Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,484 Commits 1 Branch 0 Tags 15 MiB
1c836531c7
Commit Graph

4484 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wojtek Porczyk
c228bc934e ci/pylintrc: disable deprecated-method 
Pylint deprecated-method report interferes with asyncio.ensure_future
compatibility monkeypatch. The function asyncio.async was renamed
between 3.4.3 (fc23) and 3.4.4 (what is currently on Travis). For
reference, debian stable has 3.4.2.
 2017-03-02 13:08:25 +01:00
Marek Marczykowski-Górecki
f7d73893d7
qubes/storage: py3k related fixes 2017-03-01 21:50:06 +01:00
Wojtek Porczyk
c2a0d34ade pylint: do not interpret asyncio.ensure_future compat hack 2017-03-01 18:30:49 +01:00
Wojtek Porczyk
865ab10a0c qubesd+mgmt: convert mgmt functions to coroutines 
QubesOS/qubes-issues#2622
 2017-03-01 17:31:37 +01:00
Marek Marczykowski-Górecki
3e0f225938
qubes: allow 'property' object comparing with str 
This will allow checking if a given name is valid property name, using
simple `name in vm.property_list()`.

QubesOS/qubes-issues#853
 2017-02-27 21:57:56 +01:00
Marek Marczykowski-Górecki
2169075807
qubesd: fix response message header 
Type is not 16 bit big-endian. Encode it as 8bit code and \x00 as
delimiter explicitly.

QubesOS/qubes-issues#853
 2017-02-27 21:43:14 +01:00
Marek Marczykowski-Górecki
6ab7032b11
qubes/mgmt: encode VM name without quotes 
That's how it is in the specification.

QubesOS/qubes-issues#853
 2017-02-27 21:42:30 +01:00
Marek Marczykowski-Górecki
f4616fc366
qubesd: make qubesd socket qubes-group owned 
QubesOS/qubes-issues#853
 2017-02-27 21:42:06 +01:00
Marek Marczykowski-Górecki
c454973596
qubes/mgmt: use keyword arguments in events 
QubesOS/qubes-issues#853
 2017-02-27 20:56:16 +01:00
Marek Marczykowski-Górecki
751415434c
backup: make hmac verification more defensive 
Check HMAC file size, read it as binary or with 'ascii' encoding only.
 2017-02-27 02:37:52 +01:00
Marek Marczykowski-Górecki
a6c7da6061
tests: be even more defensive on cleaning up VMs 
Don't fail even if qubes-test.xml do not load at all because of syntax
error - for example empty file.
 2017-02-27 02:37:52 +01:00
Marek Marczykowski-Górecki
c5a8135fdb
fix misplaced comment 2017-02-27 02:37:51 +01:00
Marek Marczykowski-Górecki
45709b510a
backup: minor fixes after bringing back scrypt support 2017-02-27 02:37:51 +01:00
Marek Marczykowski-Górecki
1363251438
Revert "Revert "backup: use 'scrypt' tool for backup encryption and integrity protection"" 
This reverts commit 0f1672dc63.

Bring it back. Lets not revert the whole feature just because required
package exists only in qubes-builder, not in some online repository.
Also, this revert didn't go as planned - there was a reference to a
'passphrase' local variable, but it wasn't assigned any value.

Cc: @woju
 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
13fc810363
tests: some more fixes for core3 API 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
3ecc0a9bcb
tests: improve devices API unit test 
Check fired events - inspired by qvm-device test.
 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
7f2ca33774
tests: fix importing template in non-default pool 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
3726c7d9c3
python: decode xrandr output earlier, don't use regexp on bytes 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
5e43d26abd
qubes: unify property ordering 
We already have property ordering defined in property_list(), lets move
it to proper place: property.__lt__.
 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
9ace4e66f1
tests: more py3k related fixes 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
33416f2549
qmemman: update for py3k 
This just make the code compatible with py3k, but nothing more.
Converting to asyncio is probably the next step.
 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
2c3e112951
backup: one more py3k related fix 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
e52d8fb051
qubes: allow passing name of class to app.add_new_vm 
This will allow more flexible API usage, especially when using mgmt API
- we need to use VM type as string there.
We don't lose any flexibility here - VM class names needs to be uniquely
identified by a string (used in qubes.xml) anyway.
 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
cae68f64ca
tests: just one more test in vm_qrexec_gui to core3 API 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
3f29345d32
tests/storage: read-only volume should not have save_on_stop=True 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
5ee05e06e5
qubes/core2migration: update locking API 
Sync with 0141e1a "qubes/app: Allow keeping lock after load"
 2017-02-27 02:37:47 +01:00
Marek Marczykowski-Górecki
570cbe5225
qubes: py3k related fixes 2017-02-27 02:37:45 +01:00
Marek Marczykowski-Górecki
9c5c70fe25
qubes/backup: py3k related fixes 
- str/bytes usage
- functools.reduce
- dict.items instead of dict.iteritems etc
 2017-02-27 02:35:50 +01:00
Marek Marczykowski-Górecki
f2a1687879
typos in comments 2017-02-27 02:35:49 +01:00
Marek Marczykowski-Górecki
9cad353939
tests: py3k related fixes - bytes/str 
Adjust usage of bytes vs str type.
 2017-02-27 02:35:49 +01:00
Marek Marczykowski-Górecki
d68499f17f
qubes: add property ordering 2017-02-27 02:35:49 +01:00
Wojtek Porczyk
be53db4db9 qubes/events: they accept only keyword arguments 
Positional arguments are hereby deprecated, with immediate effect.

QubesOS/qubes-issues#2622
 2017-02-21 14:46:42 +01:00
Wojtek Porczyk
48f10a79c9 qubes/tools/qubesd: add response header 
QubesOS/qubes-issues#2622
 2017-02-21 14:46:42 +01:00
Wojtek Porczyk
25d81b8ab6 Merge remote-tracking branch 'origin/pull/88/head' into core3-devel 2017-02-15 12:17:41 +01:00
Marek Marczykowski-Górecki
e50b17a6b3
tools/qvm-features: make pylint happy 
reduce number of return statements.
 2017-02-15 00:01:33 +01:00
Marek Marczykowski-Górecki
a317e81d7e
qubes/ext/gui: adjust shm.id path 
It's moved to /var/run/qubes and now is built based on $DISPLAY.
 2017-02-15 00:01:33 +01:00
Marek Marczykowski-Górecki
1c20aae98a
Fix libvirt xml template for HVM domains 
QubesOS/qubes-issues#2185
 2017-02-15 00:01:33 +01:00
Marek Marczykowski-Górecki
bd9300b38e
tests: copy pool configuration into qubes-test.xml 
If template choosen for the tests is installed in non-default storage
pool, this pool also needs to be imported into qubes-test.xml.
 2017-02-15 00:01:33 +01:00
Marek Marczykowski-Górecki
0c43329188
tools/qvm-features: fix handling empty list of features 2017-02-15 00:01:33 +01:00
Marek Marczykowski-Górecki
98edc9779c
tools/qvm-features: fix domain argument handling 
It's args.domains[0], not args.vm.
 2017-02-15 00:01:33 +01:00
Marek Marczykowski-Górecki
c3fc4062d8
tests: add basic test for qvm-features 2017-02-15 00:01:33 +01:00
Marek Marczykowski-Górecki
0b7145f67d
travis: drop debootstrap workaround 
Move to qubes-builder

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
 2017-02-14 23:59:07 +01:00
Marek Marczykowski-Górecki
bcab92ee64
qubes/vm: make sure to close qmemman socket after failed startup 
If qmemman socket isn't closed, it will block other VM startups.
 2017-02-14 23:59:07 +01:00
Marek Marczykowski-Górecki
01aedb7f18
storage: fix handling snap_on_start=True file volumes 
Use the right cow image and apply the second layer to provide read-write
access. The correct setup is:
 - base image + base cow -> read-only snapshot (base changes "cached"
   until committed)
 - read-only snapshot + VM cow -> read-write snapshot (changes discarded
   after VM shutdown)

This way, even VM without Qubes-specific startup scripts will can
benefit from Template VMs, while VMs with Qubes-specific startup scripts
may still see original root.img content (for possible signature
verification, when storage domain got implemented).

QubesOS/qubes-issues#2256
 2017-02-14 23:59:07 +01:00
Marek Marczykowski-Górecki
b89689e278
storage: implement two-layers of dm-snapshot in block-snapshot script 
Have dm-snapshot of dm-snapshot. The first layer is to "cache" changes
done by base volume holder (TemplateVM in case of root.img), the second
layer is to hold changes do by snapshot volume holder (AppVM in case of
root.img). In case of Linux VMs the second layer is normally done inside
of VM (original volume is exposed read-only). But this does not work for
non-Linux VMs, orr even Linux but without qubes-specific startup
scripts.

This is first part of the change - actual construction of two layers of
dm-snapshot, not plugged in to core scripts yet.

QubesOS/qubes-issues#2256
 2017-02-14 23:59:07 +01:00
Marek Marczykowski-Górecki
48f78dfbc8
tests: check if snap_on_start=True volumes are not persistent 
Content should be reset back to base volume at each VM startup.
Disposable VMs depend on this behaviour.

QubesOS/qubes-issues#2256
 2017-02-14 23:59:07 +01:00
Wojtek Porczyk
8e678c0172 qubes/mgmt: mgmt.vm.property.Reset 
QubesOS/qubes-issues#2622
 2017-02-14 11:37:17 +01:00
Wojtek Porczyk
ada0437f52 qubes/mgmt: mgmt.vm.property.Help 
QubesOS/qubes-issues#2622
 2017-02-13 21:28:27 +01:00
Wojtek Porczyk
e8a5bc9b36 qubesd: improve exception handling 
QubesOS/qubes-issues#2622
 2017-02-10 23:25:45 +01:00
Wojtek Porczyk
249d8c08e2 qubes/tools/qubesd-query: low-level interrogation tool 2017-02-10 23:25:45 +01:00