Merge remote-tracking branch 'origin/pr/48'

* origin/pr/48:
  Add some comments to qubes.repos.List
  Don't write a trailing newline in qubes.repos.List
  Add qubes.repos.* services to the RPMs
  Print `ok` for repo enable/disable success
  Use qrexec service arguments
  Properly set the umask for repo files
  Enable/disable repos atomically
  Use Python whitespace conventions
  Rename admin.repos.* to qubes.repos.*
  Add admin.repos.* qrexec services
This commit is contained in:
Marek Marczykowski-Górecki 2019-06-08 05:12:03 +02:00
commit 8800a08150
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
7 changed files with 114 additions and 0 deletions

View File

@ -0,0 +1,7 @@
## Note that policy parsing stops at the first match,
## so adding anything below "$anyvm $anyvm action" line will have no effect
## Please use a single # to start your custom comments
dom0 dom0 allow
$anyvm $anyvm deny

View File

@ -0,0 +1,7 @@
## Note that policy parsing stops at the first match,
## so adding anything below "$anyvm $anyvm action" line will have no effect
## Please use a single # to start your custom comments
dom0 dom0 allow
$anyvm $anyvm deny

View File

@ -0,0 +1,7 @@
## Note that policy parsing stops at the first match,
## so adding anything below "$anyvm $anyvm action" line will have no effect
## Please use a single # to start your custom comments
dom0 dom0 allow
$anyvm $anyvm deny

32
qubes-rpc/qubes.repos.Disable Executable file
View File

@ -0,0 +1,32 @@
#!/usr/bin/python3
# `ok` on stdout indicates success; any stderr output indicates an error
# (probably an exception)
import dnf
import iniparse
import os
import sys
os.umask(0o022)
base = dnf.Base()
base.read_all_repos()
reponame = sys.argv[1]
repo = base.repos[reponame]
# Loosely based on write_raw_configfile() from DNF source code, because
# that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
with open(repo.repofile) as fp:
ini = iniparse.INIConfig(fp)
ini[reponame]['enabled'] = 0
with open(repo.repofile + '.new', 'w') as fp:
fp.write(str(ini))
os.rename(repo.repofile + '.new', repo.repofile)
print('ok')

32
qubes-rpc/qubes.repos.Enable Executable file
View File

@ -0,0 +1,32 @@
#!/usr/bin/python3
# `ok` on stdout indicates success; any stderr output indicates an error
# (probably an exception)
import dnf
import iniparse
import os
import sys
os.umask(0o022)
base = dnf.Base()
base.read_all_repos()
reponame = sys.argv[1]
repo = base.repos[reponame]
# Loosely based on write_raw_configfile() from DNF source code, because
# that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
with open(repo.repofile) as fp:
ini = iniparse.INIConfig(fp)
ini[reponame]['enabled'] = 1
with open(repo.repofile + '.new', 'w') as fp:
fp.write(str(ini))
os.rename(repo.repofile + '.new', repo.repofile)
print('ok')

17
qubes-rpc/qubes.repos.List Executable file
View File

@ -0,0 +1,17 @@
#!/usr/bin/python3
# Records in the output are separated by newlines; fields are separated by \0
# Each record is unique_id:pretty_name:enabled
import dnf
base = dnf.Base()
base.read_all_repos()
first = True
for repo in base.repos.all():
l = [repo.id, repo.name, 'enabled' if repo.enabled else 'disabled']
if not first: print()
first = False
print('\0'.join(l), end='')

View File

@ -96,6 +96,12 @@ install -m 0664 -D dom0-updates/qubes.ReceiveUpdates.policy $RPM_BUILD_ROOT/etc/
install -d $RPM_BUILD_ROOT/var/lib/qubes/updates install -d $RPM_BUILD_ROOT/var/lib/qubes/updates
# Qrexec services
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/qubes-rpc $RPM_BUILD_ROOT/etc/qubes-rpc/policy
cp qubes-rpc/* $RPM_BUILD_ROOT/usr/lib/qubes/qubes-rpc/
for i in qubes-rpc/*; do ln -s ../../usr/lib/qubes/$i $RPM_BUILD_ROOT/etc/qubes-rpc/$(basename $i); done
cp qubes-rpc-policy/* $RPM_BUILD_ROOT/etc/qubes-rpc/policy/
### pm-utils ### pm-utils
mkdir -p $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d mkdir -p $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d
cp pm-utils/52qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ cp pm-utils/52qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/
@ -197,6 +203,12 @@ chmod -x /etc/grub.d/10_linux
/etc/qubes-rpc/qubes.ReceiveUpdates /etc/qubes-rpc/qubes.ReceiveUpdates
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.ReceiveUpdates %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.ReceiveUpdates
%attr(0770,root,qubes) %dir /var/lib/qubes/updates %attr(0770,root,qubes) %dir /var/lib/qubes/updates
# Qrexec services
/etc/qubes-rpc/qubes.repos.*
/usr/lib/qubes/qubes-rpc/qubes.repos.*
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.List
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.Enable
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.Disable
# Dracut module # Dracut module
/etc/dracut.conf.d/* /etc/dracut.conf.d/*
%dir %{_dracutmoddir}/90qubes-pciback %dir %{_dracutmoddir}/90qubes-pciback