QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dom0-updates: update qubes-receive-updates to python3

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2017-02-22 12:20:08 +01:00
parent b253fdba33
commit 514c27d681
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
dom0-updates/qubes-receive-updates
View File

@ -1,4 +1,4 @@
#!/usr/bin/python2 #!/usr/bin/python3
# #
# The Qubes OS Project, http://www.qubes-os.org # The Qubes OS Project, http://www.qubes-os.org
# #
@ -50,7 +50,7 @@ gpg_ok_regex = re.compile(r": [a-z0-9() ]* (pgp|gpg) [a-z0-9 ]*OK$")
def dom0updates_fatal(pkg, msg): def dom0updates_fatal(pkg, msg):
global updates_error_file_handle global updates_error_file_handle
print >> sys.stderr, msg print(msg, file=sys.stderr)
if updates_error_file_handle is None: if updates_error_file_handle is None:
updates_error_file_handle = open(updates_error_file, "a") updates_error_file_handle = open(updates_error_file, "a")
updates_error_file_handle.write(msg + "\n") updates_error_file_handle.write(msg + "\n")
@ -61,7 +61,8 @@ def handle_dom0updates(updatevm):
source=os.getenv("QREXEC_REMOTE_DOMAIN") source=os.getenv("QREXEC_REMOTE_DOMAIN")
if source != updatevm.name: if source != updatevm.name:
print >> sys.stderr, 'Domain ' + str(source) + ' not allowed to send dom0 updates' print('Domain ' + str(source) + ' not allowed to send dom0 updates',
file=sys.stderr)
exit(1) exit(1)
# Clean old packages # Clean old packages
if os.path.exists(updates_rpm_dir): if os.path.exists(updates_rpm_dir):
@ -72,10 +73,10 @@ def handle_dom0updates(updatevm):
os.remove(updates_error_file) os.remove(updates_error_file)
os.environ['LC_ALL'] = 'C' os.environ['LC_ALL'] = 'C'
qubes_gid = grp.getgrnam('qubes').gr_gid qubes_gid = grp.getgrnam('qubes').gr_gid
old_umask = os.umask(002) old_umask = os.umask(0o002)
os.mkdir(updates_rpm_dir) os.mkdir(updates_rpm_dir)
os.chown(updates_rpm_dir, -1, qubes_gid) os.chown(updates_rpm_dir, -1, qubes_gid)
os.chmod(updates_rpm_dir, 0775) os.chmod(updates_rpm_dir, 0o0775)
subprocess.check_call(["/usr/libexec/qubes/qfile-dom0-unpacker", str(os.getuid()), updates_rpm_dir]) subprocess.check_call(["/usr/libexec/qubes/qfile-dom0-unpacker", str(os.getuid()), updates_rpm_dir])
# Verify received files # Verify received files
for untrusted_f in os.listdir(updates_rpm_dir): for untrusted_f in os.listdir(updates_rpm_dir):
@ -92,7 +93,7 @@ def handle_dom0updates(updatevm):
dom0updates_fatal(full_path, 'Domain ' + source + ' sent not regular file') dom0updates_fatal(full_path, 'Domain ' + source + ' sent not regular file')
p = subprocess.Popen (["/bin/rpm", "-K", full_path], p = subprocess.Popen (["/bin/rpm", "-K", full_path],
stdout=subprocess.PIPE) stdout=subprocess.PIPE)
output = p.communicate()[0] output = p.communicate()[0].decode('ascii')
if p.returncode != 0: if p.returncode != 0:
dom0updates_fatal(full_path, 'Error while verifing %s signature: %s' % (f, output)) dom0updates_fatal(full_path, 'Error while verifing %s signature: %s' % (f, output))
if not gpg_ok_regex.search(output.strip()): if not gpg_ok_regex.search(output.strip()):
@ -106,7 +107,7 @@ def handle_dom0updates(updatevm):
createrepo_cmd += ["-q", updates_dir] createrepo_cmd += ["-q", updates_dir]
subprocess.check_call(createrepo_cmd) subprocess.check_call(createrepo_cmd)
os.chown(updates_repodata_dir, -1, qubes_gid) os.chown(updates_repodata_dir, -1, qubes_gid)
os.chmod(updates_repodata_dir, 0775) os.chmod(updates_repodata_dir, 0o0775)
# Clean old cache # Clean old cache
subprocess.call(["sudo", "/usr/bin/yum", "-q", "clean", "all"], stdout=sys.stderr) subprocess.call(["sudo", "/usr/bin/yum", "-q", "clean", "all"], stdout=sys.stderr)
# This will fail because of "smart" detection of no-network, but it will invalidate the cache # This will fail because of "smart" detection of no-network, but it will invalidate the cache