dom0+vm: Tools for downloading dom0 update by VM (#198)

Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.

appvm/Makefile

@@ -5,9 +5,9 @@ dvm_file_editor: dvm_file_editor.o ../common/ioall.o
 	$(CC) -pie -g -o $@ $^
 qfile-agent-dvm: qfile-agent-dvm.o ../common/ioall.o ../common/gui-fatal.o
 	$(CC) -pie -g -o $@ $^
-qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o copy_file.o crc32.o
+qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o
 	$(CC) -pie -g -o $@ $^
-qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o copy_file.o unpack.o crc32.o
+qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/unpack.o ../common/crc32.o
 	$(CC) -pie -g -o $@ $^
 
 clean:

common/qubes_download_dom0_updates.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+DOM0_UPDATES_DIR=/var/lib/qubes/dom0-updates
+
+DOIT=0
+GUI=1
+while [ -n "$1" ]; do
+    if [ "x--doit" = "x$1" ]; then
+        DOIT=1
+    elif [ "x--nogui" = "x$1" ]; then
+        GUI=0
+    fi
+    shift
+done
+
+if ! [ -d "$DOM0_UPDATES_DIR" ]; then
+    echo "Dom0 updates dir does not exists: $DOM0_UPDATES_DIR"
+    exit 1
+fi
+
+mkdir -p $DOM0_UPDATES_DIR/etc
+cp /etc/yum.conf $DOM0_UPDATES_DIR/etc/
+
+echo "Checking for updates..."
+PKGLIST=`yum --installroot $DOM0_UPDATES_DIR check-update -q | cut -f 1 -d ' '`
+
+if [ -z $PKGLIST ]; then
+    # No new updates
+    exit 0
+fi
+
+if [ "$DOIT" != "1" ]; then
+    zenity --question --title="Qubes Dom0 updates" \
+      --text="Updates for dom0 available. Do you want to download its now?" || exit 0
+fi
+
+mkdir -p "$DOM0_UPDATES_DIR/packages"
+
+set -e
+
+if [ "$GUI" = 1 ]; then
+    ( echo "1"
+    yumdownloader --destdir "$DOM0_UPDATES_DIR/packages" --installroot "$DOM0_UPDATES_DIR" $PKGLIST
+    echo 100 ) | zenity --progress --pulsate --auto-close --auto-kill \
+         --text="Downloading updates for Dom0, please wait..." --title="Qubes Dom0 updates"
+else
+    yumdownloader --destdir "$DOM0_UPDATES_DIR/packages" --installroot "$DOM0_UPDATES_DIR" $PKGLIST
+fi
+
+# qvm-copy-to-vm works only from user
+su -c "qvm-copy-to-vm @dom0updates $DOM0_UPDATES_DIR/packages/*.rpm" user

rpm_spec/core-commonvm.spec

@@ -79,10 +79,12 @@ mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
 cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
 mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/
 cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
+cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
 mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions
 cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/
 mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
 cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
+mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
 
 %triggerin -- initscripts
 cp /var/lib/qubes/serial.conf /etc/init/serial.conf
@@ -233,3 +235,4 @@ rm -rf $RPM_BUILD_ROOT
 /usr/lib/qubes/setup_ip
 /etc/yum/post-actions/qubes_trigger_sync_appmenus.action
 /usr/lib/qubes/qubes_trigger_sync_appmenus.sh
+/usr/lib/qubes/qubes_download_dom0_updates.sh