
- DomainVolume uses device name as vid
2016-05-22 22:09:54 +02:00
Bahtiar `kalkin-` Gadimov
8959e5a77e
Implement qvm-remove
- Remove old qvm-remove
- Remove a log line from Storage, because it prints confusing lines, like:
    Removing volume kernel: /var/lib/qubes/vm-kernels/4.1.13-6/modules.img
2016-05-21 01:35:30 +02:00
Wojtek Porczyk
e757444c35 qubes/tools/qvm-features: add tool for managing qvm-features
QubesOS/qubes-issues#1637
2016-05-19 03:02:24 +02:00
Wojtek Porczyk
786884ad7a qubes: fix netvm properties and tests
fixes QubesOS/qubes-issues#1816
2016-05-19 03:02:23 +02:00
Marek Marczykowski-Górecki
405fd40aaa
Add policy for qubes.OpenURL service
For now the same as for qubes.OpenInVM.

Fixes QubesOS/qubes-issues#1487
2016-05-18 02:03:48 +02:00
Wojtek Porczyk
63c09a090c qubes: Combat import cycles
This commit eliminates import statements happening in the middle of the
file (between two classes definition). The cycles are still there. The
only magic module is qubes itself.
2016-05-05 14:33:09 +02:00
Bahtiar `kalkin-` Gadimov
7200e6153b
Rename default storage driver from xen to file
- Rename XenPool   ⇒ FilePool
- Rename XenVolume ⇒ FileVolume
2016-04-30 20:42:46 +02:00
Bahtiar `kalkin-` Gadimov
9674d03088 Add pool LinuxKernel 2016-04-25 07:17:18 +02:00
Bahtiar `kalkin-` Gadimov
36470310a2 Replace pool config parsing logic
- Move add_pool/remove_pool to Qubes class
- Add Qubes.get_pool
- Remove storage.conf
2016-04-25 07:16:37 +02:00
Wojtek Porczyk
e720e1634b qubes/tools: rewrite qvm-shutdown
fixes QubesOS/qubes-issues#1228
2016-04-20 13:52:58 +02:00
Marek Marczykowski-Górecki
eaf5efd814
tests: convert 'extra' test loader to core3 API
QubesOS/qubes-issues#1800
2016-04-11 13:50:19 +02:00
Marek Marczykowski-Górecki
8c6fe7ed90
Merge remote-tracking branch 'origin/master' into core3-devel-mm 2016-04-11 13:03:12 +02:00
Marek Marczykowski-Górecki
c55ca8004a tests: port backupcompatibility to core3 API 2016-04-07 13:21:00 +02:00
Marek Marczykowski-Górecki
8c5d42a095 backup: add support for restoring pre-core3 backups 2016-04-07 13:21:00 +02:00
Marek Marczykowski-Górecki
e0686e1e02 backup: initial conversion to core3 API 2016-04-07 13:05:25 +02:00
Marek Marczykowski-Górecki
6052143735 tests: qvm-prefs
QubesOS/qubes-issues#1248
2016-04-07 12:57:57 +02:00