This caused qrexec-client to be killed when the local process
exited (by design) before consuming all the input, for instance
when receiving too much data for the admin.vm.volume.Import call.
- fix unescaped dot in package_regex
- if any package fails verification, remove the whole directory, not
only that single package
- abort (and remove the whole directory) on any exception
- don't include file name in the error message, if it failed
verification
This, among other things, fix handling symlinks and directories sent by
potentially malicious UpdateVM. os.remove() can't remove non-empty
directories, so it would fail.
Fortunately metadata is created only after successful verification, so
dnf/yum wouldn't touch packages that failed verification and also
weren't removed. But make the code better handle such situations.
Reported-by: Hans Jerry Illikainen <hji@dyntopia.com>
(cherry picked from commit e5e006d933)
This commit ensures that all arguments to qubes-download-dom0-updates.sh
are properly quoted. This allows the use of commands such as
sudo qubes-dom0-update --action=distro-sync '*'
where, prior to this commit, the asterisk would be expanded in the
update virtual machine's home directory, whereas this commit prevents
the undesirable shell expansion of wildcards.
FixesQubesOS/qubes-issues#5096
(cherry picked from commit 1089a7a07b)
Those files may easily accumulate in large quantities, to the point
where just listing the /etc/lvm/archive directory takes a long time.
This affects every lvm command call, so every VM start/stop.
Those archive files are rarely useful, as Qubes do multiple LVM
operations at each VM startup, so older data is really out of date very
quickly.
Automatically remove files in /etc/lvm/archive older than one day.
FixesQubesOS/qubes-issues#4927FixesQubesOS/qubes-issues#2963
(cherry picked from commit 2ec29a4d4c)
The \0 after error code prevent logging error message which is after it.
This change clobber qubesd-query exit code with tr exit code (mostly 0),
but this is a good thing - failing qubes-suspend service does not
prevent the suspend, but do prevent the stop hooks being called, which
for example breaks time synchronization or may leave some domains
paused.
QubesOS/qubes-issues#3489
dnf4 (Fedora 29) does not like final coma in --exclude option. If it's
there, the whole --exclude is ignored on misinterpreted (as one long
package name?).
Use the same mechanism as VMs - first it's compatible with Admin API (in
contrary to flag files); second it ease handling it.
Migrate old setting on package upgrade.
While qvm-move and qvm-copy cannot work in dom0, their
absence is confusing. Thus, stub tools that output message
informing the user that these tools are unavailable and
qvm-move-to-vm/qvm-copy-to-vm should be used instead.
fixesQubesOS/qubes-issues#4021
Fix current EFI boot dir discovery script.
Also, adjust scripts order:
50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd
80-grub2 copies it to /boot/initramfs-....img
90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img
Make the above order explicit, rather than relying on xen sorted later
than grub2.
QubesOS/qubes-issues#3234
Remove also EFI version of BootLoader Specification dirs. This will:
- really force to re-generate initramfs during installation, after all
relevant configs are updated; previously, dracut (called by anaconda
through kernel-install) refuse to update already existing
/boot/efi/.../initrd file.
- save some precious space in /boot/efi
FixesQubesOS/qubes-issues#3234
If no updates are available, display some notification about that (when
GUI mode requested). Otherwise user has no idea what happened (update
failed? still doing something?).
FixesQubesOS/qubes-issues#3751
During installation, /usr/lib/kernel/install.d/50-dracut.install
generate initramfs in $BOOT_DIR_ABS. It is important to use that one,
even if there is one in /boot/initramfs-*.img already, because it was
generated later and contains all required config files (including
keyboard layout for entering LUKS passphrase).
This fixes d1f3be0eed "kernel-install:
avoid creating initramfs multiple times".
FixesQubesOS/qubes-issues#3234