- fix unescaped dot in package_regex
- if any package fails verification, remove the whole directory, not
only that single package
- abort (and remove the whole directory) on any exception
- don't include file name in the error message, if it failed
verification
This, among other things, fix handling symlinks and directories sent by
potentially malicious UpdateVM. os.remove() can't remove non-empty
directories, so it would fail.
Fortunately metadata is created only after successful verification, so
dnf/yum wouldn't touch packages that failed verification and also
weren't removed. But make the code better handle such situations.
Reported-by: Hans Jerry Illikainen <hji@dyntopia.com>
This commit ensures that all arguments to qubes-download-dom0-updates.sh
are properly quoted. This allows the use of commands such as
sudo qubes-dom0-update --action=distro-sync '*'
where, prior to this commit, the asterisk would be expanded in the
update virtual machine's home directory, whereas this commit prevents
the undesirable shell expansion of wildcards.
FixesQubesOS/qubes-issues#5096
dnf4 (Fedora 29) does not like final coma in --exclude option. If it's
there, the whole --exclude is ignored on misinterpreted (as one long
package name?).
Use the same mechanism as VMs - first it's compatible with Admin API (in
contrary to flag files); second it ease handling it.
Migrate old setting on package upgrade.
If no updates are available, display some notification about that (when
GUI mode requested). Otherwise user has no idea what happened (update
failed? still doing something?).
FixesQubesOS/qubes-issues#3751
GUI updaters and Packagekit are confused by networkless dom0 and often
report that:
- cannot check for updates (because of no network connection)
- no updates are available, even if they are
The latter happen mostly because PackageKit does not load dnf.conf, so
try to use /etc/yum.repos.d (network repositories) instead of
/etc/yum.real.repos.d (local cache, downloaded by qubes-dom0-update).
Currently PackageKit does not support configuring it, the path is
hardcoded.
Until both of above issues get fixed, prefer console updater.
FixesQubesOS/qubes-issues#1378
PackageKit is used only by GUI updaters, refresh its cache only then.
Since PackageKit daemon do not read dnf.conf, it doesn't know the right
repository location, so try to access network, which results in
timeouts. But at the same time, it invalidate previous cache, which is
what we need.
Do not delay every qubes-dom0-update call by pkcon call.
Perhaps the UpdateVM template should be temporarily switched to the
backup too. That would make it really failsafe. Currently it requires
manual recovery (by setting template of UpdateVM to the backup).
- don't call removed qvm-sync-clock
- use qvm-start --skip-if-running instead of qvm-run ... true, to start
a VM
- update qvm-run options
- use dnf directly, not through compatibility wrapper
This doesn't yet prevent appvms from starting with invalid template during the reinstall, and doesn't deal with the Netvm setting problem.
For issue #2061
