backup.py 89 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282
  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. #
  4. # The Qubes OS Project, http://www.qubes-os.org
  5. #
  6. # Copyright (C) 2013-2015 Marek Marczykowski-Górecki
  7. # <marmarek@invisiblethingslab.com>
  8. # Copyright (C) 2013 Olivier Médoc <o_medoc@yahoo.fr>
  9. #
  10. # This program is free software; you can redistribute it and/or
  11. # modify it under the terms of the GNU General Public License
  12. # as published by the Free Software Foundation; either version 2
  13. # of the License, or (at your option) any later version.
  14. #
  15. # This program is distributed in the hope that it will be useful,
  16. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. # GNU General Public License for more details.
  19. #
  20. # You should have received a copy of the GNU General Public License
  21. # along with this program. If not, see <http://www.gnu.org/licenses/>
  22. #
  23. #
  24. from __future__ import unicode_literals
  25. import itertools
  26. import logging
  27. from qubes.utils import size_to_human
  28. import sys
  29. import os
  30. import fcntl
  31. import subprocess
  32. import re
  33. import shutil
  34. import tempfile
  35. import time
  36. import grp
  37. import pwd
  38. import errno
  39. import datetime
  40. from multiprocessing import Queue, Process
  41. import qubes
  42. import qubes.core2migration
  43. import qubes.storage
  44. import qubes.storage.file
  45. QUEUE_ERROR = "ERROR"
  46. QUEUE_FINISHED = "FINISHED"
  47. HEADER_FILENAME = 'backup-header'
  48. DEFAULT_CRYPTO_ALGORITHM = 'aes-256-cbc'
  49. DEFAULT_HMAC_ALGORITHM = 'SHA512'
  50. DEFAULT_COMPRESSION_FILTER = 'gzip'
  51. CURRENT_BACKUP_FORMAT_VERSION = '4'
  52. # Maximum size of error message get from process stderr (including VM process)
  53. MAX_STDERR_BYTES = 1024
  54. # header + qubes.xml max size
  55. HEADER_QUBES_XML_MAX_SIZE = 1024 * 1024
  56. BLKSIZE = 512
  57. _re_alphanum = re.compile(r'^[A-Za-z0-9-]*$')
  58. class BackupCanceledError(qubes.exc.QubesException):
  59. def __init__(self, msg, tmpdir=None):
  60. super(BackupCanceledError, self).__init__(msg)
  61. self.tmpdir = tmpdir
  62. class BackupHeader(object):
  63. header_keys = {
  64. 'version': 'version',
  65. 'encrypted': 'encrypted',
  66. 'compressed': 'compressed',
  67. 'compression-filter': 'compression_filter',
  68. 'crypto-algorithm': 'crypto_algorithm',
  69. 'hmac-algorithm': 'hmac_algorithm',
  70. }
  71. bool_options = ['encrypted', 'compressed']
  72. int_options = ['version']
  73. def __init__(self,
  74. header_data=None,
  75. version=None,
  76. encrypted=None,
  77. compressed=None,
  78. compression_filter=None,
  79. hmac_algorithm=None,
  80. crypto_algorithm=None):
  81. # repeat the list to help code completion...
  82. self.version = version
  83. self.encrypted = encrypted
  84. self.compressed = compressed
  85. # Options introduced in backup format 3+, which always have a header,
  86. # so no need for fallback in function parameter
  87. self.compression_filter = compression_filter
  88. self.hmac_algorithm = hmac_algorithm
  89. self.crypto_algorithm = crypto_algorithm
  90. if header_data is not None:
  91. self.load(header_data)
  92. def load(self, untrusted_header_text):
  93. """Parse backup header file.
  94. :param untrusted_header_text: header content
  95. :type untrusted_header_text: basestring
  96. .. warning::
  97. This function may be exposed to not yet verified header,
  98. so is security critical.
  99. """
  100. try:
  101. untrusted_header_text = untrusted_header_text.decode('ascii')
  102. except UnicodeDecodeError:
  103. raise qubes.exc.QubesException(
  104. "Non-ASCII characters in backup header")
  105. for untrusted_line in untrusted_header_text.splitlines():
  106. if untrusted_line.count('=') != 1:
  107. raise qubes.exc.QubesException("Invalid backup header")
  108. key, value = untrusted_line.strip().split('=', 1)
  109. if not _re_alphanum.match(key):
  110. raise qubes.exc.QubesException("Invalid backup header (key)")
  111. if key not in self.header_keys.keys():
  112. # Ignoring unknown option
  113. continue
  114. if not _re_alphanum.match(value):
  115. raise qubes.exc.QubesException("Invalid backup header (value)")
  116. if getattr(self, self.header_keys[key]) is not None:
  117. raise qubes.exc.QubesException(
  118. "Duplicated header line: {}".format(key))
  119. if key in self.bool_options:
  120. value = value.lower() in ["1", "true", "yes"]
  121. elif key in self.int_options:
  122. value = int(value)
  123. setattr(self, self.header_keys[key], value)
  124. self.validate()
  125. def validate(self):
  126. if self.version == 1:
  127. # header not really present
  128. pass
  129. elif self.version in [2, 3, 4]:
  130. expected_attrs = ['version', 'encrypted', 'compressed',
  131. 'hmac_algorithm']
  132. if self.encrypted:
  133. expected_attrs += ['crypto_algorithm']
  134. if self.version >= 3 and self.compressed:
  135. expected_attrs += ['compression_filter']
  136. for key in expected_attrs:
  137. if getattr(self, key) is None:
  138. raise qubes.exc.QubesException(
  139. "Backup header lack '{}' info".format(key))
  140. else:
  141. raise qubes.exc.QubesException(
  142. "Unsupported backup version {}".format(self.version))
  143. def save(self, filename):
  144. with open(filename, "w") as f:
  145. # make sure 'version' is the first key
  146. f.write('version={}\n'.format(self.version))
  147. for key, attr in self.header_keys.iteritems():
  148. if key == 'version':
  149. continue
  150. if getattr(self, attr) is None:
  151. continue
  152. f.write("{!s}={!s}\n".format(key, getattr(self, attr)))
  153. class SendWorker(Process):
  154. def __init__(self, queue, base_dir, backup_stdout):
  155. super(SendWorker, self).__init__()
  156. self.queue = queue
  157. self.base_dir = base_dir
  158. self.backup_stdout = backup_stdout
  159. self.log = logging.getLogger('qubes.backup')
  160. def run(self):
  161. self.log.debug("Started sending thread")
  162. self.log.debug("Moving to temporary dir".format(self.base_dir))
  163. os.chdir(self.base_dir)
  164. for filename in iter(self.queue.get, None):
  165. if filename in (QUEUE_FINISHED, QUEUE_ERROR):
  166. break
  167. self.log.debug("Sending file {}".format(filename))
  168. # This tar used for sending data out need to be as simple, as
  169. # simple, as featureless as possible. It will not be
  170. # verified before untaring.
  171. tar_final_cmd = ["tar", "-cO", "--posix",
  172. "-C", self.base_dir, filename]
  173. final_proc = subprocess.Popen(tar_final_cmd,
  174. stdin=subprocess.PIPE,
  175. stdout=self.backup_stdout)
  176. if final_proc.wait() >= 2:
  177. if self.queue.full():
  178. # if queue is already full, remove some entry to wake up
  179. # main thread, so it will be able to notice error
  180. self.queue.get()
  181. # handle only exit code 2 (tar fatal error) or
  182. # greater (call failed?)
  183. raise qubes.exc.QubesException(
  184. "ERROR: Failed to write the backup, out of disk space? "
  185. "Check console output or ~/.xsession-errors for details.")
  186. # Delete the file as we don't need it anymore
  187. self.log.debug("Removing file {}".format(filename))
  188. os.remove(filename)
  189. self.log.debug("Finished sending thread")
  190. class Backup(object):
  191. class FileToBackup(object):
  192. def __init__(self, file_path, subdir=None):
  193. sz = qubes.storage.file.get_disk_usage(file_path)
  194. if subdir is None:
  195. abs_file_path = os.path.abspath(file_path)
  196. abs_base_dir = os.path.abspath(
  197. qubes.config.system_path["qubes_base_dir"]) + '/'
  198. abs_file_dir = os.path.dirname(abs_file_path) + '/'
  199. (nothing, directory, subdir) = abs_file_dir.partition(abs_base_dir)
  200. assert nothing == ""
  201. assert directory == abs_base_dir
  202. else:
  203. if len(subdir) > 0 and not subdir.endswith('/'):
  204. subdir += '/'
  205. self.path = file_path
  206. self.size = sz
  207. self.subdir = subdir
  208. class VMToBackup(object):
  209. def __init__(self, vm, files, subdir):
  210. self.vm = vm
  211. self.files = files
  212. self.subdir = subdir
  213. @property
  214. def size(self):
  215. return reduce(lambda x, y: x + y.size, self.files, 0)
  216. def __init__(self, app, vms_list=None, exclude_list=None, **kwargs):
  217. """
  218. If vms = None, include all (sensible) VMs;
  219. exclude_list is always applied
  220. """
  221. super(Backup, self).__init__()
  222. #: progress of the backup - bytes handled of the current VM
  223. self.chunk_size = 100 * 1024 * 1024
  224. self._current_vm_bytes = 0
  225. #: progress of the backup - bytes handled of finished VMs
  226. self._done_vms_bytes = 0
  227. #: total backup size (set by :py:meth:`get_files_to_backup`)
  228. self.total_backup_bytes = 0
  229. #: application object
  230. self.app = app
  231. #: directory for temporary files - set after creating the directory
  232. self.tmpdir = None
  233. # Backup settings - defaults
  234. #: should the backup be encrypted?
  235. self.encrypted = True
  236. #: should the backup be compressed?
  237. self.compressed = True
  238. #: what passphrase should be used to intergrity protect (and encrypt)
  239. #: the backup; required
  240. self.passphrase = None
  241. #: custom hmac algorithm
  242. self.hmac_algorithm = DEFAULT_HMAC_ALGORITHM
  243. #: custom encryption algorithm
  244. self.crypto_algorithm = DEFAULT_CRYPTO_ALGORITHM
  245. #: custom compression filter; a program which process stdin to stdout
  246. self.compression_filter = DEFAULT_COMPRESSION_FILTER
  247. #: VM to which backup should be sent (if any)
  248. self.target_vm = None
  249. #: directory to save backup in (either in dom0 or target VM,
  250. #: depending on :py:attr:`target_vm`
  251. self.target_dir = None
  252. #: callback for progress reporting. Will be called with one argument
  253. #: - progress in percents
  254. self.progress_callback = None
  255. for key, value in kwargs.iteritems():
  256. if hasattr(self, key):
  257. setattr(self, key, value)
  258. else:
  259. raise AttributeError(key)
  260. #: whether backup was canceled
  261. self.canceled = False
  262. #: list of PIDs to kill on backup cancel
  263. self.processes_to_kill_on_cancel = []
  264. self.log = logging.getLogger('qubes.backup')
  265. self.compression_filter = DEFAULT_COMPRESSION_FILTER
  266. if exclude_list is None:
  267. exclude_list = []
  268. if vms_list is None:
  269. vms_list = [vm for vm in app.domains if vm.include_in_backups]
  270. # Apply exclude list
  271. self.vms_for_backup = [vm for vm in vms_list
  272. if vm.name not in exclude_list]
  273. self._files_to_backup = self.get_files_to_backup()
  274. def __del__(self):
  275. if self.tmpdir and os.path.exists(self.tmpdir):
  276. shutil.rmtree(self.tmpdir)
  277. def cancel(self):
  278. """Cancel running backup operation. Can be called from another thread.
  279. """
  280. self.canceled = True
  281. for proc in self.processes_to_kill_on_cancel:
  282. try:
  283. proc.terminate()
  284. except OSError:
  285. pass
  286. def get_files_to_backup(self):
  287. files_to_backup = {}
  288. for vm in self.vms_for_backup:
  289. if vm.qid == 0:
  290. # handle dom0 later
  291. continue
  292. if self.encrypted:
  293. subdir = 'vm%d/' % vm.qid
  294. else:
  295. subdir = None
  296. vm_files = []
  297. # TODO this is file pool specific. Change it to a more general
  298. # solution
  299. if vm.volumes['private'] is not None:
  300. path_to_private_img = vm.volumes['private'].path
  301. vm_files.append(self.FileToBackup(path_to_private_img, subdir))
  302. vm_files.append(self.FileToBackup(vm.icon_path, subdir))
  303. vm_files.extend(self.FileToBackup(i, subdir)
  304. for i in vm.fire_event('backup-get-files'))
  305. # TODO: drop after merging firewall.xml into qubes.xml
  306. firewall_conf = os.path.join(vm.dir_path, vm.firewall_conf)
  307. if os.path.exists(firewall_conf):
  308. vm_files.append(self.FileToBackup(firewall_conf, subdir))
  309. if vm.updateable:
  310. # TODO this is file pool specific. Change it to a more general
  311. # solution
  312. path_to_root_img = vm.volumes['root'].path
  313. vm_files.append(self.FileToBackup(path_to_root_img, subdir))
  314. files_to_backup[vm.qid] = self.VMToBackup(vm, vm_files, subdir)
  315. # Dom0 user home
  316. if 0 in [vm.qid for vm in self.vms_for_backup]:
  317. local_user = grp.getgrnam('qubes').gr_mem[0]
  318. home_dir = pwd.getpwnam(local_user).pw_dir
  319. # Home dir should have only user-owned files, so fix it now
  320. # to prevent permissions problems - some root-owned files can
  321. # left after 'sudo bash' and similar commands
  322. subprocess.check_call(['sudo', 'chown', '-R', local_user, home_dir])
  323. home_to_backup = [
  324. self.FileToBackup(home_dir, 'dom0-home/')]
  325. vm_files = home_to_backup
  326. files_to_backup[0] = self.VMToBackup(self.app.domains[0],
  327. vm_files,
  328. os.path.join('dom0-home', os.path.basename(home_dir)))
  329. self.total_backup_bytes = reduce(
  330. lambda x, y: x + y.size, files_to_backup.values(), 0)
  331. return files_to_backup
  332. def get_backup_summary(self):
  333. summary = ""
  334. fields_to_display = [
  335. {"name": "VM", "width": 16},
  336. {"name": "type", "width": 12},
  337. {"name": "size", "width": 12}
  338. ]
  339. # Display the header
  340. for f in fields_to_display:
  341. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  342. summary += fmt.format('-')
  343. summary += "\n"
  344. for f in fields_to_display:
  345. fmt = "{{0:>{0}}} |".format(f["width"] + 1)
  346. summary += fmt.format(f["name"])
  347. summary += "\n"
  348. for f in fields_to_display:
  349. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  350. summary += fmt.format('-')
  351. summary += "\n"
  352. files_to_backup = self._files_to_backup
  353. for qid, vm_info in files_to_backup.iteritems():
  354. s = ""
  355. fmt = "{{0:>{0}}} |".format(fields_to_display[0]["width"] + 1)
  356. s += fmt.format(vm_info['vm'].name)
  357. fmt = "{{0:>{0}}} |".format(fields_to_display[1]["width"] + 1)
  358. if qid == 0:
  359. s += fmt.format("User home")
  360. elif isinstance(vm_info['vm'], qubes.vm.templatevm.TemplateVM):
  361. s += fmt.format("Template VM")
  362. else:
  363. s += fmt.format("VM" + (" + Sys" if vm_info['vm'].updateable
  364. else ""))
  365. vm_size = vm_info['size']
  366. fmt = "{{0:>{0}}} |".format(fields_to_display[2]["width"] + 1)
  367. s += fmt.format(size_to_human(vm_size))
  368. if qid != 0 and vm_info['vm'].is_running():
  369. s += " <-- The VM is running, please shut it down before proceeding " \
  370. "with the backup!"
  371. summary += s + "\n"
  372. for f in fields_to_display:
  373. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  374. summary += fmt.format('-')
  375. summary += "\n"
  376. fmt = "{{0:>{0}}} |".format(fields_to_display[0]["width"] + 1)
  377. summary += fmt.format("Total size:")
  378. fmt = "{{0:>{0}}} |".format(
  379. fields_to_display[1]["width"] + 1 + 2 + fields_to_display[2][
  380. "width"] + 1)
  381. summary += fmt.format(size_to_human(self.total_backup_bytes))
  382. summary += "\n"
  383. for f in fields_to_display:
  384. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  385. summary += fmt.format('-')
  386. summary += "\n"
  387. vms_not_for_backup = [vm.name for vm in self.app.domains
  388. if vm not in self.vms_for_backup]
  389. summary += "VMs not selected for backup:\n - " + "\n - ".join(
  390. sorted(vms_not_for_backup))
  391. return summary
  392. def prepare_backup_header(self):
  393. header_file_path = os.path.join(self.tmpdir, HEADER_FILENAME)
  394. backup_header = BackupHeader(
  395. version=CURRENT_BACKUP_FORMAT_VERSION,
  396. hmac_algorithm=self.hmac_algorithm,
  397. crypto_algorithm=self.crypto_algorithm,
  398. encrypted=self.encrypted,
  399. compressed=self.compressed,
  400. compression_filter=self.compression_filter,
  401. )
  402. backup_header.save(header_file_path)
  403. hmac = subprocess.Popen(
  404. ["openssl", "dgst", "-" + self.hmac_algorithm,
  405. "-hmac", self.passphrase],
  406. stdin=open(header_file_path, "r"),
  407. stdout=open(header_file_path + ".hmac", "w"))
  408. if hmac.wait() != 0:
  409. raise qubes.exc.QubesException(
  410. "Failed to compute hmac of header file")
  411. return HEADER_FILENAME, HEADER_FILENAME + ".hmac"
  412. @staticmethod
  413. def _queue_put_with_check(proc, vmproc, queue, element):
  414. if queue.full():
  415. if not proc.is_alive():
  416. if vmproc:
  417. message = ("Failed to write the backup, VM output:\n" +
  418. vmproc.stderr.read())
  419. else:
  420. message = "Failed to write the backup. Out of disk space?"
  421. raise qubes.exc.QubesException(message)
  422. queue.put(element)
  423. def _send_progress_update(self):
  424. if callable(self.progress_callback):
  425. progress = (
  426. 100 * (self._done_vms_bytes + self._current_vm_bytes) /
  427. self.total_backup_bytes)
  428. self.progress_callback(progress)
  429. def _add_vm_progress(self, bytes_done):
  430. self._current_vm_bytes += bytes_done
  431. self._send_progress_update()
  432. def backup_do(self):
  433. if self.passphrase is None:
  434. raise qubes.exc.QubesException("No passphrase set")
  435. qubes_xml = self.app.store
  436. self.tmpdir = tempfile.mkdtemp()
  437. shutil.copy(qubes_xml, os.path.join(self.tmpdir, 'qubes.xml'))
  438. qubes_xml = os.path.join(self.tmpdir, 'qubes.xml')
  439. backup_app = qubes.Qubes(qubes_xml)
  440. files_to_backup = self._files_to_backup
  441. # make sure backup_content isn't set initially
  442. for vm in backup_app.domains:
  443. vm.features['backup-content'] = False
  444. for qid, vm_info in files_to_backup.iteritems():
  445. if qid != 0 and vm_info.vm.is_running():
  446. raise qubes.exc.QubesVMNotHaltedError(vm_info.vm)
  447. # VM is included in the backup
  448. backup_app.domains[qid].features['backup-content'] = True
  449. backup_app.domains[qid].features['backup-path'] = vm_info.subdir
  450. backup_app.domains[qid].features['backup-size'] = vm_info.size
  451. backup_app.save()
  452. passphrase = self.passphrase.encode('utf-8')
  453. vmproc = None
  454. tar_sparse = None
  455. if self.target_vm is not None:
  456. # Prepare the backup target (Qubes service call)
  457. # If APPVM, STDOUT is a PIPE
  458. vmproc = self.target_vm.run_service('qubes.Backup',
  459. passio_popen=True, passio_stderr=True)
  460. vmproc.stdin.write(self.target_dir.
  461. replace("\r", "").replace("\n", "") + "\n")
  462. backup_stdout = vmproc.stdin
  463. self.processes_to_kill_on_cancel.append(vmproc)
  464. else:
  465. # Prepare the backup target (local file)
  466. if os.path.isdir(self.target_dir):
  467. backup_target = self.target_dir + "/qubes-{0}". \
  468. format(time.strftime("%Y-%m-%dT%H%M%S"))
  469. else:
  470. backup_target = self.target_dir
  471. # Create the target directory
  472. if not os.path.exists(os.path.dirname(self.target_dir)):
  473. raise qubes.exc.QubesException(
  474. "ERROR: the backup directory for {0} does not exists".
  475. format(self.target_dir))
  476. # If not APPVM, STDOUT is a local file
  477. backup_stdout = open(backup_target, 'wb')
  478. # Tar with tape length does not deals well with stdout
  479. # (close stdout between two tapes)
  480. # For this reason, we will use named pipes instead
  481. self.log.debug("Working in {}".format(self.tmpdir))
  482. backup_pipe = os.path.join(self.tmpdir, "backup_pipe")
  483. self.log.debug("Creating pipe in: {}".format(backup_pipe))
  484. os.mkfifo(backup_pipe)
  485. self.log.debug("Will backup: {}".format(files_to_backup))
  486. header_files = self.prepare_backup_header()
  487. # Setup worker to send encrypted data chunks to the backup_target
  488. to_send = Queue(10)
  489. send_proc = SendWorker(to_send, self.tmpdir, backup_stdout)
  490. send_proc.start()
  491. for f in header_files:
  492. to_send.put(f)
  493. qubes_xml_info = self.VMToBackup(
  494. None,
  495. [self.FileToBackup(qubes_xml, '')],
  496. ''
  497. )
  498. for vm_info in itertools.chain([qubes_xml_info],
  499. files_to_backup.itervalues()):
  500. for file_info in vm_info.files:
  501. self.log.debug("Backing up {}".format(file_info))
  502. backup_tempfile = os.path.join(
  503. self.tmpdir, file_info.subdir,
  504. os.path.basename(file_info.path))
  505. self.log.debug("Using temporary location: {}".format(
  506. backup_tempfile))
  507. # Ensure the temporary directory exists
  508. if not os.path.isdir(os.path.dirname(backup_tempfile)):
  509. os.makedirs(os.path.dirname(backup_tempfile))
  510. # The first tar cmd can use any complex feature as we want.
  511. # Files will be verified before untaring this.
  512. # Prefix the path in archive with filename["subdir"] to have it
  513. # verified during untar
  514. tar_cmdline = (["tar", "-Pc", '--sparse',
  515. "-f", backup_pipe,
  516. '-C', os.path.dirname(file_info.path)] +
  517. (['--dereference'] if
  518. file_info.subdir != "dom0-home/" else []) +
  519. ['--xform', 's:^%s:%s\\0:' % (
  520. os.path.basename(file_info.path),
  521. file_info.subdir),
  522. os.path.basename(file_info.path)
  523. ])
  524. if self.compressed:
  525. tar_cmdline.insert(-1,
  526. "--use-compress-program=%s" % self.compression_filter)
  527. self.log.debug(" ".join(tar_cmdline))
  528. # Tips: Popen(bufsize=0)
  529. # Pipe: tar-sparse | encryptor [| hmac] | tar | backup_target
  530. # Pipe: tar-sparse [| hmac] | tar | backup_target
  531. # TODO: log handle stderr
  532. tar_sparse = subprocess.Popen(
  533. tar_cmdline, stdin=subprocess.PIPE)
  534. self.processes_to_kill_on_cancel.append(tar_sparse)
  535. # Wait for compressor (tar) process to finish or for any
  536. # error of other subprocesses
  537. i = 0
  538. run_error = "paused"
  539. encryptor = None
  540. if self.encrypted:
  541. # Start encrypt
  542. # If no cipher is provided,
  543. # the data is forwarded unencrypted !!!
  544. encryptor = subprocess.Popen([
  545. "openssl", "enc",
  546. "-e", "-" + self.crypto_algorithm,
  547. "-pass", "pass:" + passphrase],
  548. stdin=open(backup_pipe, 'rb'),
  549. stdout=subprocess.PIPE)
  550. pipe = encryptor.stdout
  551. else:
  552. pipe = open(backup_pipe, 'rb')
  553. while run_error == "paused":
  554. # Start HMAC
  555. hmac = subprocess.Popen([
  556. "openssl", "dgst", "-" + self.hmac_algorithm,
  557. "-hmac", passphrase],
  558. stdin=subprocess.PIPE,
  559. stdout=subprocess.PIPE)
  560. # Prepare a first chunk
  561. chunkfile = backup_tempfile + "." + "%03d" % i
  562. i += 1
  563. chunkfile_p = open(chunkfile, 'wb')
  564. common_args = {
  565. 'backup_target': chunkfile_p,
  566. 'hmac': hmac,
  567. 'vmproc': vmproc,
  568. 'addproc': tar_sparse,
  569. 'progress_callback': self._add_vm_progress,
  570. 'size_limit': self.chunk_size,
  571. }
  572. run_error = wait_backup_feedback(
  573. in_stream=pipe, streamproc=encryptor,
  574. **common_args)
  575. chunkfile_p.close()
  576. self.log.debug(
  577. "Wait_backup_feedback returned: {}".format(run_error))
  578. if self.canceled:
  579. try:
  580. tar_sparse.terminate()
  581. except OSError:
  582. pass
  583. try:
  584. hmac.terminate()
  585. except OSError:
  586. pass
  587. tar_sparse.wait()
  588. hmac.wait()
  589. to_send.put(QUEUE_ERROR)
  590. send_proc.join()
  591. shutil.rmtree(self.tmpdir)
  592. raise BackupCanceledError("Backup canceled")
  593. if run_error and run_error != "size_limit":
  594. send_proc.terminate()
  595. if run_error == "VM" and vmproc:
  596. raise qubes.exc.QubesException(
  597. "Failed to write the backup, VM output:\n" +
  598. vmproc.stderr.read(MAX_STDERR_BYTES))
  599. else:
  600. raise qubes.exc.QubesException(
  601. "Failed to perform backup: error in " +
  602. run_error)
  603. # Send the chunk to the backup target
  604. self._queue_put_with_check(
  605. send_proc, vmproc, to_send,
  606. os.path.relpath(chunkfile, self.tmpdir))
  607. # Close HMAC
  608. hmac.stdin.close()
  609. hmac.wait()
  610. self.log.debug("HMAC proc return code: {}".format(
  611. hmac.poll()))
  612. # Write HMAC data next to the chunk file
  613. hmac_data = hmac.stdout.read()
  614. self.log.debug(
  615. "Writing hmac to {}.hmac".format(chunkfile))
  616. with open(chunkfile + ".hmac", 'w') as hmac_file:
  617. hmac_file.write(hmac_data)
  618. # Send the HMAC to the backup target
  619. self._queue_put_with_check(
  620. send_proc, vmproc, to_send,
  621. os.path.relpath(chunkfile, self.tmpdir) + ".hmac")
  622. if tar_sparse.poll() is None or run_error == "size_limit":
  623. run_error = "paused"
  624. else:
  625. self.processes_to_kill_on_cancel.remove(tar_sparse)
  626. self.log.debug(
  627. "Finished tar sparse with exit code {}".format(
  628. tar_sparse.poll()))
  629. pipe.close()
  630. # This VM done, update progress
  631. self._done_vms_bytes += vm_info.size
  632. self._current_vm_bytes = 0
  633. self._send_progress_update()
  634. # Save date of last backup
  635. if vm_info.vm:
  636. vm_info.vm.backup_timestamp = datetime.datetime.now()
  637. self._queue_put_with_check(send_proc, vmproc, to_send, QUEUE_FINISHED)
  638. send_proc.join()
  639. shutil.rmtree(self.tmpdir)
  640. if self.canceled:
  641. raise BackupCanceledError("Backup canceled")
  642. if send_proc.exitcode != 0:
  643. raise qubes.exc.QubesException(
  644. "Failed to send backup: error in the sending process")
  645. if vmproc:
  646. self.log.debug("VMProc1 proc return code: {}".format(vmproc.poll()))
  647. if tar_sparse is not None:
  648. self.log.debug("Sparse1 proc return code: {}".format(
  649. tar_sparse.poll()))
  650. vmproc.stdin.close()
  651. self.app.save()
  652. def wait_backup_feedback(progress_callback, in_stream, streamproc,
  653. backup_target, hmac=None, vmproc=None,
  654. addproc=None,
  655. size_limit=None):
  656. '''
  657. Wait for backup chunk to finish
  658. - Monitor all the processes (streamproc, hmac, vmproc, addproc) for errors
  659. - Copy stdout of streamproc to backup_target and hmac stdin if available
  660. - Compute progress based on total_backup_sz and send progress to
  661. progress_callback function
  662. - Returns if
  663. - one of the monitored processes error out (streamproc, hmac, vmproc,
  664. addproc), along with the processe that failed
  665. - all of the monitored processes except vmproc finished successfully
  666. (vmproc termination is controlled by the python script)
  667. - streamproc does not delivers any data anymore (return with the error
  668. "")
  669. - size_limit is provided and is about to be exceeded
  670. '''
  671. buffer_size = 409600
  672. run_error = None
  673. run_count = 1
  674. bytes_copied = 0
  675. log = logging.getLogger('qubes.backup')
  676. while run_count > 0 and run_error is None:
  677. if size_limit and bytes_copied + buffer_size > size_limit:
  678. return "size_limit"
  679. buf = in_stream.read(buffer_size)
  680. if callable(progress_callback):
  681. progress_callback(len(buf))
  682. bytes_copied += len(buf)
  683. run_count = 0
  684. if hmac:
  685. retcode = hmac.poll()
  686. if retcode is not None:
  687. if retcode != 0:
  688. run_error = "hmac"
  689. else:
  690. run_count += 1
  691. if addproc:
  692. retcode = addproc.poll()
  693. if retcode is not None:
  694. if retcode != 0:
  695. run_error = "addproc"
  696. else:
  697. run_count += 1
  698. if vmproc:
  699. retcode = vmproc.poll()
  700. if retcode is not None:
  701. if retcode != 0:
  702. run_error = "VM"
  703. log.debug(vmproc.stdout.read())
  704. else:
  705. # VM should run until the end
  706. pass
  707. if streamproc:
  708. retcode = streamproc.poll()
  709. if retcode is not None:
  710. if retcode != 0:
  711. run_error = "streamproc"
  712. break
  713. elif retcode == 0 and len(buf) <= 0:
  714. return ""
  715. run_count += 1
  716. else:
  717. if len(buf) <= 0:
  718. return ""
  719. try:
  720. backup_target.write(buf)
  721. except IOError as e:
  722. if e.errno == errno.EPIPE:
  723. run_error = "target"
  724. else:
  725. raise
  726. if hmac:
  727. hmac.stdin.write(buf)
  728. return run_error
  729. class ExtractWorker2(Process):
  730. def __init__(self, queue, base_dir, passphrase, encrypted,
  731. progress_callback, vmproc=None,
  732. compressed=False, crypto_algorithm=DEFAULT_CRYPTO_ALGORITHM,
  733. verify_only=False):
  734. super(ExtractWorker2, self).__init__()
  735. self.queue = queue
  736. self.base_dir = base_dir
  737. self.passphrase = passphrase
  738. self.encrypted = encrypted
  739. self.compressed = compressed
  740. self.crypto_algorithm = crypto_algorithm
  741. self.verify_only = verify_only
  742. self.blocks_backedup = 0
  743. self.tar2_process = None
  744. self.tar2_current_file = None
  745. self.decompressor_process = None
  746. self.decryptor_process = None
  747. self.progress_callback = progress_callback
  748. self.vmproc = vmproc
  749. self.restore_pipe = os.path.join(self.base_dir, "restore_pipe")
  750. self.log = logging.getLogger('qubes.backup.extract')
  751. self.log.debug("Creating pipe in: {}".format(self.restore_pipe))
  752. os.mkfifo(self.restore_pipe)
  753. self.stderr_encoding = sys.stderr.encoding or 'utf-8'
  754. def collect_tar_output(self):
  755. if not self.tar2_process.stderr:
  756. return
  757. if self.tar2_process.poll() is None:
  758. try:
  759. new_lines = self.tar2_process.stderr \
  760. .read(MAX_STDERR_BYTES).splitlines()
  761. except IOError as e:
  762. if e.errno == errno.EAGAIN:
  763. return
  764. else:
  765. raise
  766. else:
  767. new_lines = self.tar2_process.stderr.readlines()
  768. new_lines = map(lambda x: x.decode(self.stderr_encoding), new_lines)
  769. msg_re = re.compile(r".*#[0-9].*restore_pipe")
  770. debug_msg = filter(msg_re.match, new_lines)
  771. self.log.debug('tar2_stderr: {}'.format('\n'.join(debug_msg)))
  772. new_lines = filter(lambda x: not msg_re.match(x), new_lines)
  773. self.tar2_stderr += new_lines
  774. def run(self):
  775. try:
  776. self.__run__()
  777. except Exception as e:
  778. exc_type, exc_value, exc_traceback = sys.exc_info()
  779. # Cleanup children
  780. for process in [self.decompressor_process,
  781. self.decryptor_process,
  782. self.tar2_process]:
  783. if process:
  784. try:
  785. process.terminate()
  786. except OSError:
  787. pass
  788. process.wait()
  789. self.log.error("ERROR: " + unicode(e))
  790. raise e, None, exc_traceback
  791. def __run__(self):
  792. self.log.debug("Started sending thread")
  793. self.log.debug("Moving to dir " + self.base_dir)
  794. os.chdir(self.base_dir)
  795. filename = None
  796. for filename in iter(self.queue.get, None):
  797. if filename in (QUEUE_FINISHED, QUEUE_ERROR):
  798. break
  799. self.log.debug("Extracting file " + filename)
  800. if filename.endswith('.000'):
  801. # next file
  802. if self.tar2_process is not None:
  803. if self.tar2_process.wait() != 0:
  804. self.collect_tar_output()
  805. self.log.error(
  806. "ERROR: unable to extract files for {0}, tar "
  807. "output:\n {1}".
  808. format(self.tar2_current_file,
  809. "\n ".join(self.tar2_stderr)))
  810. else:
  811. # Finished extracting the tar file
  812. self.tar2_process = None
  813. self.tar2_current_file = None
  814. tar2_cmdline = ['tar',
  815. '-%sMkvf' % ("t" if self.verify_only else "x"),
  816. self.restore_pipe,
  817. os.path.relpath(filename.rstrip('.000'))]
  818. self.log.debug("Running command " + unicode(tar2_cmdline))
  819. self.tar2_process = subprocess.Popen(tar2_cmdline,
  820. stdin=subprocess.PIPE,
  821. stderr=subprocess.PIPE)
  822. fcntl.fcntl(self.tar2_process.stderr.fileno(), fcntl.F_SETFL,
  823. fcntl.fcntl(self.tar2_process.stderr.fileno(),
  824. fcntl.F_GETFL) | os.O_NONBLOCK)
  825. self.tar2_stderr = []
  826. elif not self.tar2_process:
  827. # Extracting of the current archive failed, skip to the next
  828. # archive
  829. os.remove(filename)
  830. continue
  831. else:
  832. self.collect_tar_output()
  833. self.log.debug("Releasing next chunck")
  834. self.tar2_process.stdin.write("\n")
  835. self.tar2_process.stdin.flush()
  836. self.tar2_current_file = filename
  837. pipe = open(self.restore_pipe, 'wb')
  838. common_args = {
  839. 'backup_target': pipe,
  840. 'hmac': None,
  841. 'vmproc': self.vmproc,
  842. 'addproc': self.tar2_process
  843. }
  844. if self.encrypted:
  845. # Start decrypt
  846. self.decryptor_process = subprocess.Popen(
  847. ["openssl", "enc",
  848. "-d",
  849. "-" + self.crypto_algorithm,
  850. "-pass",
  851. "pass:" + self.passphrase] +
  852. (["-z"] if self.compressed else []),
  853. stdin=open(filename, 'rb'),
  854. stdout=subprocess.PIPE)
  855. run_error = wait_backup_feedback(
  856. progress_callback=self.progress_callback,
  857. in_stream=self.decryptor_process.stdout,
  858. streamproc=self.decryptor_process,
  859. **common_args)
  860. elif self.compressed:
  861. self.decompressor_process = subprocess.Popen(
  862. ["gzip", "-d"],
  863. stdin=open(filename, 'rb'),
  864. stdout=subprocess.PIPE)
  865. run_error = wait_backup_feedback(
  866. progress_callback=self.progress_callback,
  867. in_stream=self.decompressor_process.stdout,
  868. streamproc=self.decompressor_process,
  869. **common_args)
  870. else:
  871. run_error = wait_backup_feedback(
  872. progress_callback=self.progress_callback,
  873. in_stream=open(filename, "rb"), streamproc=None,
  874. **common_args)
  875. try:
  876. pipe.close()
  877. except IOError as e:
  878. if e.errno == errno.EPIPE:
  879. self.log.debug(
  880. "Got EPIPE while closing pipe to "
  881. "the inner tar process")
  882. # ignore the error
  883. else:
  884. raise
  885. if len(run_error):
  886. if run_error == "target":
  887. self.collect_tar_output()
  888. details = "\n".join(self.tar2_stderr)
  889. else:
  890. details = "%s failed" % run_error
  891. self.tar2_process.terminate()
  892. self.tar2_process.wait()
  893. self.tar2_process = None
  894. self.log.error("Error while processing '{}': {}".format(
  895. self.tar2_current_file, details))
  896. # Delete the file as we don't need it anymore
  897. self.log.debug("Removing file " + filename)
  898. os.remove(filename)
  899. os.unlink(self.restore_pipe)
  900. if self.tar2_process is not None:
  901. if filename == QUEUE_ERROR:
  902. self.tar2_process.terminate()
  903. self.tar2_process.wait()
  904. elif self.tar2_process.wait() != 0:
  905. self.collect_tar_output()
  906. raise qubes.exc.QubesException(
  907. "unable to extract files for {0}.{1} Tar command "
  908. "output: %s".
  909. format(self.tar2_current_file,
  910. (" Perhaps the backup is encrypted?"
  911. if not self.encrypted else "",
  912. "\n".join(self.tar2_stderr))))
  913. else:
  914. # Finished extracting the tar file
  915. self.tar2_process = None
  916. self.log.debug("Finished extracting thread")
  917. class ExtractWorker3(ExtractWorker2):
  918. def __init__(self, queue, base_dir, passphrase, encrypted,
  919. progress_callback, vmproc=None,
  920. compressed=False, crypto_algorithm=DEFAULT_CRYPTO_ALGORITHM,
  921. compression_filter=None, verify_only=False):
  922. super(ExtractWorker3, self).__init__(queue, base_dir, passphrase,
  923. encrypted,
  924. progress_callback, vmproc,
  925. compressed, crypto_algorithm,
  926. verify_only)
  927. self.compression_filter = compression_filter
  928. os.unlink(self.restore_pipe)
  929. def __run__(self):
  930. self.log.debug("Started sending thread")
  931. self.log.debug("Moving to dir " + self.base_dir)
  932. os.chdir(self.base_dir)
  933. filename = None
  934. input_pipe = None
  935. for filename in iter(self.queue.get, None):
  936. if filename in (QUEUE_FINISHED, QUEUE_ERROR):
  937. break
  938. self.log.debug("Extracting file " + filename)
  939. if filename.endswith('.000'):
  940. # next file
  941. if self.tar2_process is not None:
  942. input_pipe.close()
  943. if self.tar2_process.wait() != 0:
  944. self.collect_tar_output()
  945. self.log.error(
  946. "ERROR: unable to extract files for {0}, tar "
  947. "output:\n {1}".
  948. format(self.tar2_current_file,
  949. "\n ".join(self.tar2_stderr)))
  950. else:
  951. # Finished extracting the tar file
  952. self.tar2_process = None
  953. self.tar2_current_file = None
  954. tar2_cmdline = ['tar',
  955. '-%sk' % ("t" if self.verify_only else "x"),
  956. os.path.relpath(filename.rstrip('.000'))]
  957. if self.compressed:
  958. if self.compression_filter:
  959. tar2_cmdline.insert(-1,
  960. "--use-compress-program=%s" %
  961. self.compression_filter)
  962. else:
  963. tar2_cmdline.insert(-1, "--use-compress-program=%s" %
  964. DEFAULT_COMPRESSION_FILTER)
  965. self.log.debug("Running command " + unicode(tar2_cmdline))
  966. if self.encrypted:
  967. # Start decrypt
  968. self.decryptor_process = subprocess.Popen(
  969. ["openssl", "enc",
  970. "-d",
  971. "-" + self.crypto_algorithm,
  972. "-pass",
  973. "pass:" + self.passphrase],
  974. stdin=subprocess.PIPE,
  975. stdout=subprocess.PIPE)
  976. self.tar2_process = subprocess.Popen(
  977. tar2_cmdline,
  978. stdin=self.decryptor_process.stdout,
  979. stderr=subprocess.PIPE)
  980. input_pipe = self.decryptor_process.stdin
  981. else:
  982. self.tar2_process = subprocess.Popen(
  983. tar2_cmdline,
  984. stdin=subprocess.PIPE,
  985. stderr=subprocess.PIPE)
  986. input_pipe = self.tar2_process.stdin
  987. fcntl.fcntl(self.tar2_process.stderr.fileno(), fcntl.F_SETFL,
  988. fcntl.fcntl(self.tar2_process.stderr.fileno(),
  989. fcntl.F_GETFL) | os.O_NONBLOCK)
  990. self.tar2_stderr = []
  991. elif not self.tar2_process:
  992. # Extracting of the current archive failed, skip to the next
  993. # archive
  994. os.remove(filename)
  995. continue
  996. else:
  997. self.log.debug("Releasing next chunck")
  998. self.tar2_current_file = filename
  999. common_args = {
  1000. 'backup_target': input_pipe,
  1001. 'hmac': None,
  1002. 'vmproc': self.vmproc,
  1003. 'addproc': self.tar2_process
  1004. }
  1005. run_error = wait_backup_feedback(
  1006. progress_callback=self.progress_callback,
  1007. in_stream=open(filename, "rb"), streamproc=None,
  1008. **common_args)
  1009. if len(run_error):
  1010. if run_error == "target":
  1011. self.collect_tar_output()
  1012. details = "\n".join(self.tar2_stderr)
  1013. else:
  1014. details = "%s failed" % run_error
  1015. if self.decryptor_process:
  1016. self.decryptor_process.terminate()
  1017. self.decryptor_process.wait()
  1018. self.decryptor_process = None
  1019. self.tar2_process.terminate()
  1020. self.tar2_process.wait()
  1021. self.tar2_process = None
  1022. self.log.error("Error while processing '{}': {}".format(
  1023. self.tar2_current_file, details))
  1024. # Delete the file as we don't need it anymore
  1025. self.log.debug("Removing file " + filename)
  1026. os.remove(filename)
  1027. if self.tar2_process is not None:
  1028. input_pipe.close()
  1029. if filename == QUEUE_ERROR:
  1030. if self.decryptor_process:
  1031. self.decryptor_process.terminate()
  1032. self.decryptor_process.wait()
  1033. self.decryptor_process = None
  1034. self.tar2_process.terminate()
  1035. self.tar2_process.wait()
  1036. elif self.tar2_process.wait() != 0:
  1037. self.collect_tar_output()
  1038. raise qubes.exc.QubesException(
  1039. "unable to extract files for {0}.{1} Tar command "
  1040. "output: %s".
  1041. format(self.tar2_current_file,
  1042. (" Perhaps the backup is encrypted?"
  1043. if not self.encrypted else "",
  1044. "\n".join(self.tar2_stderr))))
  1045. else:
  1046. # Finished extracting the tar file
  1047. self.tar2_process = None
  1048. self.log.debug("Finished extracting thread")
  1049. def get_supported_hmac_algo(hmac_algorithm=None):
  1050. # Start with provided default
  1051. if hmac_algorithm:
  1052. yield hmac_algorithm
  1053. proc = subprocess.Popen(['openssl', 'list-message-digest-algorithms'],
  1054. stdout=subprocess.PIPE)
  1055. for algo in proc.stdout.readlines():
  1056. if '=>' in algo:
  1057. continue
  1058. yield algo.strip()
  1059. proc.wait()
  1060. class BackupRestoreOptions(object):
  1061. def __init__(self):
  1062. #: use default NetVM if the one referenced in backup do not exists on
  1063. # the host
  1064. self.use_default_netvm = True
  1065. #: set NetVM to "none" if the one referenced in backup do not exists
  1066. # on the host
  1067. self.use_none_netvm = False
  1068. #: set template to default if the one referenced in backup do not
  1069. # exists on the host
  1070. self.use_default_template = True
  1071. #: use default kernel if the one referenced in backup do not exists
  1072. # on the host
  1073. self.use_default_kernel = True
  1074. #: restore dom0 home
  1075. self.dom0_home = True
  1076. #: dictionary how what templates should be used instead of those
  1077. # referenced in backup
  1078. self.replace_template = {}
  1079. #: restore dom0 home even if username is different
  1080. self.ignore_username_mismatch = False
  1081. #: do not restore data, only verify backup integrity
  1082. self.verify_only = False
  1083. #: automatically rename VM during restore, when it would conflict
  1084. # with existing one
  1085. self.rename_conflicting = True
  1086. #: list of VM names to exclude
  1087. self.exclude = []
  1088. class BackupRestore(object):
  1089. """Usage:
  1090. >>> restore_op = BackupRestore(...)
  1091. >>> # adjust restore_op.options here
  1092. >>> restore_info = restore_op.get_restore_info()
  1093. >>> # manipulate restore_info to select VMs to restore here
  1094. >>> restore_op.restore_do(restore_info)
  1095. """
  1096. class VMToRestore(object):
  1097. #: VM excluded from restore by user
  1098. EXCLUDED = object()
  1099. #: VM with such name already exists on the host
  1100. ALREADY_EXISTS = object()
  1101. #: NetVM used by the VM does not exists on the host
  1102. MISSING_NETVM = object()
  1103. #: TemplateVM used by the VM does not exists on the host
  1104. MISSING_TEMPLATE = object()
  1105. #: Kernel used by the VM does not exists on the host
  1106. MISSING_KERNEL = object()
  1107. def __init__(self, vm):
  1108. self.vm = vm
  1109. if 'backup-path' in vm.features:
  1110. self.subdir = vm.features['backup-path']
  1111. else:
  1112. self.subdir = None
  1113. if 'backup-size' in vm.features and vm.features['backup-size']:
  1114. self.size = int(vm.features['backup-size'])
  1115. else:
  1116. self.size = 0
  1117. self.problems = set()
  1118. if hasattr(vm, 'template') and vm.template:
  1119. self.template = vm.template.name
  1120. else:
  1121. self.template = None
  1122. if vm.netvm:
  1123. self.netvm = vm.netvm.name
  1124. else:
  1125. self.netvm = None
  1126. self.name = vm.name
  1127. self.orig_template = None
  1128. @property
  1129. def good_to_go(self):
  1130. return len(self.problems) == 0
  1131. class Dom0ToRestore(VMToRestore):
  1132. #: backup was performed on system with different dom0 username
  1133. USERNAME_MISMATCH = object()
  1134. def __init__(self, vm, subdir=None):
  1135. super(BackupRestore.Dom0ToRestore, self).__init__(vm)
  1136. if subdir:
  1137. self.subdir = subdir
  1138. self.username = os.path.basename(subdir)
  1139. def __init__(self, app, backup_location, backup_vm, passphrase):
  1140. super(BackupRestore, self).__init__()
  1141. #: qubes.Qubes instance
  1142. self.app = app
  1143. #: options how the backup should be restored
  1144. self.options = BackupRestoreOptions()
  1145. #: VM from which backup should be retrieved
  1146. self.backup_vm = backup_vm
  1147. if backup_vm and backup_vm.qid == 0:
  1148. self.backup_vm = None
  1149. #: backup path, inside VM pointed by :py:attr:`backup_vm`
  1150. self.backup_location = backup_location
  1151. #: passphrase protecting backup integrity and optionally decryption
  1152. self.passphrase = passphrase
  1153. #: temporary directory used to extract the data before moving to the
  1154. # final location; should be on the same filesystem as /var/lib/qubes
  1155. self.tmpdir = tempfile.mkdtemp(prefix="restore", dir="/var/tmp")
  1156. #: list of processes (Popen objects) to kill on cancel
  1157. self.processes_to_kill_on_cancel = []
  1158. #: is the backup operation canceled
  1159. self.canceled = False
  1160. #: report restore progress, called with one argument - percents of
  1161. # data restored
  1162. # FIXME: convert to float [0,1]
  1163. self.progress_callback = None
  1164. self.log = logging.getLogger('qubes.backup')
  1165. #: basic information about the backup
  1166. self.header_data = self._retrieve_backup_header()
  1167. #: VMs included in the backup
  1168. self.backup_app = self._process_qubes_xml()
  1169. def cancel(self):
  1170. """Cancel running backup operation. Can be called from another thread.
  1171. """
  1172. self.canceled = True
  1173. for proc in self.processes_to_kill_on_cancel:
  1174. try:
  1175. proc.terminate()
  1176. except OSError:
  1177. pass
  1178. def _start_retrieval_process(self, filelist, limit_count, limit_bytes):
  1179. """Retrieve backup stream and extract it to :py:attr:`tmpdir`
  1180. :param filelist: list of files to extract; listing directory name
  1181. will extract the whole directory; use empty list to extract the whole
  1182. archive
  1183. :param limit_count: maximum number of files to extract
  1184. :param limit_bytes: maximum size of extracted data
  1185. :return: a touple of (Popen object of started process, file-like
  1186. object for reading extracted files list, file-like object for reading
  1187. errors)
  1188. """
  1189. vmproc = None
  1190. if self.backup_vm is not None:
  1191. # If APPVM, STDOUT is a PIPE
  1192. vmproc = self.backup_vm.run_service('qubes.Restore',
  1193. passio_popen=True, passio_stderr=True)
  1194. vmproc.stdin.write(
  1195. self.backup_location.replace("\r", "").replace("\n", "") + "\n")
  1196. # Send to tar2qfile the VMs that should be extracted
  1197. vmproc.stdin.write(" ".join(filelist) + "\n")
  1198. self.processes_to_kill_on_cancel.append(vmproc)
  1199. backup_stdin = vmproc.stdout
  1200. tar1_command = ['/usr/libexec/qubes/qfile-dom0-unpacker',
  1201. str(os.getuid()), self.tmpdir, '-v']
  1202. else:
  1203. backup_stdin = open(self.backup_location, 'rb')
  1204. tar1_command = ['tar',
  1205. '-ixv',
  1206. '-C', self.tmpdir] + filelist
  1207. tar1_env = os.environ.copy()
  1208. tar1_env['UPDATES_MAX_BYTES'] = str(limit_bytes)
  1209. tar1_env['UPDATES_MAX_FILES'] = str(limit_count)
  1210. self.log.debug("Run command" + unicode(tar1_command))
  1211. command = subprocess.Popen(
  1212. tar1_command,
  1213. stdin=backup_stdin,
  1214. stdout=vmproc.stdin if vmproc else subprocess.PIPE,
  1215. stderr=subprocess.PIPE,
  1216. env=tar1_env)
  1217. self.processes_to_kill_on_cancel.append(command)
  1218. # qfile-dom0-unpacker output filelist on stderr
  1219. # and have stdout connected to the VM), while tar output filelist
  1220. # on stdout
  1221. if self.backup_vm:
  1222. filelist_pipe = command.stderr
  1223. # let qfile-dom0-unpacker hold the only open FD to the write end of
  1224. # pipe, otherwise qrexec-client will not receive EOF when
  1225. # qfile-dom0-unpacker terminates
  1226. vmproc.stdin.close()
  1227. else:
  1228. filelist_pipe = command.stdout
  1229. if self.backup_vm:
  1230. error_pipe = vmproc.stderr
  1231. else:
  1232. error_pipe = command.stderr
  1233. return command, filelist_pipe, error_pipe
  1234. def _verify_hmac(self, filename, hmacfile, algorithm=None):
  1235. def load_hmac(hmac_text):
  1236. hmac_text = hmac_text.strip().split("=")
  1237. if len(hmac_text) > 1:
  1238. hmac_text = hmac_text[1].strip()
  1239. else:
  1240. raise qubes.exc.QubesException(
  1241. "ERROR: invalid hmac file content")
  1242. return hmac_text
  1243. if algorithm is None:
  1244. algorithm = self.header_data.hmac_algorithm
  1245. passphrase = self.passphrase.encode('utf-8')
  1246. self.log.debug("Verifying file {}".format(filename))
  1247. if hmacfile != filename + ".hmac":
  1248. raise qubes.exc.QubesException(
  1249. "ERROR: expected hmac for {}, but got {}".
  1250. format(filename, hmacfile))
  1251. hmac_proc = subprocess.Popen(
  1252. ["openssl", "dgst", "-" + algorithm, "-hmac", passphrase],
  1253. stdin=open(os.path.join(self.tmpdir, filename), 'rb'),
  1254. stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  1255. hmac_stdout, hmac_stderr = hmac_proc.communicate()
  1256. if len(hmac_stderr) > 0:
  1257. raise qubes.exc.QubesException(
  1258. "ERROR: verify file {0}: {1}".format(filename, hmac_stderr))
  1259. else:
  1260. self.log.debug("Loading hmac for file {}".format(filename))
  1261. hmac = load_hmac(open(os.path.join(self.tmpdir, hmacfile),
  1262. 'r').read())
  1263. if len(hmac) > 0 and load_hmac(hmac_stdout) == hmac:
  1264. os.unlink(os.path.join(self.tmpdir, hmacfile))
  1265. self.log.debug(
  1266. "File verification OK -> Sending file {}".format(filename))
  1267. return True
  1268. else:
  1269. raise qubes.exc.QubesException(
  1270. "ERROR: invalid hmac for file {0}: {1}. "
  1271. "Is the passphrase correct?".
  1272. format(filename, load_hmac(hmac_stdout)))
  1273. def _retrieve_backup_header(self):
  1274. """Retrieve backup header and qubes.xml. Only backup header is
  1275. analyzed, qubes.xml is left as-is
  1276. (not even verified/decrypted/uncompressed)
  1277. :return header_data
  1278. :rtype :py:class:`BackupHeader`
  1279. """
  1280. if not self.backup_vm and os.path.exists(
  1281. os.path.join(self.backup_location, 'qubes.xml')):
  1282. # backup format version 1 doesn't have header
  1283. header_data = BackupHeader()
  1284. header_data.version = 1
  1285. return header_data
  1286. (retrieve_proc, filelist_pipe, error_pipe) = \
  1287. self._start_retrieval_process(
  1288. ['backup-header', 'backup-header.hmac',
  1289. 'qubes.xml.000', 'qubes.xml.000.hmac'], 4, 1024 * 1024)
  1290. expect_tar_error = False
  1291. filename = filelist_pipe.readline().strip()
  1292. hmacfile = filelist_pipe.readline().strip()
  1293. # tar output filename before actually extracting it, so wait for the
  1294. # next one before trying to access it
  1295. if not self.backup_vm:
  1296. filelist_pipe.readline().strip()
  1297. self.log.debug("Got backup header and hmac: {}, {}".format(
  1298. filename, hmacfile))
  1299. if not filename or filename == "EOF" or \
  1300. not hmacfile or hmacfile == "EOF":
  1301. retrieve_proc.wait()
  1302. proc_error_msg = error_pipe.read(MAX_STDERR_BYTES)
  1303. raise qubes.exc.QubesException(
  1304. "Premature end of archive while receiving "
  1305. "backup header. Process output:\n" + proc_error_msg)
  1306. file_ok = False
  1307. hmac_algorithm = DEFAULT_HMAC_ALGORITHM
  1308. for hmac_algo in get_supported_hmac_algo(hmac_algorithm):
  1309. try:
  1310. if self._verify_hmac(filename, hmacfile, hmac_algo):
  1311. file_ok = True
  1312. hmac_algorithm = hmac_algo
  1313. break
  1314. except qubes.exc.QubesException:
  1315. # Ignore exception here, try the next algo
  1316. pass
  1317. if not file_ok:
  1318. raise qubes.exc.QubesException(
  1319. "Corrupted backup header (hmac verification "
  1320. "failed). Is the password correct?")
  1321. if os.path.basename(filename) == HEADER_FILENAME:
  1322. filename = os.path.join(self.tmpdir, filename)
  1323. header_data = BackupHeader(open(filename, 'r').read())
  1324. os.unlink(filename)
  1325. else:
  1326. # if no header found, create one with guessed HMAC algo
  1327. header_data = BackupHeader(
  1328. version=2,
  1329. hmac_algorithm=hmac_algorithm,
  1330. # place explicitly this value, because it is what format_version
  1331. # 2 have
  1332. crypto_algorithm='aes-256-cbc',
  1333. # TODO: set encrypted to something...
  1334. )
  1335. # when tar do not find expected file in archive, it exit with
  1336. # code 2. This will happen because we've requested backup-header
  1337. # file, but the archive do not contain it. Ignore this particular
  1338. # error.
  1339. if not self.backup_vm:
  1340. expect_tar_error = True
  1341. if retrieve_proc.wait() != 0 and not expect_tar_error:
  1342. raise qubes.exc.QubesException(
  1343. "unable to read the qubes backup file {0} ({1}): {2}".format(
  1344. self.backup_location,
  1345. retrieve_proc.wait(),
  1346. error_pipe.read(MAX_STDERR_BYTES)
  1347. ))
  1348. if retrieve_proc in self.processes_to_kill_on_cancel:
  1349. self.processes_to_kill_on_cancel.remove(retrieve_proc)
  1350. # wait for other processes (if any)
  1351. for proc in self.processes_to_kill_on_cancel:
  1352. if proc.wait() != 0:
  1353. raise qubes.exc.QubesException(
  1354. "Backup header retrieval failed (exit code {})".format(
  1355. proc.wait())
  1356. )
  1357. return header_data
  1358. def _start_inner_extraction_worker(self, queue):
  1359. """Start a worker process, extracting inner layer of bacup archive,
  1360. extract them to :py:attr:`tmpdir`.
  1361. End the data by pushing QUEUE_FINISHED or QUEUE_ERROR to the queue.
  1362. :param queue :py:class:`Queue` object to handle files from
  1363. """
  1364. # Setup worker to extract encrypted data chunks to the restore dirs
  1365. # Create the process here to pass it options extracted from
  1366. # backup header
  1367. extractor_params = {
  1368. 'queue': queue,
  1369. 'base_dir': self.tmpdir,
  1370. 'passphrase': self.passphrase,
  1371. 'encrypted': self.header_data.encrypted,
  1372. 'compressed': self.header_data.compressed,
  1373. 'crypto_algorithm': self.header_data.crypto_algorithm,
  1374. 'verify_only': self.options.verify_only,
  1375. 'progress_callback': self.progress_callback,
  1376. }
  1377. format_version = self.header_data.version
  1378. if format_version == 2:
  1379. extract_proc = ExtractWorker2(**extractor_params)
  1380. elif format_version in [3, 4]:
  1381. extractor_params['compression_filter'] = \
  1382. self.header_data.compression_filter
  1383. extract_proc = ExtractWorker3(**extractor_params)
  1384. else:
  1385. raise NotImplementedError(
  1386. "Backup format version %d not supported" % format_version)
  1387. extract_proc.start()
  1388. return extract_proc
  1389. def _process_qubes_xml(self):
  1390. """Verify, unpack and load qubes.xml. Possibly convert its format if
  1391. necessary. It expect that :py:attr:`header_data` is already populated,
  1392. and :py:meth:`retrieve_backup_header` was called.
  1393. """
  1394. if self.header_data.version == 1:
  1395. backup_app = qubes.core2migration.Core2Qubes(
  1396. os.path.join(self.backup_location, 'qubes.xml'),
  1397. offline_mode=True)
  1398. return backup_app
  1399. else:
  1400. self._verify_hmac("qubes.xml.000", "qubes.xml.000.hmac")
  1401. queue = Queue()
  1402. queue.put("qubes.xml.000")
  1403. queue.put(QUEUE_FINISHED)
  1404. extract_proc = self._start_inner_extraction_worker(queue)
  1405. extract_proc.join()
  1406. if extract_proc.exitcode != 0:
  1407. raise qubes.exc.QubesException(
  1408. "unable to extract the qubes backup. "
  1409. "Check extracting process errors.")
  1410. if self.header_data.version in [2, 3]:
  1411. backup_app = qubes.core2migration.Core2Qubes(
  1412. os.path.join(self.tmpdir, 'qubes.xml'), offline_mode=True)
  1413. else:
  1414. backup_app = qubes.Qubes(os.path.join(self.tmpdir, 'qubes.xml'),
  1415. offline_mode=True)
  1416. # Not needed anymore - all the data stored in backup_app
  1417. os.unlink(os.path.join(self.tmpdir, 'qubes.xml'))
  1418. return backup_app
  1419. def _restore_vm_dirs(self, vms_dirs, vms_size):
  1420. # Currently each VM consists of at most 7 archives (count
  1421. # file_to_backup calls in backup_prepare()), but add some safety
  1422. # margin for further extensions. Each archive is divided into 100MB
  1423. # chunks. Additionally each file have own hmac file. So assume upper
  1424. # limit as 2*(10*COUNT_OF_VMS+TOTAL_SIZE/100MB)
  1425. limit_count = str(2 * (10 * len(vms_dirs) +
  1426. int(vms_size / (100 * 1024 * 1024))))
  1427. self.log.debug("Working in temporary dir:" + self.tmpdir)
  1428. self.log.info(
  1429. "Extracting data: " + size_to_human(vms_size) + " to restore")
  1430. # retrieve backup from the backup stream (either VM, or dom0 file)
  1431. (retrieve_proc, filelist_pipe, error_pipe) = \
  1432. self._start_retrieval_process(vms_dirs, limit_count, vms_size)
  1433. to_extract = Queue()
  1434. # extract data retrieved by retrieve_proc
  1435. extract_proc = self._start_inner_extraction_worker(to_extract)
  1436. try:
  1437. filename = None
  1438. nextfile = None
  1439. while True:
  1440. if self.canceled:
  1441. break
  1442. if not extract_proc.is_alive():
  1443. retrieve_proc.terminate()
  1444. retrieve_proc.wait()
  1445. if retrieve_proc in self.processes_to_kill_on_cancel:
  1446. self.processes_to_kill_on_cancel.remove(retrieve_proc)
  1447. # wait for other processes (if any)
  1448. for proc in self.processes_to_kill_on_cancel:
  1449. proc.wait()
  1450. break
  1451. if nextfile is not None:
  1452. filename = nextfile
  1453. else:
  1454. filename = filelist_pipe.readline().strip()
  1455. self.log.debug("Getting new file:" + filename)
  1456. if not filename or filename == "EOF":
  1457. break
  1458. hmacfile = filelist_pipe.readline().strip()
  1459. if self.canceled:
  1460. break
  1461. # if reading archive directly with tar, wait for next filename -
  1462. # tar prints filename before processing it, so wait for
  1463. # the next one to be sure that whole file was extracted
  1464. if not self.backup_vm:
  1465. nextfile = filelist_pipe.readline().strip()
  1466. self.log.debug("Getting hmac:" + hmacfile)
  1467. if not hmacfile or hmacfile == "EOF":
  1468. # Premature end of archive, either of tar1_command or
  1469. # vmproc exited with error
  1470. break
  1471. if not any(map(lambda x: filename.startswith(x), vms_dirs)):
  1472. self.log.debug("Ignoring VM not selected for restore")
  1473. os.unlink(os.path.join(self.tmpdir, filename))
  1474. os.unlink(os.path.join(self.tmpdir, hmacfile))
  1475. continue
  1476. if self._verify_hmac(filename, hmacfile):
  1477. to_extract.put(os.path.join(self.tmpdir, filename))
  1478. if self.canceled:
  1479. raise BackupCanceledError("Restore canceled",
  1480. tmpdir=self.tmpdir)
  1481. if retrieve_proc.wait() != 0:
  1482. raise qubes.exc.QubesException(
  1483. "unable to read the qubes backup file {0} ({1}): {2}"
  1484. .format(self.backup_location, error_pipe.read(
  1485. MAX_STDERR_BYTES)))
  1486. # wait for other processes (if any)
  1487. for proc in self.processes_to_kill_on_cancel:
  1488. proc.wait()
  1489. if proc.returncode != 0:
  1490. raise qubes.exc.QubesException(
  1491. "Backup completed, but VM receiving it reported an error "
  1492. "(exit code {})".format(proc.returncode))
  1493. if filename and filename != "EOF":
  1494. raise qubes.exc.QubesException(
  1495. "Premature end of archive, the last file was %s" % filename)
  1496. except:
  1497. to_extract.put(QUEUE_ERROR)
  1498. extract_proc.join()
  1499. raise
  1500. else:
  1501. to_extract.put(QUEUE_FINISHED)
  1502. self.log.debug("Waiting for the extraction process to finish...")
  1503. extract_proc.join()
  1504. self.log.debug("Extraction process finished with code: {}".format(
  1505. extract_proc.exitcode))
  1506. if extract_proc.exitcode != 0:
  1507. raise qubes.exc.QubesException(
  1508. "unable to extract the qubes backup. "
  1509. "Check extracting process errors.")
  1510. def generate_new_name_for_conflicting_vm(self, orig_name, restore_info):
  1511. number = 1
  1512. if len(orig_name) > 29:
  1513. orig_name = orig_name[0:29]
  1514. new_name = orig_name
  1515. while (new_name in restore_info.keys() or
  1516. new_name in map(lambda x: x.name,
  1517. restore_info.values()) or
  1518. new_name in self.app.domains):
  1519. new_name = str('{}{}'.format(orig_name, number))
  1520. number += 1
  1521. if number == 100:
  1522. # give up
  1523. return None
  1524. return new_name
  1525. def restore_info_verify(self, restore_info):
  1526. for vm in restore_info.keys():
  1527. if vm in ['dom0']:
  1528. continue
  1529. vm_info = restore_info[vm]
  1530. assert isinstance(vm_info, self.VMToRestore)
  1531. vm_info.problems.clear()
  1532. if vm in self.options.exclude:
  1533. vm_info.problems.add(self.VMToRestore.EXCLUDED)
  1534. if not self.options.verify_only and \
  1535. vm in self.app.domains:
  1536. if self.options.rename_conflicting:
  1537. new_name = self.generate_new_name_for_conflicting_vm(
  1538. vm, restore_info
  1539. )
  1540. if new_name is not None:
  1541. vm_info.name = new_name
  1542. else:
  1543. vm_info.problems.add(self.VMToRestore.ALREADY_EXISTS)
  1544. else:
  1545. vm_info.problems.add(self.VMToRestore.ALREADY_EXISTS)
  1546. # check template
  1547. if vm_info.template:
  1548. template_name = vm_info.template
  1549. try:
  1550. host_template = self.app.domains[template_name]
  1551. except KeyError:
  1552. host_template = None
  1553. if not host_template \
  1554. or not isinstance(host_template,
  1555. qubes.vm.templatevm.TemplateVM):
  1556. # Maybe the (custom) template is in the backup?
  1557. if not (template_name in restore_info.keys() and
  1558. restore_info[template_name].good_to_go and
  1559. isinstance(restore_info[template_name].vm,
  1560. qubes.vm.templatevm.TemplateVM)):
  1561. if self.options.use_default_template and \
  1562. self.app.default_template:
  1563. if vm_info.orig_template is None:
  1564. vm_info.orig_template = template_name
  1565. vm_info.template = self.app.default_template.name
  1566. else:
  1567. vm_info.problems.add(
  1568. self.VMToRestore.MISSING_TEMPLATE)
  1569. # check netvm
  1570. if not vm_info.vm.property_is_default('netvm') and vm_info.netvm:
  1571. netvm_name = vm_info.netvm
  1572. try:
  1573. netvm_on_host = self.app.domains[netvm_name]
  1574. except KeyError:
  1575. netvm_on_host = None
  1576. # No netvm on the host?
  1577. if not ((netvm_on_host is not None)
  1578. and netvm_on_host.provides_network):
  1579. # Maybe the (custom) netvm is in the backup?
  1580. if not (netvm_name in restore_info.keys() and
  1581. restore_info[netvm_name].good_to_go and
  1582. restore_info[netvm_name].vm.provides_network):
  1583. if self.options.use_default_netvm:
  1584. vm_info.vm.netvm = qubes.property.DEFAULT
  1585. elif self.options.use_none_netvm:
  1586. vm_info.netvm = None
  1587. else:
  1588. vm_info.problems.add(self.VMToRestore.MISSING_NETVM)
  1589. # check kernel
  1590. if hasattr(vm_info.vm, 'kernel'):
  1591. installed_kernels = os.listdir(os.path.join(
  1592. qubes.config.qubes_base_dir,
  1593. qubes.config.system_path['qubes_kernels_base_dir']))
  1594. # if uses default kernel - do not validate it
  1595. # allow kernel=None only for HVM,
  1596. # otherwise require valid kernel
  1597. if not (vm_info.vm.property_is_default('kernel')
  1598. or (not vm_info.vm.kernel and vm_info.vm.hvm)
  1599. or vm_info.vm.kernel in installed_kernels):
  1600. if self.options.use_default_kernel:
  1601. vm_info.vm.kernel = qubes.property.DEFAULT
  1602. else:
  1603. vm_info.problems.add(self.VMToRestore.MISSING_KERNEL)
  1604. return restore_info
  1605. def _is_vm_included_in_backup_v1(self, check_vm):
  1606. if check_vm.qid == 0:
  1607. return os.path.exists(
  1608. os.path.join(self.backup_location, 'dom0-home'))
  1609. # DisposableVM
  1610. if check_vm.dir_path is None:
  1611. return False
  1612. backup_vm_dir_path = check_vm.dir_path.replace(
  1613. qubes.config.system_path["qubes_base_dir"], self.backup_location)
  1614. if os.path.exists(backup_vm_dir_path):
  1615. return True
  1616. else:
  1617. return False
  1618. @staticmethod
  1619. def _is_vm_included_in_backup_v2(check_vm):
  1620. if 'backup-content' in check_vm.features:
  1621. return check_vm.features['backup-content']
  1622. else:
  1623. return False
  1624. def _find_template_name(self, template):
  1625. if template in self.options.replace_template:
  1626. return self.options.replace_template[template]
  1627. return template
  1628. def _is_vm_included_in_backup(self, vm):
  1629. if self.header_data.version == 1:
  1630. return self._is_vm_included_in_backup_v1(vm)
  1631. elif self.header_data.version in [2, 3, 4]:
  1632. return self._is_vm_included_in_backup_v2(vm)
  1633. else:
  1634. raise qubes.exc.QubesException(
  1635. "Unknown backup format version: {}".format(
  1636. self.header_data.version))
  1637. def get_restore_info(self):
  1638. # Format versions:
  1639. # 1 - Qubes R1, Qubes R2 beta1, beta2
  1640. # 2 - Qubes R2 beta3+
  1641. vms_to_restore = {}
  1642. for vm in self.backup_app.domains:
  1643. if vm.qid == 0:
  1644. # Handle dom0 as special case later
  1645. continue
  1646. if self._is_vm_included_in_backup(vm):
  1647. self.log.debug("{} is included in backup".format(vm.name))
  1648. vms_to_restore[vm.name] = self.VMToRestore(vm)
  1649. if hasattr(vm, 'template'):
  1650. templatevm_name = self._find_template_name(
  1651. vm.template.name)
  1652. vms_to_restore[vm.name].template = templatevm_name
  1653. # Set to None to not confuse QubesVm object from backup
  1654. # collection with host collection (further in clone_attrs).
  1655. vm.netvm = None
  1656. vms_to_restore = self.restore_info_verify(vms_to_restore)
  1657. # ...and dom0 home
  1658. if self.options.dom0_home and \
  1659. self._is_vm_included_in_backup(self.backup_app.domains[0]):
  1660. vm = self.backup_app.domains[0]
  1661. if self.header_data.version == 1:
  1662. subdir = os.listdir(os.path.join(self.backup_location,
  1663. 'dom0-home'))[0]
  1664. else:
  1665. subdir = None
  1666. vms_to_restore['dom0'] = self.Dom0ToRestore(vm, subdir)
  1667. local_user = grp.getgrnam('qubes').gr_mem[0]
  1668. if vms_to_restore['dom0'].username != local_user:
  1669. if not self.options.ignore_username_mismatch:
  1670. vms_to_restore['dom0'].problems.add(
  1671. self.Dom0ToRestore.USERNAME_MISMATCH)
  1672. return vms_to_restore
  1673. @staticmethod
  1674. def get_restore_summary(restore_info):
  1675. fields = {
  1676. "qid": {"func": "vm.qid"},
  1677. "name": {"func": "('[' if isinstance(vm, qubes.vm.templatevm.TemplateVM) else '')\
  1678. + ('{' if vm.provides_network else '')\
  1679. + vm.name \
  1680. + (']' if isinstance(vm, qubes.vm.templatevm.TemplateVM) else '')\
  1681. + ('}' if vm.provides_network else '')"},
  1682. "type": {"func": "'Tpl' if isinstance(vm, qubes.vm.templatevm.TemplateVM) else \
  1683. 'App' if isinstance(vm, qubes.vm.appvm.AppVM) else \
  1684. vm.__class__.__name__.replace('VM','')"},
  1685. "updbl": {"func": "'Yes' if vm.updateable else ''"},
  1686. "template": {"func": "'n/a' if not hasattr(vm, 'template') is None "
  1687. "else vm_info.template"},
  1688. "netvm": {"func": "'n/a' if vm.provides_network else\
  1689. ('*' if vm.property_is_default('netvm') else '') +\
  1690. vm_info.netvm if vm_info.netvm is not None "
  1691. "else '-'"},
  1692. "label": {"func": "vm.label.name"},
  1693. }
  1694. fields_to_display = ["name", "type", "template", "updbl",
  1695. "netvm", "label"]
  1696. # First calculate the maximum width of each field we want to display
  1697. total_width = 0
  1698. for f in fields_to_display:
  1699. fields[f]["max_width"] = len(f)
  1700. for vm_info in restore_info.values():
  1701. if vm_info.vm:
  1702. # noinspection PyUnusedLocal
  1703. vm = vm_info.vm
  1704. l = len(unicode(eval(fields[f]["func"])))
  1705. if l > fields[f]["max_width"]:
  1706. fields[f]["max_width"] = l
  1707. total_width += fields[f]["max_width"]
  1708. summary = ""
  1709. summary += "The following VMs are included in the backup:\n"
  1710. summary += "\n"
  1711. # Display the header
  1712. for f in fields_to_display:
  1713. # noinspection PyTypeChecker
  1714. fmt = "{{0:-^{0}}}-+".format(fields[f]["max_width"] + 1)
  1715. summary += fmt.format('-')
  1716. summary += "\n"
  1717. for f in fields_to_display:
  1718. # noinspection PyTypeChecker
  1719. fmt = "{{0:>{0}}} |".format(fields[f]["max_width"] + 1)
  1720. summary += fmt.format(f)
  1721. summary += "\n"
  1722. for f in fields_to_display:
  1723. # noinspection PyTypeChecker
  1724. fmt = "{{0:-^{0}}}-+".format(fields[f]["max_width"] + 1)
  1725. summary += fmt.format('-')
  1726. summary += "\n"
  1727. for vm_info in restore_info.values():
  1728. assert isinstance(vm_info, BackupRestore.VMToRestore)
  1729. # Skip non-VM here
  1730. if not vm_info.vm:
  1731. continue
  1732. # noinspection PyUnusedLocal
  1733. vm = vm_info.vm
  1734. s = ""
  1735. for f in fields_to_display:
  1736. # noinspection PyTypeChecker
  1737. fmt = "{{0:>{0}}} |".format(fields[f]["max_width"] + 1)
  1738. s += fmt.format(eval(fields[f]["func"]))
  1739. if BackupRestore.VMToRestore.EXCLUDED in vm_info.problems:
  1740. s += " <-- Excluded from restore"
  1741. elif BackupRestore.VMToRestore.ALREADY_EXISTS in vm_info.problems:
  1742. s += " <-- A VM with the same name already exists on the host!"
  1743. elif BackupRestore.VMToRestore.MISSING_TEMPLATE in \
  1744. vm_info.problems:
  1745. s += " <-- No matching template on the host " \
  1746. "or in the backup found!"
  1747. elif BackupRestore.VMToRestore.MISSING_NETVM in \
  1748. vm_info.problems:
  1749. s += " <-- No matching netvm on the host " \
  1750. "or in the backup found!"
  1751. else:
  1752. if vm_info.orig_template:
  1753. s += " <-- Original template was '{}'".format(
  1754. vm_info.orig_template)
  1755. if vm_info.name != vm_info.vm.name:
  1756. s += " <-- Will be renamed to '{}'".format(
  1757. vm_info.name)
  1758. summary += s + "\n"
  1759. if 'dom0' in restore_info.keys():
  1760. s = ""
  1761. for f in fields_to_display:
  1762. # noinspection PyTypeChecker
  1763. fmt = "{{0:>{0}}} |".format(fields[f]["max_width"] + 1)
  1764. if f == "name":
  1765. s += fmt.format("Dom0")
  1766. elif f == "type":
  1767. s += fmt.format("Home")
  1768. else:
  1769. s += fmt.format("")
  1770. if BackupRestore.Dom0ToRestore.USERNAME_MISMATCH in \
  1771. restore_info['dom0'].problems:
  1772. s += " <-- username in backup and dom0 mismatch"
  1773. summary += s + "\n"
  1774. return summary
  1775. def _restore_vm_dir_v1(self, src_dir, dst_dir):
  1776. backup_src_dir = src_dir.replace(
  1777. qubes.config.system_path["qubes_base_dir"], self.backup_location)
  1778. # We prefer to use Linux's cp, because it nicely handles sparse files
  1779. cp_retcode = subprocess.call(
  1780. ["cp", "-rp", "--reflink=auto", backup_src_dir, dst_dir])
  1781. if cp_retcode != 0:
  1782. raise qubes.exc.QubesException(
  1783. "*** Error while copying file {0} to {1}".format(backup_src_dir,
  1784. dst_dir))
  1785. def restore_do(self, restore_info):
  1786. # FIXME handle locking
  1787. # Perform VM restoration in backup order
  1788. vms_dirs = []
  1789. vms_size = 0
  1790. vms = {}
  1791. for vm_info in restore_info.values():
  1792. assert isinstance(vm_info, self.VMToRestore)
  1793. if not vm_info.vm:
  1794. continue
  1795. if not vm_info.good_to_go:
  1796. continue
  1797. vm = vm_info.vm
  1798. if self.header_data.version >= 2:
  1799. if vm.features['backup-size']:
  1800. vms_size += int(vm.features['backup-size'])
  1801. vms_dirs.append(vm.features['backup-path'])
  1802. vms[vm.name] = vm
  1803. if self.header_data.version >= 2:
  1804. if 'dom0' in restore_info.keys() and \
  1805. restore_info['dom0'].good_to_go:
  1806. vms_dirs.append(os.path.dirname(restore_info['dom0'].subdir))
  1807. vms_size += restore_info['dom0'].size
  1808. try:
  1809. self._restore_vm_dirs(vms_dirs=vms_dirs, vms_size=vms_size)
  1810. except qubes.exc.QubesException:
  1811. if self.options.verify_only:
  1812. raise
  1813. else:
  1814. self.log.warning(
  1815. "Some errors occurred during data extraction, "
  1816. "continuing anyway to restore at least some "
  1817. "VMs")
  1818. else:
  1819. if self.options.verify_only:
  1820. self.log.warning(
  1821. "Backup verification not supported for this backup format.")
  1822. if self.options.verify_only:
  1823. shutil.rmtree(self.tmpdir)
  1824. return
  1825. # First load templates, then other VMs
  1826. for vm in sorted(vms.values(),
  1827. key=lambda x: isinstance(x, qubes.vm.templatevm.TemplateVM),
  1828. reverse=True):
  1829. if self.canceled:
  1830. # only break the loop to save qubes.xml
  1831. # with already restored VMs
  1832. break
  1833. self.log.info("-> Restoring {0}...".format(vm.name))
  1834. retcode = subprocess.call(
  1835. ["mkdir", "-p", os.path.dirname(vm.dir_path)])
  1836. if retcode != 0:
  1837. self.log.error("*** Cannot create directory: {0}?!".format(
  1838. vm.dir_path))
  1839. self.log.warning("Skipping VM {}...".format(vm.name))
  1840. continue
  1841. kwargs = {}
  1842. if hasattr(vm, 'template'):
  1843. template = restore_info[vm.name].template
  1844. # handle potentially renamed template
  1845. if template in restore_info \
  1846. and restore_info[template].good_to_go:
  1847. template = restore_info[template].name
  1848. kwargs['template'] = template
  1849. new_vm = None
  1850. vm_name = restore_info[vm.name].name
  1851. try:
  1852. # first only minimal set, later clone_properties
  1853. # will be called
  1854. new_vm = self.app.add_new_vm(
  1855. vm.__class__,
  1856. name=vm_name,
  1857. label=vm.label,
  1858. installed_by_rpm=False,
  1859. **kwargs)
  1860. if os.path.exists(new_vm.dir_path):
  1861. move_to_path = tempfile.mkdtemp('', os.path.basename(
  1862. new_vm.dir_path), os.path.dirname(new_vm.dir_path))
  1863. try:
  1864. os.rename(new_vm.dir_path, move_to_path)
  1865. self.log.warning(
  1866. "*** Directory {} already exists! It has "
  1867. "been moved to {}".format(new_vm.dir_path,
  1868. move_to_path))
  1869. except OSError:
  1870. self.log.error(
  1871. "*** Directory {} already exists and "
  1872. "cannot be moved!".format(new_vm.dir_path))
  1873. self.log.warning("Skipping VM {}...".format(
  1874. vm.name))
  1875. continue
  1876. if self.header_data.version == 1:
  1877. self._restore_vm_dir_v1(vm.dir_path,
  1878. os.path.dirname(new_vm.dir_path))
  1879. else:
  1880. shutil.move(os.path.join(self.tmpdir,
  1881. vm.features['backup-path']),
  1882. new_vm.dir_path)
  1883. new_vm.storage.verify()
  1884. except Exception as err:
  1885. self.log.error("ERROR: {0}".format(err))
  1886. self.log.warning("*** Skipping VM: {0}".format(vm.name))
  1887. if new_vm:
  1888. del self.app.domains[new_vm.qid]
  1889. continue
  1890. # remove no longer needed backup metadata
  1891. if 'backup-content' in vm.features:
  1892. del vm.features['backup-content']
  1893. del vm.features['backup-size']
  1894. del vm.features['backup-path']
  1895. try:
  1896. # exclude VM references - handled manually according to
  1897. # restore options
  1898. proplist = [prop for prop in new_vm.property_list()
  1899. if prop.clone and prop.__name__ not in
  1900. ['template', 'netvm', 'dispvm_netvm']]
  1901. new_vm.clone_properties(vm, proplist=proplist)
  1902. except Exception as err:
  1903. self.log.error("ERROR: {0}".format(err))
  1904. self.log.warning("*** Some VM property will not be "
  1905. "restored")
  1906. try:
  1907. new_vm.fire_event('domain-restore')
  1908. except Exception as err:
  1909. self.log.error("ERROR during appmenu restore: "
  1910. "{0}".format(err))
  1911. self.log.warning(
  1912. "*** VM '{0}' will not have appmenus".format(vm.name))
  1913. # Set network dependencies - only non-default netvm setting
  1914. for vm in vms.values():
  1915. vm_info = restore_info[vm.name]
  1916. vm_name = vm_info.name
  1917. try:
  1918. host_vm = self.app.domains[vm_name]
  1919. except KeyError:
  1920. # Failed/skipped VM
  1921. continue
  1922. if not vm.property_is_default('netvm'):
  1923. if vm_info.netvm in restore_info:
  1924. host_vm.netvm = restore_info[vm_info.netvm].name
  1925. else:
  1926. host_vm.netvm = vm_info.netvm
  1927. self.app.save()
  1928. if self.canceled:
  1929. if self.header_data.version >= 2:
  1930. raise BackupCanceledError("Restore canceled",
  1931. tmpdir=self.tmpdir)
  1932. else:
  1933. raise BackupCanceledError("Restore canceled")
  1934. # ... and dom0 home as last step
  1935. if 'dom0' in restore_info.keys() and restore_info['dom0'].good_to_go:
  1936. backup_path = restore_info['dom0'].subdir
  1937. local_user = grp.getgrnam('qubes').gr_mem[0]
  1938. home_dir = pwd.getpwnam(local_user).pw_dir
  1939. if self.header_data.version == 1:
  1940. backup_dom0_home_dir = os.path.join(self.backup_location,
  1941. backup_path)
  1942. else:
  1943. backup_dom0_home_dir = os.path.join(self.tmpdir, backup_path)
  1944. restore_home_backupdir = "home-pre-restore-{0}".format(
  1945. time.strftime("%Y-%m-%d-%H%M%S"))
  1946. self.log.info(
  1947. "Restoring home of user '{0}'...".format(local_user))
  1948. self.log.info(
  1949. "Existing files/dirs backed up in '{0}' dir".format(
  1950. restore_home_backupdir))
  1951. os.mkdir(home_dir + '/' + restore_home_backupdir)
  1952. for f in os.listdir(backup_dom0_home_dir):
  1953. home_file = home_dir + '/' + f
  1954. if os.path.exists(home_file):
  1955. os.rename(home_file,
  1956. home_dir + '/' + restore_home_backupdir + '/' + f)
  1957. if self.header_data.version == 1:
  1958. subprocess.call(
  1959. ["cp", "-nrp", "--reflink=auto",
  1960. backup_dom0_home_dir + '/' + f, home_file])
  1961. elif self.header_data.version >= 2:
  1962. shutil.move(backup_dom0_home_dir + '/' + f, home_file)
  1963. retcode = subprocess.call(['sudo', 'chown', '-R',
  1964. local_user, home_dir])
  1965. if retcode != 0:
  1966. self.log.error("*** Error while setting home directory owner")
  1967. shutil.rmtree(self.tmpdir)
  1968. self.log.info("-> Done. Please install updates for all the restored "
  1969. "templates.")
  1970. # vim:sw=4:et: