Commit Graph

598 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
83526a28d3
qubesd: add second socket for in-dom0 internal calls
This socket (and commands) are not exposed to untrusted input, so no
need to extensive sanitization. Also, there is no need to provide a
stable API here, as those methods are used internally only.

QubesOS/qubes-issues#853
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
c9b5d0ab15
policy: qrexec-policy cli tool
This is the tool called by qrexec-daemon.
2017-04-06 15:43:17 +02:00
Marek Marczykowski-Górecki
e705a04cc5
qubespolicy: initial version for core3
This is rewritten version of core-admin-linux/qrexec/qrexec-policy.

It's placed outside of `qubes` module on purpose - to avoid imporing it,
which require a lot of time.

QubesOS/qubes-issues#865
QubesOS/qubes-issues#910
2017-04-06 15:43:17 +02:00
Wojtek Porczyk
1b9479837a Merge remote-tracking branch 'marmarek/core3-mgmt-methods1' into core3-devel
Conflicts:
	qubes/mgmt.py
2017-04-01 18:33:54 +02:00
Wojtek Porczyk
8defc883a4 spec: update and tidy up python dependencies
QubesOS/qubes-issues#2622
2017-03-31 00:46:37 +02:00
Wojtek Porczyk
8e3621c4e5 Move libviraio to core-libvirt, may be upstreamed
QubesOS/qubes-issues#2622
2017-03-22 15:30:55 +01:00
Marek Marczykowski-Górecki
944bb26369
tests/mgmt: VM property related functions 2017-03-16 20:04:05 +01:00
Marek Marczykowski-Górecki
1363251438
Revert "Revert "backup: use 'scrypt' tool for backup encryption and integrity protection""
This reverts commit 0f1672dc63.

Bring it back. Lets not revert the whole feature just because required
package exists only in qubes-builder, not in some online repository.
Also, this revert didn't go as planned - there was a reference to a
'passphrase' local variable, but it wasn't assigned any value.

Cc: @woju
2017-02-27 02:37:50 +01:00
Wojtek Porczyk
25d81b8ab6 Merge remote-tracking branch 'origin/pull/88/head' into core3-devel 2017-02-15 12:17:41 +01:00
Marek Marczykowski-Górecki
c3fc4062d8
tests: add basic test for qvm-features 2017-02-15 00:01:33 +01:00
Wojtek Porczyk
249d8c08e2 qubes/tools/qubesd-query: low-level interrogation tool 2017-02-10 23:25:45 +01:00
Wojtek Porczyk
c12fc744a2 qubes/mgmt: move mgmt api to separate module
QubesOS/qubes-issues#2622
2017-02-09 23:29:05 +01:00
Wojtek Porczyk
0be3b1fbb1 qubes/tools/qubesd: initial version 2017-02-07 17:07:53 +01:00
Wojtek Porczyk
1be75d9c83 misc python3 fixes 2017-02-07 17:07:52 +01:00
Wojtek Porczyk
9f7ba53eec fix Makefile, setup.py, spec and travis
QubesOS/qubes-issues#2074
2017-01-20 18:31:09 +01:00
Wojtek Porczyk
0f1672dc63 Revert "backup: use 'scrypt' tool for backup encryption and integrity protection"
This reverts commit 418d749680.

Package `scrypt` is currently not installable (not present in any repo).

Cc: @marmarek
2016-12-05 18:36:13 +01:00
Wojtek Porczyk
25912f5787 qubes/tools: add qvm-tags
QubesOS/qubes-issues#865
2016-12-02 14:17:09 +01:00
Marek Marczykowski-Górecki
194fb9b99b
rpm: disable prelink only when present
It isn't installed by default.

QubesOS/qubes-issues#2412
2016-11-26 04:08:59 +01:00
Marek Marczykowski-Górecki
badc58837a
Add qvm-template-postprocess tool
This is intended to call to finish template installation/removal.
Template RPM package is basically container for root.img, nothing more.
Other parts needs to be generated after root.img extraction. Previously
it was open coded in rpm post-install script, but lets keep it as qvm
tool to ease supporting multiple version in template builder

QubesOS/qubes-issues#2412
2016-11-26 04:08:08 +01:00
Marek Marczykowski-Górecki
408606e0f0
rpm: adjust post-installation script for new tools
QubesOS/qubes-issues#2412
2016-11-26 04:08:08 +01:00
Wojtek Porczyk
a4d50409df Merge remote-tracking branch 'marmarek/core3-storage-fixes' into core3-devel 2016-11-15 17:36:53 +01:00
Marek Marczykowski-Górecki
b011cef8af
tests/storage: add tests for basic volumes properties
Things like if read-only volume is really read-only, volatile is
volatile etc.

QubesOS/qubes-issues#2256
2016-11-04 14:18:56 +01:00
Marek Marczykowski-Górecki
0471453773
storage/lvm: call lvm directly, don't use qubes-lvm wrapper
The wrapper doesn't do anything else than translating command
parameters, but it's load time is significant (because of python imports
mostly). Since we can't use python lvm API from non-root user anyway,
lets drop the wrapper and call `lvm` directly (or through sudo when
necessary).

This makes VM startup much faster - storage preparation is down from
over 10s to about 3s.

QubesOS/qubes-issues#2256
2016-11-04 14:18:55 +01:00
Marek Marczykowski-Górecki
418d749680
backup: use 'scrypt' tool for backup encryption and integrity protection
`openssl dgst` and `openssl enc` used previously poorly handle key
stretching - in case of `openssl enc` encryption key is derived using
single MD5 iteration, without even any salt. This hardly prevent
brute force or even rainbow tables attacks. To make things worse, the
same key is used for encryption and integrity protection which ease
brute force even further.
All this is still about brute force attacks, so when using long, high
entropy passphrase, it should be still relatively safe. But lets do
better.
According to discussion in QubesOS/qubes-issues#971, scrypt algorithm is
a good choice for key stretching (it isn't the best of all existing, but
a good one and widely adopted). At the same time, lets switch away from
`openssl` tool, as it is very limited and apparently not designed for
production use. Use `scrypt` tool, which is very simple and does exactly
what we need - encrypt the data and integrity protect it. Its archive
format have own (simple) header with data required by the `scrypt`
algorithm, including salt. Internally data is encrypted with AES256-CTR
and integrity protected with HMAC-SHA256. For details see:
https://github.com/tarsnap/scrypt/blob/master/FORMAT

This means change of backup format. Mainly:

1. HMAC is stored in scrypt header, so don't use separate file for it.
Instead have data in files with `.enc` extension.
2. For compatibility leave `backup-header` and `backup-header.hmac`. But
`backup-header.hmac` is really scrypt-encrypted version of `backup-header`.
3. For each file, prepend its identifier to the passphrase, to
authenticate filename itself too. Having this we can guard against
reordering archive files within a single backup and across backups. This
identifier is built as:

        backup ID (from backup-header)!filename!

For backup-header itself, there is no backup ID (just 'backup-header!').

Fixes QubesOS/qubes-issues#971
2016-10-28 11:53:32 +02:00
Marek Marczykowski-Górecki
36eb7f923f
qubes/tarwriter: add simple sparse-tar writer module
tar can't write archive with _contents_ of block device. We need this to
backup LVM-based disk images. To avoid dumping image to a file first,
create a simple tar archiver just for this purpose.

Python is not the fastest possible technology, it's 3 times slower than
equivalent written in C. But it's much easier to read, much less
error-prone, and still process 1GB image under 1s (CPU time, leaving
along actual disk reads). So, it's acceptable.
2016-10-05 01:54:41 +02:00
Marek Marczykowski-Górecki
96a4bb650b
qubes/tools: qvm-backup and qvm-backup-restore tools
Fixes QubesOS/qubes-issues#1213
Fixes QubesOS/qubes-issues#1214
2016-09-21 16:02:50 +02:00
Marek Marczykowski-Górecki
d4f29bb8b7
qubes: add qvm-firewall tool
Fixes QubesOS/qubes-issues#1815
2016-09-19 20:36:32 +02:00
Marek Marczykowski-Górecki
1da75a676f
qubes/firewall: new firewall interface
First part - handling firewall.xml and rules formatting.
Specification on https://qubes-os.org/doc/vm-interface/

TODO (for dom0):
 - plug into QubesVM object
 - expose rules in QubesDB (including reloading)
 - drop old functions (vm.get_firewall_conf etc)

QubesOS/qubes-issues#1815
2016-09-19 20:36:30 +02:00
Marek Marczykowski-Górecki
e8d011b83f
qubes/tools: add qvm-device tool (and tests)
Add a tool to manipulate various devices.

QubesOS/qubes-issues#2257
2016-09-03 20:41:05 +02:00
Marek Marczykowski-Górecki
fbb086aed5
tests: PCI devices tests
Just basic things for now.

QubesOS/qubes-issues#2257
2016-09-03 20:41:04 +02:00
Marek Marczykowski-Górecki
aa67a4512e
qubes/ext/pci: move PCI devices handling to an extension
Implement required event handlers according to documentation in
qubes.devices.

A modification of qubes.devices.DeviceInfo is needed to allow dynamic,
read-only properties.

QubesOS/qubes-issues#2257
2016-09-03 20:41:03 +02:00
Marek Marczykowski-Górecki
d8286b6dab
tests: port vm_qrexec_gui to core3 API 2016-08-17 22:41:57 +02:00
Marek Marczykowski-Górecki
e19df4c5b6
tests: port dispvm tests to core3 API
Some tests do not apply, as there is no savefile and attributes
propagation is much simpler. Dropped tests:
 - test_000_firewall_propagation
 - test_001_firewall_propagation
 - test_000_prepare_dvm

QubesOS/qubes-issues#2253
2016-08-17 04:15:35 +02:00
Marek Marczykowski-Górecki
660c726315
tests: add qvm-check 2016-08-09 05:14:13 +02:00
Marek Marczykowski-Górecki
f17f80ee9d
qubes/tools: add qvm-template-commit
This tool is called from /etc/xen/scripts/block-origin script at VM
shutdown.
2016-08-09 05:14:11 +02:00
Bahtiar `kalkin-` Gadimov
3ae6530cd8
Add lvm thin pool storage implementation 2016-08-03 02:57:42 +02:00
Bahtiar `kalkin-` Gadimov
7d11a7afbd
Add lvm tests 2016-08-03 02:57:41 +02:00
Bahtiar `kalkin-` Gadimov
8972254e22
Add qvm-check 2016-07-21 23:40:24 +02:00
Wojtek Porczyk
36e5bcd766 Merge remote-tracking branch 'origin/pull/39/head' into core3-devel 2016-07-21 16:43:25 +02:00
Bahtiar `kalkin-` Gadimov
e8d0e53f41 Remove duplicate entry from core-dom0.spec 2016-07-21 12:10:19 +02:00
Bahtiar `kalkin-` Gadimov
bcf1cfcb1f
Add qvm-clone(1) 2016-07-13 22:35:58 +02:00
Bahtiar `kalkin-` Gadimov
b9ddc00741
Add qvm-block 2016-06-23 13:16:08 +02:00
Wojtek Porczyk
677a3e51f4 Move libvirt XML network device to jinja 2016-06-16 13:29:15 +02:00
Wojtek Porczyk
ba20254888 Rewrite PCI attaching/detaching from xl to libvirt
The only remaining part is querying vm-side BDF. That can't be done
in libvirt.
2016-06-16 13:29:15 +02:00
Wojtek Porczyk
6a10daf7be Merge branch 'master' into core3-devel
Remains to be fixed:
  88cb62fc
  d2640b51
  958c2926
2016-06-13 19:03:46 +02:00
Marek Marczykowski-Górecki
a857ac3afb
Install dom0 qvm-* tools man pages by default 2016-06-04 16:57:13 +02:00
Marek Marczykowski-Górecki
88cb62fcf6
core: add pci_e820_host property
Enable e820_host option for VMs with PCI devices (to allow VM kernel to
deal with address space conflicts). But add a property to allow
disabling it.

Fixes QubesOS/qubes-issues#2019
2016-06-04 16:52:02 +02:00
Wojtek Porczyk
a615a45ecd Merge remote-tracking branch 'woju/pull/13/head' into core3-devel 2016-06-02 13:24:15 +02:00
Bahtiar `kalkin-` Gadimov
d703f2f44b
Add qvm-pool and manpage for it
- Use full import paths in qvm-pool
- Add, Remove, Info and List options set `Namespace.command`. This fixes a crash
  when `-o dir_path=/mnt/foo` is specified after `-a foo xen`.
- Remove `_List`
- Remove 'added pool' and 'removed pool' messages. Unix tools are quiet
- qvm-pool call app.save()
- Rename create_parser in get_parser
- Rename local_parser variables to just parser
- qvm-pool uses print_table
2016-05-30 13:31:54 +02:00
Bahtiar `kalkin-` Gadimov
baaac858bc
Add DomainPool
- All domain pool volumes are removable volumes
- DomainVolume uses device name as vid
2016-05-22 22:09:54 +02:00
Bahtiar `kalkin-` Gadimov
8959e5a77e
Implement qvm-remove
- Remove old qvm-remove
- Remove a log line from Storage, because it prints confusing lines, like:
    Removing volume kernel: /var/lib/qubes/vm-kernels/4.1.13-6/modules.img
2016-05-21 01:35:30 +02:00
Wojtek Porczyk
e757444c35 qubes/tools/qvm-features: add tool for managing qvm-features
QubesOS/qubes-issues#1637
2016-05-19 03:02:24 +02:00
Wojtek Porczyk
786884ad7a qubes: fix netvm properties and tests
fixes QubesOS/qubes-issues#1816
2016-05-19 03:02:23 +02:00
Marek Marczykowski-Górecki
405fd40aaa
Add policy for qubes.OpenURL service
For now the same as for qubes.OpenInVM.

Fixes QubesOS/qubes-issues#1487
2016-05-18 02:03:48 +02:00
Wojtek Porczyk
63c09a090c qubes: Combat import cycles
This commit eliminates import statements happening in the middle of the
file (between two classes definition). The cycles are still there. The
only magic module is qubes itself.
2016-05-05 14:33:09 +02:00
Bahtiar `kalkin-` Gadimov
7200e6153b
Rename default storage driver from xen to file
- Rename XenPool   ⇒ FilePool
- Rename XenVolume ⇒ FileVolume
2016-04-30 20:42:46 +02:00
Bahtiar `kalkin-` Gadimov
9674d03088 Add pool LinuxKernel 2016-04-25 07:17:18 +02:00
Bahtiar `kalkin-` Gadimov
36470310a2 Replace pool config parsing logic
- Move add_pool/remove_pool to Qubes class
- Add Qubes.get_pool
- Remove storage.conf
2016-04-25 07:16:37 +02:00
Wojtek Porczyk
e720e1634b qubes/tools: rewrite qvm-shutdown
fixes QubesOS/qubes-issues#1228
2016-04-20 13:52:58 +02:00
Marek Marczykowski-Górecki
eaf5efd814
tests: convert 'extra' test loader to core3 API
QubesOS/qubes-issues#1800
2016-04-11 13:50:19 +02:00
Marek Marczykowski-Górecki
8c6fe7ed90
Merge remote-tracking branch 'origin/master' into core3-devel-mm 2016-04-11 13:03:12 +02:00
Marek Marczykowski-Górecki
c55ca8004a tests: port backupcompatibility to core3 API 2016-04-07 13:21:00 +02:00
Marek Marczykowski-Górecki
8c5d42a095 backup: add support for restoring pre-core3 backups 2016-04-07 13:21:00 +02:00
Marek Marczykowski-Górecki
e0686e1e02 backup: initial conversion to core3 API 2016-04-07 13:05:25 +02:00
Marek Marczykowski-Górecki
6052143735 tests: qvm-prefs
QubesOS/qubes-issues#1248
2016-04-07 12:57:57 +02:00
Marek Marczykowski-Górecki
e319639146 qubes/vm: add StandaloneVM class 2016-04-07 12:57:52 +02:00
Jon Griffiths
5f3ffbbe36 Disable debug packages for core-dom0
Leave the 'proper' fix of making this package noarch commented
out for now, to allow this to be merged.

Comments as per the parallel submit to qubes-artwork.
2016-03-22 10:04:27 +13:00
Wojtek Porczyk
5eaf03c4a2 HVM part 1 2016-03-21 11:44:46 +01:00
Marek Marczykowski-Górecki
afd4573a02 ext/r3compatibility: create R3.x QubesDB entries
This allows the user to start VM based on "old" system (from R3.x) in
R4.0. For example after restoring from backup, or migration. This also
makes upgrade instruction much easier - no need complex recovery
instruction if one upgrade dom0 before upgrading all the templates.

QubesOS/qubes-issues#1812
2016-03-21 11:43:33 +01:00
Marek Marczykowski-Górecki
422f30b969 tests: port network tests to core3 API 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
394fa1e5d3 qubes/tests: tests for qubes.devices 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
0f9ca47d90 qubes/ext/guid: Move gui-related code to extension 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
d09bd5ab6a qubes: Convert QubesVM and Extension discovery to pkg_resources
QubesOS/qubes-issues#1238
2016-03-21 11:43:32 +01:00
Patrick Schleizer
cf5730934a
added to rpm_spec/core-dom0.spec 2016-03-14 22:50:46 +01:00
Marek Marczykowski-Górecki
c0c0e0022e tests: convert storage tests to core3 API
QubesOS/qubes-issues#
2016-03-03 01:18:17 +01:00
Marek Marczykowski-Górecki
fb74126e56 tests: convert dom0 update test to core3 API 2016-03-03 01:18:17 +01:00
Wojtek Porczyk
9eafa57539 Merge remote-tracking branch 'marmarek/master' into core3-devel
The following list is bollocks. There were many, many more.

Conflicts:
    core-modules/003QubesTemplateVm.py
    core-modules/005QubesNetVm.py
    core/qubes.py
    core/storage/__init__.py
    core/storage/xen.py
    doc/qvm-tools/qvm-pci.rst
    doc/qvm-tools/qvm-prefs.rst
    qubes/tools/qmemmand.py
    qvm-tools/qvm-create
    qvm-tools/qvm-prefs
    qvm-tools/qvm-start
    tests/__init__.py
    vm-config/xen-vm-template-hvm.xml

This commit took 2 days (26-27.01.2016) and put our friendship to test.
    --Wojtek and Marek
2016-03-03 01:13:51 +01:00
Wojtek Porczyk
01319e391f qubes: port netvm
From now, there are no separate NetVM and ProxyVM class, but property
"provides_network".
2016-03-03 00:46:05 +01:00
Marek Marczykowski-Górecki
d3f83876eb
rpm: require new enough qubes-core-dom0-linux package
For qvm-sync-clock --force option.
2016-02-23 16:22:02 +01:00
Wojtek Porczyk
06cc064c8c qubes/tests: split init to init1 and init2
This is to keep the correct order of the tests. The exact dependency
graph is somewhat complicated and contains several cycles.
2016-01-21 13:31:43 +01:00
Wojtek Porczyk
ce0b927a98 qubes/tests/int/tools/qvm_run: add tests for qvm-run
Missing is test for --gui/--no-gui.

part of QubesOS/qubes-issues#1226
2015-12-29 03:50:35 +01:00
Wojtek Porczyk
f1a0b1af39 qubes/tools: add qvm-run, qvm-{,un}pause
Also change convention of calling main(): now command returns its
numeric value instead of bool.

Also fixed QSB#13

fixes QubesOS/qubes-issues#1226
2015-12-29 03:43:08 +01:00
Wojtek Porczyk
7b30361fa6 qubes/tools: add qubes-prefs
fixes QubesOS/qubes-issues#1209
2015-12-24 00:48:17 +01:00
Wojtek Porczyk
729c28281b spec: disable AutoReq
This fixes compilation under Fedora. Depending on $PATH order, automagic
dependencies put /usr/bin/python or /bin/python (because we have
anything, becase /bin is just symlink to /usr/bin.
2015-12-23 14:34:54 +01:00
Wojtek Porczyk
91bde9b80f spec: add missing BuildRequires 2015-12-23 14:34:54 +01:00
Wojtek Porczyk
0dc0fd306f core3: test fixing
part of QubesOS/qubes-issues#1248
2015-12-23 14:34:53 +01:00
Marek Marczykowski-Górecki
377d3ad43a
rpm: do not motify /etc/udev/rules.d/xen-backend.rules anymore
Xen 4.6 no longer uses udev to call hotplug scripts.

QubesOS/qubes-issues#1361
2015-11-27 20:00:34 +01:00
Marek Marczykowski-Górecki
f525a58134
core: adjust for updated stubdom support in libvirt
Fixes QubesOS/qubes-issues#1456
2015-11-27 20:00:33 +01:00
Bahtiar `kalkin-` Gadimov
bfaf37dae5 Add pool config parsing 2015-11-17 19:37:18 +01:00
Wojtek Porczyk
96efb4568a core3: add different exceptions
From now on there are different exceptions which can be raise on
different occasions.

fixes QubesOS/qubes-issues#1279
2015-10-17 00:17:12 +02:00
Wojtek Porczyk
15713cbf46 qubes/tools: rewrite qvm-kill
Also new function, `error_runtime` for common parser.

fixes QubesOS/qubes-issues#1222
2015-10-05 18:06:02 +02:00
Wojtek Porczyk
c538d536c8 core3: move qmemman
This is part of fixing qvm-start.

qmemman was moved with minimal touching, mainly module names.

Moved function parsing human-readable sizes from core2. This function is
wrong, because it treats k/M/G as 1024-based, but leave it for now.
2015-10-05 12:46:14 +02:00
Wojtek Porczyk
fcdb579bab core3: qubesmanager notifying extension
core/notify.py was excavated and tray notifying remnants were moved to
qubes.log. They are unused as yet.

Also extension events are fixed.
2015-10-05 12:46:14 +02:00
Wojtek Porczyk
6f4951d08a install python package with setuptools 2015-10-05 12:46:14 +02:00
Wojtek Porczyk
b0be1ad584 qubes/tools: qvm-start rewritten from original 2015-10-05 12:46:14 +02:00
Wojtek Porczyk
e7cba0214f qubes/tools: qvm-prefs 2015-10-05 12:46:13 +02:00
Wojtek Porczyk
ff7d89700a qubes/tools: port qvm-create 2015-06-30 17:18:24 +02:00
Wojtek Porczyk
669a976d4e qubes/tools: add common action for setting properties 2015-06-29 17:40:43 +02:00
Wojtek Porczyk
fd0107f11a new tool: qubes-create
At present it just creates default qubes.xml (empty barring labels and AdminVM).
In the future it can be evolved into backend for firstboot.
2015-06-29 17:39:28 +02:00
Wojtek Porczyk
18d36c17e1 rpm_spec/core-dom0-doc.spec: fix build dependencies 2015-06-29 17:39:28 +02:00