From 6b315b1dada7a738c21792b352f1ef017db08dc2 Mon Sep 17 00:00:00 2001 From: ttasket Date: Sun, 12 Jun 2016 12:05:28 -0400 Subject: [PATCH 01/10] Add template reinstall support Issue #2061 Simple implementation checks for --action=reinstall but adds no sanity checks. --- dom0-updates/qubes-dom0-update | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index a34faf7..57607ff 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -22,13 +22,11 @@ if [ "$1" = "--help" ]; then exit fi -# Prevent template upgrade - this would override user changes -TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`" PKGS= -YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS" +YUM_OPTS= GUI= CHECK_ONLY= -ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $*" +ALL_OPTS="$*" YUM_ACTION= QVMRUN_OPTS= CLEAN= @@ -63,6 +61,15 @@ while [ $# -gt 0 ]; do shift done +# Prevent template upgrade - this would override user changes - +# but do allow explicit template reinstalls +if [ "$YUM_ACTION" == "reinstall" ] ; then + TEMPLATE_EXCLUDE_OPTS="" +else TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`" +fi +YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS $YUM_OPTS" +ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $ALL_OPTS" + ID=$(id -ur) if [ $ID != 0 -a -z "$GUI" -a -z "$CHECK_ONLY" ] ; then echo "This script should be run as root (when used in console mode), use sudo." >&2 From 17627cdf3caa79cd6b672740e83a32610954dc96 Mon Sep 17 00:00:00 2001 From: ttasket Date: Thu, 16 Jun 2016 07:59:28 -0400 Subject: [PATCH 02/10] Support in-place template reinstalls - for testing This doesn't yet prevent appvms from starting with invalid template during the reinstall, and doesn't deal with the Netvm setting problem. For issue #2061 --- dom0-updates/qubes-dom0-update | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index 57607ff..bbc72fb 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -63,9 +63,11 @@ done # Prevent template upgrade - this would override user changes - # but do allow explicit template reinstalls -if [ "$YUM_ACTION" == "reinstall" ] ; then +if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; then TEMPLATE_EXCLUDE_OPTS="" -else TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`" + echo "WARNING: Reinstalling a template will erase files in /home and /rw !" +else + TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`" fi YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS $YUM_OPTS" ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $ALL_OPTS" From 6c7c25d9e7beda65efe32b007020b03ad08a6d56 Mon Sep 17 00:00:00 2001 From: ttasket Date: Sat, 18 Jun 2016 03:02:46 -0400 Subject: [PATCH 03/10] Backup root.img Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails. --- dom0-updates/qubes-dom0-update | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index bbc72fb..9990367 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -66,6 +66,17 @@ done if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; then TEMPLATE_EXCLUDE_OPTS="" echo "WARNING: Reinstalling a template will erase files in /home and /rw !" + + $ONEPKG=`cut -f 1 -d ' ' <<<$PKGS` + if [[ "$ONEPKG" == "qubes-template-"* ]] ; then + # Prepare to backup template root.img in case reinstall doesn't complete. + TEMPLATE=${ONEPKG#qubes-template-} + BAK_TEMPLATE_ROOT=`qvm-prefs $TEMPLATE root_img` || exit 1 + else + echo "ERROR: Specify only one template package for reinstall" + exit 1 + fi + else TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`" fi @@ -173,8 +184,25 @@ elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then $guiapp else yum check-update - if [ $? -eq 100 ]; then - yum $YUM_OPTS $YUM_ACTION + if [ $? -eq 100 ]; then # Run yum with options + + if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then + # Backup root.img just in case + echo -n "Renaming template root.img to root.img-bak..." + if mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" ; then + echo "OK" + else + echo; echo "ERROR: Could not rename root.img" + exit 1 + fi + fi + + yum $YUM_OPTS $YUM_ACTION ; RETCODE=$? + + if [ $RETCODE -eq 0 ] && [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then + # Reinstall went OK, remove backup file. + rm -f "$BAK_TEMPLATE_ROOT-bak" + fi fi fi yum -q check-update && rm -f $UPDATES_STAT_FILE From 8c7a225070f8e360fc5edff43da19cefc8330c46 Mon Sep 17 00:00:00 2001 From: ttasket Date: Sat, 18 Jun 2016 04:22:23 -0400 Subject: [PATCH 04/10] Backup root.img Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails. Fixed PKGS test. --- dom0-updates/qubes-dom0-update | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index 9990367..9638f22 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -68,12 +68,12 @@ if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; the echo "WARNING: Reinstalling a template will erase files in /home and /rw !" $ONEPKG=`cut -f 1 -d ' ' <<<$PKGS` - if [[ "$ONEPKG" == "qubes-template-"* ]] ; then + if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space # Prepare to backup template root.img in case reinstall doesn't complete. TEMPLATE=${ONEPKG#qubes-template-} BAK_TEMPLATE_ROOT=`qvm-prefs $TEMPLATE root_img` || exit 1 else - echo "ERROR: Specify only one template package for reinstall" + echo "ERROR: Specify only one package to reinstall template" exit 1 fi @@ -201,6 +201,7 @@ elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then if [ $RETCODE -eq 0 ] && [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Reinstall went OK, remove backup file. + echo "Removing $BAK_TEMPLATE_ROOT-bak" rm -f "$BAK_TEMPLATE_ROOT-bak" fi fi From d316624f6120773955859c9c00bcd35b5501947f Mon Sep 17 00:00:00 2001 From: ttasket Date: Sat, 18 Jun 2016 05:24:18 -0400 Subject: [PATCH 05/10] Update qubes-dom0-update --- dom0-updates/qubes-dom0-update | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index 9638f22..36ce361 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -71,6 +71,8 @@ if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; the if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space # Prepare to backup template root.img in case reinstall doesn't complete. TEMPLATE=${ONEPKG#qubes-template-} + TEMPLATE_NETVM=`qvm-prefs $TEMPLATE netvm` || exit 1 + if [[ "$TEMPLATE_NETVM" == *"(default)" ]] ; then TEMPLATE_NETVM="default" BAK_TEMPLATE_ROOT=`qvm-prefs $TEMPLATE root_img` || exit 1 else echo "ERROR: Specify only one package to reinstall template" @@ -199,10 +201,13 @@ elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then yum $YUM_OPTS $YUM_ACTION ; RETCODE=$? - if [ $RETCODE -eq 0 ] && [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then - # Reinstall went OK, remove backup file. - echo "Removing $BAK_TEMPLATE_ROOT-bak" - rm -f "$BAK_TEMPLATE_ROOT-bak" + if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then + qvm-prefs -s $TEMPLATE netvm $TEMPLATE_NETVM + if [ $RETCODE -eq 0 ] ; then + # Reinstall went OK, remove backup file. + echo "Removing $BAK_TEMPLATE_ROOT-bak" + rm -f "$BAK_TEMPLATE_ROOT-bak" + fi fi fi fi From 32a4269f4a8400c143d4e3b1c9bf78b21aec64c1 Mon Sep 17 00:00:00 2001 From: ttasket Date: Sat, 18 Jun 2016 12:00:00 -0400 Subject: [PATCH 06/10] Backup root.img Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails. Also preserves Netvm prefs setting. --- dom0-updates/qubes-dom0-update | 55 +++++++++++++++++----------------- 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index 36ce361..477a929 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -65,15 +65,15 @@ done # but do allow explicit template reinstalls if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; then TEMPLATE_EXCLUDE_OPTS="" - echo "WARNING: Reinstalling a template will erase files in /home and /rw !" + echo "WARNING: Reinstalling a template will erase all files in template's /home and /rw !" - $ONEPKG=`cut -f 1 -d ' ' <<<$PKGS` + ONEPKG=`cut -f 1 -d ' ' <<<$PKGS` if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space # Prepare to backup template root.img in case reinstall doesn't complete. TEMPLATE=${ONEPKG#qubes-template-} - TEMPLATE_NETVM=`qvm-prefs $TEMPLATE netvm` || exit 1 - if [[ "$TEMPLATE_NETVM" == *"(default)" ]] ; then TEMPLATE_NETVM="default" - BAK_TEMPLATE_ROOT=`qvm-prefs $TEMPLATE root_img` || exit 1 + TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` || exit 1 + [[ "$TEMPLATE_NETVM" == *"(default)" ]] && TEMPLATE_NETVM="default" + BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` || exit 1 else echo "ERROR: Specify only one package to reinstall template" exit 1 @@ -179,7 +179,27 @@ if [ -z "$YUM_ACTION" ]; then fi if [ "x$PKGS" != "x" ]; then - yum $YUM_OPTS $YUM_ACTION $PKGS + if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then + # Backup root.img just in case + echo -n "Renaming template root.img to root.img-bak..." + if mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" ; then + echo "OK" + else + echo; echo "ERROR: Could not rename root.img" + exit 1 + fi + fi + + yum $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$? + + if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then + qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM + if [ $RETCODE -eq 0 ] ; then + # Reinstall went OK, remove backup file. + echo "Removing $BAK_TEMPLATE_ROOT-bak" + rm -f "$BAK_TEMPLATE_ROOT-bak" + fi + fi elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then # Above file exists only when at least one package was downloaded if [ "$GUI" == "1" ]; then @@ -187,28 +207,7 @@ elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then else yum check-update if [ $? -eq 100 ]; then # Run yum with options - - if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then - # Backup root.img just in case - echo -n "Renaming template root.img to root.img-bak..." - if mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" ; then - echo "OK" - else - echo; echo "ERROR: Could not rename root.img" - exit 1 - fi - fi - - yum $YUM_OPTS $YUM_ACTION ; RETCODE=$? - - if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then - qvm-prefs -s $TEMPLATE netvm $TEMPLATE_NETVM - if [ $RETCODE -eq 0 ] ; then - # Reinstall went OK, remove backup file. - echo "Removing $BAK_TEMPLATE_ROOT-bak" - rm -f "$BAK_TEMPLATE_ROOT-bak" - fi - fi + yum $YUM_OPTS $YUM_ACTION fi fi yum -q check-update && rm -f $UPDATES_STAT_FILE From 457b275800ed1bb33b76cd58496eedd0a1add749 Mon Sep 17 00:00:00 2001 From: ttasket Date: Mon, 20 Jun 2016 13:36:30 -0400 Subject: [PATCH 07/10] Fix syntax @marmarek This works on my system. --- dom0-updates/qubes-dom0-update | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index 477a929..f804d76 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -71,9 +71,13 @@ if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; the if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space # Prepare to backup template root.img in case reinstall doesn't complete. TEMPLATE=${ONEPKG#qubes-template-} - TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` || exit 1 - [[ "$TEMPLATE_NETVM" == *"(default)" ]] && TEMPLATE_NETVM="default" - BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` || exit 1 + if ! TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` \ + || ! BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` ; then + exit 1 + fi + if [[ "$TEMPLATE_NETVM" == *"(default)" ]] ; then + TEMPLATE_NETVM="default" + fi else echo "ERROR: Specify only one package to reinstall template" exit 1 @@ -181,11 +185,9 @@ fi if [ "x$PKGS" != "x" ]; then if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Backup root.img just in case - echo -n "Renaming template root.img to root.img-bak..." if mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" ; then - echo "OK" + echo "Renamed template root.img to root.img-bak" else - echo; echo "ERROR: Could not rename root.img" exit 1 fi fi @@ -195,7 +197,7 @@ if [ "x$PKGS" != "x" ]; then if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM if [ $RETCODE -eq 0 ] ; then - # Reinstall went OK, remove backup file. + # Reinstall went OK, remove backup files. echo "Removing $BAK_TEMPLATE_ROOT-bak" rm -f "$BAK_TEMPLATE_ROOT-bak" fi From 577944c8fb7a307764ff33e7bb2a4d0a90721c3c Mon Sep 17 00:00:00 2001 From: ttasket Date: Mon, 20 Jun 2016 14:04:55 -0400 Subject: [PATCH 08/10] Try to handle private.img (fail) mv and rm private.img like root.img, but this results in no private.img after reinstall. do not use. --- dom0-updates/qubes-dom0-update | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index f804d76..d5d70a4 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -72,7 +72,8 @@ if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; the # Prepare to backup template root.img in case reinstall doesn't complete. TEMPLATE=${ONEPKG#qubes-template-} if ! TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` \ - || ! BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` ; then + || ! BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` \ + || ! BAK_TEMPLATE_PRIVATE=`qvm-prefs --force-root $TEMPLATE private_img` ; then exit 1 fi if [[ "$TEMPLATE_NETVM" == *"(default)" ]] ; then @@ -184,10 +185,16 @@ fi if [ "x$PKGS" != "x" ]; then if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then - # Backup root.img just in case - if mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" ; then + # Backup root.img and private.img just in case + if mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" \ + && mv "$BAK_TEMPLATE_PRIVATE" "$BAK_TEMPLATE_PRIVATE-bak" ; then echo "Renamed template root.img to root.img-bak" + echo "Renamed template private.img to private.img-bak" else + if [ -f "$BAK_TEMPLATE_ROOT-bak" ] ;then + echo "Aborting reinstall; Restoring root.img" + mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT" + fi exit 1 fi fi @@ -200,6 +207,8 @@ if [ "x$PKGS" != "x" ]; then # Reinstall went OK, remove backup files. echo "Removing $BAK_TEMPLATE_ROOT-bak" rm -f "$BAK_TEMPLATE_ROOT-bak" + echo "Removing $BAK_TEMPLATE_PRIVATE-bak" + rm -f "$BAK_TEMPLATE_PRIVATE-bak" fi fi elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then From ef1ab342343a8f6ee0ba831a46589f43a63deb15 Mon Sep 17 00:00:00 2001 From: ttasket Date: Tue, 21 Jun 2016 10:57:57 -0400 Subject: [PATCH 09/10] Re-create private.img if missing This restores the netvm setting and also re-creates private.img if older rpm scriptlet doesn't create it. Issue #2061 --- dom0-updates/qubes-dom0-update | 35 ++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index d5d70a4..3a8cd36 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -184,31 +184,34 @@ if [ -z "$YUM_ACTION" ]; then fi if [ "x$PKGS" != "x" ]; then - if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then + if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details # Backup root.img and private.img just in case - if mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" \ - && mv "$BAK_TEMPLATE_PRIVATE" "$BAK_TEMPLATE_PRIVATE-bak" ; then - echo "Renamed template root.img to root.img-bak" - echo "Renamed template private.img to private.img-bak" - else - if [ -f "$BAK_TEMPLATE_ROOT-bak" ] ;then - echo "Aborting reinstall; Restoring root.img" - mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT" - fi - exit 1 - fi + echo "Creating img backup files" + mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" + mv "$BAK_TEMPLATE_PRIVATE" "$BAK_TEMPLATE_PRIVATE-bak" fi yum $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$? - if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then - qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM + if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details + if [ ! -f "$BAK_TEMPLATE_PRIVATE" ] ; then # Old template script did not create img + echo "--> Creating private.img..." + truncate -s 2G $BAK_TEMPLATE_PRIVATE + mkfs.ext4 -m 0 -q -F $BAK_TEMPLATE_PRIVATE + chown root:qubes $BAK_TEMPLATE_PRIVATE + chmod 0660 $BAK_TEMPLATE_PRIVATE + fi if [ $RETCODE -eq 0 ] ; then # Reinstall went OK, remove backup files. - echo "Removing $BAK_TEMPLATE_ROOT-bak" rm -f "$BAK_TEMPLATE_ROOT-bak" - echo "Removing $BAK_TEMPLATE_PRIVATE-bak" rm -f "$BAK_TEMPLATE_PRIVATE-bak" + else + echo "YUM ERROR: Restoring img files" + mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT" + mv "$BAK_TEMPLATE_PRIVATE-bak" "$BAK_TEMPLATE_PRIVATE" + fi + if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM ; then + echo "ERROR: NetVM setting could not be restored!" fi fi elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then From fbb58918afb167fa5d1424903e7e61a4219bb2a2 Mon Sep 17 00:00:00 2001 From: ttasket Date: Tue, 21 Jun 2016 15:15:34 -0400 Subject: [PATCH 10/10] Fixes Moved create private.img before yum. Shutdown templatevm first -- don't want to query possibly compromised vm running old private.img. Issue #2061 --- dom0-updates/qubes-dom0-update | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/dom0-updates/qubes-dom0-update b/dom0-updates/qubes-dom0-update index 3a8cd36..d45626f 100755 --- a/dom0-updates/qubes-dom0-update +++ b/dom0-updates/qubes-dom0-update @@ -71,6 +71,9 @@ if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; the if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space # Prepare to backup template root.img in case reinstall doesn't complete. TEMPLATE=${ONEPKG#qubes-template-} + if qvm-shutdown --wait $TEMPLATE ; then + echo "Template VM halted" + fi if ! TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` \ || ! BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` \ || ! BAK_TEMPLATE_PRIVATE=`qvm-prefs --force-root $TEMPLATE private_img` ; then @@ -189,29 +192,30 @@ if [ "x$PKGS" != "x" ]; then echo "Creating img backup files" mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak" mv "$BAK_TEMPLATE_PRIVATE" "$BAK_TEMPLATE_PRIVATE-bak" + TDIR=`qvm-prefs --force-root $TEMPLATE dir` + rm -f "$TDIR/volatile.img" + echo "--> Creating private.img..." + truncate -s 2G $BAK_TEMPLATE_PRIVATE + mkfs.ext4 -m 0 -q -F $BAK_TEMPLATE_PRIVATE + chown root:qubes $BAK_TEMPLATE_PRIVATE + chmod 0660 $BAK_TEMPLATE_PRIVATE fi yum $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$? if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details - if [ ! -f "$BAK_TEMPLATE_PRIVATE" ] ; then # Old template script did not create img - echo "--> Creating private.img..." - truncate -s 2G $BAK_TEMPLATE_PRIVATE - mkfs.ext4 -m 0 -q -F $BAK_TEMPLATE_PRIVATE - chown root:qubes $BAK_TEMPLATE_PRIVATE - chmod 0660 $BAK_TEMPLATE_PRIVATE - fi if [ $RETCODE -eq 0 ] ; then # Reinstall went OK, remove backup files. rm -f "$BAK_TEMPLATE_ROOT-bak" rm -f "$BAK_TEMPLATE_PRIVATE-bak" else - echo "YUM ERROR: Restoring img files" + echo "Yum exit: Restoring img files" mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT" mv "$BAK_TEMPLATE_PRIVATE-bak" "$BAK_TEMPLATE_PRIVATE" fi if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM ; then echo "ERROR: NetVM setting could not be restored!" + exit 1 fi fi elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then