From 128af0d191ab1e4e79bea665172ed4fc6c430635 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 19 Oct 2017 15:03:06 +0200 Subject: [PATCH 1/4] debian: disable timer-based apt-get Debian stretch in default configuration calls apt-get update every 24h. And additionally, have automatic unattended security updates enabled. Generally it would be good thing on standalone system, but in AppVM which loose its rootfs changes after restart it is a waste of resources. Especially when it kicks in on multiple VMs simultaneously, while on battery (apt-daily.service have ConditionACPower=true, but VM don't have that information...). It would make some sense on TemplateVM/StandaloneVM, but then it kicks in just at VM startup. Which conflicts with starting the update manually then (by clicking "update VM" button in manager for example, or using salt). So, disable this feature completely. The actual solution is based on pkg-manager-no-autoupdate by @adrelanos. Fixes QubesOS/qubes-issues#2621 --- Makefile | 1 + debian/qubes-core-agent.install | 1 + misc/apt-conf-70no-unattended | 26 ++++++++++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 misc/apt-conf-70no-unattended diff --git a/Makefile b/Makefile index 932bf33..42f8c6e 100644 --- a/Makefile +++ b/Makefile @@ -326,6 +326,7 @@ install-deb: install-common install-systemd install-systemd-dropins install -d $(DESTDIR)/etc/needrestart/conf.d install -D -m 0644 misc/50_qubes.conf $(DESTDIR)/etc/needrestart/conf.d/50_qubes.conf install -D -m 0644 misc/grub.qubes $(DESTDIR)/etc/default/grub.d/30-qubes.cfg + install -D -m 0644 misc/apt-conf-70no-unattended $(DESTDIR)/etc/apt/apt.conf.d/70no-unattended mkdir -p $(DESTDIR)/etc/systemd/system/ install -m 0644 vm-systemd/haveged.service $(DESTDIR)/etc/systemd/system/ diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install index 1eb21b4..b34789f 100644 --- a/debian/qubes-core-agent.install +++ b/debian/qubes-core-agent.install @@ -1,5 +1,6 @@ etc/X11/xorg-preload-apps.conf etc/apt/apt.conf.d/00notify-hook +etc/apt/apt.conf.d/70no-unattended etc/apt/sources.list.d/qubes-r4.list etc/apt/trusted.gpg.d/qubes-archive-keyring.gpg etc/default/grub.d/30-qubes.cfg diff --git a/misc/apt-conf-70no-unattended b/misc/apt-conf-70no-unattended new file mode 100644 index 0000000..7130413 --- /dev/null +++ b/misc/apt-conf-70no-unattended @@ -0,0 +1,26 @@ +## Based on pkg-manager-no-autoupdate by Patrick Schleizer +## https://github.com/Whonix/pkg-manager-no-autoupdate + +## Disable automatic update check APT::Periodic::Update-Package-Lists +## which is the Debian default in /etc/apt/apt.conf.d/10periodic. +## +## The execution time would be too predictable, thus make us fingerprintable. +## +## 20noperiodic comes after 10periodic in alphabet so it takes precedence. +## +## Quoted from the Debian Handbook +## http://debian-handbook.info/browse/wheezy/sect.apt-get.html +## +## "[...] Each directory represents a configuration file which is split over multiple +## files. In this sense, all of the files in /etc/apt/apt.conf.d/ are instructions +## for the configuration of APT. APT includes them in alphabetical order, so that the +## last ones can modify a configuration element defined in one of the first ones. [...] +## +## That changes take effect can be verified using: +## apt-config dump + +APT::Periodic::Update-Package-Lists "0"; +APT::Periodic::Download-Upgradeable-Packages "0"; +APT::Periodic::AutocleanInterval "0"; +APT::Periodic::Unattended-Upgrade "0"; +APT::Periodic::Enable "0"; From 2068299126081a0f38615e04bc324d3656051916 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 19 Oct 2017 15:10:31 +0200 Subject: [PATCH 2/4] network: fix rules for network setup on new udev New udev have `DRIVERS` matcher, instead of `ENV{ID_NET_DRIVER}`. Add appropriate rule to the file. Without it, network was working incidentally, because there is a fallback in qubes-misc-post.service, but dynamic network change was broken. This applies at least to Debian stretch. Fixes QubesOS/qubes-issues#3192 --- network/udev-qubes-network.rules | 3 +++ 1 file changed, 3 insertions(+) diff --git a/network/udev-qubes-network.rules b/network/udev-qubes-network.rules index 1d77156..2db6344 100644 --- a/network/udev-qubes-network.rules +++ b/network/udev-qubes-network.rules @@ -1,2 +1,5 @@ +# old udev has ENV{ID_NET_DRIVER} SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", ENV{ID_NET_DRIVER}=="vif", RUN+="/usr/lib/qubes/setup-ip" +# new udev has DRIVERS +SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", DRIVERS=="vif", RUN+="/usr/lib/qubes/setup-ip" From e2789ca2d7e942a87c55d7148ba96a9cc4e489d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 19 Oct 2017 15:18:20 +0200 Subject: [PATCH 3/4] Fix removing temporary file after editing in (Disp)VM Fix removing the file - do not free its filename just before unlink call (scheduled with atexit function). At the same time, place the temporary file in a unique directory, making it possible to edit multiple files with the same name at once. Remove that directory at exit too. Fixes QubesOS/qubes-issues#3112 --- qubes-rpc/vm-file-editor.c | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/qubes-rpc/vm-file-editor.c b/qubes-rpc/vm-file-editor.c index dbc7d2c..55594d2 100644 --- a/qubes-rpc/vm-file-editor.c +++ b/qubes-rpc/vm-file-editor.c @@ -15,6 +15,7 @@ // #define DEBUG static const char *cleanup_filename = NULL; +static const char *cleanup_dirname = NULL; static void cleanup_file(void) { @@ -23,6 +24,11 @@ static void cleanup_file(void) fprintf(stderr, "Failed to remove file at exit\n"); cleanup_filename = NULL; } + if (cleanup_dirname) { + if (rmdir(cleanup_dirname) < 0) + fprintf(stderr, "Failed to remove directory at exit\n"); + cleanup_dirname = NULL; + } } const char *gettime(void) @@ -40,8 +46,7 @@ static char *get_directory(void) const char *remote_domain; char *dir; size_t len; - struct stat dstat; - int ret; + char *ret; remote_domain = getenv("QREXEC_REMOTE_DOMAIN"); if (!remote_domain) { @@ -53,29 +58,21 @@ static char *get_directory(void) if (!strcmp(remote_domain, ".") || !strcmp(remote_domain, "..")) goto fail; - len = strlen("/tmp")+1+strlen(remote_domain)+1; + len = strlen("/tmp/-XXXXXX")+strlen(remote_domain)+1; dir = malloc(len); if (!dir) { fprintf(stderr, "Cannot allocate memory\n"); exit(1); } - snprintf(dir, len, "/tmp/%s", remote_domain); + snprintf(dir, len, "/tmp/%s-XXXXXX", remote_domain); - ret=mkdir(dir, 0777); - if (ret<0 && errno!=EEXIST) { - perror("mkdir"); + ret = mkdtemp(dir); + if (ret == NULL) { + perror("mkdtemp"); exit(1); } - if (stat(dir, &dstat)) { - perror("stat dir"); - exit(1); - } - if (!S_ISDIR(dstat.st_mode)) { - fprintf(stderr, "%s exists and is not a directory\n", dir); - exit(1); - } - - return dir; + cleanup_dirname = strdup(ret); + return ret; fail: fprintf(stderr, "Invalid remote domain name: %s\n", remote_domain); @@ -122,7 +119,7 @@ void copy_file_by_name(const char *filename) exit(1); } /* we now have created a new file, ensure we delete it at the end */ - cleanup_filename = filename; + cleanup_filename = strdup(filename); atexit(cleanup_file); if (!copy_fd_all(fd, 0)) exit(1); From e327da019db86e97880d0a1ae5b536b41086aaae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 19 Oct 2017 16:18:23 +0200 Subject: [PATCH 4/4] debian: cleanup after splitting qubes-core-agent Displacement of /etc/pam.d/su was moved to qubes-core-agent-passwordless-root, fix upgrade path. --- debian/qubes-core-agent.undisplace | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 debian/qubes-core-agent.undisplace diff --git a/debian/qubes-core-agent.undisplace b/debian/qubes-core-agent.undisplace new file mode 100644 index 0000000..3f630fc --- /dev/null +++ b/debian/qubes-core-agent.undisplace @@ -0,0 +1,2 @@ +# moved to qubes-core-agent-passwordless-root +/etc/pam.d/su.qubes