Merge branch 'master' of git://git.qubes-os.org/marmarek/core-agent-linux

Conflicts:
	Makefile

Makefile

@@ -104,6 +104,7 @@ install-vm:
 	install -m 0400 -D network/ip6tables $(DESTDIR)/etc/sysconfig/ip6tables
 	install -m 0644 -D network/tinyproxy-qubes-yum.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-qubes-yum.conf
 	install -m 0644 -D network/filter-qubes-yum $(DESTDIR)/etc/tinyproxy/filter-qubes-yum
+	install -m 0755 -D network/iptables-yum-proxy $(DESTDIR)/usr/lib/qubes/iptables-yum-proxy
 
 	install -d $(DESTDIR)/etc/yum.conf.d
 	touch $(DESTDIR)/etc/yum.conf.d/qubes-proxy.conf
@@ -130,6 +131,7 @@ install-vm:
 	install -m 0644 qubes-rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell,qubes.SyncNtpClock} $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.WaitForSession $(DESTDIR)/etc/qubes-rpc
+	install -m 0644 qubes-rpc/qubes.DetachPciDevice $(DESTDIR)/etc/qubes-rpc
 
 	install -d $(DESTDIR)/usr/share/file-manager/actions
 	install -m 0644 qubes-rpc/*-gnome.desktop $(DESTDIR)/usr/share/file-manager/actions

misc/serial.conf

@@ -18,4 +18,4 @@ stop on runlevel [016]
 instance $DEV
 respawn
 pre-start exec /sbin/securetty $DEV
-exec /sbin/agetty -l /sbin/qubes-serial-login /dev/$DEV $SPEED vt100-nav
+exec /sbin/agetty -l /usr/sbin/qubes-serial-login /dev/$DEV $SPEED vt100-nav

network/iptables-yum-proxy

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+if [ "$1" == "start" ]; then
+    CMD="-I"
+else
+    # Remove rules
+    CMD="-D"
+fi
+
+cat <<__EOF__ | iptables-restore -n
+*filter
+$CMD INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
+COMMIT
+*nat
+$CMD PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
+COMMIT
+__EOF__

qubes-rpc/prepare-suspend

@@ -10,7 +10,10 @@ if [ x"$action" == x"suspend" ]; then
         ip l s $if down
     done
     modprobe -r uhci_hcd ehci_hcd ehci_pci
+    lsmod|grep -q iwldvm && touch /var/run/qubes/suspend-iwldvm-loaded
+    modprobe -r iwldvm
 else
-    modprobe ehci_pci; modprobe uhci_hcd;
+    modprobe ehci_pci; modprobe uhci_hcd
+    test -e /var/run/qubes/suspend-iwldvm-loaded && modprobe iwldvm
     nmcli nm sleep false || { [ -x /bin/systemctl ] && systemctl start NetworkManager.service; } || service qubes-core-netvm start
 fi

qubes-rpc/qfile-agent.c

@@ -18,6 +18,8 @@ enum {
 	PROGRESS_FLAG_DONE
 };
 
+int ignore_symlinks = 0;
+
 unsigned long crc32_sum;
 int write_all_with_crc(int fd, void *buf, int size)
 {
@@ -51,6 +53,9 @@ void do_notify_progress(long long total, int flag)
 void wait_for_result()
 {
 	struct result_header hdr;
+	struct result_header_ext hdr_ext;
+	char last_filename[MAX_PATH_LENGTH + 1];
+	char last_filename_prefix[] = "; Last file: ";
 
 	if (!read_all(0, &hdr, sizeof(hdr))) {
 		if (errno == EAGAIN) {
@@ -61,17 +66,35 @@ void wait_for_result()
 			exit(1);	// hopefully remote has produced error message
 		}
 	}
+	if (!read_all(0, &hdr_ext, sizeof(hdr_ext))) {
+		// remote used old result_header struct
+		hdr_ext.last_namelen = 0;
+	}
+	if (hdr_ext.last_namelen > MAX_PATH_LENGTH) {
+		// read only at most MAX_PATH_LENGTH chars
+		hdr_ext.last_namelen = MAX_PATH_LENGTH;
+	}
+	if (!read_all(0, last_filename, hdr_ext.last_namelen)) {
+		fprintf(stderr, "Failed to get last filename\n");
+		hdr_ext.last_namelen = 0;
+	}
+	last_filename[hdr_ext.last_namelen] = '\0';
+	if (!hdr_ext.last_namelen)
+		/* set prefix to empty string */
+		last_filename_prefix[0] = '\0';
+
+	errno = hdr.error_code;
 	if (hdr.error_code != 0) {
 		switch (hdr.error_code) {
 			case EEXIST:
-				gui_fatal("File copy: not overwriting existing file. Clean QubesIncoming dir, and retry copy");
+				gui_fatal("File copy: not overwriting existing file. Clean QubesIncoming dir, and retry copy%s%s", last_filename_prefix, last_filename);
 				break;
 			case EINVAL:
-				gui_fatal("File copy: Corrupted data from packer");
+				gui_fatal("File copy: Corrupted data from packer%s%s", last_filename_prefix, last_filename);
 				break;
 			default:
-				gui_fatal("File copy: %s",
-						strerror(hdr.error_code));
+				gui_fatal("File copy: %s%s%s",
+						strerror(hdr.error_code), last_filename_prefix, last_filename);
 		}
 	}
 	if (hdr.crc32 != crc32_sum) {
@@ -143,7 +166,7 @@ int single_file_processor(char *filename, struct stat *st)
 		hdr.filelen = 0;
 		write_headers(&hdr, filename);
 	}
-	if (S_ISLNK(mode)) {
+	if (S_ISLNK(mode) && !ignore_symlinks) {
 		char name[st->st_size + 1];
 		if (readlink(filename, name, sizeof(name)) != st->st_size)
 			gui_fatal("readlink %s", filename);
@@ -227,6 +250,11 @@ int main(int argc, char **argv)
 	crc32_sum = 0;
 	cwd = getcwd(NULL, 0);
 	for (i = 1; i < argc; i++) {
+		if (strcmp(argv[i], "--ignore-symlinks")==0) {
+			ignore_symlinks = 1;
+			continue;
+		}
+
 		entry = get_abs_path(cwd, argv[i]);
 
 		do {

qubes-rpc/qubes.DetachPciDevice

@@ -0,0 +1,4 @@
+#!/bin/sh
+read dev
+BDF=0000:$dev
+echo $BDF > /sys/bus/pci/devices/$BDF/driver/unbind

qubes-rpc/qvm-copy-to-vm

@@ -37,7 +37,7 @@ VM="$1"
 shift
 
 if [ $PROGRESS_TYPE = console ] ; then
-	export FILECOPY_TOTAL_SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
+	export FILECOPY_TOTAL_SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
 fi
 
 exec /usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy /usr/lib/qubes/qfile-agent "$@"

qubes-rpc/qvm-copy-to-vm.gnome

@@ -23,7 +23,7 @@
 VM=$(qvm-mru-entry --title="File Copy" --text="Enter the destination domain name:" --mrufile "qvm-mru-filecopy")
 if [ X$VM = X ] ; then exit 0 ; fi
 
-SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
+SIZE=$(du --apparent-size -c -- "$@" 2>/dev/null | tail -1 | cut -f 1)
 
 export PROGRESS_TYPE=gui
 

qubes-rpc/qvm-copy-to-vm.kde

@@ -23,7 +23,7 @@
 VM=$(kdialog -inputbox "Enter the VM name to send files to:")
 if [ X$VM = X ] ; then exit 0 ; fi
 
-SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
+SIZE=$(du --apparent-size -c -- "$@" 2> /dev/null | tail -1 | cut -f 1)
 REF=$(kdialog --progressbar "Copy progress")
 qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE
 

rpm_spec/core-vm.spec

@@ -276,6 +276,7 @@ rm -f %{name}-%{version}
 /etc/qubes-rpc/qubes.SuspendPre
 /etc/qubes-rpc/qubes.SuspendPost
 /etc/qubes-rpc/qubes.WaitForSession
+/etc/qubes-rpc/qubes.DetachPciDevice
 /etc/sudoers.d/qubes
 %config(noreplace) /etc/sysconfig/iptables
 %config(noreplace) /etc/sysconfig/ip6tables
@@ -291,7 +292,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/yum.repos.d/qubes.repo
 /etc/yum/pluginconf.d/yum-qubes-hooks.conf
 /etc/yum/post-actions/qubes-trigger-sync-appmenus.action
-/sbin/qubes-serial-login
+/usr/sbin/qubes-serial-login
 /usr/bin/qvm-copy-to-vm
 /usr/bin/qvm-open-in-dvm
 /usr/bin/qvm-open-in-vm
@@ -323,6 +324,7 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/setup-ip
 /usr/lib/qubes/vm-file-editor
 /usr/lib/qubes/wrap-in-html-if-url.sh
+/usr/lib/qubes/iptables-yum-proxy
 /usr/lib/yum-plugins/yum-qubes-hooks.py*
 /usr/sbin/qubes-firewall
 /usr/sbin/qubes-netwatcher

version

@@ -1 +1 @@
-2.1.14
+2.1.15

vm-systemd/network-proxy-setup.sh

@@ -11,5 +11,5 @@ if [ "x$network" != "x" ]; then
     echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
     /usr/lib/qubes/qubes-setup-dnat-to-ns
     echo "1" > /proc/sys/net/ipv4/ip_forward
-    /sbin/ethtool -K eth0 sg off
+    /sbin/ethtool -K eth0 sg off || :
 fi

vm-systemd/qubes-yum-proxy.service

@@ -5,11 +5,9 @@ After=iptables.service
 
 [Service]
 ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy
-ExecStartPre=/sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
-ExecStartPre=/sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
+ExecStartPre=/usr/lib/qubes/iptables-yum-proxy start
 ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-qubes-yum.conf
-ExecStopPost=/sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
-ExecStopPost=/sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
+ExecStopPost=/usr/lib/qubes/iptables-yum-proxy stop
 
 [Install]
 WantedBy=multi-user.target