backupcompatibility.py 41 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473
  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. #
  4. # The Qubes OS Project, http://www.qubes-os.org
  5. #
  6. # Copyright (C) 2014 Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
  7. #
  8. # This program is free software; you can redistribute it and/or
  9. # modify it under the terms of the GNU General Public License
  10. # as published by the Free Software Foundation; either version 2
  11. # of the License, or (at your option) any later version.
  12. #
  13. # This program is distributed in the hope that it will be useful,
  14. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. # GNU General Public License for more details.
  17. #
  18. # You should have received a copy of the GNU General Public License
  19. # along with this program; if not, write to the Free Software
  20. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21. #
  22. #
  23. from multiprocessing import Queue
  24. import os
  25. import shutil
  26. import subprocess
  27. import unittest
  28. import sys
  29. import re
  30. from qubes.qubes import QubesVmCollection, QubesException
  31. from qubes import backup
  32. import qubes.tests
  33. QUBESXML_R2B2 = '''
  34. <QubesVmCollection updatevm="3" default_kernel="3.7.6-2" default_netvm="3" default_fw_netvm="2" default_template="1" clockvm="2">
  35. <QubesTemplateVm installed_by_rpm="True" kernel="3.7.6-2" uses_default_kernelopts="True" qid="1" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="fedora-18-x64.conf" label="black" template_qid="none" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="fedora-18-x64" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/vm-templates/fedora-18-x64"/>
  36. <QubesNetVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="2" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="netvm.conf" label="red" template_qid="1" kernelopts="iommu=soft swiotlb=4096" memory="200" default_user="user" volatile_img="volatile.img" services="{'ntpd': False, 'meminfo-writer': False}" maxmem="1535" pcidevs="['02:00.0', '03:00.0']" name="netvm" netid="1" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/netvm"/>
  37. <QubesProxyVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="3" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="firewallvm.conf" label="green" template_qid="1" kernelopts="" memory="200" default_user="user" netvm_qid="2" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="firewallvm" netid="2" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/firewallvm"/>
  38. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="4" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="True" conf_file="fedora-18-x64-dvm.conf" label="gray" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="fedora-18-x64-dvm" private_img="private.img" vcpus="1" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/fedora-18-x64-dvm"/>
  39. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="5" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-work.conf" label="green" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-work" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/test-work"/>
  40. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="6" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="banking.conf" label="green" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="banking" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/banking"/>
  41. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="7" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="personal.conf" label="yellow" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="personal" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/personal"/>
  42. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="8" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="untrusted.conf" label="red" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="12" uses_default_netvm="False" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="untrusted" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/untrusted"/>
  43. <QubesTemplateVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="9" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-template-clone.conf" label="green" template_qid="none" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-template-clone" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/vm-templates/test-template-clone"/>
  44. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="10" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-custom-template-appvm.conf" label="yellow" template_qid="9" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-custom-template-appvm" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/test-custom-template-appvm"/>
  45. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="11" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-standalonevm.conf" label="blue" template_qid="none" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-standalonevm" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/test-standalonevm"/>
  46. <QubesProxyVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="12" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-testproxy.conf" label="red" template_qid="1" kernelopts="" memory="200" default_user="user" netvm_qid="3" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-testproxy" netid="3" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/test-testproxy"/>
  47. <QubesProxyVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="13" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="testproxy2.conf" label="red" template_qid="9" kernelopts="" memory="200" default_user="user" netvm_qid="2" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="testproxy2" netid="4" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/testproxy2"/>
  48. <QubesHVm installed_by_rpm="False" netvm_qid="none" qid="14" include_in_backups="True" timezone="localtime" qrexec_timeout="60" conf_file="test-testhvm.conf" label="purple" template_qid="none" internal="False" memory="512" uses_default_netvm="True" services="{'meminfo-writer': False}" default_user="user" pcidevs="[]" name="test-testhvm" qrexec_installed="False" private_img="private.img" drive="None" vcpus="2" root_img="root.img" guiagent_installed="False" debug="False" dir_path="/var/lib/qubes/appvms/test-testhvm"/>
  49. <QubesDisposableVm dispid="50" firewall_conf="firewall.xml" label="red" name="disp50" netvm_qid="2" qid="15" template_qid="1"/>
  50. </QubesVmCollection>
  51. '''
  52. QUBESXML_R2 = '''
  53. <QubesVmCollection updatevm="3" default_kernel="3.7.6-2" default_netvm="3" default_fw_netvm="2" default_template="1" clockvm="2">
  54. <QubesTemplateVm installed_by_rpm="True" kernel="3.7.6-2" uses_default_kernelopts="True" qid="1" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="fedora-20-x64.conf" label="black" template_qid="none" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{ 'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="fedora-20-x64" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/vm-templates/fedora-20-x64"/>
  55. <QubesNetVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="2" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="netvm.conf" label="red" template_qid="1" kernelopts="iommu=soft swiotlb=4096" memory="200" default_user="user" volatile_img="volatile.img" services="{'ntpd': False, 'meminfo-writer': False}" maxmem="1535" pcidevs="['02:00.0', '03:00.0']" name="netvm" netid="1" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/netvm"/>
  56. <QubesProxyVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="3" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="firewallvm.conf" label="green" template_qid="1" kernelopts="" memory="200" default_user="user" netvm_qid="2" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="firewallvm" netid="2" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/firewallvm"/>
  57. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="4" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="True" conf_file="fedora-20-x64-dvm.conf" label="gray" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{ 'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="fedora-20-x64-dvm" private_img="private.img" vcpus="1" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/fedora-20-x64-dvm"/>
  58. <QubesAppVm backup_content="True" backup_path="appvms/test-work" installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="5" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-work.conf" label="green" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-work" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/test-work"/>
  59. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="6" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="banking.conf" label="green" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="banking" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/banking"/>
  60. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="7" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="personal.conf" label="yellow" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="personal" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/personal"/>
  61. <QubesAppVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="8" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="untrusted.conf" label="red" template_qid="1" kernelopts="" memory="400" default_user="user" netvm_qid="12" uses_default_netvm="False" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="untrusted" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/untrusted"/>
  62. <QubesTemplateVm backup_size="104857600" backup_content="True" backup_path="vm-templates/test-template-clone" installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="9" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-template-clone.conf" label="green" template_qid="none" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-template-clone" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/vm-templates/test-template-clone"/>
  63. <QubesAppVm backup_size="104857600" backup_content="True" backup_path="appvms/test-custom-template-appvm" installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="10" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-custom-template-appvm.conf" label="yellow" template_qid="9" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-custom-template-appvm" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/test-custom-template-appvm"/>
  64. <QubesAppVm backup_size="104857600" backup_content="True" backup_path="appvms/test-standalonevm" installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="11" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-standalonevm.conf" label="blue" template_qid="none" kernelopts="" memory="400" default_user="user" netvm_qid="3" uses_default_netvm="True" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-standalonevm" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/appvms/test-standalonevm"/>
  65. <QubesProxyVm backup_size="104857600" backup_content="True" backup_path="servicevms/test-testproxy" installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="12" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="test-testproxy.conf" label="red" template_qid="1" kernelopts="" memory="200" default_user="user" netvm_qid="3" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="test-testproxy" netid="3" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/test-testproxy"/>
  66. <QubesProxyVm installed_by_rpm="False" kernel="3.7.6-2" uses_default_kernelopts="True" qid="13" include_in_backups="True" uses_default_kernel="True" qrexec_timeout="60" internal="False" conf_file="testproxy2.conf" label="red" template_qid="9" kernelopts="" memory="200" default_user="user" netvm_qid="2" volatile_img="volatile.img" services="{'meminfo-writer': True}" maxmem="1535" pcidevs="[]" name="testproxy2" netid="4" private_img="private.img" vcpus="2" root_img="root.img" debug="False" dir_path="/var/lib/qubes/servicevms/testproxy2"/>
  67. <QubesHVm backup_size="104857600" backup_content="True" backup_path="appvms/test-testhvm" installed_by_rpm="False" netvm_qid="none" qid="14" include_in_backups="True" timezone="localtime" qrexec_timeout="60" conf_file="test-testhvm.conf" label="purple" template_qid="none" internal="False" memory="512" uses_default_netvm="True" services="{'meminfo-writer': False}" default_user="user" pcidevs="[]" name="test-testhvm" qrexec_installed="False" private_img="private.img" drive="None" vcpus="2" root_img="root.img" guiagent_installed="False" debug="False" dir_path="/var/lib/qubes/appvms/test-testhvm"/>
  68. <QubesDisposableVm dispid="50" firewall_conf="firewall.xml" label="red" name="disp50" netvm_qid="2" qid="15" template_qid="1"/>
  69. </QubesVmCollection>
  70. '''
  71. MANGLED_SUBDIRS_R2 = {
  72. "test-work": "vm5",
  73. "test-template-clone": "vm9",
  74. "test-custom-template-appvm": "vm10",
  75. "test-standalonevm": "vm11",
  76. "test-testproxy": "vm12",
  77. "test-testhvm": "vm14",
  78. }
  79. APPTEMPLATE_R2B2 = '''
  80. [Desktop Entry]
  81. Name=%VMNAME%: {name}
  82. GenericName=%VMNAME%: {name}
  83. GenericName[ca]=%VMNAME%: Navegador web
  84. GenericName[cs]=%VMNAME%: Webový prohlížeč
  85. GenericName[es]=%VMNAME%: Navegador web
  86. GenericName[fa]=%VMNAME%: مرورر اینترنتی
  87. GenericName[fi]=%VMNAME%: WWW-selain
  88. GenericName[fr]=%VMNAME%: Navigateur Web
  89. GenericName[hu]=%VMNAME%: Webböngésző
  90. GenericName[it]=%VMNAME%: Browser Web
  91. GenericName[ja]=%VMNAME%: ウェブ・ブラウザ
  92. GenericName[ko]=%VMNAME%: 웹 브라우저
  93. GenericName[nb]=%VMNAME%: Nettleser
  94. GenericName[nl]=%VMNAME%: Webbrowser
  95. GenericName[nn]=%VMNAME%: Nettlesar
  96. GenericName[no]=%VMNAME%: Nettleser
  97. GenericName[pl]=%VMNAME%: Przeglądarka WWW
  98. GenericName[pt]=%VMNAME%: Navegador Web
  99. GenericName[pt_BR]=%VMNAME%: Navegador Web
  100. GenericName[sk]=%VMNAME%: Internetový prehliadač
  101. GenericName[sv]=%VMNAME%: Webbläsare
  102. Comment={comment}
  103. Comment[ca]=Navegueu per el web
  104. Comment[cs]=Prohlížení stránek World Wide Webu
  105. Comment[de]=Im Internet surfen
  106. Comment[es]=Navegue por la web
  107. Comment[fa]=صفحات شبه جهانی اینترنت را مرور نمایید
  108. Comment[fi]=Selaa Internetin WWW-sivuja
  109. Comment[fr]=Navigue sur Internet
  110. Comment[hu]=A világháló böngészése
  111. Comment[it]=Esplora il web
  112. Comment[ja]=ウェブを閲覧します
  113. Comment[ko]=웹을 돌아 다닙니다
  114. Comment[nb]=Surf på nettet
  115. Comment[nl]=Verken het internet
  116. Comment[nn]=Surf på nettet
  117. Comment[no]=Surf på nettet
  118. Comment[pl]=Przeglądanie stron WWW
  119. Comment[pt]=Navegue na Internet
  120. Comment[pt_BR]=Navegue na Internet
  121. Comment[sk]=Prehliadanie internetu
  122. Comment[sv]=Surfa på webben
  123. Exec=qvm-run -q --tray -a %VMNAME% '{command} %u'
  124. Categories=Network;WebBrowser;
  125. X-Qubes-VmName=%VMNAME%
  126. Icon=%VMDIR%/icon.png
  127. '''
  128. QUBESXML_R1 = '''<?xml version='1.0' encoding='UTF-8'?>
  129. <QubesVmCollection clockvm="2" default_fw_netvm="2" default_kernel="3.2.7-10" default_netvm="3" default_template="1" updatevm="3"><QubesTemplateVm conf_file="fedora-17-x64.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/vm-templates/fedora-17-x64" include_in_backups="True" installed_by_rpm="True" internal="False" kernel="3.2.7-10" kernelopts="" label="gray" maxmem="4063" memory="400" name="fedora-17-x64" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="1" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="none" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesNetVm conf_file="netvm.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/servicevms/netvm" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="iommu=soft swiotlb=2048" label="red" maxmem="4063" memory="200" name="netvm" netid="1" pcidevs="[&apos;00:19.0&apos;, &apos;03:00.0&apos;]" private_img="private.img" qid="2" root_img="root.img" services="{&apos;ntpd&apos;: False, &apos;meminfo-writer&apos;: False}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" vcpus="2" volatile_img="volatile.img" /><QubesProxyVm conf_file="firewallvm.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/servicevms/firewallvm" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="green" maxmem="4063" memory="200" name="firewallvm" netid="2" netvm_qid="2" pcidevs="[]" private_img="private.img" qid="3" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" vcpus="2" volatile_img="volatile.img" /><QubesAppVm conf_file="fedora-17-x64-dvm.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/fedora-17-x64-dvm" include_in_backups="True" installed_by_rpm="False" internal="True" kernel="3.2.7-10" kernelopts="" label="gray" maxmem="4063" memory="400" name="fedora-17-x64-dvm" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="4" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="1" volatile_img="volatile.img" /><QubesAppVm conf_file="test-work.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/test-work" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="green" maxmem="4063" memory="400" name="test-work" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="5" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesAppVm conf_file="personal.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/personal" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="yellow" maxmem="4063" memory="400" name="personal" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="6" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesAppVm conf_file="banking.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/banking" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="green" maxmem="4063" memory="400" name="banking" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="7" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesAppVm conf_file="untrusted.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/untrusted" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="red" maxmem="4063" memory="400" name="untrusted" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="8" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesAppVm conf_file="test-standalonevm.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/test-standalonevm" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="None" kernelopts="" label="red" maxmem="4063" memory="400" name="test-standalonevm" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="9" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="none" uses_default_kernel="False" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesAppVm conf_file="test-testvm.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/test-testvm" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="red" mac="00:16:3E:5E:6C:55" maxmem="4063" memory="400" name="test-testvm" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="10" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesTemplateVm conf_file="test-template-clone.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/vm-templates/test-template-clone" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="gray" maxmem="4063" memory="400" name="test-template-clone" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="11" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="none" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesAppVm conf_file="test-custom-template-appvm.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/appvms/test-custom-template-appvm" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="yellow" maxmem="4063" memory="400" name="test-custom-template-appvm" netvm_qid="3" pcidevs="[]" private_img="private.img" qid="12" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="11" uses_default_kernel="True" uses_default_kernelopts="True" uses_default_netvm="True" vcpus="2" volatile_img="volatile.img" /><QubesProxyVm conf_file="test-testproxy.conf" debug="False" default_user="user" dir_path="/var/lib/qubes/servicevms/test-testproxy" include_in_backups="True" installed_by_rpm="False" internal="False" kernel="3.2.7-10" kernelopts="" label="yellow" maxmem="4063" memory="200" name="test-testproxy" netid="3" netvm_qid="2" pcidevs="[]" private_img="private.img" qid="13" root_img="root.img" services="{&apos;meminfo-writer&apos;: True}" template_qid="1" uses_default_kernel="True" uses_default_kernelopts="True" vcpus="2" volatile_img="volatile.img" /></QubesVmCollection>
  130. '''
  131. BACKUP_HEADER_R2 = '''version=3
  132. hmac-algorithm=SHA512
  133. crypto-algorithm=aes-256-cbc
  134. encrypted={encrypted}
  135. compressed={compressed}
  136. compression-filter=gzip
  137. '''
  138. class TC_00_BackupCompatibility(qubes.tests.BackupTestsMixin, qubes.tests.QubesTestCase):
  139. def create_whitelisted_appmenus(self, filename):
  140. f = open(filename, "w")
  141. f.write("gnome-terminal.desktop\n")
  142. f.write("nautilus.desktop\n")
  143. f.write("firefox.desktop\n")
  144. f.write("mozilla-thunderbird.desktop\n")
  145. f.write("libreoffice-startcenter.desktop\n")
  146. f.close()
  147. def create_appmenus(self, dir, template, list):
  148. for name in list:
  149. f = open(os.path.join(dir, name + ".desktop"), "w")
  150. f.write(template.format(name=name, comment=name, command=name))
  151. f.close()
  152. def create_private_img(self, filename):
  153. self.create_sparse(filename, 2*2**30)
  154. subprocess.check_call(["/usr/sbin/mkfs.ext4", "-q", "-F", filename])
  155. def create_volatile_img(self, filename):
  156. self.create_sparse(filename, 11.5*2**30)
  157. sfdisk_input="0,1024,S\n,10240,L\n"
  158. p = subprocess.Popen(["/usr/sbin/sfdisk", "--no-reread", "-u",
  159. "M",
  160. filename], stdout=open("/dev/null","w"),
  161. stderr=subprocess.STDOUT, stdin=subprocess.PIPE)
  162. p.communicate(input=sfdisk_input)
  163. self.assertEqual(p.returncode, 0, "sfdisk failed with code %d" % p
  164. .returncode)
  165. # TODO: mkswap
  166. def fullpath(self, name):
  167. return os.path.join(self.backupdir, name)
  168. def create_v1_files(self, r2b2=False):
  169. appmenus_list = [
  170. "firefox", "gnome-terminal", "evince", "evolution",
  171. "mozilla-thunderbird", "libreoffice-startcenter", "nautilus",
  172. "gedit", "gpk-update-viewer", "gpk-application"
  173. ]
  174. os.mkdir(self.fullpath("appvms"))
  175. os.mkdir(self.fullpath("servicevms"))
  176. os.mkdir(self.fullpath("vm-templates"))
  177. # normal AppVM
  178. os.mkdir(self.fullpath("appvms/test-work"))
  179. self.create_whitelisted_appmenus(self.fullpath(
  180. "appvms/test-work/whitelisted-appmenus.list"))
  181. os.symlink("/usr/share/qubes/icons/green.png",
  182. self.fullpath("appvms/test-work/icon.png"))
  183. self.create_private_img(self.fullpath("appvms/test-work/private.img"))
  184. # StandaloneVM
  185. os.mkdir(self.fullpath("appvms/test-standalonevm"))
  186. self.create_whitelisted_appmenus(self.fullpath(
  187. "appvms/test-standalonevm/whitelisted-appmenus.list"))
  188. os.symlink("/usr/share/qubes/icons/blue.png",
  189. self.fullpath("appvms/test-standalonevm/icon.png"))
  190. self.create_private_img(self.fullpath(
  191. "appvms/test-standalonevm/private.img"))
  192. self.create_sparse(
  193. self.fullpath("appvms/test-standalonevm/root.img"), 10*2**30)
  194. self.fill_image(self.fullpath("appvms/test-standalonevm/root.img"),
  195. 100*1024*1024, True)
  196. os.mkdir(self.fullpath("appvms/test-standalonevm/apps.templates"))
  197. self.create_appmenus(self.fullpath("appvms/test-standalonevm/apps"
  198. ".templates"),
  199. APPTEMPLATE_R2B2,
  200. appmenus_list)
  201. os.mkdir(self.fullpath("appvms/test-standalonevm/kernels"))
  202. for k_file in ["initramfs", "vmlinuz", "modules.img"]:
  203. self.fill_image(self.fullpath("appvms/test-standalonevm/kernels/"
  204. + k_file), 10*1024*1024)
  205. # VM based on custom template
  206. subprocess.check_call(
  207. ["/bin/cp", "-a", self.fullpath("appvms/test-work"),
  208. self.fullpath("appvms/test-custom-template-appvm")])
  209. # HVM
  210. if r2b2:
  211. subprocess.check_call(
  212. ["/bin/cp", "-a", self.fullpath("appvms/test-standalonevm"),
  213. self.fullpath("appvms/test-testhvm")])
  214. # ProxyVM
  215. os.mkdir(self.fullpath("servicevms/test-testproxy"))
  216. self.create_whitelisted_appmenus(self.fullpath(
  217. "servicevms/test-testproxy/whitelisted-appmenus.list"))
  218. self.create_private_img(
  219. self.fullpath("servicevms/test-testproxy/private.img"))
  220. # Custom template
  221. os.mkdir(self.fullpath("vm-templates/test-template-clone"))
  222. self.create_private_img(
  223. self.fullpath("vm-templates/test-template-clone/private.img"))
  224. self.create_sparse(self.fullpath(
  225. "vm-templates/test-template-clone/root-cow.img"), 10*2**30)
  226. self.create_sparse(self.fullpath(
  227. "vm-templates/test-template-clone/root.img"), 10*2**30)
  228. self.fill_image(self.fullpath(
  229. "vm-templates/test-template-clone/root.img"), 1*2**30, True)
  230. self.create_volatile_img(self.fullpath(
  231. "vm-templates/test-template-clone/volatile.img"))
  232. subprocess.check_call([
  233. "/bin/tar", "cS",
  234. "-f", self.fullpath(
  235. "vm-templates/test-template-clone/clean-volatile.img.tar"),
  236. "-C", self.fullpath("vm-templates/test-template-clone"),
  237. "volatile.img"])
  238. self.create_whitelisted_appmenus(self.fullpath(
  239. "vm-templates/test-template-clone/whitelisted-appmenus.list"))
  240. self.create_whitelisted_appmenus(self.fullpath(
  241. "vm-templates/test-template-clone/vm-whitelisted-appmenus.list"))
  242. if r2b2:
  243. self.create_whitelisted_appmenus(self.fullpath(
  244. "vm-templates/test-template-clone/netvm-whitelisted-appmenus"
  245. ".list"))
  246. os.symlink("/usr/share/qubes/icons/green.png",
  247. self.fullpath("vm-templates/test-template-clone/icon.png"))
  248. os.mkdir(
  249. self.fullpath("vm-templates/test-template-clone/apps.templates"))
  250. self.create_appmenus(
  251. self.fullpath("vm-templates/test-template-clone/apps.templates"),
  252. APPTEMPLATE_R2B2,
  253. appmenus_list)
  254. os.mkdir(self.fullpath("vm-templates/test-template-clone/apps"))
  255. self.create_appmenus(
  256. self.fullpath("vm-templates/test-template-clone/apps"),
  257. APPTEMPLATE_R2B2.replace("%VMNAME%", "test-template-clone")
  258. .replace("%VMDIR%", self.fullpath(
  259. "vm-templates/test-template-clone")),
  260. appmenus_list)
  261. def calculate_hmac(self, f_name, algorithm="sha512", password="qubes"):
  262. subprocess.check_call(["openssl", "dgst", "-"+algorithm, "-hmac",
  263. password],
  264. stdin=open(self.fullpath(f_name), "r"),
  265. stdout=open(self.fullpath(f_name+".hmac"), "w"))
  266. def append_backup_stream(self, f_name, stream, basedir=None):
  267. if not basedir:
  268. basedir = self.backupdir
  269. subprocess.check_call(["tar", "-cO", "--posix", "-C", basedir,
  270. f_name],
  271. stdout=stream)
  272. def handle_v3_file(self, f_name, subdir, stream, compressed=True,
  273. encrypted=True):
  274. # create inner archive
  275. tar_cmdline = ["tar", "-Pc", '--sparse',
  276. '-C', self.fullpath(os.path.dirname(f_name)),
  277. '--xform', 's:^%s:%s\\0:' % (
  278. os.path.basename(f_name),
  279. subdir),
  280. os.path.basename(f_name)
  281. ]
  282. if compressed:
  283. tar_cmdline.insert(-1, "--use-compress-program=%s" % "gzip")
  284. tar = subprocess.Popen(tar_cmdline, stdout=subprocess.PIPE)
  285. if encrypted:
  286. encryptor = subprocess.Popen(
  287. ["openssl", "enc", "-e", "-aes-256-cbc", "-pass", "pass:qubes"],
  288. stdin=tar.stdout,
  289. stdout=subprocess.PIPE)
  290. data = encryptor.stdout
  291. else:
  292. data = tar.stdout
  293. stage1_dir = self.fullpath(os.path.join("stage1", subdir))
  294. if not os.path.exists(stage1_dir):
  295. os.makedirs(stage1_dir)
  296. subprocess.check_call(["split", "--numeric-suffixes",
  297. "--suffix-length=3",
  298. "--bytes="+str(100*1024*1024), "-",
  299. os.path.join(stage1_dir,
  300. os.path.basename(f_name+"."))],
  301. stdin=data)
  302. for part in sorted(os.listdir(stage1_dir)):
  303. if not re.match(
  304. r"^{}.[0-9][0-9][0-9]$".format(os.path.basename(f_name)),
  305. part):
  306. continue
  307. part_with_dir = os.path.join(subdir, part)
  308. self.calculate_hmac(os.path.join("stage1", part_with_dir))
  309. self.append_backup_stream(part_with_dir, stream,
  310. basedir=self.fullpath("stage1"))
  311. self.append_backup_stream(part_with_dir+".hmac", stream,
  312. basedir=self.fullpath("stage1"))
  313. def create_v3_backup(self, encrypted=True, compressed=True):
  314. """
  315. Create "backup format 3" backup - used in R2 and R3.0
  316. :param encrypt: Should the backup be encrypted
  317. :return:
  318. """
  319. output = open(self.fullpath("backup.bin"), "w")
  320. f = open(self.fullpath("backup-header"), "w")
  321. f.write(BACKUP_HEADER_R2.format(
  322. encrypted=str(encrypted),
  323. compressed=str(compressed)
  324. ))
  325. f.close()
  326. self.calculate_hmac("backup-header")
  327. self.append_backup_stream("backup-header", output)
  328. self.append_backup_stream("backup-header.hmac", output)
  329. f = open(self.fullpath("qubes.xml"), "w")
  330. if encrypted:
  331. qubesxml = QUBESXML_R2
  332. for vmname, subdir in MANGLED_SUBDIRS_R2.items():
  333. qubesxml = re.sub(r"[a-z-]*/{}".format(vmname),
  334. subdir, qubesxml)
  335. f.write(qubesxml)
  336. else:
  337. f.write(QUBESXML_R2)
  338. f.close()
  339. self.handle_v3_file("qubes.xml", "", output, encrypted=encrypted,
  340. compressed=compressed)
  341. self.create_v1_files(r2b2=True)
  342. for vm_type in ["appvms", "servicevms"]:
  343. for vm_name in os.listdir(self.fullpath(vm_type)):
  344. vm_dir = os.path.join(vm_type, vm_name)
  345. for f_name in os.listdir(self.fullpath(vm_dir)):
  346. if encrypted:
  347. subdir = MANGLED_SUBDIRS_R2[vm_name]
  348. else:
  349. subdir = vm_dir
  350. self.handle_v3_file(
  351. os.path.join(vm_dir, f_name),
  352. subdir+'/', output, encrypted=encrypted)
  353. for vm_name in os.listdir(self.fullpath("vm-templates")):
  354. vm_dir = os.path.join("vm-templates", vm_name)
  355. if encrypted:
  356. subdir = MANGLED_SUBDIRS_R2[vm_name]
  357. else:
  358. subdir = vm_dir
  359. self.handle_v3_file(
  360. os.path.join(vm_dir, "."),
  361. subdir+'/', output, encrypted=encrypted)
  362. output.close()
  363. def test_100_r1(self):
  364. self.create_v1_files(r2b2=False)
  365. f = open(self.fullpath("qubes.xml"), "w")
  366. f.write(QUBESXML_R1)
  367. f.close()
  368. self.restore_backup(self.backupdir, options={
  369. 'use-default-template': True,
  370. 'use-default-netvm': True,
  371. })
  372. self.assertIsNotNone(self.qc.get_vm_by_name("test-template-clone"))
  373. self.assertIsNotNone(self.qc.get_vm_by_name("test-testproxy"))
  374. self.assertIsNotNone(self.qc.get_vm_by_name("test-work"))
  375. self.assertIsNotNone(self.qc.get_vm_by_name("test-standalonevm"))
  376. self.assertIsNotNone(self.qc.get_vm_by_name(
  377. "test-custom-template-appvm"))
  378. self.assertEqual(self.qc.get_vm_by_name("test-custom-template-appvm")
  379. .template,
  380. self.qc.get_vm_by_name("test-template-clone"))
  381. def test_200_r2b2(self):
  382. self.create_v1_files(r2b2=True)
  383. f = open(self.fullpath("qubes.xml"), "w")
  384. f.write(QUBESXML_R2B2)
  385. f.close()
  386. self.restore_backup(self.backupdir, options={
  387. 'use-default-template': True,
  388. })
  389. self.assertIsNotNone(self.qc.get_vm_by_name("test-template-clone"))
  390. self.assertIsNotNone(self.qc.get_vm_by_name("test-testproxy"))
  391. self.assertIsNotNone(self.qc.get_vm_by_name("test-work"))
  392. self.assertIsNotNone(self.qc.get_vm_by_name("test-testhvm"))
  393. self.assertIsNotNone(self.qc.get_vm_by_name("test-standalonevm"))
  394. self.assertIsNotNone(self.qc.get_vm_by_name(
  395. "test-custom-template-appvm"))
  396. self.assertEqual(self.qc.get_vm_by_name("test-custom-template-appvm")
  397. .template,
  398. self.qc.get_vm_by_name("test-template-clone"))
  399. def test_210_r2(self):
  400. self.create_v3_backup(False)
  401. self.restore_backup(self.fullpath("backup.bin"), options={
  402. 'use-default-template': True,
  403. 'use-default-netvm': True,
  404. })
  405. self.assertIsNotNone(self.qc.get_vm_by_name("test-template-clone"))
  406. self.assertIsNotNone(self.qc.get_vm_by_name("test-testproxy"))
  407. self.assertIsNotNone(self.qc.get_vm_by_name("test-work"))
  408. self.assertIsNotNone(self.qc.get_vm_by_name("test-testhvm"))
  409. self.assertIsNotNone(self.qc.get_vm_by_name("test-standalonevm"))
  410. self.assertIsNotNone(self.qc.get_vm_by_name(
  411. "test-custom-template-appvm"))
  412. self.assertEqual(self.qc.get_vm_by_name("test-custom-template-appvm")
  413. .template,
  414. self.qc.get_vm_by_name("test-template-clone"))
  415. def test_220_r2_encrypted(self):
  416. self.create_v3_backup(True)
  417. self.restore_backup(self.fullpath("backup.bin"), options={
  418. 'use-default-template': True,
  419. 'use-default-netvm': True,
  420. })
  421. self.assertIsNotNone(self.qc.get_vm_by_name("test-template-clone"))
  422. self.assertIsNotNone(self.qc.get_vm_by_name("test-testproxy"))
  423. self.assertIsNotNone(self.qc.get_vm_by_name("test-work"))
  424. self.assertIsNotNone(self.qc.get_vm_by_name("test-testhvm"))
  425. self.assertIsNotNone(self.qc.get_vm_by_name("test-standalonevm"))
  426. self.assertIsNotNone(self.qc.get_vm_by_name(
  427. "test-custom-template-appvm"))
  428. self.assertEqual(self.qc.get_vm_by_name("test-custom-template-appvm")
  429. .template,
  430. self.qc.get_vm_by_name("test-template-clone"))