Commit Graph

77 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
26b32ca51e backups: refuse to create encrypted and compressed backup (#775) 2014-01-15 05:00:13 +01:00
Marek Marczykowski-Górecki
357fe37ed2 backups: change data/time delimiter in filename according to ISO 8601 2014-01-15 04:34:51 +01:00
Marek Marczykowski-Górecki
50c00e555e backups: make cleanup code more defensive
If we are killing remaining processes in cause of exception, ignore
failure here (OSError is raised in case of non existing process).
2014-01-15 03:57:59 +01:00
Marek Marczykowski-Górecki
7b1e9f3bfb backups: implement backup header
It stores basic backup information like used hmac/crypto algorithm,
whether backup is encrypted/compressed and possibly more. The header
file is parsed only after successful HMAC verification. Because we do
not know which HMAC algorithm was used before reading the header, try to
guess trying all supported (starting with the default one).

Backup header is stored as the first file, which is always not encrypted
and not compressed. Then qubes.xml follows.
2014-01-15 03:53:45 +01:00
Marek Marczykowski-Górecki
4c29d743c8 backups: introduce configurable HMAC/encryption algo
For now always set it to default values (no frontend application uses
those parameters), but be prepared for further improvements.
2014-01-15 03:50:29 +01:00
Marek Marczykowski-Górecki
4b493b6d9a backups: unify compress/encrypt parameter names 2014-01-15 03:45:12 +01:00
Marek Marczykowski-Górecki
a2037a4985 backups: do not hardcode limit values in the code (#771)
Also introduce limit for stderr read from VM (anti DoS protection).
2014-01-15 03:36:16 +01:00
Marek Marczykowski-Górecki
b85cd0448f backups: minor fixes, mostly formatting 2014-01-15 01:05:54 +01:00
Marek Marczykowski-Górecki
40953176f4 backups: reorganise restore API
Call backup_restore_header from backup_restore_prepare, there is no
sense in requiring the user to call them separately. Also store all
parameters in restore_info object as special '$OPTIONS$' VM to not
require passing them twice (with all the chances for the errors).
2014-01-13 04:45:02 +01:00
Marek Marczykowski-Górecki
338fc74ea2 backups: misc minor fixes 2014-01-13 04:37:54 +01:00
Marek Marczykowski-Górecki
c6ca2725a1 backups: rename classes according to coding style 2014-01-13 04:27:19 +01:00
Marek Marczykowski-Górecki
c825a41909 backups: ignore EPIPE on pipe.close()
This is most likely some padding left in output buffer. See #764
comments for details.
2014-01-10 03:31:15 +01:00
Marek Marczykowski-Górecki
6abca8ce57 backups: do not chdir() in main process
This can be any application, for example Qubes Manager. Changing current
dir can have side effects, especially when we do not change it back
after restore (or in any error encountered).
2014-01-10 03:30:59 +01:00
Marek Marczykowski-Górecki
29bd92aad9 backups: terminate Extract_Worker on error in main process 2014-01-10 03:28:53 +01:00
Marek Marczykowski-Górecki
d86865d299 backups: fix passing -z option to openssl
Note that this is not fix #775 in any way.
2014-01-10 03:26:50 +01:00
Marek Marczykowski-Górecki
01312a17d6 backups: improve error handling in Extract_Worker
Terminate children when exception raised. Also rename tar2_command to
tar2_process to improve readability.
2014-01-10 03:23:51 +01:00
Marek Marczykowski-Górecki
eeca3eb697 backups: improve error reporting when something failed in dest VM 2014-01-10 03:20:48 +01:00
Marek Marczykowski-Górecki
bcf1a19807 backups: fix include/exclude of dom0 home in backup
Place it in the list just like the other VMs. Then handle separately.
2014-01-10 03:19:22 +01:00
Danny Fullerton
268dcfd71d Fix qvm-block crash with /dev/mdXpY devices 2014-01-08 11:51:05 +01:00
Marek Marczykowski-Górecki
994e963ab8 backup: fix handling errors in source VM 2013-12-29 03:20:27 +01:00
Olivier MEDOC
3fcfbbac22 backups: fix trailing slashes for anonymized vm dirnames 2013-12-10 17:02:45 +01:00
Marek Marczykowski-Górecki
84f8a8a8f1 backups: fix restore dom0 home from old backup format 2013-12-06 06:55:23 +01:00
Marek Marczykowski-Górecki
99b001502a backups: compression support 2013-12-02 14:05:41 +01:00
Marek Marczykowski-Górecki
1939cf7ce8 backups: report exception on backup write error
This is only partial solution - this happens in separate thread so main
thread may not notice this problem (and simply will wait on work queue).
2013-12-02 14:04:20 +01:00
Marek Marczykowski-Górecki
bc92c20d67 core: do not truncate qubes.xml during save()
Save the next one in temporary file, then move over to destination file.
This way when writing the file to disk fails (e.g. out of disk space),
user still have old file version intact.
2013-12-02 03:50:55 +01:00
Marek Marczykowski-Górecki
93b7924bc6 backups: hide unwanted "next volume requests" from tar 2013-12-02 03:49:44 +01:00
Marek Marczykowski-Górecki
e9f08aefd7 backups: disable debugging code 2013-12-01 02:35:42 +01:00
Marek Marczykowski-Górecki
27f6f0e64e Merge branch 'new-backups'
Conflicts:
	core-modules/000QubesVm.py
2013-11-29 04:00:58 +01:00
Marek Marczykowski-Górecki
b73970c62d core: rename QubesDom0NetVm to QubesAdminVm
This is somehow related to #757, but only first (easier) step. Actual
change of QubesAdminVm base class requires somehow more changes, for
example qvm-ls needs to know how to display this type of VM (none of
template, appvm, netvm).

Make this first step change now, because starting with R2Beta3 dom0 will
be stored in qubes.xml (for new backups purposes) so this rename would
be complicated later.
2013-11-29 03:42:56 +01:00
Marek Marczykowski-Górecki
3d70402778 backups: add support for restoring old backup format
Actually the code is quite similar, so just add few "if" instead of
copying the whole functions.
2013-11-29 03:25:41 +01:00
Marek Marczykowski-Górecki
eaebf04b34 backups: remove some old unneeded code 2013-11-27 03:21:17 +01:00
Marek Marczykowski-Górecki
c8b8cd0d1f backups: fix restore in non-debug mode 2013-11-27 03:20:45 +01:00
Marek Marczykowski-Górecki
105428accb backups: fix encrypted backup restore 2013-11-27 03:20:26 +01:00
Marek Marczykowski-Górecki
10100767da backups: hide VM names in encrypted backup
Even when encrypted backup is selected, file list isn't encrypted. Do
not leak VM names in the filenames.
2013-11-27 03:19:23 +01:00
Marek Marczykowski-Górecki
8bdea5b0ab backups: fix backup of selected appmenus for VM
This wasn't working for a long time...
2013-11-27 03:18:14 +01:00
Marek Marczykowski-Górecki
2d68b79bff backups: fix backup of templates
Template is saved as single archive of the whole VM directory. Preserve
backup directory structure regardless of its content - in this case it
means we need "." archive (with template directory content) placed in
"vm-tempates/<template-name>/" backup directory. This allows restore
process to select right files to restore regardless of VM type.
2013-11-26 16:46:34 +01:00
Marek Marczykowski-Górecki
50662bf090 backups: correctly calculate size of file to backup 2013-11-26 16:46:09 +01:00
Marek Marczykowski-Górecki
0b0d50edf3 backups: move import at the beginning of .py file 2013-11-26 16:45:51 +01:00
Marek Marczykowski-Górecki
0743531244 backups: fix VM exclude logic (restore) 2013-11-25 06:33:06 +01:00
Marek Marczykowski-Górecki
bf6bf8ed8f backups: fix backup header extraction
Pass only 'qubes.xml.000' to tar2qfile - this way it will stop reading
the source after requested file(s).
2013-11-25 06:31:38 +01:00
Marek Marczykowski-Górecki
cc37927080 backups: fix backup cleanup 2013-11-25 05:46:57 +01:00
Marek Marczykowski-Górecki
c781a522d8 backups: move backup code to separate file
Also some major cleanups: Reduce some more code duplication
(verify_hmac, simplify backup_restore_prepare). Rename
backup_dir/backup_tmpdir variables to better match its purpose. Rename
backup_do_copy back to backup_do.  Require QubesVm object (instead of VM
name) as appvm param.
2013-11-25 05:41:13 +01:00
Marek Marczykowski-Górecki
657beaf655 backups: move extracted dom0 home from /var/tmp instead of copy 2013-11-25 01:11:29 +01:00
Marek Marczykowski-Górecki
e31c3ae8e7 backup: reduce volume size to 100M and limit queue length
This way backup process won't need more than 1GB for temporary files and
also will give more precise progress information. For now it looks like
the slowest element is qrexec, so without such limit, all the data would
be prepared (basically making second copy of it in dom0) while only
first few files would be transfered to the VM.
Also backup progress is calculated based on preparation thread, so when
it finishes there is some other time needed to flush all the data to the
VM. Limiting this amount makes progress somehow more accurate (but still
off by 1GB...).
2013-11-25 00:55:59 +01:00
Marek Marczykowski-Górecki
10a01010bb backups: fix handling multi-volume archive during restore
We can't wait for tar next volume prompt using stderr.readline(),
because tar don't output EOL marker after this prompt. The other way
would be switching file descriptor to non-blocking mode and using lower
level os.read(), but this looks like more error-prone way (races...).
So change idea of handling such archives: after switching to next
archive volume, simply send '\n' to tar (which will receive when
needed). When getting "*.000" file, assume that previous archive was
over and wait for previous tar process. Then start the new one.

Also don't give explicit tape length, only turn multi-volume mode on. So
will correctly handle all multi-volume archives, regardless of its size.
2013-11-25 00:48:54 +01:00
Marek Marczykowski-Górecki
7229b78bbf backups: minor reduce code duplication 2013-11-25 00:48:00 +01:00
Marek Marczykowski-Górecki
bc59d7e054 backups: include file path in internal archive, implement dom0 home restore
This is mostly revert of "3d1b40f backups: keep file without path in
inner tar archive" in terms of archive format, but the code is more
robust than old one. Especially reuse already computed dir paths. Also
restore only requested files (based on selected VMs and its qubes.xml
data). Change the restore workflow to restore files first to temporary
directory, then move to final dirs. This approach:
 - will be compatible with hashed vm name in the archive path
 - is required to handle dom0 home backup (directory outside of
   /var/lib/qubes)
 - it should be also more defensive - make any changes in /var/lib/qubes
 only after successful extraction of files and creating Qubes*Vm object

Second change in this commit is implement of dom0 home backup/restore.
As qubes.xml now contains data about dom0, we have information whether
it is included in the backup (before getting actual files).
2013-11-25 00:36:40 +01:00
Marek Marczykowski-Górecki
dc6fd3c8f3 core: store dom0 info in qubes.xml
At least to have there info about its backup.
2013-11-24 23:50:39 +01:00
Marek Marczykowski-Górecki
a64f7c12ad backups: desperate try to improve readability
Especially kill long lines.
2013-11-24 23:49:53 +01:00
Marek Marczykowski-Górecki
c306b9c00a backups: increase readability of long function calls 2013-11-24 23:49:53 +01:00