From 888073df05877d2e669f4f70ed982529765ea62f Mon Sep 17 00:00:00 2001
From: AJ Jordan <alex@strugee.net>
Date: Sat, 8 Dec 2018 20:43:36 -0500
Subject: [PATCH] Add admin.repos.* qrexec services

This is a prerequisite for QubesOS/qubes-issues#4550.
---
 qubes-rpc-policy/admin.repos.Disable |  7 +++++++
 qubes-rpc-policy/admin.repos.Enable  |  7 +++++++
 qubes-rpc-policy/admin.repos.List    |  7 +++++++
 qubes-rpc/admin.repos.Disable        | 24 ++++++++++++++++++++++++
 qubes-rpc/admin.repos.Enable         | 24 ++++++++++++++++++++++++
 qubes-rpc/admin.repos.List           | 11 +++++++++++
 6 files changed, 80 insertions(+)
 create mode 100644 qubes-rpc-policy/admin.repos.Disable
 create mode 100644 qubes-rpc-policy/admin.repos.Enable
 create mode 100644 qubes-rpc-policy/admin.repos.List
 create mode 100755 qubes-rpc/admin.repos.Disable
 create mode 100755 qubes-rpc/admin.repos.Enable
 create mode 100755 qubes-rpc/admin.repos.List

diff --git a/qubes-rpc-policy/admin.repos.Disable b/qubes-rpc-policy/admin.repos.Disable
new file mode 100644
index 0000000..c829d5a
--- /dev/null
+++ b/qubes-rpc-policy/admin.repos.Disable
@@ -0,0 +1,7 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
+dom0	dom0	allow
+$anyvm	$anyvm	deny
diff --git a/qubes-rpc-policy/admin.repos.Enable b/qubes-rpc-policy/admin.repos.Enable
new file mode 100644
index 0000000..c829d5a
--- /dev/null
+++ b/qubes-rpc-policy/admin.repos.Enable
@@ -0,0 +1,7 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
+dom0	dom0	allow
+$anyvm	$anyvm	deny
diff --git a/qubes-rpc-policy/admin.repos.List b/qubes-rpc-policy/admin.repos.List
new file mode 100644
index 0000000..c829d5a
--- /dev/null
+++ b/qubes-rpc-policy/admin.repos.List
@@ -0,0 +1,7 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
+dom0	dom0	allow
+$anyvm	$anyvm	deny
diff --git a/qubes-rpc/admin.repos.Disable b/qubes-rpc/admin.repos.Disable
new file mode 100755
index 0000000..8c7b12f
--- /dev/null
+++ b/qubes-rpc/admin.repos.Disable
@@ -0,0 +1,24 @@
+#!/usr/bin/python3
+
+# Empty output indicates success; any input indicates error (probably an exception)
+
+import dnf
+import iniparse
+import sys
+
+base = dnf.Base()
+
+base.read_all_repos()
+
+reponame = sys.stdin.readline()
+repo = base.repos[reponame]
+
+# Loosely based on write_raw_configfile() from DNF source code,
+# because that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
+with open(repo.repofile) as fp:
+	ini = iniparse.INIConfig(fp)
+
+ini[reponame]['enabled'] = 0
+
+with open(repo.repofile, 'w') as fp:
+	fp.write(str(ini))
diff --git a/qubes-rpc/admin.repos.Enable b/qubes-rpc/admin.repos.Enable
new file mode 100755
index 0000000..7cce2a8
--- /dev/null
+++ b/qubes-rpc/admin.repos.Enable
@@ -0,0 +1,24 @@
+#!/usr/bin/python3
+
+# Empty output indicates success; any input indicates error (probably an exception)
+
+import dnf
+import iniparse
+import sys
+
+base = dnf.Base()
+
+base.read_all_repos()
+
+reponame = sys.stdin.readline()
+repo = base.repos[reponame]
+
+# Loosely based on write_raw_configfile() from DNF source code,
+# because that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
+with open(repo.repofile) as fp:
+	ini = iniparse.INIConfig(fp)
+
+ini[reponame]['enabled'] = 1
+
+with open(repo.repofile, 'w') as fp:
+	fp.write(str(ini))
diff --git a/qubes-rpc/admin.repos.List b/qubes-rpc/admin.repos.List
new file mode 100755
index 0000000..a347d53
--- /dev/null
+++ b/qubes-rpc/admin.repos.List
@@ -0,0 +1,11 @@
+#!/usr/bin/python3
+
+import dnf
+
+base = dnf.Base()
+
+base.read_all_repos()
+
+for repo in base.repos.all():
+	l = [repo.id, repo.name, 'enabled' if repo.enabled else 'disabled']
+	print('\0'.join(l))