vm: notify dom0 when updates available in VM (#475)

rpm_spec/core-vm.spec

@@ -87,6 +87,7 @@ install vm-init.d/* $RPM_BUILD_ROOT/etc/init.d/
 install -d $RPM_BUILD_ROOT/lib/systemd/system $RPM_BUILD_ROOT/usr/lib/qubes/init
 install -m 0755 vm-systemd/*.sh $RPM_BUILD_ROOT/usr/lib/qubes/init/
 install -m 0644 vm-systemd/qubes-*.service $RPM_BUILD_ROOT/lib/systemd/system/
+install -m 0644 vm-systemd/qubes-*.timer $RPM_BUILD_ROOT/lib/systemd/system/
 install -m 0644 vm-systemd/NetworkManager.service $RPM_BUILD_ROOT/usr/lib/qubes/init/
 install -m 0644 vm-systemd/cups.service $RPM_BUILD_ROOT/usr/lib/qubes/init/
 install -m 0644 vm-systemd/ntpd.service $RPM_BUILD_ROOT/usr/lib/qubes/init/
@@ -484,6 +485,8 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/qubes-netwatcher.service
 /lib/systemd/system/qubes-network.service
 /lib/systemd/system/qubes-sysinit.service
+/lib/systemd/system/qubes-update-check.service
+/lib/systemd/system/qubes-update-check.timer
 %dir /usr/lib/qubes/init
 /usr/lib/qubes/init/prepare-dvm.sh
 /usr/lib/qubes/init/network-proxy-setup.sh
@@ -502,6 +505,8 @@ for srv in qubes-dvm qubes-meminfo-writer qubes-qrexec-agent qubes-sysinit qubes
     /bin/systemctl enable $srv.service 2> /dev/null
 done
 
+/bin/systemctl enable qubes-update-check.timer 2> /dev/null
+
 # Install overriden services only when original exists
 for srv in cups NetworkManager ntpd; do
     if [ -f /lib/systemd/system/$srv.service ]; then

vm-systemd/qubes-sysinit.sh

@@ -1,9 +1,9 @@
 #!/bin/sh
 
 # List of services enabled by default (in case of absence of xenstore entry)
-DEFAULT_ENABLED_NETVM="network-manager qubes-network"
-DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher"
-DEFAULT_ENABLED_APPVM="meminfo-writer cups"
+DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check"
+DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
+DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
 DEFAULT_ENABLED_TEMPLATEVM=$DEFAULT_ENABLED_APPVM
 DEFAULT_ENABLED="meminfo-writer"
 

vm-systemd/qubes-update-check.service

@@ -0,0 +1,7 @@
+[Unit]
+Description=Qubes check for VM updates and notify dom0
+ConditionPathExists=/var/run/qubes-service/qubes-update-check
+
+[Service]
+Type=oneshot
+ExecStart=/usr/lib/qubes/qrexec_client_vm dom0 qubes.NotifyUpdates /bin/sh -c 'yum -q check-update|wc -l'

vm-systemd/qubes-update-check.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=Periodically check for updates
+ConditionPathExists=/var/run/qubes-service/qubes-update-check
+
+[Timer]
+OnBootSec=5min
+OnUnitActiveSec=2d
+
+[Install]
+WantedBy=multi-user.target
+