|
|
|
|
@ -30,6 +30,8 @@ ALL_OPTS="$*"
|
|
|
|
|
YUM_ACTION=
|
|
|
|
|
QVMRUN_OPTS=
|
|
|
|
|
CLEAN=
|
|
|
|
|
TEMPLATE=
|
|
|
|
|
TEMPLATE_BACKUP=
|
|
|
|
|
# Filter out some yum options and collect packages list
|
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
|
case "$1" in
|
|
|
|
|
@ -70,25 +72,29 @@ if [ "$YUM_ACTION" == "reinstall" ] || [ "$YUM_ACTION" == "upgrade" ] || [ "$YUM
|
|
|
|
|
|
|
|
|
|
ONEPKG=`cut -f 1 -d ' ' <<<$PKGS`
|
|
|
|
|
if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space
|
|
|
|
|
# Prepare to backup template root.img in case reinstall doesn't complete.
|
|
|
|
|
ONEPKG=`sed -r 's/-[0-9]+(\.[0-9-]+)+(\.noarch)*$//' <<<$ONEPKG` # Remove version suffix
|
|
|
|
|
TEMPLATE=${ONEPKG#qubes-template-} # Remove prefix
|
|
|
|
|
|
|
|
|
|
if qvm-shutdown --wait $TEMPLATE ; then
|
|
|
|
|
echo "Template VM halted"
|
|
|
|
|
fi
|
|
|
|
|
if ! TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` \
|
|
|
|
|
|| ! BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` \
|
|
|
|
|
|| ! BAK_TEMPLATE_PRIVATE=`qvm-prefs --force-root $TEMPLATE private_img` ; then
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
if [[ "$TEMPLATE_NETVM" == *"(default)" ]] ; then
|
|
|
|
|
TEMPLATE_NETVM="default"
|
|
|
|
|
|
|
|
|
|
# Try to avoid unrecoverable failures when operating on the template of
|
|
|
|
|
# the UpdateVM by making a backup first.
|
|
|
|
|
UPDATEVM_TEMPLATE=$(qvm-prefs -- "$UPDATEVM" template 2>/dev/null)
|
|
|
|
|
if [ X"$UPDATEVM_TEMPLATE" = X"$TEMPLATE" ]; then
|
|
|
|
|
TEMPLATE_BACKUP="${TEMPLATE}-backup-$(date +%Y%m%d)-$(mktemp -u XXXX)"
|
|
|
|
|
TEMPLATE_BACKUP=${TEMPLATE_BACKUP:0:32}
|
|
|
|
|
echo "Attempting to operate on template of UpdateVM... backing up $TEMPLATE to $TEMPLATE_BACKUP"
|
|
|
|
|
if ! qvm-clone -- "$TEMPLATE" "$TEMPLATE_BACKUP"; then
|
|
|
|
|
echo "ERROR: Unable to make backup of UpdateVM template!" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
echo "ERROR: Specify only one package to reinstall template"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
else
|
|
|
|
|
TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`"
|
|
|
|
|
fi
|
|
|
|
|
@ -183,44 +189,25 @@ if [ -z "$YUM_ACTION" ]; then
|
|
|
|
|
YUM_ACTION=upgrade
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "x$PKGS" != "x" ]; then
|
|
|
|
|
if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
|
|
|
|
|
# Backup root.img and private.img just in case
|
|
|
|
|
echo "Creating img backup files"
|
|
|
|
|
mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak"
|
|
|
|
|
mv "$BAK_TEMPLATE_PRIVATE" "$BAK_TEMPLATE_PRIVATE-bak"
|
|
|
|
|
TDIR=`qvm-prefs --force-root $TEMPLATE dir`
|
|
|
|
|
if [ -f "$TDIR/firewall.xml" ]; then
|
|
|
|
|
mv "$TDIR/firewall.xml" "$TDIR/firewall.xml-bak"
|
|
|
|
|
fi
|
|
|
|
|
rm -f "$TDIR/volatile.img"
|
|
|
|
|
echo "--> Creating private.img..."
|
|
|
|
|
truncate -s 2G $BAK_TEMPLATE_PRIVATE
|
|
|
|
|
mkfs.ext4 -m 0 -q -F $BAK_TEMPLATE_PRIVATE
|
|
|
|
|
chown root:qubes $BAK_TEMPLATE_PRIVATE
|
|
|
|
|
chmod 0660 $BAK_TEMPLATE_PRIVATE
|
|
|
|
|
if [ -n "$PKGS" ]; then
|
|
|
|
|
if [ -n "$TEMPLATE" ]; then
|
|
|
|
|
TEMPLATE_NETVM=$(qvm-prefs --force-root $TEMPLATE netvm)
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
dnf $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$?
|
|
|
|
|
|
|
|
|
|
if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
|
|
|
|
|
if [[ $RETCODE -eq 0 && -f "$BAK_TEMPLATE_ROOT" ]]; then
|
|
|
|
|
# Reinstall went OK, remove backup files.
|
|
|
|
|
rm -f "$BAK_TEMPLATE_ROOT-bak"
|
|
|
|
|
rm -f "$BAK_TEMPLATE_PRIVATE-bak"
|
|
|
|
|
else
|
|
|
|
|
echo "Yum exit: Restoring img files"
|
|
|
|
|
mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT"
|
|
|
|
|
mv "$BAK_TEMPLATE_PRIVATE-bak" "$BAK_TEMPLATE_PRIVATE"
|
|
|
|
|
fi
|
|
|
|
|
if [ -f "$TDIR/firewall.xml-bak" ]; then
|
|
|
|
|
mv "$TDIR/firewall.xml-bak" "$TDIR/firewall.xml"
|
|
|
|
|
fi
|
|
|
|
|
if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM ; then
|
|
|
|
|
echo "ERROR: NetVM setting could not be restored!"
|
|
|
|
|
if [ -n "$TEMPLATE_BACKUP" -a "$RETCODE" -eq 0 ]; then
|
|
|
|
|
# Remove backup, if we made one. Better to do this only on success and
|
|
|
|
|
# potentially leave extra backups around than do it on an exit trap and
|
|
|
|
|
# clean up more reliably but potentially brick a system.
|
|
|
|
|
qvm-remove -- "$TEMPLATE_BACKUP"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -n "$TEMPLATE" -a -n "$TEMPLATE_NETVM" -a x"$TEMPLATE_NETVM" != xNone ]; then
|
|
|
|
|
if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM; then
|
|
|
|
|
echo "ERROR: NetVM setting could not be restored!" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then
|
|
|
|
|
# Above file exists only when at least one package was downloaded
|
|
|
|
|
|
Marek Marczykowski-Górecki
7 years ago