version 2.0.31

Main qubes-core-dom0 should not be installed as part of installer image,
but os-prober dependency pulls that in. So move it into
qubes-core-dom0-kernel-install subpackage. After all this is where grub
config regeneration code is placed, so it is more logical place.

(cherry picked from commit e062c431dd)

.gitignore

@@ -1 +1,2 @@
 rpm/
+pkgs/

appmenus-scripts/create-apps-for-appvm.sh

@@ -58,6 +58,6 @@ fi
 echo "--> Adding Apps to the Menu..."
 LC_COLLATE=C xdg-desktop-menu install $APPSDIR/*.directory $APPSDIR/*.desktop
 
-if [ -n "$KDE_SESSION_UID" ]; then
+if [ -n "$KDE_SESSION_UID" -a -z "$SKIP_CACHE_REBUILD" ]; then
     kbuildsycoca4
 fi

appmenus-scripts/qubes-receive-appmenus

@@ -42,13 +42,13 @@ appmenus_line_size = 1024
 appmenus_line_count = 100000
 
 # regexps for sanitization of retrieved values
-std_re = re.compile(r"^[/a-zA-Z0-9.,&() -]*$")
+std_re = re.compile(r"^[/a-zA-Z0-9.,&()_ -]*$")
 fields_regexp = {
     "Name": std_re,
     "GenericName": std_re,
     "Comment": std_re,
     "Categories": re.compile(r"^[a-zA-Z0-9/.;:'() -]*$"),
-    "Exec": re.compile(r"^[a-zA-Z0-9()%&>/{}\"'\\:.= -]*$"),
+    "Exec": re.compile(r"^[a-zA-Z0-9()_%&>/{}\"'\\:.= -]*$"),
     "Icon": re.compile(r"^[a-zA-Z0-9/_.-]*$"),
 }
 
@@ -207,7 +207,7 @@ def create_template(path, values):
         if values.has_key(key):
             desktop_file.write("{0}={1}\n".format(key, values[key]))
 
-    desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% {0}\n".format(pipes.quote(values['Exec'])))
+    desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% -- {0}\n".format(pipes.quote(values['Exec'])))
     desktop_file.close()
 
 
@@ -324,11 +324,15 @@ def main():
             shutil.copy(system_path['appmenu_start_hvm_template'], vm.appmenus_templates_dir)
 
     if hasattr(vm, 'appvms'):
+        os.putenv('SKIP_CACHE_REBUILD', '1')
         for child_vm in vm.appvms.values():
             try:
                 child_vm.appmenus_recreate()
             except Exception, e:
                 print >> sys.stderr, "---> Failed to recreate appmenus for "  \
                                      "'{0}': {1}".format(child_vm.name, str(e))
+        if 'KDE_SESSION_UID' in os.environ:
+            subprocess.call(['kbuildsycoca4'])
+        os.unsetenv('SKIP_CACHE_REBUILD')
 
 main()

dom0-updates/qubes-dom0-update

@@ -21,11 +21,13 @@ if [ "$1" = "--help" ]; then
     exit
 fi
 
+# Prevent template upgrade - this would override user changes
+TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`"
 PKGS=
-YUM_OPTS=
+YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS"
 GUI=
 CHECK_ONLY=
-ALL_OPTS=$*
+ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $*"
 QVMRUN_OPTS=
 CLEAN=
 # Filter out some yum options and collect packages list
@@ -110,6 +112,7 @@ fi
 if [ -n "$CLEAN" ]; then
     rm -f /var/lib/qubes/updates/rpm/*
 fi
+rm -f /var/lib/qubes/updates/errors
 
 # We should ensure the clocks in Dom0 and UpdateVM are in sync
 # becuase otherwise yum might complain about future timestamps

dom0-updates/qubes-receive-updates

@@ -40,7 +40,13 @@ if os.path.exists('/usr/share/qubes/Qubes-comps.xml'):
     comps_file = '/usr/share/qubes/Qubes-comps.xml'
 
 package_regex = re.compile(r"^[A-Za-z0-9._+-]{1,128}.rpm$")
-gpg_ok_regex = re.compile(r"pgp md5 OK$")
+# example valid outputs:
+#  .....rpm: rsa sha1 (md5) pgp md5 OK
+#  .....rpm: (sha1) dsa sha1 md5 gpg OK
+# example INVALID outputs:
+#  .....rpm: sha1 md5 OK
+#  .....rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#246110c1)
+gpg_ok_regex = re.compile(r": [a-z0-9() ]* (pgp|gpg) [a-z0-9 ]*OK$")
 
 def dom0updates_fatal(pkg, msg):
     global updates_error_file_handle

qrexec/qrexec-daemon.c

@@ -519,7 +519,7 @@ void handle_execute_predefined_command(void)
 		close(i);
 	signal(SIGCHLD, SIG_DFL);
 	signal(SIGPIPE, SIG_DFL);
-	execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy",
+	execl("/usr/lib/qubes/qrexec-policy", "qrexec-policy", "--",
 	      remote_domain_name, params.target_vmname,
 	      params.exec_index, params.process_fds.ident, NULL);
 	perror("execl");

rpm_spec/core-dom0-linux.spec

@@ -46,6 +46,7 @@ BuildRequires:  pandoc
 BuildRequires:  qubes-utils-devel >= 2.0.5
 Requires:	qubes-core-dom0
 Requires:	qubes-utils >= 2.0.6
+Requires:	%{name}-kernel-install
 
 %define _builddir %(pwd)
 
@@ -54,6 +55,17 @@ Linux customizations required to use system as Qubes dom0.
 Additionally some graphical elements for every Linux desktop envirnment (icons,
 appmenus etc).
 
+%package kernel-install
+Summary:	Kernel install hook for Xen-based system
+
+# get rid of os-prober, it tries to mount and parse all the block devices in
+# the system, including loop*
+Provides: os-prober
+Obsoletes: os-prober
+
+%description kernel-install
+Kernel install hook for Xen-based system.
+
 %prep
 # we operate on the current directory, so no need to unpack anything
 # symlink is to generate useful debuginfo packages
@@ -138,6 +150,8 @@ install -D system-config/qubes-sync-clock.cron $RPM_BUILD_ROOT/etc/cron.d/qubes-
 install -d $RPM_BUILD_ROOT/etc/udev/rules.d
 install -m 644 system-config/00-qubes-ignore-devices.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
 install -m 644 system-config/60-persistent-storage.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
+install -m 644 -D system-config/disable-lesspipe $RPM_BUILD_ROOT/etc/profile.d/zz-disable-lesspipe
+install -m 755 -D system-config/kernel-grub2.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/90-grub2.install
 
 ### Icons
 mkdir -p $RPM_BUILD_ROOT/usr/share/qubes/icons
@@ -257,9 +271,12 @@ chmod -x /etc/grub.d/10_linux
 %config /etc/udev/rules.d/00-qubes-ignore-devices.rules
 %config(noreplace) /etc/udev/rules.d/60-persistent-storage.rules
 %attr(0644,root,root) /etc/cron.d/qubes-sync-clock.cron
+%config(noreplace) /etc/profile.d/zz-disable-lesspipe
 # Man
 %{_mandir}/man1/qvm-*.1*
 %{_mandir}/man1/qubes-*.1*
 
+%files kernel-install
+/usr/lib/kernel/install.d/90-grub2.install
 
 %changelog

system-config/disable-lesspipe

@@ -0,0 +1 @@
+unset LESSOPEN LESSCLOSE

system-config/kernel-grub2.install

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+COMMAND="$1"
+KVER="$2"
+
+case "$COMMAND" in
+    add)
+        dracut -f "/boot/initramfs-${KVER}.img" "$KVER"
+        ;;
+    remove)
+        rm -f "/boot/initramfs-${KVER}.img"
+        ;;
+esac
+grub2-mkconfig -o /boot/grub2/grub.cfg

version

@@ -1 +1 @@
-2.0.24
+2.0.31