diff --git a/Makefile b/Makefile index 6df5998..881b6a4 100644 --- a/Makefile +++ b/Makefile @@ -57,5 +57,6 @@ clean: (cd dom0/restore && make clean) (cd dom0/qmemman && make clean) (cd common && make clean) + (cd u2mfn && make clean) make -C qrexec clean make -C vchan clean diff --git a/appvm/Makefile b/appvm/Makefile index df9989e..d1e1040 100644 --- a/appvm/Makefile +++ b/appvm/Makefile @@ -5,9 +5,9 @@ dvm_file_editor: dvm_file_editor.o ../common/ioall.o $(CC) -pie -g -o $@ $^ qfile-agent-dvm: qfile-agent-dvm.o ../common/ioall.o ../common/gui-fatal.o $(CC) -pie -g -o $@ $^ -qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o copy_file.o crc32.o +qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o $(CC) -pie -g -o $@ $^ -qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o copy_file.o unpack.o crc32.o +qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/unpack.o ../common/crc32.o $(CC) -pie -g -o $@ $^ clean: diff --git a/appvm/qvm-copy-to-vm b/appvm/qvm-copy-to-vm index ff4d620..eaf8c8f 100755 --- a/appvm/qvm-copy-to-vm +++ b/appvm/qvm-copy-to-vm @@ -20,15 +20,15 @@ # # -if [ x"$1" = "x--with-progress" ] ; then - DO_PROGRESS=1 +if [ x"$1" = "x--without-progress" ] ; then + DO_PROGRESS=0 shift else - DO_PROGRESS=0 + DO_PROGRESS=1 fi if [ $# -lt 2 ] ; then - echo usage: $0 '[--with-progress] dest_vmname file [file]+' + echo usage: $0 '[--without-progress] dest_vmname file [file]+' exit 1 fi diff --git a/common/Makefile b/common/Makefile index 4f8df46..3b01506 100644 --- a/common/Makefile +++ b/common/Makefile @@ -6,4 +6,4 @@ meminfo-writer: meminfo-writer.o xenstore-watch: xenstore-watch.o $(CC) -o xenstore-watch xenstore-watch.o -lxenstore clean: - rm -f meminfo-writer *.o *~ + rm -f meminfo-writer xenstore-watch *.o *~ diff --git a/common/block-snapshot b/common/block-snapshot index 14752da..719b10a 100755 --- a/common/block-snapshot +++ b/common/block-snapshot @@ -5,7 +5,16 @@ # This creates dm-snapshot device on given arguments dir=$(dirname "$0") -. "$dir/block-common.sh" +if [ "$1" = "prepare" ] || [ "$1" = "cleanup" ]; then + . "$dir/xen-hotplug-common.sh" + command=$1 +else + . "$dir/block-common.sh" +fi + +shopt -s nullglob + +HOTPLUG_STORE="/var/run/xen-hotplug/${XENBUS_PATH//\//-}" get_dev() { dev=$1 @@ -89,7 +98,6 @@ create_dm_snapshot_origin() { t=$(xenstore_read_default "$XENBUS_PATH/type" 'MISSING') - case "$command" in add) case $t in @@ -117,24 +125,81 @@ case "$command" in if [ "$t" == "snapshot" ]; then #that's all for snapshot, store name of prepared device xenstore_write "$XENBUS_PATH/node" "/dev/mapper/$dm_devname" + echo "/dev/mapper/$dm_devname" > "$HOTPLUG_STORE-node" write_dev /dev/mapper/$dm_devname elif [ "$t" == "origin" ]; then # for origin - prepare snapshot-origin device and store its name dm_devname=origin-$(stat -c '%D:%i' "$base") create_dm_snapshot_origin $dm_devname "$base" xenstore_write "$XENBUS_PATH/node" "/dev/mapper/$dm_devname" + echo "/dev/mapper/$dm_devname" > "$HOTPLUG_STORE-node" write_dev /dev/mapper/$dm_devname fi + # Save domain name for template commit on device remove + domain=$(xenstore_read_default "$XENBUS_PATH/domain" '') + if [ -z "$domain" ]; then + domid=$(xenstore_read "$XENBUS_PATH/frontend-id") + domain=$(xl domname $domid) + fi + echo $domain > "$HOTPLUG_STORE-domain" + + release_lock "block" + exit 0 + ;; + esac + ;; + prepare) + t=$2 + case $t in + snapshot|origin) + p=$3 + base=${p/:*/} + cow=${p/*:/} + + if [ -L "$base" ]; then + base=$(readlink -f "$base") || fatal "$base link does not exist." + fi + + if [ -L "$cow" ]; then + cow=$(readlink -f "$cow") || fatal "$cow link does not exist." + fi + + # first ensure that snapshot device exists (to write somewhere changes from snapshot-origin) + dm_devname=$(get_dm_snapshot_name "$base" "$cow") + + claim_lock "block" + + # prepare snapshot device + create_dm_snapshot $dm_devname "$base" "$cow" + + if [ "$t" == "snapshot" ]; then + #that's all for snapshot, store name of prepared device + echo "/dev/mapper/$dm_devname" + elif [ "$t" == "origin" ]; then + # for origin - prepare snapshot-origin device and store its name + dm_devname=origin-$(stat -c '%D:%i' "$base") + create_dm_snapshot_origin $dm_devname "$base" + echo "/dev/mapper/$dm_devname" + fi release_lock "block" exit 0 ;; esac ;; - remove) + remove|cleanup) + if [ "$command" = "cleanup" ]; then + t=$2 + else + t=$(cat $HOTPLUG_STORE-type) + fi case $t in snapshot|origin) - node=$(xenstore_read "$XENBUS_PATH/node") + if [ "$command" = "cleanup" ]; then + node=$3 + else + node=$(cat "$HOTPLUG_STORE-node") + fi if [ -z "$node" ]; then fatal "No device node to remove" @@ -174,14 +239,16 @@ case "$command" in dmsetup remove $snap fi done - # Commit template changes - domain=$(xenstore_read "$XENBUS_PATH/domain") - if [ "$domain" ]; then - # Dont stop on errors - /usr/bin/qvm-template-commit "$domain" || true + if [ "$command" = "remove" ]; then + # Commit template changes + domain=$(cat "$HOTPLUG_STORE-domain") + if [ "$domain" ]; then + # Dont stop on errors + /usr/bin/qvm-template-commit "$domain" || true + fi fi fi - + if [ -e $node ]; then log debug "Removing $node" dmsetup remove $node diff --git a/appvm/copy_file.c b/common/copy_file.c similarity index 100% rename from appvm/copy_file.c rename to common/copy_file.c diff --git a/appvm/crc32.c b/common/crc32.c similarity index 100% rename from appvm/crc32.c rename to common/crc32.c diff --git a/appvm/crc32.h b/common/crc32.h similarity index 100% rename from appvm/crc32.h rename to common/crc32.h diff --git a/appvm/filecopy.h b/common/filecopy.h similarity index 100% rename from appvm/filecopy.h rename to common/filecopy.h diff --git a/common/qubes_download_dom0_updates.sh b/common/qubes_download_dom0_updates.sh new file mode 100755 index 0000000..488eecb --- /dev/null +++ b/common/qubes_download_dom0_updates.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +DOM0_UPDATES_DIR=/var/lib/qubes/dom0-updates + +DOIT=0 +GUI=1 +while [ -n "$1" ]; do + if [ "x--doit" = "x$1" ]; then + DOIT=1 + elif [ "x--nogui" = "x$1" ]; then + GUI=0 + fi + shift +done + +if ! [ -d "$DOM0_UPDATES_DIR" ]; then + echo "Dom0 updates dir does not exists: $DOM0_UPDATES_DIR" + exit 1 +fi + +mkdir -p $DOM0_UPDATES_DIR/etc +cp /etc/yum.conf $DOM0_UPDATES_DIR/etc/ + +echo "Checking for updates..." +PKGLIST=`yum --installroot $DOM0_UPDATES_DIR check-update -q | cut -f 1 -d ' '` + +if [ -z $PKGLIST ]; then + # No new updates + exit 0 +fi + +if [ "$DOIT" != "1" ]; then + zenity --question --title="Qubes Dom0 updates" \ + --text="Updates for dom0 available. Do you want to download its now?" || exit 0 +fi + +mkdir -p "$DOM0_UPDATES_DIR/packages" + +set -e + +if [ "$GUI" = 1 ]; then + ( echo "1" + yumdownloader --destdir "$DOM0_UPDATES_DIR/packages" --installroot "$DOM0_UPDATES_DIR" $PKGLIST + echo 100 ) | zenity --progress --pulsate --auto-close --auto-kill \ + --text="Downloading updates for Dom0, please wait..." --title="Qubes Dom0 updates" +else + yumdownloader --destdir "$DOM0_UPDATES_DIR/packages" --installroot "$DOM0_UPDATES_DIR" $PKGLIST +fi + +# qvm-copy-to-vm works only from user +su -c "qvm-copy-to-vm @dom0updates $DOM0_UPDATES_DIR/packages/*.rpm" user diff --git a/common/qubes_network.rules b/common/qubes_network.rules new file mode 100644 index 0000000..077c841 --- /dev/null +++ b/common/qubes_network.rules @@ -0,0 +1,2 @@ + +SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", RUN+="/usr/lib/qubes/setup_ip" diff --git a/common/qubes_trigger_sync_appmenus.action b/common/qubes_trigger_sync_appmenus.action new file mode 100644 index 0000000..ad56a8f --- /dev/null +++ b/common/qubes_trigger_sync_appmenus.action @@ -0,0 +1 @@ +*:any:/usr/lib/qubes/qubes_trigger_sync_appmenus.sh diff --git a/common/qubes_trigger_sync_appmenus.sh b/common/qubes_trigger_sync_appmenus.sh new file mode 100755 index 0000000..fc5301a --- /dev/null +++ b/common/qubes_trigger_sync_appmenus.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +UPDATEABLE=`/usr/bin/xenstore-read qubes_vm_updateable` + +if [ "$UPDATEABLE" = "True" ]; then + echo -n SYNC > /var/run/qubes/qrexec_agent +fi diff --git a/common/setup_ip b/common/setup_ip new file mode 100755 index 0000000..aec795e --- /dev/null +++ b/common/setup_ip @@ -0,0 +1,13 @@ +#!/bin/sh + +ip=`/usr/bin/xenstore-read qubes_ip` +netmask=`/usr/bin/xenstore-read qubes_netmask` +gateway=`/usr/bin/xenstore-read qubes_gateway` +secondary_dns=`/usr/bin/xenstore-read qubes_secondary_dns` +if [ x$ip != x ]; then + /sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255 + /sbin/ifconfig $INTERFACE up + /sbin/route add default dev $INTERFACE + echo "nameserver $gateway" > /etc/resolv.conf + echo "nameserver $secondary_dns" >> /etc/resolv.conf +fi diff --git a/appvm/unpack.c b/common/unpack.c similarity index 98% rename from appvm/unpack.c rename to common/unpack.c index e2e809c..70cc8fb 100644 --- a/appvm/unpack.c +++ b/common/unpack.c @@ -1,3 +1,4 @@ +#define _GNU_SOURCE /* For O_NOFOLLOW. */ #include #include #include diff --git a/netvm/dbus-nm-applet.conf b/netvm/dbus-nm-applet.conf deleted file mode 100644 index 0d0f082..0000000 --- a/netvm/dbus-nm-applet.conf +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - 512 - - diff --git a/proxyvm/bin/qubes_firewall b/proxyvm/bin/qubes_firewall index 6f1cc26..fbac295 100755 --- a/proxyvm/bin/qubes_firewall +++ b/proxyvm/bin/qubes_firewall @@ -19,6 +19,9 @@ while true; do IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d') OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || :` /usr/bin/xenstore-write $XENSTORE_ERROR "$OUT" + if [ "$OUT" ]; then + DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || : + fi if [[ -z "$OUT" ]]; then # If OK save it for later @@ -29,5 +32,5 @@ while true; do fi # Wait for changes in xenstore file - /usr/bin/xenstore-watch $XENSTORE_IPTABLES + /usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES done diff --git a/proxyvm/bin/qubes_netwatcher b/proxyvm/bin/qubes_netwatcher index 9b9f279..f250cc1 100755 --- a/proxyvm/bin/qubes_netwatcher +++ b/proxyvm/bin/qubes_netwatcher @@ -24,8 +24,8 @@ while true; do /usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG" fi - /usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip + /usr/bin/xenstore-watch-qubes /local/domain/$NET_DOMID/qubes_netvm_external_ip else - /usr/bin/xenstore-watch qubes_netvm_domid + /usr/bin/xenstore-watch-qubes qubes_netvm_domid fi done diff --git a/rpm_spec/core-commonvm.spec b/rpm_spec/core-commonvm.spec index 0da0f39..d754c36 100644 --- a/rpm_spec/core-commonvm.spec +++ b/rpm_spec/core-commonvm.spec @@ -33,6 +33,7 @@ License: GPL URL: http://www.qubes-os.org Requires: /usr/bin/xenstore-read Requires: fedora-release +Requires: yum-plugin-post-transaction-actions BuildRequires: xen-devel %define _builddir %(pwd)/common @@ -71,24 +72,76 @@ install -m 644 RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ mkdir -p $RPM_BUILD_ROOT/sbin cp qubes_serial_login $RPM_BUILD_ROOT/sbin mkdir -p $RPM_BUILD_ROOT/usr/bin -cp xenstore-watch $RPM_BUILD_ROOT/usr/bin +cp xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes mkdir -p $RPM_BUILD_ROOT/etc cp serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ +mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d +cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/ +mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/ +cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/ +cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/ +mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions +cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/ +mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes +cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/ +mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates %triggerin -- initscripts cp /var/lib/qubes/serial.conf /etc/init/serial.conf %post -# Disable gpk-update-icon -sed 's/^NotShowIn=KDE;$/\0QUBES;/' -i /etc/xdg/autostart/gpk-update-icon.desktop +# disable some Upstart services +for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do + if [ -e /etc/init/$F.conf ]; then + mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled + fi +done +remove_ShowIn () { + if [ -e /etc/xdg/autostart/$1.desktop ]; then + sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop + fi +} + +# don't want it at all +for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop + fi +done + +# don't want it in DisposableVM +for F in gcm-apply ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop + fi +done + +# want it in AppVM only +for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop + fi +done + +# remove existing rule to add own later +for F in gpk-update-icon nm-applet ; do + remove_ShowIn $F +done + +echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : +echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || : + +usermod -p '' root if [ "$1" != 1 ] ; then # do this whole %post thing only when updating for the first time... exit 0 fi -usermod -L root if ! [ -f /var/lib/qubes/serial.orig ] ; then cp /etc/init/serial.conf /var/lib/qubes/serial.orig fi @@ -177,4 +230,9 @@ rm -rf $RPM_BUILD_ROOT /etc/yum.repos.d/qubes%{dist}.repo /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes* /sbin/qubes_serial_login -/usr/bin/xenstore-watch +/usr/bin/xenstore-watch-qubes +/etc/udev/rules.d/qubes_network.rules +/usr/lib/qubes/setup_ip +/etc/yum/post-actions/qubes_trigger_sync_appmenus.action +/usr/lib/qubes/qubes_trigger_sync_appmenus.sh +/usr/lib/qubes/qubes_download_dom0_updates.sh diff --git a/rpm_spec/core-netvm.spec b/rpm_spec/core-netvm.spec index 07200b4..a4c966b 100644 --- a/rpm_spec/core-netvm.spec +++ b/rpm_spec/core-netvm.spec @@ -66,9 +66,6 @@ mkdir -p $RPM_BUILD_ROOT/var/run/qubes mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts -mkdir -p $RPM_BUILD_ROOT/etc/dbus-1/system.d -cp ../netvm/dbus-nm-applet.conf $RPM_BUILD_ROOT/etc/dbus-1/system.d/qubes-nm-applet.conf - %post # Create NetworkManager configuration if we do not have it @@ -91,11 +88,6 @@ if [ "$1" = 0 ] ; then chkconfig qubes_core_netvm off fi -%triggerin -- NetworkManager -# Fix PolicyKit settings to allow run as normal user not visible to ConsoleKit -sed 's#$#\0yes#' -i /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy - - %clean rm -rf $RPM_BUILD_ROOT @@ -108,4 +100,3 @@ rm -rf $RPM_BUILD_ROOT /etc/NetworkManager/dispatcher.d/qubes_nmhook /etc/NetworkManager/dispatcher.d/30-qubes_external_ip /etc/xen/scripts/vif-route-qubes -/etc/dbus-1/system.d/qubes-nm-applet.conf diff --git a/version_vm b/version_vm index ac2f82c..9c6d629 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.5.28 +1.6.1