Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core

Browse Source 
Conflicts:
	version_vm
This commit is contained in:
Joanna Rutkowska 2011-06-24 16:16:44 +02:00
commit 2514401ccd
21 changed files with 230 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -57,5 +57,6 @@ clean:
(cd dom0/restore && make clean)
(cd dom0/qmemman && make clean)
(cd common && make clean)
(cd u2mfn && make clean)
make -C qrexec clean
make -C vchan clean

4
appvm/Makefile
View File

@ -5,9 +5,9 @@ dvm_file_editor: dvm_file_editor.o ../common/ioall.o
$(CC) -pie -g -o $@ $^
qfile-agent-dvm: qfile-agent-dvm.o ../common/ioall.o ../common/gui-fatal.o
$(CC) -pie -g -o $@ $^
qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o copy_file.o crc32.o
qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o
$(CC) -pie -g -o $@ $^
qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o copy_file.o unpack.o crc32.o
qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/unpack.o ../common/crc32.o
$(CC) -pie -g -o $@ $^
clean:

8
appvm/qvm-copy-to-vm
View File

@ -20,15 +20,15 @@
#
#
if [ x"$1" = "x--with-progress" ] ; then
DO_PROGRESS=1
if [ x"$1" = "x--without-progress" ] ; then
DO_PROGRESS=0
shift
else
DO_PROGRESS=0
DO_PROGRESS=1
fi
if [ $# -lt 2 ] ; then
echo usage: $0 '[--with-progress] dest_vmname file [file]+'
echo usage: $0 '[--without-progress] dest_vmname file [file]+'
exit 1
fi

2
common/Makefile
View File

@ -6,4 +6,4 @@ meminfo-writer: meminfo-writer.o
xenstore-watch: xenstore-watch.o
$(CC) -o xenstore-watch xenstore-watch.o -lxenstore
clean:
rm -f meminfo-writer *.o *~
rm -f meminfo-writer xenstore-watch *.o *~

87
common/block-snapshot
View File

@ -5,7 +5,16 @@
# This creates dm-snapshot device on given arguments
dir=$(dirname "$0")
. "$dir/block-common.sh"
if [ "$1" = "prepare" ] || [ "$1" = "cleanup" ]; then
. "$dir/xen-hotplug-common.sh"
command=$1
else
. "$dir/block-common.sh"
fi
shopt -s nullglob
HOTPLUG_STORE="/var/run/xen-hotplug/${XENBUS_PATH//\//-}"
get_dev() {
dev=$1
@ -89,7 +98,6 @@ create_dm_snapshot_origin() {
t=$(xenstore_read_default "$XENBUS_PATH/type" 'MISSING')
case "$command" in
add)
case $t in
@ -117,24 +125,81 @@ case "$command" in
if [ "$t" == "snapshot" ]; then
#that's all for snapshot, store name of prepared device
xenstore_write "$XENBUS_PATH/node" "/dev/mapper/$dm_devname"
echo "/dev/mapper/$dm_devname" > "$HOTPLUG_STORE-node"
write_dev /dev/mapper/$dm_devname
elif [ "$t" == "origin" ]; then
# for origin - prepare snapshot-origin device and store its name
dm_devname=origin-$(stat -c '%D:%i' "$base")
create_dm_snapshot_origin $dm_devname "$base"
xenstore_write "$XENBUS_PATH/node" "/dev/mapper/$dm_devname"
echo "/dev/mapper/$dm_devname" > "$HOTPLUG_STORE-node"
write_dev /dev/mapper/$dm_devname
fi
# Save domain name for template commit on device remove
domain=$(xenstore_read_default "$XENBUS_PATH/domain" '')
if [ -z "$domain" ]; then
domid=$(xenstore_read "$XENBUS_PATH/frontend-id")
domain=$(xl domname $domid)
fi
echo $domain > "$HOTPLUG_STORE-domain"
release_lock "block"
exit 0
;;
esac
;;
prepare)
t=$2
case $t in
snapshot|origin)
p=$3
base=${p/:*/}
cow=${p/*:/}
if [ -L "$base" ]; then
base=$(readlink -f "$base") || fatal "$base link does not exist."
fi
if [ -L "$cow" ]; then
cow=$(readlink -f "$cow") || fatal "$cow link does not exist."
fi
# first ensure that snapshot device exists (to write somewhere changes from snapshot-origin)
dm_devname=$(get_dm_snapshot_name "$base" "$cow")
claim_lock "block"
# prepare snapshot device
create_dm_snapshot $dm_devname "$base" "$cow"
if [ "$t" == "snapshot" ]; then
#that's all for snapshot, store name of prepared device
echo "/dev/mapper/$dm_devname"
elif [ "$t" == "origin" ]; then
# for origin - prepare snapshot-origin device and store its name
dm_devname=origin-$(stat -c '%D:%i' "$base")
create_dm_snapshot_origin $dm_devname "$base"
echo "/dev/mapper/$dm_devname"
fi
release_lock "block"
exit 0
;;
esac
;;
remove)
remove|cleanup)
if [ "$command" = "cleanup" ]; then
t=$2
else
t=$(cat $HOTPLUG_STORE-type)
fi
case $t in
snapshot|origin)
node=$(xenstore_read "$XENBUS_PATH/node")
if [ "$command" = "cleanup" ]; then
node=$3
else
node=$(cat "$HOTPLUG_STORE-node")
fi
if [ -z "$node" ]; then
fatal "No device node to remove"
@ -174,14 +239,16 @@ case "$command" in
dmsetup remove $snap
fi
done
# Commit template changes
domain=$(xenstore_read "$XENBUS_PATH/domain")
if [ "$domain" ]; then
# Dont stop on errors
/usr/bin/qvm-template-commit "$domain" || true
if [ "$command" = "remove" ]; then
# Commit template changes
domain=$(cat "$HOTPLUG_STORE-domain")
if [ "$domain" ]; then
# Dont stop on errors
/usr/bin/qvm-template-commit "$domain" || true
fi
fi
fi
if [ -e $node ]; then
log debug "Removing $node"
dmsetup remove $node

0
appvm/copy_file.c → common/copy_file.c
View File

0
appvm/crc32.c → common/crc32.c
View File

0
appvm/crc32.h → common/crc32.h
View File

0
appvm/filecopy.h → common/filecopy.h
View File

51
common/qubes_download_dom0_updates.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
DOM0_UPDATES_DIR=/var/lib/qubes/dom0-updates
DOIT=0
GUI=1
while [ -n "$1" ]; do
if [ "x--doit" = "x$1" ]; then
DOIT=1
elif [ "x--nogui" = "x$1" ]; then
GUI=0
fi
shift
done
if ! [ -d "$DOM0_UPDATES_DIR" ]; then
echo "Dom0 updates dir does not exists: $DOM0_UPDATES_DIR"
exit 1
fi
mkdir -p $DOM0_UPDATES_DIR/etc
cp /etc/yum.conf $DOM0_UPDATES_DIR/etc/
echo "Checking for updates..."
PKGLIST=`yum --installroot $DOM0_UPDATES_DIR check-update -q | cut -f 1 -d ' '`
if [ -z $PKGLIST ]; then
# No new updates
exit 0
fi
if [ "$DOIT" != "1" ]; then
zenity --question --title="Qubes Dom0 updates" \
--text="Updates for dom0 available. Do you want to download its now?" || exit 0
fi
mkdir -p "$DOM0_UPDATES_DIR/packages"
set -e
if [ "$GUI" = 1 ]; then
( echo "1"
yumdownloader --destdir "$DOM0_UPDATES_DIR/packages" --installroot "$DOM0_UPDATES_DIR" $PKGLIST
echo 100 ) | zenity --progress --pulsate --auto-close --auto-kill \
--text="Downloading updates for Dom0, please wait..." --title="Qubes Dom0 updates"
else
yumdownloader --destdir "$DOM0_UPDATES_DIR/packages" --installroot "$DOM0_UPDATES_DIR" $PKGLIST
fi
# qvm-copy-to-vm works only from user
su -c "qvm-copy-to-vm @dom0updates $DOM0_UPDATES_DIR/packages/*.rpm" user

2
common/qubes_network.rules Normal file
View File

@ -0,0 +1,2 @@
SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", RUN+="/usr/lib/qubes/setup_ip"

1
common/qubes_trigger_sync_appmenus.action Normal file
View File

@ -0,0 +1 @@
*:any:/usr/lib/qubes/qubes_trigger_sync_appmenus.sh

7
common/qubes_trigger_sync_appmenus.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
UPDATEABLE=`/usr/bin/xenstore-read qubes_vm_updateable`
if [ "$UPDATEABLE" = "True" ]; then
echo -n SYNC > /var/run/qubes/qrexec_agent
fi

13
common/setup_ip Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh
ip=`/usr/bin/xenstore-read qubes_ip`
netmask=`/usr/bin/xenstore-read qubes_netmask`
gateway=`/usr/bin/xenstore-read qubes_gateway`
secondary_dns=`/usr/bin/xenstore-read qubes_secondary_dns`
if [ x$ip != x ]; then
/sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255
/sbin/ifconfig $INTERFACE up
/sbin/route add default dev $INTERFACE
echo "nameserver $gateway" > /etc/resolv.conf
echo "nameserver $secondary_dns" >> /etc/resolv.conf
fi

1
appvm/unpack.c → common/unpack.c
View File

@ -1,3 +1,4 @@
#define _GNU_SOURCE /* For O_NOFOLLOW. */
#include <errno.h>
#include <ioall.h>
#include <fcntl.h>

42
netvm/dbus-nm-applet.conf
View File

@ -1,42 +0,0 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!--
WARNING: if running any D-Bus version prior to 1.2.6, you may be
vulnerable to information leakage via the NM D-Bus interface.
Previous D-Bus versions did not deny-by-default, and this permissions
config file assumes that D-Bus will deny rules by default unless
explicitly over-ridden with an <allow /> tag.
-->
<policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
<!-- Only root can get secrets -->
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
</policy>
<policy user="user">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
</policy>
<policy context="default">
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
<limit name="max_replies_per_connection">512</limit>
</busconfig>

5
proxyvm/bin/qubes_firewall
View File

@ -19,6 +19,9 @@ while true; do
IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d')
OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || :`
/usr/bin/xenstore-write $XENSTORE_ERROR "$OUT"
if [ "$OUT" ]; then
DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
fi
if [[ -z "$OUT" ]]; then
# If OK save it for later
@ -29,5 +32,5 @@ while true; do
fi
# Wait for changes in xenstore file
/usr/bin/xenstore-watch $XENSTORE_IPTABLES
/usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES
done

4
proxyvm/bin/qubes_netwatcher
View File

@ -24,8 +24,8 @@ while true; do
/usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG"
fi
/usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip
/usr/bin/xenstore-watch-qubes /local/domain/$NET_DOMID/qubes_netvm_external_ip
else
/usr/bin/xenstore-watch qubes_netvm_domid
/usr/bin/xenstore-watch-qubes qubes_netvm_domid
fi
done

68
rpm_spec/core-commonvm.spec
View File

@ -33,6 +33,7 @@ License: GPL
URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read
Requires: fedora-release
Requires: yum-plugin-post-transaction-actions
BuildRequires: xen-devel
%define _builddir %(pwd)/common
@ -71,24 +72,76 @@ install -m 644 RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
mkdir -p $RPM_BUILD_ROOT/sbin
cp qubes_serial_login $RPM_BUILD_ROOT/sbin
mkdir -p $RPM_BUILD_ROOT/usr/bin
cp xenstore-watch $RPM_BUILD_ROOT/usr/bin
cp xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
mkdir -p $RPM_BUILD_ROOT/etc
cp serial.conf $RPM_BUILD_ROOT/var/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/
cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions
cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
%triggerin -- initscripts
cp /var/lib/qubes/serial.conf /etc/init/serial.conf
%post
# Disable gpk-update-icon
sed 's/^NotShowIn=KDE;$/\0QUBES;/' -i /etc/xdg/autostart/gpk-update-icon.desktop
# disable some Upstart services
for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
if [ -e /etc/init/$F.conf ]; then
mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled
fi
done
remove_ShowIn () {
if [ -e /etc/xdg/autostart/$1.desktop ]; then
sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
fi
}
# don't want it at all
for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto ; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop
fi
done
# don't want it in DisposableVM
for F in gcm-apply ; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop
fi
done
# want it in AppVM only
for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
fi
done
# remove existing rule to add own later
for F in gpk-update-icon nm-applet ; do
remove_ShowIn $F
done
echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || :
usermod -p '' root
if [ "$1" != 1 ] ; then
# do this whole %post thing only when updating for the first time...
exit 0
fi
usermod -L root
if ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
@ -177,4 +230,9 @@ rm -rf $RPM_BUILD_ROOT
/etc/yum.repos.d/qubes%{dist}.repo
/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes*
/sbin/qubes_serial_login
/usr/bin/xenstore-watch
/usr/bin/xenstore-watch-qubes
/etc/udev/rules.d/qubes_network.rules
/usr/lib/qubes/setup_ip
/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
/usr/lib/qubes/qubes_trigger_sync_appmenus.sh
/usr/lib/qubes/qubes_download_dom0_updates.sh

9
rpm_spec/core-netvm.spec
View File

@ -66,9 +66,6 @@ mkdir -p $RPM_BUILD_ROOT/var/run/qubes
mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts
cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
mkdir -p $RPM_BUILD_ROOT/etc/dbus-1/system.d
cp ../netvm/dbus-nm-applet.conf $RPM_BUILD_ROOT/etc/dbus-1/system.d/qubes-nm-applet.conf
%post
# Create NetworkManager configuration if we do not have it
@ -91,11 +88,6 @@ if [ "$1" = 0 ] ; then
chkconfig qubes_core_netvm off
fi
%triggerin -- NetworkManager
# Fix PolicyKit settings to allow run as normal user not visible to ConsoleKit
sed 's#<defaults>$#\0<allow_any>yes</allow_any>#' -i /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
%clean
rm -rf $RPM_BUILD_ROOT
@ -108,4 +100,3 @@ rm -rf $RPM_BUILD_ROOT
/etc/NetworkManager/dispatcher.d/qubes_nmhook
/etc/NetworkManager/dispatcher.d/30-qubes_external_ip
/etc/xen/scripts/vif-route-qubes
/etc/dbus-1/system.d/qubes-nm-applet.conf

2
version_vm
View File

@ -1 +1 @@
1.5.28
1.6.1