Commit Graph

175 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
fbfaa98b80
Implement offline mode in qubes-set-updates tool 2015-08-03 22:29:31 +02:00
Marek Marczykowski-Górecki
a425873e73
core: add offline mode to qvm-pci
Called on LiveUSB system before libvirtd starts.
2015-08-01 22:02:16 +02:00
Marek Marczykowski-Górecki
52d7de006b
do not print scary message when qvm-create --force-root is used 2015-08-01 21:58:43 +02:00
Marek Marczykowski-Górecki
90393c33f2
core: add offline mode to qvm-create, qvm-prefs
This is required to create VMs in process of building Live system, where
libvirt isn't running.

Additionally there is no udev in the build environment, so needs to
manually create /dev/loop*p* based on sysfs info.
2015-08-01 21:58:38 +02:00
Marek Marczykowski-Górecki
4a01c53787
qvm-tools: update qvm-trim-template for R3 block attach api 2015-07-22 05:46:12 +02:00
Marek Marczykowski-Górecki
b47c74c3a4 qvm-tools: fix usage info for qvm-template-commit 2015-07-08 05:58:29 +02:00
Marek Marczykowski-Górecki
6c167911f1 qvm-sync-clock: hide stdout in non-verbose mode 2015-07-08 01:59:49 +02:00
Marek Marczykowski-Górecki
5f9a30d335 qvm-sync-clock: use qubes.SetDateTime service instead of direct "date" call
This way it gives more control over time synchronization to the VM. For
example Whonix VMs can decide to not use this mechanism. Also VM can
choose how that time will be set (chronyc call?). And finally it will be
possible to implement the same for other OS-es (Windows).

Additionally because of calling date as "localcmd" each time, instead of
once at the beginning, time synchronization is more accurrate now. If
some VM stall the time set call, other VMs time will no longer be
affected (but still synchronization will be delayed).
2015-07-08 01:56:38 +02:00
Marek Marczykowski-Górecki
f7c86f861c Prevent GUI usage in qvm-sync-clock 2015-06-23 00:15:21 +02:00
Zrubi
2c1889acbb YML output fix
(cherry picked from commit 53260bd66ba3f0b2cc62b9488d67cdcdb6cec1e8)
2015-06-12 10:25:02 +02:00
Zrubi
d43848d163 YML output fix
(cherry picked from commit 60cf12b4fdea0d119c1b8ca0c84f77bd4877f843)
2015-06-02 11:18:18 +02:00
Marek Marczykowski-Górecki
9cbf9a8a59 Add support for 'pci_strictreset' option
This allows to assign PCI device to the VM, even if it doesn't support
proper reset. The default behaviour (when the value is True) is to not
allow such attachment (VM will not start if such device is assigned).

Require libvirt patch for this option.
2015-05-28 00:11:17 +02:00
Marek Marczykowski-Górecki
acbdb3a261 qvm-tools: do not show scary message on --force-root
When this option is used, the user probably already got that message.
Also some internal scripts are using this (for example template
pre-uninstall script).

Conflicts:
	qvm-tools/qvm-remove
2015-05-23 04:43:51 +02:00
Marek Marczykowski-Górecki
8aaef404de qvm-prefs: add an option to get a single VM property
Could be useful for scripts
2015-05-15 03:22:06 +02:00
Zrubi
770cf5cce0 Wiki -> YML output format change + basic TPM detection
(cherry picked from commit 28097bfdf1e3220a9de295cb7621d611d4f0620b)
2015-05-10 03:29:20 +02:00
Marek Marczykowski-Górecki
1d69f2c24a qvm-tools: fix qvm-firewall -r 2015-04-28 15:00:50 +02:00
Marek Marczykowski-Górecki
c421dc2a95 Prevent concurrent qvm-sync-clock calls
In some cases qvm-sync-clock can take a long time (for example in case
of network problems, or when some do not responds). This can lead to
multiple qvm-sync-clock hanging for the same reason (blocking vchan
resources). To prevent that create a lock file and simply abort when one
instance is already running.
2015-04-28 15:00:50 +02:00
Marek Marczykowski-Górecki
08c8c919a5 minor indentation fix 2015-04-10 19:05:42 +02:00
Marek Marczykowski-Górecki
7516737fae core: Add "dispvm_netvm" property - NetVM for DispVMs started from a VM
This allows to specify tight network isolation for a VM, and finally
close one remaining way for leaking traffic around TorVM. Now when VM is
connected to for example TorVM, its DispVMs will be also connected
there.
The new property can be set to:
 - default (uses_default_dispvm_netvm=True) - use the same NetVM/ProxyVM as the
 calling VM itself - including none it that's the case
 - None - DispVMs will be network-isolated
 - some NetVM/ProxyVM - will be used, even if calling VM is network-isolated

Closes qubesos/qubes-issues#862
2015-04-04 21:47:31 +02:00
Marek Marczykowski-Górecki
999698bd68 core: rename create_xenstore_entries, get rid of xid parameter
It have nothing to do with xenstore, so change the name to not mislead.
Also get rid of unused "xid" parameter - we should use XID as little as
possible, because it is not a simple task to keep it current.
2015-03-28 22:36:28 +01:00
Marek Marczykowski-Górecki
6b05d5b392 Add qvm-trim-template tool
Based on work done by Matt McCutchen <matt@mattmccutchen.net>, details
here:
https://groups.google.com/d/msgid/qubes-users/1417939737.2033.24.camel%40localhost
2015-01-30 01:39:59 +01:00
Marek Marczykowski-Górecki
25c425920c qvm-tools: fix error reporting in qvm-kill 2015-01-30 01:38:56 +01:00
Marek Marczykowski-Górecki
73301a67c8 core: fix vm.run(..., passio=False) handling
Long time ago passio=True was used to replace current process with
qrexec-client directly (qvm-run --pass-io was the called), but this
behaviour is not used anymore (qvm-run was the only user). And this
option was left untouched, with misleading name - one would assume that
using passio=False should disallow any I/O, but this isn't the case.

Especially qvm-sync-clock is calling clockvm.run('...', wait=True),
default value for passio=False. This causes to output data from
untrusted VM, without sanitising terminal sequences, which can be fatal.

This patch changes passio semantic to actually do what it means - when
set to True - VM process will be able to interact with
stdin/stdout/stderr. But when set to False, all those FDs will be
connected to /dev/null.

Conflicts:
	core-modules/000QubesVm.py
2015-01-30 01:38:52 +01:00
Marek Marczykowski-Górecki
d4ab70ae9d core: update qvm-block code for HAL API
Use QubesDB to get list of devices, call libvirt methods to
attach/detach devices.
2014-12-12 03:59:01 +01:00
Zrubi
b4e0833cb7 qubes-hcl-report v2.2
- Network devices section added to HCL Info output
2014-12-05 19:33:17 +01:00
Zrubi
55fce5dd36 qubes-hcl-report v2.1
- script redesign,
- fixed VT-d, VT-x detection,
- Support File generation is optional,
- the results are kept in dom0 by default,
- version and usage info added.

(cherry picked from commit f5845b2df1db19da37f02ace24f29a82660c39ff)
2014-12-05 17:06:17 +01:00
Marek Marczykowski-Górecki
467477409d makefile/windows: install qvm-tools with .py extension
So system will automatically run them with python interpreter (wherever
it is installed). This require to have ".py" in PATHEXT variable.
2014-11-19 12:50:26 +01:00
Marek Marczykowski-Górecki
eaac99bf64 qvm-tools: check if running as root only on systems with os.geteuid 2014-11-19 12:50:26 +01:00
Marek Marczykowski-Górecki
0009805041 rpm+makefile: move build/install code to Makefile files
This makes build "scripts" not tied to Fedora-specific files. Especially
ease porting to other platforms.
2014-11-19 12:50:24 +01:00
Marek Marczykowski
5a28074c2b qvm-template-commit: add --offline-mode option
Allow force offline mode (disable check if VM isn't running) - useful
for running from anaconda (inside of chroot).
2014-11-19 12:48:27 +01:00
Marek Marczykowski
b8c62c0279 Wrap all VMM connection related object into QubesVMMConnection class
This makes easier to import right objects in submodules (only one
object). This also implement lazy connection - at first access, not at
module import, which speeds up tools, which doesn't need runtime
information (like qvm-prefs or qvm-service). In the future this will
ease migration from xenstore to QubesDB.

Also implement "offline mode" - operate on qubes.xml without connecting
to VMM - raise exception at such try.
This is needed to run tools during installation, where only minimal
set of services are started, especially no libvirt.
2014-11-19 12:48:26 +01:00
Marek Marczykowski-Górecki
19d064ca66 qvm-tools/qvm-run: do not echo empty line, remove unneeded imports 2014-11-10 02:25:27 +01:00
Marek Marczykowski-Górecki
ac155705d1 qvm-tools/qvm-run: remove --shutdown option
There is separate tool for this operation (qvm-shutdown). qvm-run
options related to shutdown (--wait, --force) can be confusing to the
user.
2014-11-10 02:24:43 +01:00
Marek Marczykowski-Górecki
96d5b47cce qvm-tools/qvm-backup: add --debug option 2014-09-26 14:42:25 +02:00
Marek Marczykowski-Górecki
68460fb272 qvm-tools/qvm-shutdown: handle domains with xl daemon killed (#903)
When system is going down, systemd kills all the users processes,
including 'xl' daemons waiting for domain shutdown. This results in
zombie domains not cleaned up. The proper fix would be somehow extract
those processes from user session scope (most likely by starting them as
a service).

But because it applies only to system shutdown (qvm-shutdown
call there), it is simpler to add appropriate handling code to
qvm-shutdown.

In R3 the problem will vanish, because of use libvirtd deamon, so no
user processes required to track domains state.
2014-09-26 02:18:42 +02:00
Marek Marczykowski-Górecki
fc7d686b2e qvm-tools/qvm-shutdown: do not kill already dead VM
When VM stop just when the timeout expires, qvm-shutdown should not try
to kill it - this would result in QubesException("VM already stopped!").
2014-09-25 05:47:35 +02:00
Marek Marczykowski-Górecki
a40e946a3f backups: add qvm-backup-restore --debug option 2014-09-17 23:12:27 +02:00
Marek Marczykowski-Górecki
b506a0cc15 backups: make the restore more defensive
Continue restore even if some fails failed to extract
2014-09-17 23:12:27 +02:00
Marek Marczykowski-Górecki
228ae07543 backups: improve errors handling
Report nice error message (not a traceback), interrupt the process on
non-recoverable error (when extraction process is already dead).
2014-09-17 14:43:41 +02:00
Marek Marczykowski-Górecki
f0bbb28398 backups: implement verify-only option (#863) 2014-09-17 14:43:27 +02:00
Marek Marczykowski-Górecki
591826daa2 qvm-tools: fix error message for setting vcpus using qvm-prefs
Simple typo, but results in exception.
2014-09-16 01:21:21 +02:00
Marek Marczykowski-Górecki
4913fc4fbc qvm-tools: improve messages for qvm-create --root-{move,copy}
There was no separate message, so it looked like registering appmenus
takes a long time.
2014-09-16 01:20:06 +02:00
Marek Marczykowski-Górecki
6dbaede3d0 qvm-tools/qubes-prefs: report empty setting as empty string instead of "none" (#894) 2014-09-04 23:58:32 +02:00
Hakisho Nukama
be8d807624 removed duplicated comment tag 2014-09-04 23:31:38 +02:00
Marek Marczykowski-Górecki
e5a6f58851 dispvm: by default use default dispvm-prerun script
Assume "--default-script" when no second argument given.
2014-07-02 02:31:22 +02:00
Marek Marczykowski-Górecki
c9ff9c2258 Revert "dispvm: use < 3.12 kernel if possible (#868)"
This reverts commit 7ce6601853.
3.12+ kernel fixed, so no longer needed.
2014-06-27 17:31:32 +02:00
Marek Marczykowski-Górecki
7ce6601853 dispvm: use < 3.12 kernel if possible (#868)
3.12+ is known to have broken balloon driver after save+restore.
2014-06-27 03:24:41 +02:00
Zrubi
dcba6b930a qubes-hcl-report: collect and print RAM and HDD info. 2014-06-25 14:06:19 +02:00
Marek Marczykowski-Górecki
1ed9c74d83 Rearrange code to not import PyQt on every qvm-* call
Move notification functions to separate file (out of guihelpers).
2014-06-05 01:59:42 +02:00
Marek Marczykowski-Górecki
6e8dc37f9b qvm-tools: add customizable VM output color 2014-05-26 01:31:39 +02:00
Marek Marczykowski-Górecki
44f38fe076 Declare file encoding for all python files, fill missing copyright headers
Without that, python do not accept UTF-8 even in comments.
2014-05-18 21:03:27 +02:00
Wojciech Zygmunt Porczyk
04df26ab70 qvm-firewall: use socket.getservby(name|port)
instead of parsing /etc/services

(#829)
2014-05-16 18:55:30 +02:00
Wojciech Zygmunt Porczyk
45318ecb43 regexp fixes and validation (#829) 2014-05-16 18:35:59 +02:00
Hakisho Nukama
0d47157f3b qubes-hcl-report: more output added - wikis source format. 2014-05-09 17:14:17 +02:00
Marek Marczykowski-Górecki
b8b2733114 core: fix un-setting global VMs (default netvm, clockvm etc) 2014-05-05 05:24:04 +02:00
Marek Marczykowski-Górecki
3914835ceb backups: add option to disable encryption
While the encryption is enabled by default in reasonable cases, allow the
user to disable it if he/she want to.
2014-05-05 05:22:57 +02:00
Marek Marczykowski-Górecki
bb9d8bbf78 Remove qubes-dom0-network-via-netvm tool (#820)
If someone really needs it for debuging he/she should be able to either
do it manually (xl network-attach...) or at worst case retrieve this
tool from git history.
2014-04-16 16:44:41 +02:00
Marek Marczykowski-Górecki
0695a5ff82 qvm-sync-clock: don't show unverified output to the terminal 2014-04-15 04:14:45 +02:00
Marek Marczykowski-Górecki
ac7746feed qvm-run: add color output and filtering escape sequences
This makes VM output clearly distinguishable
2014-04-15 03:19:48 +02:00
Marek Marczykowski-Górecki
5cbfb64a57 qubesutils: enable/disable updates check on all the VMs and dom0 (#800) 2014-04-11 07:06:12 +02:00
Marek Marczykowski-Górecki
cd6504f8ea qvm-tools: add qvm-ls --raw-list for machine readable VM list 2014-04-11 02:18:43 +02:00
Marek Marczykowski-Górecki
5704b41a45 hvm: seamless_gui_mode setting, including runtime change support (#810) 2014-04-01 01:12:35 +02:00
Zrubi
133e8ddcc3 qubes-hcl-report - bugfix 2014-03-28 07:28:43 +01:00
Marek Marczykowski-Górecki
242590902a firewall: minor improvements
Do not require ports specified in rule - useful for "any" protocol where
ports doesn't have sense.
2014-03-28 02:55:35 +01:00
Marek Marczykowski-Górecki
e90e1c62ec proxyvm: add support for rules with expire time (#760) 2014-03-28 02:54:59 +01:00
Marek Marczykowski-Górecki
91428ebaa1 core: method to resize root.img (#699) 2014-03-21 18:43:13 +01:00
Marek Marczykowski-Górecki
dda1bbc41a backups/qvm-backup: show all warnings at one place, clarify pass phrase prompt (#801) 2014-03-17 21:26:42 +01:00
Marek Marczykowski-Górecki
5d7688a2fe backups: allow provide full path for the backup (instead of directory) (#801)
This will allow the user to choose custom filename, instead of
auto generated 'qubes-backup-XXX'.
2014-03-17 21:15:39 +01:00
Marek Marczykowski-Górecki
61c10d7621 qvm-tools: display date of last backup 2014-03-10 04:29:46 +01:00
Marek Marczykowski-Górecki
ab094a623a qvm-tools: remove files after failed VM clone 2014-02-22 01:26:51 +01:00
Marek Marczykowski-Górecki
4ff39859c4 backups/qvm-tools: decode password using console encoding 2014-02-05 06:53:07 +01:00
Marek Marczykowski-Górecki
ca31b57ee3 backups: improve help message 2014-02-05 02:49:26 +01:00
Marek Marczykowski-Górecki
60d373dbda qvm-tools: grammar fix in help message
might be repeated -> may be repeated
2014-01-23 04:50:14 +01:00
Marek Marczykowski-Górecki
a4d1ede69b backups/qvm-tools: add an option to restore only selected VMs (#766) 2014-01-19 04:52:13 +01:00
Marek Marczykowski-Górecki
dc34b6c94c qvm-backup: automatically start destination VM (#767) 2014-01-15 05:52:46 +01:00
Marek Marczykowski-Górecki
d473140dff qvm-backup: encrypt the backup when custom enc algo specified
Also move forcing encryption earlier to have VM names hidden
(backup_prepare call).
2014-01-15 05:51:52 +01:00
Marek Marczykowski-Górecki
16f8e46f68 qvm-backup: automatically exclude destination VM from backup (#767) 2014-01-15 05:51:18 +01:00
Marek Marczykowski-Górecki
8921df90d8 qvm-backup: add options to specify custom hmac/enc algorithms 2014-01-15 05:34:35 +01:00
Marek Marczykowski-Górecki
adbec8e843 backups/qvm-backup: force encryption if backup is sent to AppVM (#769) 2014-01-15 05:34:21 +01:00
Marek Marczykowski-Górecki
4b493b6d9a backups: unify compress/encrypt parameter names 2014-01-15 03:45:12 +01:00
Marek Marczykowski-Górecki
8d445beebb backups: fix qvm-backup-restore calls
Do not use backup_restore_header, it is called from
backup_restore_prepare now.
2014-01-15 03:36:45 +01:00
Marek Marczykowski-Górecki
40953176f4 backups: reorganise restore API
Call backup_restore_header from backup_restore_prepare, there is no
sense in requiring the user to call them separately. Also store all
parameters in restore_info object as special '$OPTIONS$' VM to not
require passing them twice (with all the chances for the errors).
2014-01-13 04:45:02 +01:00
Marek Marczykowski-Górecki
e2c19e0bc4 qvm-tools: fix typo in qvm-start 2014-01-10 03:32:22 +01:00
Marek Marczykowski-Górecki
f18717d192 qvm-tools: update log names reported by qvm-start in debug mode 2013-12-17 23:59:16 +01:00
Marek Marczykowski-Górecki
177c40d18f qvm-tools: do not crash qvm-run/qvm-start --tray when no notification service available 2013-12-15 22:53:06 +01:00
Marek Marczykowski-Górecki
4505d643f9 qvm-tools: one more fix for qvm-check tool 2013-12-13 22:52:18 +01:00
Marek Marczykowski-Górecki
ac9823e6f1 qvm-tools: indentation fix in qvm-check 2013-12-11 21:28:04 +01:00
Zrubi
c8f4dc70e8 qubes-hcl-report update 2013-12-11 21:27:10 +01:00
Marek Marczykowski-Górecki
99b001502a backups: compression support 2013-12-02 14:05:41 +01:00
Marek Marczykowski-Górecki
27f6f0e64e Merge branch 'new-backups'
Conflicts:
	core-modules/000QubesVm.py
2013-11-29 04:00:58 +01:00
Marek Marczykowski-Górecki
10100767da backups: hide VM names in encrypted backup
Even when encrypted backup is selected, file list isn't encrypted. Do
not leak VM names in the filenames.
2013-11-27 03:19:23 +01:00
Marek Marczykowski-Górecki
fa35b1dd55 qvm-tools: add --root-move-from/--root-copy-from options to qvm-create 2013-11-25 17:15:45 +01:00
Marek Marczykowski-Górecki
17c5d22083 qvm-tools: fix qvm-create --hvm* --root args parsing 2013-11-25 17:15:15 +01:00
Marek Marczykowski-Górecki
919b9455f8 qvm-tools: fix args parsing for qvm-create --hvm-template 2013-11-25 14:27:43 +01:00
Marek Marczykowski-Górecki
5033b53543 core: split HVM template into separate class 2013-11-25 07:18:01 +01:00
Marek Marczykowski-Górecki
0fcceb324d backups: fix appvm handling in qvm-backup-restore 2013-11-25 06:33:31 +01:00
Marek Marczykowski-Górecki
d7e3f3cb0a backups: qvm-backup: check if /var/tmp have enough space 2013-11-25 05:43:15 +01:00
Marek Marczykowski-Górecki
3a898db663 backups: Prompt for password twice for verification 2013-11-25 05:42:47 +01:00
Marek Marczykowski-Górecki
c781a522d8 backups: move backup code to separate file
Also some major cleanups: Reduce some more code duplication
(verify_hmac, simplify backup_restore_prepare). Rename
backup_dir/backup_tmpdir variables to better match its purpose. Rename
backup_do_copy back to backup_do.  Require QubesVm object (instead of VM
name) as appvm param.
2013-11-25 05:41:13 +01:00
Marek Marczykowski-Górecki
07ae02915f backups: add missing import in qvm-backup 2013-11-25 00:55:10 +01:00