From 70ad4146e1947dac274a644b19c4f4f396af45fc Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Fri, 9 Mar 2012 09:46:06 +0100 Subject: [PATCH 1/8] version 1.7.17 --- version_vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_vm b/version_vm index 15421b3..63c16ce 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.7.16 +1.7.17 From a1ae0bba89ce23d8af002e3c4ff80b5c6cb1cfc5 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 28 Mar 2012 00:43:59 +0200 Subject: [PATCH 2/8] vm/init: Use the same default services for TemplateVM as for AppVM (#503) Actually it already was done in traditional init.d script, so do the same in systemd version. --- vm-systemd/qubes-sysinit.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index dc93de5..65c3606 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -4,6 +4,7 @@ DEFAULT_ENABLED_NETVM="network-manager qubes-network" DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher" DEFAULT_ENABLED_APPVM="meminfo-writer cups" +DEFAULT_ENABLED_TEMPLATEVM=$DEFAULT_ENABLED_APPVM DEFAULT_ENABLED="meminfo-writer" XS_READ=/usr/bin/xenstore-read @@ -30,6 +31,7 @@ TYPE=`$XS_READ qubes_vm_type 2> /dev/null` [ "$TYPE" == "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM [ "$TYPE" == "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM [ "$TYPE" == "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM +[ "$TYPE" == "TemplateVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM # Enable default services for srv in $DEFAULT_ENABLED; do From 069ae8e520d46071ec290ff39575f3b4bcf946cf Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sat, 31 Mar 2012 13:04:22 +0200 Subject: [PATCH 3/8] Update Qubes Signing key --- misc/RPM-GPG-KEY-qubes-1-primary | 85 ++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 37 deletions(-) diff --git a/misc/RPM-GPG-KEY-qubes-1-primary b/misc/RPM-GPG-KEY-qubes-1-primary index 321ed2f..b49d1c6 100644 --- a/misc/RPM-GPG-KEY-qubes-1-primary +++ b/misc/RPM-GPG-KEY-qubes-1-primary @@ -1,40 +1,51 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.14 (GNU/Linux) +Version: GnuPG v1.4.12 (GNU/Linux) -mQINBE2WRnsBEAC+5Y2Rt/tFqlSiliQcZRKaFb7sOnsa3uuGvNgK2nIuFxQkxoBT -+UJjk5VL+oaCOno63QbwvuxUtBlqBGSN1dOmUJW4vUqVhXVSrNQhzl5GWIC8rfDK -1W0zk5H4esiSfUxvQfRHMg2pHUa3wpFhm6L4RA/kH88QXchhVXrKZd+HJSBNJIaX -F6aYfIv0W6+fs9+oCKVw/S/j+Wu3BS5n7UbPnBkhUHPfjHzAHkRBrSH3UQkgHRFi -bffq8tW9M8KVjI2btXn1RJMDoWp7V4aRVOVSxITv9uoRKJ9vDLkLfDr9uVVZ6hB0 -Q8oQGxzTDZeWTKt6JIlR672hwbvm28AT4TK6fnIj2jMYGtDaXB7wQc/w1MuBfOTW -nThYjKSyhlUY+SI8RF2fydVl+1lgQCGjmolyN9xFimKsPT/OkcNjwVAo7q6zFa4F -2gH3mPRruvOEJL0KGuvX11eaycuTb03AWXl6gndiS9QjA2Y6KF4rsAbfctJ/jwDn -tMAhSnR5x6AovAXpcFPu2cPDkNorSYU5A4gC5oU8x18ue8zXi4uiK9A/N75F80RY -qvPlknDXLMrV4qOR039oJMNodI0GktvgjK3vjual0Z1WX+kzQbcRepKrOOAvP7pr -sfH/fTQpQGZjYIiU1vGn1JHw6CcucwyDDM+rZUHfh4lZo5h60HSBhvBxUwARAQAB -tB5RdWJlcyBPUyBSZWxlYXNlIDEgU2lnbmluZyBLZXmJAj4EEwECACgFAk2WRnsC -GwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDr0TZ+sG/mzEoQP -/0o3iqUSc/wYFzr5O3JoertiG5Z2myTEy/o1L7LuzVVoQmqUhuuk+q5jF3DOpoUe -VBhEt5SZDaBD5GToLxvD84AFHh4m/82JSPZgO5/lMN2pXllx5jWKeeh+TZHukGHV -mCjBG74Bo+mS9MTFkEbksscgk54ihKRw3raCy1G8Ixtu8JkiHOZk+mCvDC6V04z3 -xbdN4geZHdkcDH3qeSy0jvvsDN5ichv/tLoRmUKSwFylSM2lilL6TnjdJgtr7a9X -ruDFPhFFofYHQEsXhXitJG2f7mXPcsd0kG063DHmzdzo+9AdPh6fvDpaHlMds5IX -Rqydf3NQ9zcHPXG8d6dy6Y6fCW2Xok7EQeBCaePxhlDSF9kc4+tcqFLx/jvdApLY -x0SksGwU0k1276+EtVaRK1C3AKaIuKamEjPLoOmJKtuazmCzD/tuL1Gg28v67k4r -fFznihvBctN0HS+X6lDAoI13HXA/ZonjdndS8Uf7lLdGajRlRhKR5HxWmX83darM -Z6hytuNqlxu3j4/GBitcTevo4QfP0NX5gTsz9kr00L3Gzyc+UNBspvCoVRlIND57 -7H8tWoFax7myXPFwsYpZK4WxyYTyUK3Z9QbwW+wwpduwSUNomCCYf1qD3QYgFkJ1 -9aL0fRbkMhsXU9iEvtsf1CwqdsZUhNi7q0f3ZG3ogdeCiQIcBBABAgAGBQJNlkgg -AAoJEN36Gj42h5SULZMP/1cUlx1mU807rmHNh8sJMtf7051MY3TJ7dClxnUFOTya -MeJz/SGwpF2PeQwzLacl74qXgzM5uDEKBpjqzExD3RM4iuoF3Lv71/JDzvlrSY2E -6nJMCq95ooq/QIm8XyVZBquYTw0AkZx76hT93VM2M1mTO+sloWmVpovmacOFafMH -SUymuLsnp4JpIcEXRTo49s2sTKV1tpVROogxOXS/4d19MMQhk2s3cxFRj+gHLZ2D -vRqvNVc+9/gbcf2u+49kfgVgiXlHEtLMFW0AGRlwc/eSLR4CWnwxEriIg8Nxbetr -7qJQ1s4oXb/VnuZo/6+WdUIxqizLKYDxQ92G3xEjgBbAM/pB3TzivnE/IsC6I4a0 -5L5xlIv68CgNAyi79MsMVAZPs6ZPdZkcXe0uYsC0rOiFmUVdVl/SA+LJsnvzfPcg -VaUt2HNk4lPIoH8YWAtEg0H918LgvBKPQ0frPwdxvmeVRcejpVXyAYgCLwk+9xUT -lZH9ykOtoD1JV3xwLo23gayd8ZmZIZGGJ+a5VhXZHlA5gl3XVmGGmc1OXT5E++VG -snHPXJQr8SC7I0sblBfOa0nnPwYXWMmrDvtzL+T/xtIrX02WhfS7BtQp3XDNvDcK -A07FsuJnC9jILnLgo6YhLcuXG6AsnoHVR6Lpr9N7iXxIZHHHUYOTjfHd1ZCuwK50 -=7fth +mQINBE92zX4BEADEOLD8SH3qZunNWnE0IFg4L0m7N33AfIjs8m0CdHi0xKFq8+aA +VOq+Bu2c/v56PSChpYRYqFymt4k7U254uta+bKhUve150Ov5ukCYIPNS/Fx5rRjY +uDLP9zQwlfrABpKNzP4PP9TKOcnb/B8aI8x0GtIa7hTPeBbuJSx6yeazzjHc5bco +8mL1x4nWTqD2n0Ze37B0e5VaVwJyP7+d17amQAWlDAWD/hus/GvTxGX6dT22UBXx +r4WWAGSjx2zT4xe25yysWg3CS0S3Z7ib3xSqdCILN7eCAX7baXTB7s+aziGw3cJJ +cUU2fzTGfGKJ4lAnQeI0gu2XBbHjygC6Kvp1HiyBNGHJ1FvoWqT1KDntFe/xKzTg +akcbqBaMqoUtcbkWNDb7TjrCh3xiwG9oQREuc6RbmMCR4De6fJhton2F9QGMJKg6 +WXeA915v8cdHE4SSyZzXq/VdiMFZ9PX0tmFBBy4H7JfRv1bUZg4LStuosZHc9fBI +McV6ohokkWNDNRBrc86+3Pif+v1QqmQu4kjI+G+zXc27sVag/umh9BqziT03F0O4 +Jq4cvgfTLj62PCqF+7vVJcBiezOE+NGqWkuDMBvcEX8fVrElhaRDsEqhlRfQUm+k +atene95aQ2vki6C7VqqYoJnSgN3D4WiF2psMRlwbfV7JRHkYkNbE6Oc7BQARAQAB +tB5RdWJlcyBPUyBSZWxlYXNlIDEgU2lnbmluZyBLZXmJAjgEEwECACIFAk92zX4C +GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOoBIBshEJOnafcQALoC5azP +rp5GQa87OKcSUCWY8u/PqUDnlrA708GpAi1cehR4eJKzAp9KEb6EWDTxRQYPFZSr +ijycLfCje8G0/owckEIcmIAkB1cMgY7a8JcM5G0Fvm0Rcr9mLfIVc++l0O4UAXgk +wAN7V3qGfVVIu8iMTO/2VJaTUdppWmK5RK0HxsOlPw/p9WyaFLe8koql1LwvrnqH +/Y7FV2O7w8Ha3nBpnWyn4wlBh39LRo/45WJx6iliyQweia32z3QywS5GzbdTqO9Z +oOIJNBHUu9GjGC3NC1tu3LPj2QrxJJaaysikvvYjsacUIviTDnUoZ0uNNSWSCUIF +Wgxn3PFn6hb+EiTa4T2XJGPNKnky0v7FAEWK1zfQzaGlsIHrCjHTk3xPliWqpRDY +DoBirg7Kd/mEZd8jjs8PFFs3QnolUV587642e6H/1w+zevE3GwD+M7cLD4XishRx +khfBYFr8HRRrHLJEszSOEod3yeYCHooxXY7589kGnGDY3E/qz2iOd6ee7RUslzwp +SURVaOCrM3sK1wL3kB9NiJ/b4vbggUMEpLrSqaaQF3Uc9Qi7teLev1L594Sgywoe +GWfVomnaV8KYy51k6Or+wVtB3Wx4FvZCI7Vy05BYMbrbbVD9H5b4+Vtrozj22wAj +Fe4itDzWHJUnZy6CNagwhz271QPh3GT/K58WuQINBE92zX4BEADD3zSYn68G5896 +Ugvx0+PzJbxVLS/K9nJS3Ddmiw0vXkhloPmEcGFCKGGc3KTKZhG5tDGOgR66TTP1 +9ZXrkztHO6Fc9o9adzajUFf4lKsAhE1S+kIsdrZdvSItrdAJfDRwzsniFZW5M1jv +bsiggO8YiC8EUEBI675r4xesz1cCWgV7+pS29Ak7oC5Xu71amBGlnPVn749xJWFu +FiRw73lZaEWtsmsn43WxhXrhgMzpucNl5FKWqQoLFWjTTznvjO+WIrSA2XnVN8Pe +p3Moyc0IXdKkvvBL3NHabCTFfAdETs8W3UPmTfSw5S5JNfDewiLoMs5ESE2J780/ +OkO2nBSNxGzUAnldvd/ViUC58YeuMk01Ngc9EydiEshO8+B9/I55fwoc92dm6awo +RikDrgOS+BLzfn+85ThEQ98d3tvckFPelCs3u/gXWANCPX6/kxZgZMzuNMFhEx/P +llYRgJe6iftdRGnSHBmBm5bfTySd2GOXxTrmMPxjqfqjygeyaQ+w6IvO7wGhRwA9 +kiXVV73k+dB8R51306ucLcAlCiyQIYOkVGM16XrynOYYWx+m4caXzkBsHMkkEzwD +VuPkKJv53m7dDgvEC8/6bK8ykXpzLLADVllP+Mq/2MJY16HBuED9CW5XVJ4Popuf +da5J89tSKRy3dbTPg7tiDsJUHQYlyQARAQABiQIfBBgBAgAJBQJPds1+AhsMAAoJ +EOoBIBshEJOnBwAP/0mv+Xz/OTSUXp3cHWlVQ1hrJG7oE3kI6AxceGSIjeucCmvP +7u13ADfeoC2Vameocdc9hyxDqGpX38YF41p2TvVMxng3Q7mporILPof+mMKXx94v +9Qlda6Ozeb26GpuAtx6ywBM5Q8vOosbfW6QP93JdvdM5SX4B2FSAKsZJ6CJ1V4a+ +ol6Zl/+MaFBeHTDgqSzYGjraohBbZHnQkIE8ifacAf7kowQfmtP0eMBGyFhuwIvM +VAb/GfGd+TPhMS1/cmcmKD19HR9UfeIeTW8Utwj25SSBGMTc9NClZL6ikajmVJGn +8GpdYwQLkqp8opsV3/qVpaV1LOQ6WHjLKnFWvqYwyGoI7G52QRA9dLAc4xc7vxwI +jvMY2v85UIwfvJrga8tDrs3GON6bc1JX4L2yvwYEnsxPTRiDw2hATEY4MyR6qyL4 +Kzf02KbeGKHlBc/omzmubpjtElrGDvJ0jegCsUb7n098/qBnToH5USmnZiPAbV5v +GlqdzAsjnaKXS+d4dzwOAj/D6mFdzxeAM1ReXE5nODooVj/RKIA0RF0aJZa+Up6+ +dEDry78eed8NR7x2w167yuNoWc0A0xDcYjHSTs69J/R8SmzwCs3VqqzFW42ukTKD +zBWKIRkys1y4EgnB03KdZJCvJL0+vXB2SmLsxFHsU1KaV1QPtFf/iWMmOtaZ +=4g0y -----END PGP PUBLIC KEY BLOCK----- From bdf6016b5af1c141101fb4f68c3a1a885b35d99d Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sat, 31 Mar 2012 14:57:26 +0200 Subject: [PATCH 4/8] New signing key cleanup (removed the unused encryption key) --- misc/RPM-GPG-KEY-qubes-1-primary | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/misc/RPM-GPG-KEY-qubes-1-primary b/misc/RPM-GPG-KEY-qubes-1-primary index b49d1c6..2749c64 100644 --- a/misc/RPM-GPG-KEY-qubes-1-primary +++ b/misc/RPM-GPG-KEY-qubes-1-primary @@ -24,28 +24,6 @@ DoBirg7Kd/mEZd8jjs8PFFs3QnolUV587642e6H/1w+zevE3GwD+M7cLD4XishRx khfBYFr8HRRrHLJEszSOEod3yeYCHooxXY7589kGnGDY3E/qz2iOd6ee7RUslzwp SURVaOCrM3sK1wL3kB9NiJ/b4vbggUMEpLrSqaaQF3Uc9Qi7teLev1L594Sgywoe GWfVomnaV8KYy51k6Or+wVtB3Wx4FvZCI7Vy05BYMbrbbVD9H5b4+Vtrozj22wAj -Fe4itDzWHJUnZy6CNagwhz271QPh3GT/K58WuQINBE92zX4BEADD3zSYn68G5896 -Ugvx0+PzJbxVLS/K9nJS3Ddmiw0vXkhloPmEcGFCKGGc3KTKZhG5tDGOgR66TTP1 -9ZXrkztHO6Fc9o9adzajUFf4lKsAhE1S+kIsdrZdvSItrdAJfDRwzsniFZW5M1jv -bsiggO8YiC8EUEBI675r4xesz1cCWgV7+pS29Ak7oC5Xu71amBGlnPVn749xJWFu -FiRw73lZaEWtsmsn43WxhXrhgMzpucNl5FKWqQoLFWjTTznvjO+WIrSA2XnVN8Pe -p3Moyc0IXdKkvvBL3NHabCTFfAdETs8W3UPmTfSw5S5JNfDewiLoMs5ESE2J780/ -OkO2nBSNxGzUAnldvd/ViUC58YeuMk01Ngc9EydiEshO8+B9/I55fwoc92dm6awo -RikDrgOS+BLzfn+85ThEQ98d3tvckFPelCs3u/gXWANCPX6/kxZgZMzuNMFhEx/P -llYRgJe6iftdRGnSHBmBm5bfTySd2GOXxTrmMPxjqfqjygeyaQ+w6IvO7wGhRwA9 -kiXVV73k+dB8R51306ucLcAlCiyQIYOkVGM16XrynOYYWx+m4caXzkBsHMkkEzwD -VuPkKJv53m7dDgvEC8/6bK8ykXpzLLADVllP+Mq/2MJY16HBuED9CW5XVJ4Popuf -da5J89tSKRy3dbTPg7tiDsJUHQYlyQARAQABiQIfBBgBAgAJBQJPds1+AhsMAAoJ -EOoBIBshEJOnBwAP/0mv+Xz/OTSUXp3cHWlVQ1hrJG7oE3kI6AxceGSIjeucCmvP -7u13ADfeoC2Vameocdc9hyxDqGpX38YF41p2TvVMxng3Q7mporILPof+mMKXx94v -9Qlda6Ozeb26GpuAtx6ywBM5Q8vOosbfW6QP93JdvdM5SX4B2FSAKsZJ6CJ1V4a+ -ol6Zl/+MaFBeHTDgqSzYGjraohBbZHnQkIE8ifacAf7kowQfmtP0eMBGyFhuwIvM -VAb/GfGd+TPhMS1/cmcmKD19HR9UfeIeTW8Utwj25SSBGMTc9NClZL6ikajmVJGn -8GpdYwQLkqp8opsV3/qVpaV1LOQ6WHjLKnFWvqYwyGoI7G52QRA9dLAc4xc7vxwI -jvMY2v85UIwfvJrga8tDrs3GON6bc1JX4L2yvwYEnsxPTRiDw2hATEY4MyR6qyL4 -Kzf02KbeGKHlBc/omzmubpjtElrGDvJ0jegCsUb7n098/qBnToH5USmnZiPAbV5v -GlqdzAsjnaKXS+d4dzwOAj/D6mFdzxeAM1ReXE5nODooVj/RKIA0RF0aJZa+Up6+ -dEDry78eed8NR7x2w167yuNoWc0A0xDcYjHSTs69J/R8SmzwCs3VqqzFW42ukTKD -zBWKIRkys1y4EgnB03KdZJCvJL0+vXB2SmLsxFHsU1KaV1QPtFf/iWMmOtaZ -=4g0y +Fe4itDzWHJUnZy6CNagwhz271QPh3GT/K58W +=2dJF -----END PGP PUBLIC KEY BLOCK----- From 3b55fc51e84781c1b16ea8ce4debac1261f7e108 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 26 Mar 2012 20:29:49 +0200 Subject: [PATCH 5/8] dom0+vm: qvm-block --attach-file Allow to attach disk image from different VM as block device. File attached with qvm-block -A will be visible as loopX device and as such can be detached. File path will be in device description. --- misc/block_add_change | 10 ++++++++++ misc/qubes_block.rules | 3 --- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/misc/block_add_change b/misc/block_add_change index 3d675aa..e1b25ca 100755 --- a/misc/block_add_change +++ b/misc/block_add_change @@ -16,6 +16,11 @@ if [ -n "`ls -A /sys/$DEVPATH/holders 2> /dev/null`" ]; then xenstore-rm "$XS_KEY" exit 0 fi +# ... and "empty" loop devices +if [ "$MAJOR" -eq 7 -a ! -d /sys/$DEVPATH/loop ]; then + xenstore-rm "$XS_KEY" + exit 0 +fi # Special case for CD if [ "$ID_TYPE" = "cd" ]; then @@ -26,6 +31,11 @@ if [ "$ID_TYPE" = "cd" ]; then fi MODE=r fi + +# Special description for loop devices +if [ -d /sys/$DEVPATH/loop ]; then + DESC=$(cat /sys/$DEVPATH/loop/backing_file) +fi xenstore-write "$XS_KEY/desc" "$DESC" "$XS_KEY/size" "$SIZE" "$XS_KEY/mode" "$MODE" # Make sure that block backend is loaded diff --git a/misc/qubes_block.rules b/misc/qubes_block.rules index 1a0864e..343553f 100644 --- a/misc/qubes_block.rules +++ b/misc/qubes_block.rules @@ -6,9 +6,6 @@ SUBSYSTEM!="block", GOTO="qubes_block_end" # Skip xen-blkfront devices ENV{MAJOR}=="202", GOTO="qubes_block_end" -# Skip loop devices -ENV{MAJOR}=="7", GOTO="qubes_block_end" - # Skip device-mapper devices ENV{MAJOR}=="253", GOTO="qubes_block_end" From daa60f334a16803efd80279a166fde8270634488 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sat, 31 Mar 2012 19:53:14 +0200 Subject: [PATCH 6/8] version 1.7.18 --- version_vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_vm b/version_vm index 63c16ce..df1b094 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.7.17 +1.7.18 From d0296d9783293dc3497233cd7ec802b9909a0262 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 3 Apr 2012 17:41:48 +0200 Subject: [PATCH 7/8] vm: load block backend in every VM (#516) --- misc/qubes_core.modules | 1 + 1 file changed, 1 insertion(+) diff --git a/misc/qubes_core.modules b/misc/qubes_core.modules index 7726706..9f39e79 100755 --- a/misc/qubes_core.modules +++ b/misc/qubes_core.modules @@ -1 +1,2 @@ modprobe evtchn 2>/dev/null || modprobe xen-evtchn +modprobe xen-blkback 2> /dev/null || modprobe blkbk From aed54966380d9ac81640b886da926b0deea9bbe2 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sun, 15 Apr 2012 16:22:22 +0200 Subject: [PATCH 8/8] version 1.7.19 --- version_vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_vm b/version_vm index df1b094..ae6ddf7 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.7.18 +1.7.19