- fix unescaped dot in package_regex
- if any package fails verification, remove the whole directory, not
only that single package
- abort (and remove the whole directory) on any exception
- don't include file name in the error message, if it failed
verification
This, among other things, fix handling symlinks and directories sent by
potentially malicious UpdateVM. os.remove() can't remove non-empty
directories, so it would fail.
Fortunately metadata is created only after successful verification, so
dnf/yum wouldn't touch packages that failed verification and also
weren't removed. But make the code better handle such situations.
Reported-by: Hans Jerry Illikainen <hji@dyntopia.com>
This commit ensures that all arguments to qubes-download-dom0-updates.sh
are properly quoted. This allows the use of commands such as
sudo qubes-dom0-update --action=distro-sync '*'
where, prior to this commit, the asterisk would be expanded in the
update virtual machine's home directory, whereas this commit prevents
the undesirable shell expansion of wildcards.
FixesQubesOS/qubes-issues#5096
Even if EFI directory is present it may not be populated. kernel-install
part care specifically about xen.cfg file, so check it explicitly. If
grub2-efi is in use, the file wont be there and the script isn't
supposed to do anything.
* origin/pr/48:
Add some comments to qubes.repos.List
Don't write a trailing newline in qubes.repos.List
Add qubes.repos.* services to the RPMs
Print `ok` for repo enable/disable success
Use qrexec service arguments
Properly set the umask for repo files
Enable/disable repos atomically
Use Python whitespace conventions
Rename admin.repos.* to qubes.repos.*
Add admin.repos.* qrexec services
Those files may easily accumulate in large quantities, to the point
where just listing the /etc/lvm/archive directory takes a long time.
This affects every lvm command call, so every VM start/stop.
Those archive files are rarely useful, as Qubes do multiple LVM
operations at each VM startup, so older data is really out of date very
quickly.
Automatically remove files in /etc/lvm/archive older than one day.
FixesQubesOS/qubes-issues#4927FixesQubesOS/qubes-issues#2963
The \0 after error code prevent logging error message which is after it.
This change clobber qubesd-query exit code with tr exit code (mostly 0),
but this is a good thing - failing qubes-suspend service does not
prevent the suspend, but do prevent the stop hooks being called, which
for example breaks time synchronization or may leave some domains
paused.
QubesOS/qubes-issues#3489
dnf4 (Fedora 29) does not like final coma in --exclude option. If it's
there, the whole --exclude is ignored on misinterpreted (as one long
package name?).
Use the same mechanism as VMs - first it's compatible with Admin API (in
contrary to flag files); second it ease handling it.
Migrate old setting on package upgrade.
While qvm-move and qvm-copy cannot work in dom0, their
absence is confusing. Thus, stub tools that output message
informing the user that these tools are unavailable and
qvm-move-to-vm/qvm-copy-to-vm should be used instead.
fixesQubesOS/qubes-issues#4021