Merge branch 'fixes-20171019'

* fixes-20171019:
  debian: cleanup after splitting qubes-core-agent
  Fix removing temporary file after editing in (Disp)VM
  network: fix rules for network setup on new udev
  debian: disable timer-based apt-get

Makefile

@@ -327,6 +327,7 @@ install-deb: install-common install-systemd install-systemd-dropins
 	install -d $(DESTDIR)/etc/needrestart/conf.d
 	install -D -m 0644 misc/50_qubes.conf $(DESTDIR)/etc/needrestart/conf.d/50_qubes.conf
 	install -D -m 0644 misc/grub.qubes $(DESTDIR)/etc/default/grub.d/30-qubes.cfg
+	install -D -m 0644 misc/apt-conf-70no-unattended $(DESTDIR)/etc/apt/apt.conf.d/70no-unattended
 
 	mkdir -p $(DESTDIR)/etc/systemd/system/
 	install -m 0644 vm-systemd/haveged.service  $(DESTDIR)/etc/systemd/system/

debian/qubes-core-agent.install

@@ -1,5 +1,6 @@
 etc/X11/xorg-preload-apps.conf
 etc/apt/apt.conf.d/00notify-hook
+etc/apt/apt.conf.d/70no-unattended
 etc/apt/sources.list.d/qubes-r4.list
 etc/apt/trusted.gpg.d/qubes-archive-keyring.gpg
 etc/default/grub.d/30-qubes.cfg

debian/qubes-core-agent.undisplace

@@ -0,0 +1,2 @@
+# moved to qubes-core-agent-passwordless-root
+/etc/pam.d/su.qubes

misc/apt-conf-70no-unattended

@@ -0,0 +1,26 @@
+## Based on pkg-manager-no-autoupdate by Patrick Schleizer <adrelanos@riseup.net>
+## https://github.com/Whonix/pkg-manager-no-autoupdate
+
+## Disable automatic update check APT::Periodic::Update-Package-Lists
+## which is the Debian default in /etc/apt/apt.conf.d/10periodic.
+##
+## The execution time would be too predictable, thus make us fingerprintable.
+##
+## 20noperiodic comes after 10periodic in alphabet so it takes precedence.
+##
+## Quoted from the Debian Handbook
+## http://debian-handbook.info/browse/wheezy/sect.apt-get.html
+##
+## "[...] Each directory represents a configuration file which is split over multiple
+## files. In this sense, all of the files in /etc/apt/apt.conf.d/ are instructions
+## for the configuration of APT. APT includes them in alphabetical order, so that the
+## last ones can modify a configuration element defined in one of the first ones. [...]
+##
+## That changes take effect can be verified using:
+## apt-config dump
+
+APT::Periodic::Update-Package-Lists "0";
+APT::Periodic::Download-Upgradeable-Packages "0";
+APT::Periodic::AutocleanInterval "0";
+APT::Periodic::Unattended-Upgrade "0";
+APT::Periodic::Enable "0";

network/udev-qubes-network.rules

@@ -1,2 +1,5 @@
 
+# old udev has ENV{ID_NET_DRIVER}
 SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", ENV{ID_NET_DRIVER}=="vif", RUN+="/usr/lib/qubes/setup-ip"
+# new udev has DRIVERS
+SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", DRIVERS=="vif", RUN+="/usr/lib/qubes/setup-ip"

qubes-rpc/vm-file-editor.c

@@ -15,6 +15,7 @@
 // #define DEBUG
 
 static const char *cleanup_filename = NULL;
+static const char *cleanup_dirname = NULL;
 
 static void cleanup_file(void)
 {
@@ -23,6 +24,11 @@ static void cleanup_file(void)
 			fprintf(stderr, "Failed to remove file at exit\n");
 		cleanup_filename = NULL;
 	}
+	if (cleanup_dirname) {
+		if (rmdir(cleanup_dirname) < 0)
+			fprintf(stderr, "Failed to remove directory at exit\n");
+		cleanup_dirname = NULL;
+	}
 }
 
 const char *gettime(void)
@@ -40,8 +46,7 @@ static char *get_directory(void)
 	const char *remote_domain;
 	char *dir;
 	size_t len;
-	struct stat dstat;
-	int ret;
+	char *ret;
 
 	remote_domain = getenv("QREXEC_REMOTE_DOMAIN");
 	if (!remote_domain) {
@@ -53,29 +58,21 @@ static char *get_directory(void)
 	if (!strcmp(remote_domain, ".") || !strcmp(remote_domain, ".."))
 		goto fail;
 
-	len = strlen("/tmp")+1+strlen(remote_domain)+1;
+	len = strlen("/tmp/-XXXXXX")+strlen(remote_domain)+1;
 	dir = malloc(len);
 	if (!dir) {
 		fprintf(stderr, "Cannot allocate memory\n");
 		exit(1);
 	}
-	snprintf(dir, len, "/tmp/%s", remote_domain);
+	snprintf(dir, len, "/tmp/%s-XXXXXX", remote_domain);
 
-	ret=mkdir(dir, 0777);
-	if (ret<0 && errno!=EEXIST) {
-		perror("mkdir");
-		exit(1);
-	}
-	if (stat(dir, &dstat)) {
-		perror("stat dir");
+	ret = mkdtemp(dir);
+	if (ret == NULL) {
+		perror("mkdtemp");
 		exit(1);
 	}
-	if (!S_ISDIR(dstat.st_mode)) {
-		fprintf(stderr, "%s exists and is not a directory\n", dir);
-		exit(1);
-	}
-
-	return dir;
+	cleanup_dirname = strdup(ret);
+	return ret;
 
 fail:
 	fprintf(stderr, "Invalid remote domain name: %s\n", remote_domain);
@@ -122,7 +119,7 @@ void copy_file_by_name(const char *filename)
 		exit(1);
 	}
 	/* we now have created a new file, ensure we delete it at the end */
-	cleanup_filename = filename;
+	cleanup_filename = strdup(filename);
 	atexit(cleanup_file);
 	if (!copy_fd_all(fd, 0))
         exit(1);