backup.py 88 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263
  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. #
  4. # The Qubes OS Project, http://www.qubes-os.org
  5. #
  6. # Copyright (C) 2013-2015 Marek Marczykowski-Górecki
  7. # <marmarek@invisiblethingslab.com>
  8. # Copyright (C) 2013 Olivier Médoc <o_medoc@yahoo.fr>
  9. #
  10. # This program is free software; you can redistribute it and/or
  11. # modify it under the terms of the GNU General Public License
  12. # as published by the Free Software Foundation; either version 2
  13. # of the License, or (at your option) any later version.
  14. #
  15. # This program is distributed in the hope that it will be useful,
  16. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. # GNU General Public License for more details.
  19. #
  20. # You should have received a copy of the GNU General Public License
  21. # along with this program. If not, see <http://www.gnu.org/licenses/>
  22. #
  23. #
  24. from __future__ import unicode_literals
  25. import itertools
  26. import logging
  27. from qubes.utils import size_to_human
  28. import sys
  29. import os
  30. import fcntl
  31. import subprocess
  32. import re
  33. import shutil
  34. import tempfile
  35. import time
  36. import grp
  37. import pwd
  38. import errno
  39. import datetime
  40. from multiprocessing import Queue, Process
  41. import qubes
  42. import qubes.core2migration
  43. import qubes.storage
  44. import qubes.storage.file
  45. QUEUE_ERROR = "ERROR"
  46. QUEUE_FINISHED = "FINISHED"
  47. HEADER_FILENAME = 'backup-header'
  48. DEFAULT_CRYPTO_ALGORITHM = 'aes-256-cbc'
  49. DEFAULT_HMAC_ALGORITHM = 'SHA512'
  50. DEFAULT_COMPRESSION_FILTER = 'gzip'
  51. CURRENT_BACKUP_FORMAT_VERSION = '4'
  52. # Maximum size of error message get from process stderr (including VM process)
  53. MAX_STDERR_BYTES = 1024
  54. # header + qubes.xml max size
  55. HEADER_QUBES_XML_MAX_SIZE = 1024 * 1024
  56. BLKSIZE = 512
  57. _re_alphanum = re.compile(r'^[A-Za-z0-9-]*$')
  58. class BackupCanceledError(qubes.exc.QubesException):
  59. def __init__(self, msg, tmpdir=None):
  60. super(BackupCanceledError, self).__init__(msg)
  61. self.tmpdir = tmpdir
  62. class BackupHeader(object):
  63. header_keys = {
  64. 'version': 'version',
  65. 'encrypted': 'encrypted',
  66. 'compressed': 'compressed',
  67. 'compression-filter': 'compression_filter',
  68. 'crypto-algorithm': 'crypto_algorithm',
  69. 'hmac-algorithm': 'hmac_algorithm',
  70. }
  71. bool_options = ['encrypted', 'compressed']
  72. int_options = ['version']
  73. def __init__(self,
  74. header_data=None,
  75. version=None,
  76. encrypted=None,
  77. compressed=None,
  78. compression_filter=None,
  79. hmac_algorithm=None,
  80. crypto_algorithm=None):
  81. # repeat the list to help code completion...
  82. self.version = version
  83. self.encrypted = encrypted
  84. self.compressed = compressed
  85. # Options introduced in backup format 3+, which always have a header,
  86. # so no need for fallback in function parameter
  87. self.compression_filter = compression_filter
  88. self.hmac_algorithm = hmac_algorithm
  89. self.crypto_algorithm = crypto_algorithm
  90. if header_data is not None:
  91. self.load(header_data)
  92. def load(self, untrusted_header_text):
  93. """Parse backup header file.
  94. :param untrusted_header_text: header content
  95. :type untrusted_header_text: basestring
  96. .. warning::
  97. This function may be exposed to not yet verified header,
  98. so is security critical.
  99. """
  100. try:
  101. untrusted_header_text = untrusted_header_text.decode('ascii')
  102. except UnicodeDecodeError:
  103. raise qubes.exc.QubesException(
  104. "Non-ASCII characters in backup header")
  105. for untrusted_line in untrusted_header_text.splitlines():
  106. if untrusted_line.count('=') != 1:
  107. raise qubes.exc.QubesException("Invalid backup header")
  108. key, value = untrusted_line.strip().split('=', 1)
  109. if not _re_alphanum.match(key):
  110. raise qubes.exc.QubesException("Invalid backup header (key)")
  111. if key not in self.header_keys.keys():
  112. # Ignoring unknown option
  113. continue
  114. if not _re_alphanum.match(value):
  115. raise qubes.exc.QubesException("Invalid backup header (value)")
  116. if getattr(self, self.header_keys[key]) is not None:
  117. raise qubes.exc.QubesException(
  118. "Duplicated header line: {}".format(key))
  119. if key in self.bool_options:
  120. value = value.lower() in ["1", "true", "yes"]
  121. elif key in self.int_options:
  122. value = int(value)
  123. setattr(self, self.header_keys[key], value)
  124. self.validate()
  125. def validate(self):
  126. if self.version == 1:
  127. # header not really present
  128. pass
  129. elif self.version in [2, 3, 4]:
  130. expected_attrs = ['version', 'encrypted', 'compressed',
  131. 'hmac_algorithm']
  132. if self.encrypted:
  133. expected_attrs += ['crypto_algorithm']
  134. if self.version >= 3 and self.compressed:
  135. expected_attrs += ['compression_filter']
  136. for key in expected_attrs:
  137. if getattr(self, key) is None:
  138. raise qubes.exc.QubesException(
  139. "Backup header lack '{}' info".format(key))
  140. else:
  141. raise qubes.exc.QubesException(
  142. "Unsupported backup version {}".format(self.version))
  143. def save(self, filename):
  144. with open(filename, "w") as f:
  145. # make sure 'version' is the first key
  146. f.write('version={}\n'.format(self.version))
  147. for key, attr in self.header_keys.iteritems():
  148. if key == 'version':
  149. continue
  150. if getattr(self, attr) is None:
  151. continue
  152. f.write("{!s}={!s}\n".format(key, getattr(self, attr)))
  153. class SendWorker(Process):
  154. def __init__(self, queue, base_dir, backup_stdout):
  155. super(SendWorker, self).__init__()
  156. self.queue = queue
  157. self.base_dir = base_dir
  158. self.backup_stdout = backup_stdout
  159. self.log = logging.getLogger('qubes.backup')
  160. def run(self):
  161. self.log.debug("Started sending thread")
  162. self.log.debug("Moving to temporary dir".format(self.base_dir))
  163. os.chdir(self.base_dir)
  164. for filename in iter(self.queue.get, None):
  165. if filename in (QUEUE_FINISHED, QUEUE_ERROR):
  166. break
  167. self.log.debug("Sending file {}".format(filename))
  168. # This tar used for sending data out need to be as simple, as
  169. # simple, as featureless as possible. It will not be
  170. # verified before untaring.
  171. tar_final_cmd = ["tar", "-cO", "--posix",
  172. "-C", self.base_dir, filename]
  173. final_proc = subprocess.Popen(tar_final_cmd,
  174. stdin=subprocess.PIPE,
  175. stdout=self.backup_stdout)
  176. if final_proc.wait() >= 2:
  177. if self.queue.full():
  178. # if queue is already full, remove some entry to wake up
  179. # main thread, so it will be able to notice error
  180. self.queue.get()
  181. # handle only exit code 2 (tar fatal error) or
  182. # greater (call failed?)
  183. raise qubes.exc.QubesException(
  184. "ERROR: Failed to write the backup, out of disk space? "
  185. "Check console output or ~/.xsession-errors for details.")
  186. # Delete the file as we don't need it anymore
  187. self.log.debug("Removing file {}".format(filename))
  188. os.remove(filename)
  189. self.log.debug("Finished sending thread")
  190. class Backup(object):
  191. class FileToBackup(object):
  192. def __init__(self, file_path, subdir=None):
  193. sz = qubes.storage.file.get_disk_usage(file_path)
  194. if subdir is None:
  195. abs_file_path = os.path.abspath(file_path)
  196. abs_base_dir = os.path.abspath(
  197. qubes.config.system_path["qubes_base_dir"]) + '/'
  198. abs_file_dir = os.path.dirname(abs_file_path) + '/'
  199. (nothing, directory, subdir) = abs_file_dir.partition(abs_base_dir)
  200. assert nothing == ""
  201. assert directory == abs_base_dir
  202. else:
  203. if len(subdir) > 0 and not subdir.endswith('/'):
  204. subdir += '/'
  205. self.path = file_path
  206. self.size = sz
  207. self.subdir = subdir
  208. class VMToBackup(object):
  209. def __init__(self, vm, files, subdir):
  210. self.vm = vm
  211. self.files = files
  212. self.subdir = subdir
  213. @property
  214. def size(self):
  215. return reduce(lambda x, y: x + y.size, self.files, 0)
  216. def __init__(self, app, vms_list=None, exclude_list=None, **kwargs):
  217. """
  218. If vms = None, include all (sensible) VMs;
  219. exclude_list is always applied
  220. """
  221. super(Backup, self).__init__()
  222. #: progress of the backup - bytes handled of the current VM
  223. self.chunk_size = 100 * 1024 * 1024
  224. self._current_vm_bytes = 0
  225. #: progress of the backup - bytes handled of finished VMs
  226. self._done_vms_bytes = 0
  227. #: total backup size (set by :py:meth:`get_files_to_backup`)
  228. self.total_backup_bytes = 0
  229. #: application object
  230. self.app = app
  231. #: directory for temporary files - set after creating the directory
  232. self.tmpdir = None
  233. # Backup settings - defaults
  234. #: should the backup be encrypted?
  235. self.encrypted = True
  236. #: should the backup be compressed?
  237. self.compressed = True
  238. #: what passphrase should be used to intergrity protect (and encrypt)
  239. #: the backup; required
  240. self.passphrase = None
  241. #: custom hmac algorithm
  242. self.hmac_algorithm = DEFAULT_HMAC_ALGORITHM
  243. #: custom encryption algorithm
  244. self.crypto_algorithm = DEFAULT_CRYPTO_ALGORITHM
  245. #: custom compression filter; a program which process stdin to stdout
  246. self.compression_filter = DEFAULT_COMPRESSION_FILTER
  247. #: VM to which backup should be sent (if any)
  248. self.target_vm = None
  249. #: directory to save backup in (either in dom0 or target VM,
  250. #: depending on :py:attr:`target_vm`
  251. self.target_dir = None
  252. #: callback for progress reporting. Will be called with one argument
  253. #: - progress in percents
  254. self.progress_callback = None
  255. for key, value in kwargs.iteritems():
  256. if hasattr(self, key):
  257. setattr(self, key, value)
  258. else:
  259. raise AttributeError(key)
  260. #: whether backup was canceled
  261. self.canceled = False
  262. #: list of PIDs to kill on backup cancel
  263. self.processes_to_kill_on_cancel = []
  264. self.log = logging.getLogger('qubes.backup')
  265. # FIXME: drop this legacy feature?
  266. if isinstance(self.compressed, basestring):
  267. self.compression_filter = self.compressed
  268. self.compressed = True
  269. else:
  270. self.compression_filter = DEFAULT_COMPRESSION_FILTER
  271. if exclude_list is None:
  272. exclude_list = []
  273. if vms_list is None:
  274. vms_list = [vm for vm in app.domains if vm.include_in_backups]
  275. # Apply exclude list
  276. self.vms_for_backup = [vm for vm in vms_list
  277. if vm.name not in exclude_list]
  278. def __del__(self):
  279. if self.tmpdir and os.path.exists(self.tmpdir):
  280. shutil.rmtree(self.tmpdir)
  281. def cancel(self):
  282. """Cancel running backup operation. Can be called from another thread.
  283. """
  284. self.canceled = True
  285. for proc in self.processes_to_kill_on_cancel:
  286. try:
  287. proc.terminate()
  288. except OSError:
  289. pass
  290. def get_files_to_backup(self):
  291. files_to_backup = {}
  292. for vm in self.vms_for_backup:
  293. if vm.qid == 0:
  294. # handle dom0 later
  295. continue
  296. if self.encrypted:
  297. subdir = 'vm%d/' % vm.qid
  298. else:
  299. subdir = None
  300. vm_files = []
  301. if vm.private_img is not None:
  302. vm_files.append(self.FileToBackup(vm.private_img, subdir))
  303. vm_files.append(self.FileToBackup(vm.icon_path, subdir))
  304. vm_files.extend(self.FileToBackup(i, subdir)
  305. for i in vm.fire_event('backup-get-files'))
  306. # TODO: drop after merging firewall.xml into qubes.xml
  307. firewall_conf = os.path.join(vm.dir_path, vm.firewall_conf)
  308. if os.path.exists(firewall_conf):
  309. vm_files.append(self.FileToBackup(firewall_conf, subdir))
  310. if vm.updateable:
  311. vm_files.append(self.FileToBackup(vm.root_img, subdir))
  312. files_to_backup[vm.qid] = self.VMToBackup(vm, vm_files, subdir)
  313. # Dom0 user home
  314. if 0 in [vm.qid for vm in self.vms_for_backup]:
  315. local_user = grp.getgrnam('qubes').gr_mem[0]
  316. home_dir = pwd.getpwnam(local_user).pw_dir
  317. # Home dir should have only user-owned files, so fix it now
  318. # to prevent permissions problems - some root-owned files can
  319. # left after 'sudo bash' and similar commands
  320. subprocess.check_call(['sudo', 'chown', '-R', local_user, home_dir])
  321. home_to_backup = [
  322. self.FileToBackup(home_dir, 'dom0-home/')]
  323. vm_files = home_to_backup
  324. files_to_backup[0] = self.VMToBackup(self.app.domains[0],
  325. vm_files,
  326. os.path.join('dom0-home', os.path.basename(home_dir)))
  327. self.total_backup_bytes = reduce(
  328. lambda x, y: x + y.size, files_to_backup.values(), 0)
  329. return files_to_backup
  330. def get_backup_summary(self):
  331. summary = ""
  332. fields_to_display = [
  333. {"name": "VM", "width": 16},
  334. {"name": "type", "width": 12},
  335. {"name": "size", "width": 12}
  336. ]
  337. # Display the header
  338. for f in fields_to_display:
  339. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  340. summary += fmt.format('-')
  341. summary += "\n"
  342. for f in fields_to_display:
  343. fmt = "{{0:>{0}}} |".format(f["width"] + 1)
  344. summary += fmt.format(f["name"])
  345. summary += "\n"
  346. for f in fields_to_display:
  347. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  348. summary += fmt.format('-')
  349. summary += "\n"
  350. files_to_backup = self.get_files_to_backup()
  351. for qid, vm_info in files_to_backup.iteritems():
  352. s = ""
  353. fmt = "{{0:>{0}}} |".format(fields_to_display[0]["width"] + 1)
  354. s += fmt.format(vm_info['vm'].name)
  355. fmt = "{{0:>{0}}} |".format(fields_to_display[1]["width"] + 1)
  356. if qid == 0:
  357. s += fmt.format("User home")
  358. elif vm_info['vm'].is_template():
  359. s += fmt.format("Template VM")
  360. else:
  361. s += fmt.format("VM" + (" + Sys" if vm_info['vm'].updateable
  362. else ""))
  363. vm_size = vm_info['size']
  364. fmt = "{{0:>{0}}} |".format(fields_to_display[2]["width"] + 1)
  365. s += fmt.format(size_to_human(vm_size))
  366. if qid != 0 and vm_info['vm'].is_running():
  367. s += " <-- The VM is running, please shut it down before proceeding " \
  368. "with the backup!"
  369. summary += s + "\n"
  370. for f in fields_to_display:
  371. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  372. summary += fmt.format('-')
  373. summary += "\n"
  374. fmt = "{{0:>{0}}} |".format(fields_to_display[0]["width"] + 1)
  375. summary += fmt.format("Total size:")
  376. fmt = "{{0:>{0}}} |".format(
  377. fields_to_display[1]["width"] + 1 + 2 + fields_to_display[2][
  378. "width"] + 1)
  379. summary += fmt.format(size_to_human(self.total_backup_bytes))
  380. summary += "\n"
  381. for f in fields_to_display:
  382. fmt = "{{0:-^{0}}}-+".format(f["width"] + 1)
  383. summary += fmt.format('-')
  384. summary += "\n"
  385. vms_not_for_backup = [vm.name for vm in self.app.domains
  386. if vm not in self.vms_for_backup]
  387. summary += "VMs not selected for backup:\n - " + "\n - ".join(
  388. sorted(vms_not_for_backup))
  389. return summary
  390. def prepare_backup_header(self):
  391. header_file_path = os.path.join(self.tmpdir, HEADER_FILENAME)
  392. backup_header = BackupHeader(
  393. version=CURRENT_BACKUP_FORMAT_VERSION,
  394. hmac_algorithm=self.hmac_algorithm,
  395. crypto_algorithm=self.crypto_algorithm,
  396. encrypted=self.encrypted,
  397. compressed=self.compressed,
  398. compression_filter=self.compression_filter,
  399. )
  400. backup_header.save(header_file_path)
  401. hmac = subprocess.Popen(
  402. ["openssl", "dgst", "-" + self.hmac_algorithm,
  403. "-hmac", self.passphrase],
  404. stdin=open(header_file_path, "r"),
  405. stdout=open(header_file_path + ".hmac", "w"))
  406. if hmac.wait() != 0:
  407. raise qubes.exc.QubesException(
  408. "Failed to compute hmac of header file")
  409. return HEADER_FILENAME, HEADER_FILENAME + ".hmac"
  410. @staticmethod
  411. def _queue_put_with_check(proc, vmproc, queue, element):
  412. if queue.full():
  413. if not proc.is_alive():
  414. if vmproc:
  415. message = ("Failed to write the backup, VM output:\n" +
  416. vmproc.stderr.read())
  417. else:
  418. message = "Failed to write the backup. Out of disk space?"
  419. raise qubes.exc.QubesException(message)
  420. queue.put(element)
  421. def _send_progress_update(self):
  422. if callable(self.progress_callback):
  423. progress = (
  424. 100 * (self._done_vms_bytes + self._current_vm_bytes) /
  425. self.total_backup_bytes)
  426. self.progress_callback(progress)
  427. def _add_vm_progress(self, bytes_done):
  428. self._current_vm_bytes += bytes_done
  429. self._send_progress_update()
  430. def backup_do(self):
  431. if self.passphrase is None:
  432. raise qubes.exc.QubesException("No passphrase set")
  433. qubes_xml = self.app.store
  434. self.tmpdir = tempfile.mkdtemp()
  435. shutil.copy(qubes_xml, os.path.join(self.tmpdir, 'qubes.xml'))
  436. qubes_xml = os.path.join(self.tmpdir, 'qubes.xml')
  437. backup_app = qubes.Qubes(qubes_xml)
  438. # FIXME: cache it earlier?
  439. files_to_backup = self.get_files_to_backup()
  440. # make sure backup_content isn't set initially
  441. for vm in backup_app.domains:
  442. vm.features['backup-content'] = False
  443. for qid, vm_info in files_to_backup.iteritems():
  444. if qid != 0 and vm_info.vm.is_running():
  445. raise qubes.exc.QubesVMNotHaltedError(vm_info.vm)
  446. # VM is included in the backup
  447. backup_app.domains[qid].features['backup-content'] = True
  448. backup_app.domains[qid].features['backup-path'] = vm_info.subdir
  449. backup_app.domains[qid].features['backup-size'] = vm_info.size
  450. backup_app.save()
  451. passphrase = self.passphrase.encode('utf-8')
  452. vmproc = None
  453. tar_sparse = None
  454. if self.target_vm is not None:
  455. # Prepare the backup target (Qubes service call)
  456. # If APPVM, STDOUT is a PIPE
  457. vmproc = self.target_vm.run_service('qubes.Backup',
  458. passio_popen=True, passio_stderr=True)
  459. vmproc.stdin.write(self.target_dir.
  460. replace("\r", "").replace("\n", "") + "\n")
  461. backup_stdout = vmproc.stdin
  462. self.processes_to_kill_on_cancel.append(vmproc)
  463. else:
  464. # Prepare the backup target (local file)
  465. if os.path.isdir(self.target_dir):
  466. backup_target = self.target_dir + "/qubes-{0}". \
  467. format(time.strftime("%Y-%m-%dT%H%M%S"))
  468. else:
  469. backup_target = self.target_dir
  470. # Create the target directory
  471. if not os.path.exists(os.path.dirname(self.target_dir)):
  472. raise qubes.exc.QubesException(
  473. "ERROR: the backup directory for {0} does not exists".
  474. format(self.target_dir))
  475. # If not APPVM, STDOUT is a local file
  476. backup_stdout = open(backup_target, 'wb')
  477. # Tar with tape length does not deals well with stdout
  478. # (close stdout between two tapes)
  479. # For this reason, we will use named pipes instead
  480. self.log.debug("Working in {}".format(self.tmpdir))
  481. backup_pipe = os.path.join(self.tmpdir, "backup_pipe")
  482. self.log.debug("Creating pipe in: {}".format(backup_pipe))
  483. os.mkfifo(backup_pipe)
  484. self.log.debug("Will backup: {}".format(files_to_backup))
  485. header_files = self.prepare_backup_header()
  486. # Setup worker to send encrypted data chunks to the backup_target
  487. to_send = Queue(10)
  488. send_proc = SendWorker(to_send, self.tmpdir, backup_stdout)
  489. send_proc.start()
  490. for f in header_files:
  491. to_send.put(f)
  492. vm_files_to_backup = self.get_files_to_backup()
  493. qubes_xml_info = self.VMToBackup(
  494. None,
  495. [self.FileToBackup(qubes_xml, '')],
  496. ''
  497. )
  498. for vm_info in itertools.chain([qubes_xml_info],
  499. vm_files_to_backup.itervalues()):
  500. for file_info in vm_info.files:
  501. self.log.debug("Backing up {}".format(file_info))
  502. backup_tempfile = os.path.join(
  503. self.tmpdir, file_info.subdir,
  504. os.path.basename(file_info.path))
  505. self.log.debug("Using temporary location: {}".format(
  506. backup_tempfile))
  507. # Ensure the temporary directory exists
  508. if not os.path.isdir(os.path.dirname(backup_tempfile)):
  509. os.makedirs(os.path.dirname(backup_tempfile))
  510. # The first tar cmd can use any complex feature as we want.
  511. # Files will be verified before untaring this.
  512. # Prefix the path in archive with filename["subdir"] to have it
  513. # verified during untar
  514. tar_cmdline = (["tar", "-Pc", '--sparse',
  515. "-f", backup_pipe,
  516. '-C', os.path.dirname(file_info.path)] +
  517. (['--dereference'] if
  518. file_info.subdir != "dom0-home/" else []) +
  519. ['--xform', 's:^%s:%s\\0:' % (
  520. os.path.basename(file_info.path),
  521. file_info.subdir),
  522. os.path.basename(file_info.path)
  523. ])
  524. if self.compressed:
  525. tar_cmdline.insert(-1,
  526. "--use-compress-program=%s" % self.compression_filter)
  527. self.log.debug(" ".join(tar_cmdline))
  528. # Tips: Popen(bufsize=0)
  529. # Pipe: tar-sparse | encryptor [| hmac] | tar | backup_target
  530. # Pipe: tar-sparse [| hmac] | tar | backup_target
  531. # TODO: log handle stderr
  532. tar_sparse = subprocess.Popen(
  533. tar_cmdline, stdin=subprocess.PIPE)
  534. self.processes_to_kill_on_cancel.append(tar_sparse)
  535. # Wait for compressor (tar) process to finish or for any
  536. # error of other subprocesses
  537. i = 0
  538. run_error = "paused"
  539. encryptor = None
  540. if self.encrypted:
  541. # Start encrypt
  542. # If no cipher is provided,
  543. # the data is forwarded unencrypted !!!
  544. encryptor = subprocess.Popen([
  545. "openssl", "enc",
  546. "-e", "-" + self.crypto_algorithm,
  547. "-pass", "pass:" + passphrase],
  548. stdin=open(backup_pipe, 'rb'),
  549. stdout=subprocess.PIPE)
  550. pipe = encryptor.stdout
  551. else:
  552. pipe = open(backup_pipe, 'rb')
  553. while run_error == "paused":
  554. # Start HMAC
  555. hmac = subprocess.Popen([
  556. "openssl", "dgst", "-" + self.hmac_algorithm,
  557. "-hmac", passphrase],
  558. stdin=subprocess.PIPE,
  559. stdout=subprocess.PIPE)
  560. # Prepare a first chunk
  561. chunkfile = backup_tempfile + "." + "%03d" % i
  562. i += 1
  563. chunkfile_p = open(chunkfile, 'wb')
  564. common_args = {
  565. 'backup_target': chunkfile_p,
  566. 'hmac': hmac,
  567. 'vmproc': vmproc,
  568. 'addproc': tar_sparse,
  569. 'progress_callback': self._add_vm_progress,
  570. 'size_limit': self.chunk_size,
  571. }
  572. run_error = wait_backup_feedback(
  573. in_stream=pipe, streamproc=encryptor,
  574. **common_args)
  575. chunkfile_p.close()
  576. self.log.debug(
  577. "Wait_backup_feedback returned: {}".format(run_error))
  578. if self.canceled:
  579. try:
  580. tar_sparse.terminate()
  581. except OSError:
  582. pass
  583. try:
  584. hmac.terminate()
  585. except OSError:
  586. pass
  587. tar_sparse.wait()
  588. hmac.wait()
  589. to_send.put(QUEUE_ERROR)
  590. send_proc.join()
  591. shutil.rmtree(self.tmpdir)
  592. raise BackupCanceledError("Backup canceled")
  593. if run_error and run_error != "size_limit":
  594. send_proc.terminate()
  595. if run_error == "VM" and vmproc:
  596. raise qubes.exc.QubesException(
  597. "Failed to write the backup, VM output:\n" +
  598. vmproc.stderr.read(MAX_STDERR_BYTES))
  599. else:
  600. raise qubes.exc.QubesException(
  601. "Failed to perform backup: error in " +
  602. run_error)
  603. # Send the chunk to the backup target
  604. self._queue_put_with_check(
  605. send_proc, vmproc, to_send,
  606. os.path.relpath(chunkfile, self.tmpdir))
  607. # Close HMAC
  608. hmac.stdin.close()
  609. hmac.wait()
  610. self.log.debug("HMAC proc return code: {}".format(
  611. hmac.poll()))
  612. # Write HMAC data next to the chunk file
  613. hmac_data = hmac.stdout.read()
  614. self.log.debug(
  615. "Writing hmac to {}.hmac".format(chunkfile))
  616. with open(chunkfile + ".hmac", 'w') as hmac_file:
  617. hmac_file.write(hmac_data)
  618. # Send the HMAC to the backup target
  619. self._queue_put_with_check(
  620. send_proc, vmproc, to_send,
  621. os.path.relpath(chunkfile, self.tmpdir) + ".hmac")
  622. if tar_sparse.poll() is None or run_error == "size_limit":
  623. run_error = "paused"
  624. else:
  625. self.processes_to_kill_on_cancel.remove(tar_sparse)
  626. self.log.debug(
  627. "Finished tar sparse with exit code {}".format(
  628. tar_sparse.poll()))
  629. pipe.close()
  630. # This VM done, update progress
  631. self._done_vms_bytes += vm_info.size
  632. self._current_vm_bytes = 0
  633. self._send_progress_update()
  634. # Save date of last backup
  635. if vm_info.vm:
  636. vm_info.vm.backup_timestamp = datetime.datetime.now()
  637. self._queue_put_with_check(send_proc, vmproc, to_send, QUEUE_FINISHED)
  638. send_proc.join()
  639. shutil.rmtree(self.tmpdir)
  640. if self.canceled:
  641. raise BackupCanceledError("Backup canceled")
  642. if send_proc.exitcode != 0:
  643. raise qubes.exc.QubesException(
  644. "Failed to send backup: error in the sending process")
  645. if vmproc:
  646. self.log.debug("VMProc1 proc return code: {}".format(vmproc.poll()))
  647. if tar_sparse is not None:
  648. self.log.debug("Sparse1 proc return code: {}".format(
  649. tar_sparse.poll()))
  650. vmproc.stdin.close()
  651. self.app.save()
  652. def wait_backup_feedback(progress_callback, in_stream, streamproc,
  653. backup_target, hmac=None, vmproc=None,
  654. addproc=None,
  655. size_limit=None):
  656. '''
  657. Wait for backup chunk to finish
  658. - Monitor all the processes (streamproc, hmac, vmproc, addproc) for errors
  659. - Copy stdout of streamproc to backup_target and hmac stdin if available
  660. - Compute progress based on total_backup_sz and send progress to
  661. progress_callback function
  662. - Returns if
  663. - one of the monitored processes error out (streamproc, hmac, vmproc,
  664. addproc), along with the processe that failed
  665. - all of the monitored processes except vmproc finished successfully
  666. (vmproc termination is controlled by the python script)
  667. - streamproc does not delivers any data anymore (return with the error
  668. "")
  669. - size_limit is provided and is about to be exceeded
  670. '''
  671. buffer_size = 409600
  672. run_error = None
  673. run_count = 1
  674. bytes_copied = 0
  675. log = logging.getLogger('qubes.backup')
  676. while run_count > 0 and run_error is None:
  677. if size_limit and bytes_copied + buffer_size > size_limit:
  678. return "size_limit"
  679. buf = in_stream.read(buffer_size)
  680. if callable(progress_callback):
  681. progress_callback(len(buf))
  682. bytes_copied += len(buf)
  683. run_count = 0
  684. if hmac:
  685. retcode = hmac.poll()
  686. if retcode is not None:
  687. if retcode != 0:
  688. run_error = "hmac"
  689. else:
  690. run_count += 1
  691. if addproc:
  692. retcode = addproc.poll()
  693. if retcode is not None:
  694. if retcode != 0:
  695. run_error = "addproc"
  696. else:
  697. run_count += 1
  698. if vmproc:
  699. retcode = vmproc.poll()
  700. if retcode is not None:
  701. if retcode != 0:
  702. run_error = "VM"
  703. log.debug(vmproc.stdout.read())
  704. else:
  705. # VM should run until the end
  706. pass
  707. if streamproc:
  708. retcode = streamproc.poll()
  709. if retcode is not None:
  710. if retcode != 0:
  711. run_error = "streamproc"
  712. break
  713. elif retcode == 0 and len(buf) <= 0:
  714. return ""
  715. run_count += 1
  716. else:
  717. if len(buf) <= 0:
  718. return ""
  719. try:
  720. backup_target.write(buf)
  721. except IOError as e:
  722. if e.errno == errno.EPIPE:
  723. run_error = "target"
  724. else:
  725. raise
  726. if hmac:
  727. hmac.stdin.write(buf)
  728. return run_error
  729. class ExtractWorker2(Process):
  730. def __init__(self, queue, base_dir, passphrase, encrypted,
  731. progress_callback, vmproc=None,
  732. compressed=False, crypto_algorithm=DEFAULT_CRYPTO_ALGORITHM,
  733. verify_only=False):
  734. super(ExtractWorker2, self).__init__()
  735. self.queue = queue
  736. self.base_dir = base_dir
  737. self.passphrase = passphrase
  738. self.encrypted = encrypted
  739. self.compressed = compressed
  740. self.crypto_algorithm = crypto_algorithm
  741. self.verify_only = verify_only
  742. self.blocks_backedup = 0
  743. self.tar2_process = None
  744. self.tar2_current_file = None
  745. self.decompressor_process = None
  746. self.decryptor_process = None
  747. self.progress_callback = progress_callback
  748. self.vmproc = vmproc
  749. self.restore_pipe = os.path.join(self.base_dir, "restore_pipe")
  750. self.log = logging.getLogger('qubes.backup.extract')
  751. self.log.debug("Creating pipe in: {}".format(self.restore_pipe))
  752. os.mkfifo(self.restore_pipe)
  753. self.stderr_encoding = sys.stderr.encoding or 'utf-8'
  754. def collect_tar_output(self):
  755. if not self.tar2_process.stderr:
  756. return
  757. if self.tar2_process.poll() is None:
  758. try:
  759. new_lines = self.tar2_process.stderr \
  760. .read(MAX_STDERR_BYTES).splitlines()
  761. except IOError as e:
  762. if e.errno == errno.EAGAIN:
  763. return
  764. else:
  765. raise
  766. else:
  767. new_lines = self.tar2_process.stderr.readlines()
  768. new_lines = map(lambda x: x.decode(self.stderr_encoding), new_lines)
  769. msg_re = re.compile(r".*#[0-9].*restore_pipe")
  770. debug_msg = filter(msg_re.match, new_lines)
  771. self.log.debug('tar2_stderr: {}'.format('\n'.join(debug_msg)))
  772. new_lines = filter(lambda x: not msg_re.match(x), new_lines)
  773. self.tar2_stderr += new_lines
  774. def run(self):
  775. try:
  776. self.__run__()
  777. except Exception as e:
  778. exc_type, exc_value, exc_traceback = sys.exc_info()
  779. # Cleanup children
  780. for process in [self.decompressor_process,
  781. self.decryptor_process,
  782. self.tar2_process]:
  783. if process:
  784. # FIXME: kill()?
  785. try:
  786. process.terminate()
  787. except OSError:
  788. pass
  789. process.wait()
  790. self.log.error("ERROR: " + unicode(e))
  791. raise e, None, exc_traceback
  792. def __run__(self):
  793. self.log.debug("Started sending thread")
  794. self.log.debug("Moving to dir " + self.base_dir)
  795. os.chdir(self.base_dir)
  796. filename = None
  797. for filename in iter(self.queue.get, None):
  798. if filename in (QUEUE_FINISHED, QUEUE_ERROR):
  799. break
  800. self.log.debug("Extracting file " + filename)
  801. if filename.endswith('.000'):
  802. # next file
  803. if self.tar2_process is not None:
  804. if self.tar2_process.wait() != 0:
  805. self.collect_tar_output()
  806. self.log.error(
  807. "ERROR: unable to extract files for {0}, tar "
  808. "output:\n {1}".
  809. format(self.tar2_current_file,
  810. "\n ".join(self.tar2_stderr)))
  811. else:
  812. # Finished extracting the tar file
  813. self.tar2_process = None
  814. self.tar2_current_file = None
  815. tar2_cmdline = ['tar',
  816. '-%sMkvf' % ("t" if self.verify_only else "x"),
  817. self.restore_pipe,
  818. os.path.relpath(filename.rstrip('.000'))]
  819. self.log.debug("Running command " + unicode(tar2_cmdline))
  820. self.tar2_process = subprocess.Popen(tar2_cmdline,
  821. stdin=subprocess.PIPE,
  822. stderr=subprocess.PIPE)
  823. fcntl.fcntl(self.tar2_process.stderr.fileno(), fcntl.F_SETFL,
  824. fcntl.fcntl(self.tar2_process.stderr.fileno(),
  825. fcntl.F_GETFL) | os.O_NONBLOCK)
  826. self.tar2_stderr = []
  827. elif not self.tar2_process:
  828. # Extracting of the current archive failed, skip to the next
  829. # archive
  830. # TODO: some debug option to preserve it?
  831. os.remove(filename)
  832. continue
  833. else:
  834. self.collect_tar_output()
  835. self.log.debug("Releasing next chunck")
  836. self.tar2_process.stdin.write("\n")
  837. self.tar2_process.stdin.flush()
  838. self.tar2_current_file = filename
  839. pipe = open(self.restore_pipe, 'wb')
  840. common_args = {
  841. 'backup_target': pipe,
  842. 'hmac': None,
  843. 'vmproc': self.vmproc,
  844. 'addproc': self.tar2_process
  845. }
  846. if self.encrypted:
  847. # Start decrypt
  848. self.decryptor_process = subprocess.Popen(
  849. ["openssl", "enc",
  850. "-d",
  851. "-" + self.crypto_algorithm,
  852. "-pass",
  853. "pass:" + self.passphrase] +
  854. (["-z"] if self.compressed else []),
  855. stdin=open(filename, 'rb'),
  856. stdout=subprocess.PIPE)
  857. run_error = wait_backup_feedback(
  858. progress_callback=self.progress_callback,
  859. in_stream=self.decryptor_process.stdout,
  860. streamproc=self.decryptor_process,
  861. **common_args)
  862. elif self.compressed:
  863. self.decompressor_process = subprocess.Popen(
  864. ["gzip", "-d"],
  865. stdin=open(filename, 'rb'),
  866. stdout=subprocess.PIPE)
  867. run_error = wait_backup_feedback(
  868. progress_callback=self.progress_callback,
  869. in_stream=self.decompressor_process.stdout,
  870. streamproc=self.decompressor_process,
  871. **common_args)
  872. else:
  873. run_error = wait_backup_feedback(
  874. progress_callback=self.progress_callback,
  875. in_stream=open(filename, "rb"), streamproc=None,
  876. **common_args)
  877. try:
  878. pipe.close()
  879. except IOError as e:
  880. if e.errno == errno.EPIPE:
  881. self.log.debug(
  882. "Got EPIPE while closing pipe to "
  883. "the inner tar process")
  884. # ignore the error
  885. else:
  886. raise
  887. if len(run_error):
  888. if run_error == "target":
  889. self.collect_tar_output()
  890. details = "\n".join(self.tar2_stderr)
  891. else:
  892. details = "%s failed" % run_error
  893. self.tar2_process.terminate()
  894. self.tar2_process.wait()
  895. self.tar2_process = None
  896. self.log.error("Error while processing '{}': {}".format(
  897. self.tar2_current_file, details))
  898. # Delete the file as we don't need it anymore
  899. self.log.debug("Removing file " + filename)
  900. os.remove(filename)
  901. os.unlink(self.restore_pipe)
  902. if self.tar2_process is not None:
  903. if filename == QUEUE_ERROR:
  904. self.tar2_process.terminate()
  905. self.tar2_process.wait()
  906. elif self.tar2_process.wait() != 0:
  907. self.collect_tar_output()
  908. raise qubes.exc.QubesException(
  909. "unable to extract files for {0}.{1} Tar command "
  910. "output: %s".
  911. format(self.tar2_current_file,
  912. (" Perhaps the backup is encrypted?"
  913. if not self.encrypted else "",
  914. "\n".join(self.tar2_stderr))))
  915. else:
  916. # Finished extracting the tar file
  917. self.tar2_process = None
  918. self.log.debug("Finished extracting thread")
  919. class ExtractWorker3(ExtractWorker2):
  920. def __init__(self, queue, base_dir, passphrase, encrypted,
  921. progress_callback, vmproc=None,
  922. compressed=False, crypto_algorithm=DEFAULT_CRYPTO_ALGORITHM,
  923. compression_filter=None, verify_only=False):
  924. super(ExtractWorker3, self).__init__(queue, base_dir, passphrase,
  925. encrypted,
  926. progress_callback, vmproc,
  927. compressed, crypto_algorithm,
  928. verify_only)
  929. self.compression_filter = compression_filter
  930. os.unlink(self.restore_pipe)
  931. def __run__(self):
  932. self.log.debug("Started sending thread")
  933. self.log.debug("Moving to dir " + self.base_dir)
  934. os.chdir(self.base_dir)
  935. filename = None
  936. input_pipe = None
  937. for filename in iter(self.queue.get, None):
  938. if filename in (QUEUE_FINISHED, QUEUE_ERROR):
  939. break
  940. self.log.debug("Extracting file " + filename)
  941. if filename.endswith('.000'):
  942. # next file
  943. if self.tar2_process is not None:
  944. input_pipe.close()
  945. if self.tar2_process.wait() != 0:
  946. self.collect_tar_output()
  947. self.log.error(
  948. "ERROR: unable to extract files for {0}, tar "
  949. "output:\n {1}".
  950. format(self.tar2_current_file,
  951. "\n ".join(self.tar2_stderr)))
  952. else:
  953. # Finished extracting the tar file
  954. self.tar2_process = None
  955. self.tar2_current_file = None
  956. tar2_cmdline = ['tar',
  957. '-%sk' % ("t" if self.verify_only else "x"),
  958. os.path.relpath(filename.rstrip('.000'))]
  959. if self.compressed:
  960. if self.compression_filter:
  961. tar2_cmdline.insert(-1,
  962. "--use-compress-program=%s" %
  963. self.compression_filter)
  964. else:
  965. tar2_cmdline.insert(-1, "--use-compress-program=%s" %
  966. DEFAULT_COMPRESSION_FILTER)
  967. self.log.debug("Running command " + unicode(tar2_cmdline))
  968. if self.encrypted:
  969. # Start decrypt
  970. self.decryptor_process = subprocess.Popen(
  971. ["openssl", "enc",
  972. "-d",
  973. "-" + self.crypto_algorithm,
  974. "-pass",
  975. "pass:" + self.passphrase],
  976. stdin=subprocess.PIPE,
  977. stdout=subprocess.PIPE)
  978. self.tar2_process = subprocess.Popen(
  979. tar2_cmdline,
  980. stdin=self.decryptor_process.stdout,
  981. stderr=subprocess.PIPE)
  982. input_pipe = self.decryptor_process.stdin
  983. else:
  984. self.tar2_process = subprocess.Popen(
  985. tar2_cmdline,
  986. stdin=subprocess.PIPE,
  987. stderr=subprocess.PIPE)
  988. input_pipe = self.tar2_process.stdin
  989. fcntl.fcntl(self.tar2_process.stderr.fileno(), fcntl.F_SETFL,
  990. fcntl.fcntl(self.tar2_process.stderr.fileno(),
  991. fcntl.F_GETFL) | os.O_NONBLOCK)
  992. self.tar2_stderr = []
  993. elif not self.tar2_process:
  994. # Extracting of the current archive failed, skip to the next
  995. # archive
  996. # TODO: some debug option to preserve it?
  997. os.remove(filename)
  998. continue
  999. else:
  1000. self.log.debug("Releasing next chunck")
  1001. self.tar2_current_file = filename
  1002. common_args = {
  1003. 'backup_target': input_pipe,
  1004. 'hmac': None,
  1005. 'vmproc': self.vmproc,
  1006. 'addproc': self.tar2_process
  1007. }
  1008. run_error = wait_backup_feedback(
  1009. progress_callback=self.progress_callback,
  1010. in_stream=open(filename, "rb"), streamproc=None,
  1011. **common_args)
  1012. if len(run_error):
  1013. if run_error == "target":
  1014. self.collect_tar_output()
  1015. details = "\n".join(self.tar2_stderr)
  1016. else:
  1017. details = "%s failed" % run_error
  1018. if self.decryptor_process:
  1019. self.decryptor_process.terminate()
  1020. self.decryptor_process.wait()
  1021. self.decryptor_process = None
  1022. self.tar2_process.terminate()
  1023. self.tar2_process.wait()
  1024. self.tar2_process = None
  1025. self.log.error("Error while processing '{}': {}".format(
  1026. self.tar2_current_file, details))
  1027. # Delete the file as we don't need it anymore
  1028. self.log.debug("Removing file " + filename)
  1029. os.remove(filename)
  1030. if self.tar2_process is not None:
  1031. input_pipe.close()
  1032. if filename == QUEUE_ERROR:
  1033. if self.decryptor_process:
  1034. self.decryptor_process.terminate()
  1035. self.decryptor_process.wait()
  1036. self.decryptor_process = None
  1037. self.tar2_process.terminate()
  1038. self.tar2_process.wait()
  1039. elif self.tar2_process.wait() != 0:
  1040. self.collect_tar_output()
  1041. raise qubes.exc.QubesException(
  1042. "unable to extract files for {0}.{1} Tar command "
  1043. "output: %s".
  1044. format(self.tar2_current_file,
  1045. (" Perhaps the backup is encrypted?"
  1046. if not self.encrypted else "",
  1047. "\n".join(self.tar2_stderr))))
  1048. else:
  1049. # Finished extracting the tar file
  1050. self.tar2_process = None
  1051. self.log.debug("Finished extracting thread")
  1052. def get_supported_hmac_algo(hmac_algorithm=None):
  1053. # Start with provided default
  1054. if hmac_algorithm:
  1055. yield hmac_algorithm
  1056. proc = subprocess.Popen(['openssl', 'list-message-digest-algorithms'],
  1057. stdout=subprocess.PIPE)
  1058. for algo in proc.stdout.readlines():
  1059. if '=>' in algo:
  1060. continue
  1061. yield algo.strip()
  1062. proc.wait()
  1063. class BackupRestoreOptions(object):
  1064. def __init__(self):
  1065. #: use default NetVM if the one referenced in backup do not exists on
  1066. # the host
  1067. self.use_default_netvm = True
  1068. #: set NetVM to "none" if the one referenced in backup do not exists
  1069. # on the host
  1070. self.use_none_netvm = False
  1071. #: set template to default if the one referenced in backup do not
  1072. # exists on the host
  1073. self.use_default_template = True
  1074. #: restore dom0 home
  1075. self.dom0_home = True
  1076. #: dictionary how what templates should be used instead of those
  1077. # referenced in backup
  1078. self.replace_template = {}
  1079. #: restore dom0 home even if username is different
  1080. self.ignore_username_mismatch = False
  1081. #: do not restore data, only verify backup integrity
  1082. self.verify_only = False
  1083. #: automatically rename VM during restore, when it would conflict
  1084. # with existing one
  1085. self.rename_conflicting = True
  1086. #: list of VM names to exclude
  1087. self.exclude = []
  1088. class BackupRestore(object):
  1089. """Usage:
  1090. >>> restore_op = BackupRestore(...)
  1091. >>> # adjust restore_op.options here
  1092. >>> restore_info = restore_op.get_restore_info()
  1093. >>> # manipulate restore_info to select VMs to restore here
  1094. >>> restore_op.restore_do(restore_info)
  1095. """
  1096. class VMToRestore(object):
  1097. #: VM excluded from restore by user
  1098. EXCLUDED = object()
  1099. #: VM with such name already exists on the host
  1100. ALREADY_EXISTS = object()
  1101. #: NetVM used by the VM does not exists on the host
  1102. MISSING_NETVM = object()
  1103. #: TemplateVM used by the VM does not exists on the host
  1104. MISSING_TEMPLATE = object()
  1105. def __init__(self, vm):
  1106. self.vm = vm
  1107. if 'backup-path' in vm.features:
  1108. self.subdir = vm.features['backup-path']
  1109. else:
  1110. self.subdir = None
  1111. if 'backup-size' in vm.features and vm.features['backup-size']:
  1112. self.size = int(vm.features['backup-size'])
  1113. else:
  1114. self.size = 0
  1115. self.problems = set()
  1116. if hasattr(vm, 'template') and vm.template:
  1117. self.template = vm.template.name
  1118. else:
  1119. self.template = None
  1120. if vm.netvm:
  1121. self.netvm = vm.netvm.name
  1122. else:
  1123. self.netvm = None
  1124. self.name = vm.name
  1125. self.orig_template = None
  1126. @property
  1127. def good_to_go(self):
  1128. return len(self.problems) == 0
  1129. class Dom0ToRestore(VMToRestore):
  1130. #: backup was performed on system with different dom0 username
  1131. USERNAME_MISMATCH = object()
  1132. def __init__(self, vm, subdir=None):
  1133. super(BackupRestore.Dom0ToRestore, self).__init__(vm)
  1134. if subdir:
  1135. self.subdir = subdir
  1136. self.username = os.path.basename(subdir)
  1137. def __init__(self, app, backup_location, backup_vm, passphrase):
  1138. super(BackupRestore, self).__init__()
  1139. #: qubes.Qubes instance
  1140. self.app = app
  1141. #: options how the backup should be restored
  1142. self.options = BackupRestoreOptions()
  1143. #: VM from which backup should be retrieved
  1144. self.backup_vm = backup_vm
  1145. if backup_vm and backup_vm.qid == 0:
  1146. self.backup_vm = None
  1147. #: backup path, inside VM pointed by :py:attr:`backup_vm`
  1148. self.backup_location = backup_location
  1149. #: passphrase protecting backup integrity and optionally decryption
  1150. self.passphrase = passphrase
  1151. #: temporary directory used to extract the data before moving to the
  1152. # final location; should be on the same filesystem as /var/lib/qubes
  1153. self.tmpdir = tempfile.mkdtemp(prefix="restore", dir="/var/tmp")
  1154. #: list of processes (Popen objects) to kill on cancel
  1155. self.processes_to_kill_on_cancel = []
  1156. #: is the backup operation canceled
  1157. self.canceled = False
  1158. #: report restore progress, called with one argument - percents of
  1159. # data restored
  1160. # FIXME: convert to float [0,1]
  1161. self.progress_callback = None
  1162. self.log = logging.getLogger('qubes.backup')
  1163. #: basic information about the backup
  1164. self.header_data = self._retrieve_backup_header()
  1165. #: VMs included in the backup
  1166. self.backup_app = self._process_qubes_xml()
  1167. def cancel(self):
  1168. """Cancel running backup operation. Can be called from another thread.
  1169. """
  1170. self.canceled = True
  1171. for proc in self.processes_to_kill_on_cancel:
  1172. try:
  1173. proc.terminate()
  1174. except OSError:
  1175. pass
  1176. def _start_retrieval_process(self, filelist, limit_count, limit_bytes):
  1177. """Retrieve backup stream and extract it to :py:attr:`tmpdir`
  1178. :param filelist: list of files to extract; listing directory name
  1179. will extract the whole directory; use empty list to extract the whole
  1180. archive
  1181. :param limit_count: maximum number of files to extract
  1182. :param limit_bytes: maximum size of extracted data
  1183. :return: a touple of (Popen object of started process, file-like
  1184. object for reading extracted files list, file-like object for reading
  1185. errors)
  1186. """
  1187. vmproc = None
  1188. if self.backup_vm is not None:
  1189. # If APPVM, STDOUT is a PIPE
  1190. vmproc = self.backup_vm.run_service('qubes.Restore',
  1191. passio_popen=True, passio_stderr=True)
  1192. vmproc.stdin.write(
  1193. self.backup_location.replace("\r", "").replace("\n", "") + "\n")
  1194. # Send to tar2qfile the VMs that should be extracted
  1195. vmproc.stdin.write(" ".join(filelist) + "\n")
  1196. self.processes_to_kill_on_cancel.append(vmproc)
  1197. backup_stdin = vmproc.stdout
  1198. tar1_command = ['/usr/libexec/qubes/qfile-dom0-unpacker',
  1199. str(os.getuid()), self.tmpdir, '-v']
  1200. else:
  1201. backup_stdin = open(self.backup_location, 'rb')
  1202. tar1_command = ['tar',
  1203. '-ixv',
  1204. '-C', self.tmpdir] + filelist
  1205. tar1_env = os.environ.copy()
  1206. tar1_env['UPDATES_MAX_BYTES'] = str(limit_bytes)
  1207. tar1_env['UPDATES_MAX_FILES'] = str(limit_count)
  1208. self.log.debug("Run command" + unicode(tar1_command))
  1209. command = subprocess.Popen(
  1210. tar1_command,
  1211. stdin=backup_stdin,
  1212. stdout=vmproc.stdin if vmproc else subprocess.PIPE,
  1213. stderr=subprocess.PIPE,
  1214. env=tar1_env)
  1215. self.processes_to_kill_on_cancel.append(command)
  1216. # qfile-dom0-unpacker output filelist on stderr
  1217. # and have stdout connected to the VM), while tar output filelist
  1218. # on stdout
  1219. if self.backup_vm:
  1220. filelist_pipe = command.stderr
  1221. # let qfile-dom0-unpacker hold the only open FD to the write end of
  1222. # pipe, otherwise qrexec-client will not receive EOF when
  1223. # qfile-dom0-unpacker terminates
  1224. vmproc.stdin.close()
  1225. else:
  1226. filelist_pipe = command.stdout
  1227. if self.backup_vm:
  1228. error_pipe = vmproc.stderr
  1229. else:
  1230. error_pipe = command.stderr
  1231. return command, filelist_pipe, error_pipe
  1232. def _verify_hmac(self, filename, hmacfile, algorithm=None):
  1233. def load_hmac(hmac_text):
  1234. hmac_text = hmac_text.strip().split("=")
  1235. if len(hmac_text) > 1:
  1236. hmac_text = hmac_text[1].strip()
  1237. else:
  1238. raise qubes.exc.QubesException(
  1239. "ERROR: invalid hmac file content")
  1240. return hmac_text
  1241. if algorithm is None:
  1242. algorithm = self.header_data.hmac_algorithm
  1243. passphrase = self.passphrase.encode('utf-8')
  1244. self.log.debug("Verifying file {}".format(filename))
  1245. if hmacfile != filename + ".hmac":
  1246. raise qubes.exc.QubesException(
  1247. "ERROR: expected hmac for {}, but got {}".
  1248. format(filename, hmacfile))
  1249. hmac_proc = subprocess.Popen(
  1250. ["openssl", "dgst", "-" + algorithm, "-hmac", passphrase],
  1251. stdin=open(os.path.join(self.tmpdir, filename), 'rb'),
  1252. stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  1253. hmac_stdout, hmac_stderr = hmac_proc.communicate()
  1254. if len(hmac_stderr) > 0:
  1255. raise qubes.exc.QubesException(
  1256. "ERROR: verify file {0}: {1}".format(filename, hmac_stderr))
  1257. else:
  1258. self.log.debug("Loading hmac for file {}".format(filename))
  1259. hmac = load_hmac(open(os.path.join(self.tmpdir, hmacfile),
  1260. 'r').read())
  1261. if len(hmac) > 0 and load_hmac(hmac_stdout) == hmac:
  1262. os.unlink(os.path.join(self.tmpdir, hmacfile))
  1263. self.log.debug(
  1264. "File verification OK -> Sending file {}".format(filename))
  1265. return True
  1266. else:
  1267. raise qubes.exc.QubesException(
  1268. "ERROR: invalid hmac for file {0}: {1}. "
  1269. "Is the passphrase correct?".
  1270. format(filename, load_hmac(hmac_stdout)))
  1271. def _retrieve_backup_header(self):
  1272. """Retrieve backup header and qubes.xml. Only backup header is
  1273. analyzed, qubes.xml is left as-is
  1274. (not even verified/decrypted/uncompressed)
  1275. :return header_data
  1276. :rtype :py:class:`BackupHeader`
  1277. """
  1278. if not self.backup_vm and os.path.exists(
  1279. os.path.join(self.backup_location, 'qubes.xml')):
  1280. # backup format version 1 doesn't have header
  1281. header_data = BackupHeader()
  1282. header_data.version = 1
  1283. return header_data
  1284. (retrieve_proc, filelist_pipe, error_pipe) = \
  1285. self._start_retrieval_process(
  1286. ['backup-header', 'backup-header.hmac',
  1287. 'qubes.xml.000', 'qubes.xml.000.hmac'], 4, 1024 * 1024)
  1288. expect_tar_error = False
  1289. filename = filelist_pipe.readline().strip()
  1290. hmacfile = filelist_pipe.readline().strip()
  1291. # tar output filename before actually extracting it, so wait for the
  1292. # next one before trying to access it
  1293. if not self.backup_vm:
  1294. filelist_pipe.readline().strip()
  1295. self.log.debug("Got backup header and hmac: {}, {}".format(
  1296. filename, hmacfile))
  1297. if not filename or filename == "EOF" or \
  1298. not hmacfile or hmacfile == "EOF":
  1299. retrieve_proc.wait()
  1300. proc_error_msg = error_pipe.read(MAX_STDERR_BYTES)
  1301. raise qubes.exc.QubesException(
  1302. "Premature end of archive while receiving "
  1303. "backup header. Process output:\n" + proc_error_msg)
  1304. file_ok = False
  1305. hmac_algorithm = DEFAULT_HMAC_ALGORITHM
  1306. for hmac_algo in get_supported_hmac_algo(hmac_algorithm):
  1307. try:
  1308. if self._verify_hmac(filename, hmacfile, hmac_algo):
  1309. file_ok = True
  1310. hmac_algorithm = hmac_algo
  1311. break
  1312. except qubes.exc.QubesException:
  1313. # Ignore exception here, try the next algo
  1314. pass
  1315. if not file_ok:
  1316. raise qubes.exc.QubesException(
  1317. "Corrupted backup header (hmac verification "
  1318. "failed). Is the password correct?")
  1319. if os.path.basename(filename) == HEADER_FILENAME:
  1320. filename = os.path.join(self.tmpdir, filename)
  1321. header_data = BackupHeader(open(filename, 'r').read())
  1322. os.unlink(filename)
  1323. else:
  1324. # if no header found, create one with guessed HMAC algo
  1325. header_data = BackupHeader(
  1326. version=2,
  1327. hmac_algorithm=hmac_algorithm,
  1328. # place explicitly this value, because it is what format_version
  1329. # 2 have
  1330. crypto_algorithm='aes-256-cbc',
  1331. # TODO: set encrypted to something...
  1332. )
  1333. # when tar do not find expected file in archive, it exit with
  1334. # code 2. This will happen because we've requested backup-header
  1335. # file, but the archive do not contain it. Ignore this particular
  1336. # error.
  1337. if not self.backup_vm:
  1338. expect_tar_error = True
  1339. if retrieve_proc.wait() != 0 and not expect_tar_error:
  1340. raise qubes.exc.QubesException(
  1341. "unable to read the qubes backup file {0} ({1}): {2}".format(
  1342. self.backup_location,
  1343. retrieve_proc.wait(),
  1344. error_pipe.read(MAX_STDERR_BYTES)
  1345. ))
  1346. if retrieve_proc in self.processes_to_kill_on_cancel:
  1347. self.processes_to_kill_on_cancel.remove(retrieve_proc)
  1348. # wait for other processes (if any)
  1349. for proc in self.processes_to_kill_on_cancel:
  1350. if proc.wait() != 0:
  1351. raise qubes.exc.QubesException(
  1352. "Backup header retrieval failed (exit code {})".format(
  1353. proc.wait())
  1354. )
  1355. return header_data
  1356. def _start_inner_extraction_worker(self, queue):
  1357. """Start a worker process, extracting inner layer of bacup archive,
  1358. extract them to :py:attr:`tmpdir`.
  1359. End the data by pushing QUEUE_FINISHED or QUEUE_ERROR to the queue.
  1360. :param queue :py:class:`Queue` object to handle files from
  1361. """
  1362. # Setup worker to extract encrypted data chunks to the restore dirs
  1363. # Create the process here to pass it options extracted from
  1364. # backup header
  1365. extractor_params = {
  1366. 'queue': queue,
  1367. 'base_dir': self.tmpdir,
  1368. 'passphrase': self.passphrase,
  1369. 'encrypted': self.header_data.encrypted,
  1370. 'compressed': self.header_data.compressed,
  1371. 'crypto_algorithm': self.header_data.crypto_algorithm,
  1372. 'verify_only': self.options.verify_only,
  1373. 'progress_callback': self.progress_callback,
  1374. }
  1375. format_version = self.header_data.version
  1376. if format_version == 2:
  1377. extract_proc = ExtractWorker2(**extractor_params)
  1378. elif format_version in [3, 4]:
  1379. extractor_params['compression_filter'] = \
  1380. self.header_data.compression_filter
  1381. extract_proc = ExtractWorker3(**extractor_params)
  1382. else:
  1383. raise NotImplementedError(
  1384. "Backup format version %d not supported" % format_version)
  1385. extract_proc.start()
  1386. return extract_proc
  1387. def _process_qubes_xml(self):
  1388. """Verify, unpack and load qubes.xml. Possibly convert its format if
  1389. necessary. It expect that :py:attr:`header_data` is already populated,
  1390. and :py:meth:`retrieve_backup_header` was called.
  1391. """
  1392. if self.header_data.version == 1:
  1393. backup_app = qubes.core2migration.Core2Qubes(
  1394. os.path.join(self.backup_location, 'qubes.xml'))
  1395. return backup_app
  1396. else:
  1397. self._verify_hmac("qubes.xml.000", "qubes.xml.000.hmac")
  1398. queue = Queue()
  1399. queue.put("qubes.xml.000")
  1400. queue.put(QUEUE_FINISHED)
  1401. extract_proc = self._start_inner_extraction_worker(queue)
  1402. extract_proc.join()
  1403. if extract_proc.exitcode != 0:
  1404. raise qubes.exc.QubesException(
  1405. "unable to extract the qubes backup. "
  1406. "Check extracting process errors.")
  1407. if self.header_data.version in [2, 3]:
  1408. backup_app = qubes.core2migration.Core2Qubes(
  1409. os.path.join(self.tmpdir, 'qubes.xml'))
  1410. else:
  1411. backup_app = qubes.Qubes(os.path.join(self.tmpdir, 'qubes.xml'))
  1412. # Not needed anymore - all the data stored in backup_app
  1413. os.unlink(os.path.join(self.tmpdir, 'qubes.xml'))
  1414. return backup_app
  1415. def _restore_vm_dirs(self, vms_dirs, vms_size):
  1416. # Currently each VM consists of at most 7 archives (count
  1417. # file_to_backup calls in backup_prepare()), but add some safety
  1418. # margin for further extensions. Each archive is divided into 100MB
  1419. # chunks. Additionally each file have own hmac file. So assume upper
  1420. # limit as 2*(10*COUNT_OF_VMS+TOTAL_SIZE/100MB)
  1421. limit_count = str(2 * (10 * len(vms_dirs) +
  1422. int(vms_size / (100 * 1024 * 1024))))
  1423. self.log.debug("Working in temporary dir:" + self.tmpdir)
  1424. self.log.info(
  1425. "Extracting data: " + size_to_human(vms_size) + " to restore")
  1426. # retrieve backup from the backup stream (either VM, or dom0 file)
  1427. # TODO: add some safety margin in vms_size?
  1428. (retrieve_proc, filelist_pipe, error_pipe) = \
  1429. self._start_retrieval_process(vms_dirs, limit_count, vms_size)
  1430. to_extract = Queue()
  1431. # extract data retrieved by retrieve_proc
  1432. extract_proc = self._start_inner_extraction_worker(to_extract)
  1433. try:
  1434. filename = None
  1435. nextfile = None
  1436. while True:
  1437. if self.canceled:
  1438. break
  1439. if not extract_proc.is_alive():
  1440. retrieve_proc.terminate()
  1441. retrieve_proc.wait()
  1442. if retrieve_proc in self.processes_to_kill_on_cancel:
  1443. self.processes_to_kill_on_cancel.remove(retrieve_proc)
  1444. # wait for other processes (if any)
  1445. for proc in self.processes_to_kill_on_cancel:
  1446. proc.wait()
  1447. break
  1448. if nextfile is not None:
  1449. filename = nextfile
  1450. else:
  1451. filename = filelist_pipe.readline().strip()
  1452. self.log.debug("Getting new file:" + filename)
  1453. if not filename or filename == "EOF":
  1454. break
  1455. hmacfile = filelist_pipe.readline().strip()
  1456. if self.canceled:
  1457. break
  1458. # if reading archive directly with tar, wait for next filename -
  1459. # tar prints filename before processing it, so wait for
  1460. # the next one to be sure that whole file was extracted
  1461. if not self.backup_vm:
  1462. nextfile = filelist_pipe.readline().strip()
  1463. self.log.debug("Getting hmac:" + hmacfile)
  1464. if not hmacfile or hmacfile == "EOF":
  1465. # Premature end of archive, either of tar1_command or
  1466. # vmproc exited with error
  1467. break
  1468. if not any(map(lambda x: filename.startswith(x), vms_dirs)):
  1469. self.log.debug("Ignoring VM not selected for restore")
  1470. os.unlink(os.path.join(self.tmpdir, filename))
  1471. os.unlink(os.path.join(self.tmpdir, hmacfile))
  1472. continue
  1473. if self._verify_hmac(filename, hmacfile):
  1474. to_extract.put(os.path.join(self.tmpdir, filename))
  1475. if self.canceled:
  1476. raise BackupCanceledError("Restore canceled",
  1477. tmpdir=self.tmpdir)
  1478. if retrieve_proc.wait() != 0:
  1479. raise qubes.exc.QubesException(
  1480. "unable to read the qubes backup file {0} ({1}): {2}"
  1481. .format(self.backup_location, error_pipe.read(
  1482. MAX_STDERR_BYTES)))
  1483. # wait for other processes (if any)
  1484. for proc in self.processes_to_kill_on_cancel:
  1485. # FIXME check 'vmproc' exit code?
  1486. proc.wait()
  1487. if filename and filename != "EOF":
  1488. raise qubes.exc.QubesException(
  1489. "Premature end of archive, the last file was %s" % filename)
  1490. except:
  1491. to_extract.put(QUEUE_ERROR)
  1492. extract_proc.join()
  1493. raise
  1494. else:
  1495. to_extract.put(QUEUE_FINISHED)
  1496. self.log.debug("Waiting for the extraction process to finish...")
  1497. extract_proc.join()
  1498. self.log.debug("Extraction process finished with code: {}".format(
  1499. extract_proc.exitcode))
  1500. if extract_proc.exitcode != 0:
  1501. raise qubes.exc.QubesException(
  1502. "unable to extract the qubes backup. "
  1503. "Check extracting process errors.")
  1504. def generate_new_name_for_conflicting_vm(self, orig_name, restore_info):
  1505. number = 1
  1506. if len(orig_name) > 29:
  1507. orig_name = orig_name[0:29]
  1508. new_name = orig_name
  1509. while (new_name in restore_info.keys() or
  1510. new_name in map(lambda x: x.name,
  1511. restore_info.values()) or
  1512. new_name in self.app.domains):
  1513. new_name = str('{}{}'.format(orig_name, number))
  1514. number += 1
  1515. if number == 100:
  1516. # give up
  1517. return None
  1518. return new_name
  1519. def restore_info_verify(self, restore_info):
  1520. for vm in restore_info.keys():
  1521. if vm in ['dom0']:
  1522. continue
  1523. vm_info = restore_info[vm]
  1524. assert isinstance(vm_info, self.VMToRestore)
  1525. vm_info.problems.clear()
  1526. if vm in self.options.exclude:
  1527. vm_info.problems.add(self.VMToRestore.EXCLUDED)
  1528. if not self.options.verify_only and \
  1529. vm in self.app.domains:
  1530. if self.options.rename_conflicting:
  1531. new_name = self.generate_new_name_for_conflicting_vm(
  1532. vm, restore_info
  1533. )
  1534. if new_name is not None:
  1535. vm_info.name = new_name
  1536. else:
  1537. vm_info.problems.add(self.VMToRestore.ALREADY_EXISTS)
  1538. else:
  1539. vm_info.problems.add(self.VMToRestore.ALREADY_EXISTS)
  1540. # check template
  1541. if vm_info.template:
  1542. template_name = vm_info.template
  1543. try:
  1544. host_template = self.app.domains[template_name]
  1545. except KeyError:
  1546. host_template = None
  1547. if not host_template or not host_template.is_template():
  1548. # Maybe the (custom) template is in the backup?
  1549. if not (template_name in restore_info.keys() and
  1550. restore_info[template_name].good_to_go and
  1551. restore_info[template_name].vm.is_template()):
  1552. if self.options.use_default_template and \
  1553. self.app.default_template:
  1554. if vm_info.orig_template is None:
  1555. vm_info.orig_template = template_name
  1556. vm_info.template = self.app.default_template.name
  1557. else:
  1558. vm_info.problems.add(
  1559. self.VMToRestore.MISSING_TEMPLATE)
  1560. # check netvm
  1561. if not vm_info.vm.property_is_default('netvm') and vm_info.netvm:
  1562. netvm_name = vm_info.netvm
  1563. try:
  1564. netvm_on_host = self.app.domains[netvm_name]
  1565. except KeyError:
  1566. netvm_on_host = None
  1567. # No netvm on the host?
  1568. if not ((netvm_on_host is not None)
  1569. and netvm_on_host.provides_network):
  1570. # Maybe the (custom) netvm is in the backup?
  1571. if not (netvm_name in restore_info.keys() and
  1572. restore_info[netvm_name].good_to_go and
  1573. restore_info[netvm_name].vm.provides_network):
  1574. if self.options.use_default_netvm:
  1575. vm_info.vm.netvm = qubes.property.DEFAULT
  1576. elif self.options.use_none_netvm:
  1577. vm_info.netvm = None
  1578. else:
  1579. vm_info.problems.add(self.VMToRestore.MISSING_NETVM)
  1580. return restore_info
  1581. def _is_vm_included_in_backup_v1(self, check_vm):
  1582. if check_vm.qid == 0:
  1583. return os.path.exists(
  1584. os.path.join(self.backup_location, 'dom0-home'))
  1585. # DisposableVM
  1586. if check_vm.dir_path is None:
  1587. return False
  1588. backup_vm_dir_path = check_vm.dir_path.replace(
  1589. qubes.config.system_path["qubes_base_dir"], self.backup_location)
  1590. if os.path.exists(backup_vm_dir_path):
  1591. return True
  1592. else:
  1593. return False
  1594. @staticmethod
  1595. def _is_vm_included_in_backup_v2(check_vm):
  1596. if 'backup-content' in check_vm.features:
  1597. return check_vm.features['backup-content']
  1598. else:
  1599. return False
  1600. def _find_template_name(self, template):
  1601. if template in self.options.replace_template:
  1602. return self.options.replace_template[template]
  1603. return template
  1604. def _is_vm_included_in_backup(self, vm):
  1605. if self.header_data.version == 1:
  1606. return self._is_vm_included_in_backup_v1(vm)
  1607. elif self.header_data.version in [2, 3, 4]:
  1608. return self._is_vm_included_in_backup_v2(vm)
  1609. else:
  1610. raise qubes.exc.QubesException(
  1611. "Unknown backup format version: {}".format(
  1612. self.header_data.version))
  1613. def get_restore_info(self):
  1614. # Format versions:
  1615. # 1 - Qubes R1, Qubes R2 beta1, beta2
  1616. # 2 - Qubes R2 beta3+
  1617. vms_to_restore = {}
  1618. for vm in self.backup_app.domains:
  1619. if vm.qid == 0:
  1620. # Handle dom0 as special case later
  1621. continue
  1622. if self._is_vm_included_in_backup(vm):
  1623. self.log.debug("{} is included in backup".format(vm.name))
  1624. vms_to_restore[vm.name] = self.VMToRestore(vm)
  1625. if hasattr(vm, 'template'):
  1626. templatevm_name = self._find_template_name(
  1627. vm.template.name)
  1628. vms_to_restore[vm.name].template = templatevm_name
  1629. # Set to None to not confuse QubesVm object from backup
  1630. # collection with host collection (further in clone_attrs).
  1631. vm.netvm = None
  1632. vms_to_restore = self.restore_info_verify(vms_to_restore)
  1633. # ...and dom0 home
  1634. if self.options.dom0_home and \
  1635. self._is_vm_included_in_backup(self.backup_app.domains[0]):
  1636. vm = self.backup_app.domains[0]
  1637. if self.header_data.version == 1:
  1638. subdir = os.listdir(os.path.join(self.backup_location,
  1639. 'dom0-home'))[0]
  1640. else:
  1641. subdir = None
  1642. vms_to_restore['dom0'] = self.Dom0ToRestore(vm, subdir)
  1643. local_user = grp.getgrnam('qubes').gr_mem[0]
  1644. if vms_to_restore['dom0'].username != local_user:
  1645. if not self.options.ignore_username_mismatch:
  1646. vms_to_restore['dom0'].problems.add(
  1647. self.Dom0ToRestore.USERNAME_MISMATCH)
  1648. return vms_to_restore
  1649. @staticmethod
  1650. def get_restore_summary(restore_info):
  1651. fields = {
  1652. "qid": {"func": "vm.qid"},
  1653. "name": {"func": "('[' if vm.is_template() else '')\
  1654. + ('{' if vm.is_netvm() else '')\
  1655. + vm.name \
  1656. + (']' if vm.is_template() else '')\
  1657. + ('}' if vm.is_netvm() else '')"},
  1658. "type": {"func": "'Tpl' if vm.is_template() else \
  1659. 'App' if isinstance(vm, qubes.vm.appvm.AppVM) else \
  1660. vm.__class__.__name__.replace('VM','')"},
  1661. "updbl": {"func": "'Yes' if vm.updateable else ''"},
  1662. "template": {"func": "'n/a' if not hasattr(vm, 'template') is None "
  1663. "else vm_info.template"},
  1664. "netvm": {"func": "'n/a' if vm.is_netvm() and not vm.is_proxyvm() else\
  1665. ('*' if vm.property_is_default('netvm') else '') +\
  1666. vm_info.netvm if vm_info.netvm is not None "
  1667. "else '-'"},
  1668. "label": {"func": "vm.label.name"},
  1669. }
  1670. fields_to_display = ["name", "type", "template", "updbl",
  1671. "netvm", "label"]
  1672. # First calculate the maximum width of each field we want to display
  1673. total_width = 0
  1674. for f in fields_to_display:
  1675. fields[f]["max_width"] = len(f)
  1676. for vm_info in restore_info.values():
  1677. if vm_info.vm:
  1678. # noinspection PyUnusedLocal
  1679. vm = vm_info.vm
  1680. l = len(unicode(eval(fields[f]["func"])))
  1681. if l > fields[f]["max_width"]:
  1682. fields[f]["max_width"] = l
  1683. total_width += fields[f]["max_width"]
  1684. summary = ""
  1685. summary += "The following VMs are included in the backup:\n"
  1686. summary += "\n"
  1687. # Display the header
  1688. for f in fields_to_display:
  1689. # noinspection PyTypeChecker
  1690. fmt = "{{0:-^{0}}}-+".format(fields[f]["max_width"] + 1)
  1691. summary += fmt.format('-')
  1692. summary += "\n"
  1693. for f in fields_to_display:
  1694. # noinspection PyTypeChecker
  1695. fmt = "{{0:>{0}}} |".format(fields[f]["max_width"] + 1)
  1696. summary += fmt.format(f)
  1697. summary += "\n"
  1698. for f in fields_to_display:
  1699. # noinspection PyTypeChecker
  1700. fmt = "{{0:-^{0}}}-+".format(fields[f]["max_width"] + 1)
  1701. summary += fmt.format('-')
  1702. summary += "\n"
  1703. for vm_info in restore_info.values():
  1704. assert isinstance(vm_info, BackupRestore.VMToRestore)
  1705. # Skip non-VM here
  1706. if not vm_info.vm:
  1707. continue
  1708. # noinspection PyUnusedLocal
  1709. vm = vm_info.vm
  1710. s = ""
  1711. for f in fields_to_display:
  1712. # noinspection PyTypeChecker
  1713. fmt = "{{0:>{0}}} |".format(fields[f]["max_width"] + 1)
  1714. s += fmt.format(eval(fields[f]["func"]))
  1715. if BackupRestore.VMToRestore.EXCLUDED in vm_info.problems:
  1716. s += " <-- Excluded from restore"
  1717. elif BackupRestore.VMToRestore.ALREADY_EXISTS in vm_info.problems:
  1718. s += " <-- A VM with the same name already exists on the host!"
  1719. elif BackupRestore.VMToRestore.MISSING_TEMPLATE in \
  1720. vm_info.problems:
  1721. s += " <-- No matching template on the host " \
  1722. "or in the backup found!"
  1723. elif BackupRestore.VMToRestore.MISSING_NETVM in \
  1724. vm_info.problems:
  1725. s += " <-- No matching netvm on the host " \
  1726. "or in the backup found!"
  1727. else:
  1728. if vm_info.orig_template:
  1729. s += " <-- Original template was '{}'".format(
  1730. vm_info.orig_template)
  1731. if vm_info.name != vm_info.vm.name:
  1732. s += " <-- Will be renamed to '{}'".format(
  1733. vm_info.name)
  1734. summary += s + "\n"
  1735. if 'dom0' in restore_info.keys():
  1736. s = ""
  1737. for f in fields_to_display:
  1738. # noinspection PyTypeChecker
  1739. fmt = "{{0:>{0}}} |".format(fields[f]["max_width"] + 1)
  1740. if f == "name":
  1741. s += fmt.format("Dom0")
  1742. elif f == "type":
  1743. s += fmt.format("Home")
  1744. else:
  1745. s += fmt.format("")
  1746. if BackupRestore.Dom0ToRestore.USERNAME_MISMATCH in \
  1747. restore_info['dom0'].problems:
  1748. s += " <-- username in backup and dom0 mismatch"
  1749. summary += s + "\n"
  1750. return summary
  1751. def _restore_vm_dir_v1(self, src_dir, dst_dir):
  1752. backup_src_dir = src_dir.replace(
  1753. qubes.config.system_path["qubes_base_dir"], self.backup_location)
  1754. # We prefer to use Linux's cp, because it nicely handles sparse files
  1755. cp_retcode = subprocess.call(
  1756. ["cp", "-rp", "--reflink=auto", backup_src_dir, dst_dir])
  1757. if cp_retcode != 0:
  1758. raise qubes.exc.QubesException(
  1759. "*** Error while copying file {0} to {1}".format(backup_src_dir,
  1760. dst_dir))
  1761. def restore_do(self, restore_info):
  1762. # FIXME handle locking
  1763. # Perform VM restoration in backup order
  1764. vms_dirs = []
  1765. vms_size = 0
  1766. vms = {}
  1767. for vm_info in restore_info.values():
  1768. assert isinstance(vm_info, self.VMToRestore)
  1769. if not vm_info.vm:
  1770. continue
  1771. if not vm_info.good_to_go:
  1772. continue
  1773. vm = vm_info.vm
  1774. if self.header_data.version >= 2:
  1775. if vm.features['backup-size']:
  1776. vms_size += int(vm.features['backup-size'])
  1777. vms_dirs.append(vm.features['backup-path'])
  1778. vms[vm.name] = vm
  1779. if self.header_data.version >= 2:
  1780. if 'dom0' in restore_info.keys() and \
  1781. restore_info['dom0'].good_to_go:
  1782. vms_dirs.append(os.path.dirname(restore_info['dom0'].subdir))
  1783. vms_size += restore_info['dom0'].size
  1784. try:
  1785. self._restore_vm_dirs(vms_dirs=vms_dirs, vms_size=vms_size)
  1786. except qubes.exc.QubesException:
  1787. if self.options.verify_only:
  1788. raise
  1789. else:
  1790. self.log.warning(
  1791. "Some errors occurred during data extraction, "
  1792. "continuing anyway to restore at least some "
  1793. "VMs")
  1794. else:
  1795. if self.options.verify_only:
  1796. self.log.warning(
  1797. "Backup verification not supported for this backup format.")
  1798. if self.options.verify_only:
  1799. shutil.rmtree(self.tmpdir)
  1800. return
  1801. # First load templates, then other VMs
  1802. for vm in sorted(vms.values(), key=lambda x: x.is_template(),
  1803. reverse=True):
  1804. if self.canceled:
  1805. # only break the loop to save qubes.xml
  1806. # with already restored VMs
  1807. break
  1808. self.log.info("-> Restoring {0}...".format(vm.name))
  1809. retcode = subprocess.call(
  1810. ["mkdir", "-p", os.path.dirname(vm.dir_path)])
  1811. if retcode != 0:
  1812. self.log.error("*** Cannot create directory: {0}?!".format(
  1813. vm.dir_path))
  1814. self.log.warning("Skipping VM {}...".format(vm.name))
  1815. continue
  1816. kwargs = {}
  1817. if hasattr(vm, 'template'):
  1818. template = restore_info[vm.name].template
  1819. # handle potentially renamed template
  1820. if template in restore_info \
  1821. and restore_info[template].good_to_go:
  1822. template = restore_info[template].name
  1823. kwargs['template'] = template
  1824. new_vm = None
  1825. vm_name = restore_info[vm.name].name
  1826. try:
  1827. # first only minimal set, later clone_properties
  1828. # will be called
  1829. new_vm = self.app.add_new_vm(
  1830. vm.__class__,
  1831. name=vm_name,
  1832. label=vm.label,
  1833. installed_by_rpm=False,
  1834. **kwargs)
  1835. if os.path.exists(new_vm.dir_path):
  1836. move_to_path = tempfile.mkdtemp('', os.path.basename(
  1837. new_vm.dir_path), os.path.dirname(new_vm.dir_path))
  1838. try:
  1839. os.rename(new_vm.dir_path, move_to_path)
  1840. self.log.warning(
  1841. "*** Directory {} already exists! It has "
  1842. "been moved to {}".format(new_vm.dir_path,
  1843. move_to_path))
  1844. except OSError:
  1845. self.log.error(
  1846. "*** Directory {} already exists and "
  1847. "cannot be moved!".format(new_vm.dir_path))
  1848. self.log.warning("Skipping VM {}...".format(
  1849. vm.name))
  1850. continue
  1851. if self.header_data.version == 1:
  1852. self._restore_vm_dir_v1(vm.dir_path,
  1853. os.path.dirname(new_vm.dir_path))
  1854. else:
  1855. shutil.move(os.path.join(self.tmpdir,
  1856. vm.features['backup-path']),
  1857. new_vm.dir_path)
  1858. new_vm.verify_files()
  1859. except Exception as err:
  1860. self.log.error("ERROR: {0}".format(err))
  1861. self.log.warning("*** Skipping VM: {0}".format(vm.name))
  1862. if new_vm:
  1863. del self.app.domains[new_vm.qid]
  1864. continue
  1865. if hasattr(vm, 'kernel'):
  1866. # TODO: add a setting for this?
  1867. if not vm.property_is_default('kernel') and vm.kernel and \
  1868. vm.kernel not in \
  1869. os.listdir(os.path.join(qubes.config.qubes_base_dir,
  1870. qubes.config.system_path[
  1871. 'qubes_kernels_base_dir'])):
  1872. self.log.warning("Kernel %s not installed, "
  1873. "using default one" % vm.kernel)
  1874. vm.kernel = qubes.property.DEFAULT
  1875. # remove no longer needed backup metadata
  1876. if 'backup-content' in vm.features:
  1877. del vm.features['backup-content']
  1878. del vm.features['backup-size']
  1879. del vm.features['backup-path']
  1880. try:
  1881. # exclude VM references - handled manually according to
  1882. # restore options
  1883. proplist = [prop for prop in new_vm.property_list()
  1884. if prop.clone and prop.__name__ not in
  1885. ['template', 'netvm', 'dispvm_netvm']]
  1886. new_vm.clone_properties(vm, proplist=proplist)
  1887. except Exception as err:
  1888. self.log.error("ERROR: {0}".format(err))
  1889. self.log.warning("*** Some VM property will not be "
  1890. "restored")
  1891. try:
  1892. new_vm.fire_event('domain-restore')
  1893. except Exception as err:
  1894. self.log.error("ERROR during appmenu restore: "
  1895. "{0}".format(err))
  1896. self.log.warning(
  1897. "*** VM '{0}' will not have appmenus".format(vm.name))
  1898. # Set network dependencies - only non-default netvm setting
  1899. for vm in vms.values():
  1900. vm_info = restore_info[vm.name]
  1901. vm_name = vm_info.name
  1902. try:
  1903. host_vm = self.app.domains[vm_name]
  1904. except KeyError:
  1905. # Failed/skipped VM
  1906. continue
  1907. if not vm.property_is_default('netvm'):
  1908. if vm_info.netvm in restore_info:
  1909. host_vm.netvm = restore_info[vm_info.netvm].name
  1910. else:
  1911. host_vm.netvm = vm_info.netvm
  1912. self.app.save()
  1913. if self.canceled:
  1914. if self.header_data.version >= 2:
  1915. raise BackupCanceledError("Restore canceled",
  1916. tmpdir=self.tmpdir)
  1917. else:
  1918. raise BackupCanceledError("Restore canceled")
  1919. # ... and dom0 home as last step
  1920. if 'dom0' in restore_info.keys() and restore_info['dom0'].good_to_go:
  1921. backup_path = restore_info['dom0'].subdir
  1922. local_user = grp.getgrnam('qubes').gr_mem[0]
  1923. home_dir = pwd.getpwnam(local_user).pw_dir
  1924. if self.header_data.version == 1:
  1925. backup_dom0_home_dir = os.path.join(self.backup_location,
  1926. backup_path)
  1927. else:
  1928. backup_dom0_home_dir = os.path.join(self.tmpdir, backup_path)
  1929. restore_home_backupdir = "home-pre-restore-{0}".format(
  1930. time.strftime("%Y-%m-%d-%H%M%S"))
  1931. self.log.info(
  1932. "Restoring home of user '{0}'...".format(local_user))
  1933. self.log.info(
  1934. "Existing files/dirs backed up in '{0}' dir".format(
  1935. restore_home_backupdir))
  1936. os.mkdir(home_dir + '/' + restore_home_backupdir)
  1937. for f in os.listdir(backup_dom0_home_dir):
  1938. home_file = home_dir + '/' + f
  1939. if os.path.exists(home_file):
  1940. os.rename(home_file,
  1941. home_dir + '/' + restore_home_backupdir + '/' + f)
  1942. if self.header_data.version == 1:
  1943. subprocess.call(
  1944. ["cp", "-nrp", "--reflink=auto",
  1945. backup_dom0_home_dir + '/' + f, home_file])
  1946. elif self.header_data.version >= 2:
  1947. shutil.move(backup_dom0_home_dir + '/' + f, home_file)
  1948. retcode = subprocess.call(['sudo', 'chown', '-R',
  1949. local_user, home_dir])
  1950. if retcode != 0:
  1951. self.log.error("*** Error while setting home directory owner")
  1952. shutil.rmtree(self.tmpdir)
  1953. # vim:sw=4:et: