version 3.2.18

kernel-install: fix initramfs copying scripts
Fix current EFI boot dir discovery script. Also, adjust scripts order: 50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd 80-grub2 copies it to /boot/initramfs-....img 90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img Make the above order explicit, rather than relying on xen sorted later than grub2. QubesOS/qubes-issues#3234 (cherry picked from commit 9eefe23f4c)
12 changed files with 66 additions and 25 deletions
--- a/dom0-updates/qubes-dom0-update
+++ b/dom0-updates/qubes-dom0-update
@ -163,6 +163,8 @@ echo "Using $UPDATEVM as UpdateVM to download updates for Dom0; this may take so

 # Start VM if not running already
 qvm-run $QVMRUN_OPTS -a $UPDATEVM true || exit 1
+qvm-run -u root  $UPDATEVM 'mkdir -m 775 -p /var/lib/qubes/dom0-updates/' || exit 1
+qvm-run -u root  $UPDATEVM 'chown user:user /var/lib/qubes/dom0-updates/' || exit 1
 qvm-run  $UPDATEVM 'rm -rf /var/lib/qubes/dom0-updates/etc' || exit 1
 tar c /var/lib/rpm /etc/yum.repos.d /etc/yum.conf 2>/dev/null | \
   qvm-run -p "$UPDATEVM" 'LC_MESSAGES=C tar x -C /var/lib/qubes/dom0-updates 2>&1 | grep -v -E "s in the future"'
@ -209,7 +211,7 @@ if [ "x$PKGS" != "x" ]; then
    yum $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$?

    if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
-        if [ $RETCODE -eq 0 ] ; then
+        if [[ $RETCODE -eq 0 && -f "$BAK_TEMPLATE_ROOT" ]]; then
        # Reinstall went OK, remove backup files.
            rm -f "$BAK_TEMPLATE_ROOT-bak"
            rm -f "$BAK_TEMPLATE_PRIVATE-bak"
@ -218,13 +220,13 @@ if [ "x$PKGS" != "x" ]; then
            mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT"
            mv "$BAK_TEMPLATE_PRIVATE-bak" "$BAK_TEMPLATE_PRIVATE"
        fi
+        if [ -f "$TDIR/firewall.xml-bak" ]; then
+            mv "$TDIR/firewall.xml-bak" "$TDIR/firewall.xml"
+        fi
        if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM ; then
            echo "ERROR: NetVM setting could not be restored!"
            exit 1
        fi
-        if [ -f "$TDIR/firewall.xml-bak" ]; then
-            mv "$TDIR/firewall.xml-bak" "$TDIR/firewall.xml"
-        fi
        
    fi
 elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then
--- a/dracut/dracut.conf.d/luks-aesni-missing-drivers.conf
+++ b/dracut/dracut.conf.d/luks-aesni-missing-drivers.conf
@ -1,4 +1,4 @@
 # Apprently some of the drivers required when using a processor with AESNI for LUKS
 # are missing in the initramfs, so lets include them manually here:

-add_drivers+=" xts aesni-intel aes-x86_64 crc32c-intel ghash-clmulni-intel salsa20-x86_64 twofish-x86_64 "
+add_drivers+=" xts aesni-intel aes-x86_64 crc32c-intel ghash-clmulni-intel twofish-x86_64 "
--- a/pm-utils/51qubes-suspend-netvm
+++ b/pm-utils/51qubes-suspend-netvm
@ -6,7 +6,7 @@ get_running_netvms() {
    RUNNING_NETVMS=""
    for VM in $RUNNING_VMS; do
        if [ -n "`xl pci-list $VM|tail -n +2`" ]; then
-            echo "$VM"
+            echo "${VM%-dm}"
        fi
    done
 }
--- a/qrexec/qrexec-client.c
+++ b/qrexec/qrexec-client.c
@ -47,6 +47,8 @@ pid_t local_pid = 0;
 int is_service = 0;
 int child_exited = 0;

+extern char **environ;
+
 static int handle_agent_handshake(libvchan_t *vchan, int remote_send_first)
 {
    struct msg_header hdr;
@ -164,9 +166,15 @@ static void sigchld_handler(int x __attribute__((__unused__)))
 }

 /* called from do_fork_exec */
-void do_exec(const char *prog)
+_Noreturn void do_exec(char *prog)
 {
+    /* avoid calling qubes-rpc-multiplexer through shell */
+    exec_qubes_rpc_if_requested(prog, environ);
+
+    /* if above haven't executed qubes-rpc-multiplexer, pass it to shell */
    execl("/bin/bash", "bash", "-c", prog, NULL);
+    perror("exec bash");
+    exit(1);
 }

 static void do_exit(int code)
--- a/qrexec/qrexec-daemon.c
+++ b/qrexec/qrexec-daemon.c
@ -417,7 +417,7 @@ static int handle_cmdline_body_from_client(int fd, struct msg_header *hdr)
                    strncmp(policy_pending[i].params.ident, buf, len) == 0) {
                policy_pending[i].pid = 0;
                while (policy_pending_max > 0 &&
-                        policy_pending[policy_pending_max].pid > 0)
+                        policy_pending[policy_pending_max].pid == 0)
                    policy_pending_max--;
                break;
            }
@ -632,8 +632,11 @@ static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars)
            continue;
        if (*untrusted_s >= '0' && *untrusted_s <= '9')
            continue;
-        if (*untrusted_s == '$' ||
-               *untrusted_s == '_' ||
+        if (*untrusted_s == '$' && strchr(extra_allowed_chars, '@')) {
+            *untrusted_s = '@';
+            continue;
+        }
+        if (*untrusted_s == '_' ||
               *untrusted_s == '-' ||
               *untrusted_s == '.')
            continue;
@ -665,7 +668,7 @@ static void handle_execute_service(void)
    ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
    ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
    sanitize_name(untrusted_params.service_name, "+");
-    sanitize_name(untrusted_params.target_domain, "");
+    sanitize_name(untrusted_params.target_domain, "@");
    sanitize_name(untrusted_params.request_id.ident, " ");
    params = untrusted_params;
    /* sanitize end */
--- a/qrexec/qrexec-policy
+++ b/qrexec/qrexec-policy
@ -63,6 +63,7 @@ def read_policy_file(service_name):
    f = open(policy_file)
    fcntl.flock(f, fcntl.LOCK_SH)
    for iter in f.readlines():
+        iter = iter.replace('$', '@')
        dict = line_to_dict(iter)
        if dict is not None:
            policy_list.append(dict)
@ -70,7 +71,7 @@ def read_policy_file(service_name):
    return policy_list

 def is_match(item, config_term):
-    return (item != "dom0" and config_term == "$anyvm") or item == config_term
+    return (item != "dom0" and config_term == "@anyvm") or item == config_term

 def get_default_policy():
    dict={}
@ -89,7 +90,7 @@ def find_policy(policy, domain, target):

 def validate_target(target):
    # special targets
-    if target in ['$dispvm']:
+    if target in ['@dispvm']:
        return True

    qc = QubesVmCollection()
@ -110,7 +111,7 @@ def spawn_target_if_necessary(vm):
    null.close()

 def do_execute(domain, target, user, service_name, process_ident, vm=None):
-    if target == "$dispvm":
+    if target == "@dispvm":
        cmd = "/usr/lib/qubes/qfile-daemon-dvm " + service_name + " " + domain + " " +user
        os.execl(QREXEC_CLIENT, "qrexec-client",
                "-d", "dom0", "-c", process_ident, cmd)
@ -118,7 +119,7 @@ def do_execute(domain, target, user, service_name, process_ident, vm=None):
        if isinstance(vm, qubes.qubes.QubesVm):
            spawn_target_if_necessary(vm)
        if target == "dom0":
-            cmd = QUBES_RPC_MULTIPLEXER_PATH + " " + service_name + " " + domain
+            cmd = "QUBESRPC " + service_name + " " + domain
        else:
            cmd = user + ":QUBESRPC "+ service_name + " " + domain
        # stderr should be logged in source/target VM
@ -179,11 +180,11 @@ def create_policy(service_name):
    policyFile = "/etc/qubes-rpc/policy/"+service_name
    policy = open(policyFile, "w")
    policy.write("## Note that policy parsing stops at the first match,\n")
-    policy.write("## so adding anything below \"$anyvm $anyvm action\" line will have no effect\n")
+    policy.write("## so adding anything below \"@anyvm @anyvm action\" line will have no effect\n")
    policy.write("\n")
    policy.write("## Please use a single # to start your custom comments\n")
    policy.write("\n")
-    policy.write("$anyvm  $anyvm  ask\n")
+    policy.write("@anyvm  @anyvm  ask\n")
    policy.close()

 def main():
@ -244,6 +245,13 @@ def main():
    if policy_dict["action"] == "allow":
        if policy_dict.has_key("action.target"):
            target=policy_dict["action.target"]
+            vm = validate_target(target)
+            if vm is None:
+                print >> sys.stderr, "Rpc failed (unknown domain specified by policy):", domain, target, service_name
+                text = "Domain '%s' doesn't exist (service %s called by domain %s)." % (
+                        target, service_name, domain)
+                info_dialog("error", text)
+                exit(1)
        if policy_dict.has_key("action.user"):
            user=policy_dict["action.user"]
        else:
--- a/rpm_spec/core-dom0-linux.spec
+++ b/rpm_spec/core-dom0-linux.spec
@ -45,8 +45,10 @@ BuildRequires:  ImageMagick
 BuildRequires:  pandoc
 BuildRequires:  qubes-utils-devel >= 3.1.3
 BuildRequires:  qubes-libvchan-devel
+BuildRequires:  python
 Requires:	qubes-core-dom0
 Requires:	qubes-utils >= 3.1.3
+Requires:	qubes-utils-libs >= 3.2.7
 Requires:	%{name}-kernel-install
 Requires:	xdotool

@ -152,8 +154,8 @@ install -D system-config/qubes-sync-clock.cron $RPM_BUILD_ROOT/etc/cron.d/qubes-
 install -d $RPM_BUILD_ROOT/etc/udev/rules.d
 install -m 644 system-config/00-qubes-ignore-devices.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
 install -m 644 system-config/60-persistent-storage.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
-install -m 644 -D system-config/disable-lesspipe $RPM_BUILD_ROOT/etc/profile.d/zz-disable-lesspipe
-install -m 755 -D system-config/kernel-grub2.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/90-grub2.install
+install -m 644 -D system-config/disable-lesspipe.sh $RPM_BUILD_ROOT/etc/profile.d/zz-disable-lesspipe.sh
+install -m 755 -D system-config/kernel-grub2.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/80-grub2.install
 install -m 755 -D system-config/kernel-xen-efi.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/90-xen-efi.install
 install -m 755 -D system-config/kernel-remove-bls.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/99-remove-bls.install
 install -m 644 -D system-config/75-qubes-dom0.preset \
@ -282,7 +284,7 @@ chmod -x /etc/grub.d/10_linux
 %config /etc/udev/rules.d/00-qubes-ignore-devices.rules
 %config(noreplace) /etc/udev/rules.d/60-persistent-storage.rules
 %attr(0644,root,root) /etc/cron.d/qubes-sync-clock.cron
-%config(noreplace) /etc/profile.d/zz-disable-lesspipe
+%config(noreplace) /etc/profile.d/zz-disable-lesspipe.sh
 /usr/lib/systemd/system-preset/75-qubes-dom0.preset
 /usr/lib/systemd/system-preset/99-qubes-default-disable.preset
 /usr/bin/qvm-xkill
@ -291,7 +293,7 @@ chmod -x /etc/grub.d/10_linux
 %{_mandir}/man1/qubes-*.1*

 %files kernel-install
-/usr/lib/kernel/install.d/90-grub2.install
+/usr/lib/kernel/install.d/80-grub2.install
 /usr/lib/kernel/install.d/90-xen-efi.install
 /usr/lib/kernel/install.d/99-remove-bls.install

--- a/system-config/disable-lesspipe.sh
+++ b/system-config/disable-lesspipe.sh
--- a/system-config/kernel-grub2.install
+++ b/system-config/kernel-grub2.install
@ -2,10 +2,17 @@

 COMMAND="$1"
 KVER="$2"
+BOOT_DIR_ABS="$3"

 case "$COMMAND" in
    add)
-        dracut -f "/boot/initramfs-${KVER}.img" "$KVER"
+        # use newer image if available
+        if [ -e "$BOOT_DIR_ABS"/initrd ]; then
+            cp -u "$BOOT_DIR_ABS"/initrd "/boot/initramfs-${KVER}.img"
+        fi
+        if [ ! -e "/boot/initramfs-${KVER}.img" ]; then
+            dracut "/boot/initramfs-${KVER}.img" "$KVER"
+        fi
        ;;
    remove)
        rm -f "/boot/initramfs-${KVER}.img"
--- a/system-config/kernel-remove-bls.install
+++ b/system-config/kernel-remove-bls.install
@ -13,3 +13,9 @@
 if [[ $MACHINE_ID ]] && ( [[ -d /boot/${MACHINE_ID} ]] || [[ -L /boot/${MACHINE_ID} ]] ); then
    rm -rf /boot/${MACHINE_ID}
 fi
+if [[ $MACHINE_ID ]] && ( [[ -d /boot/efi/${MACHINE_ID} ]] || [[ -L /boot/efi/${MACHINE_ID} ]] ); then
+    rm -rf /boot/efi/${MACHINE_ID}
+    rm -f /boot/efi/loader/entries/${MACHINE_ID}-*.conf
+    # remove only when empty
+    rmdir /boot/efi/loader/entries /boot/efi/loader || :
+fi
--- a/system-config/kernel-xen-efi.install
+++ b/system-config/kernel-xen-efi.install
@ -9,7 +9,7 @@ ESP_MOUNTPOINT=/boot/efi

 EFI_DIR=$(efibootmgr -v 2>/dev/null | awk '
        /^BootCurrent:/ { current=$2; }
-        /^Boot....\* / { 
+        /^Boot....\* .*xen\.efi/ { 
            if ("Boot" current "*" == $1) {
                sub(".*File\\(", "");
                sub("\\\\xen.efi\\).*", "");
@ -77,7 +77,11 @@ case "$COMMAND" in
        fi

        cp "/boot/vmlinuz-$KVER" "$EFI_DIR/"
-        dracut -f "$EFI_DIR/initramfs-${KVER}.img" "$KVER"
+        if [ -e "/boot/initramfs-${KVER}.img" ]; then
+            cp -f "/boot/initramfs-${KVER}.img" "$EFI_DIR/"
+        else
+            dracut -f "$EFI_DIR/initramfs-${KVER}.img" "$KVER"
+        fi
        ;;
    remove)
        # don't care about changing default= line - yum should prevent removing
@ -101,5 +105,6 @@ case "$COMMAND" in
            mv $EFI_DIR/xen.cfg.new $EFI_DIR/xen.cfg
        fi
        rm -f "$EFI_DIR/initramfs-${KVER}.img"
+        rm -f "$EFI_DIR/vmlinuz-${KVER}"
        ;;
 esac
--- a/2
+++ b/2
@ -1 +1 @@
-3.2.12
+3.2.18
Author	SHA1	Message	Date
Marek Marczykowski-Górecki	473985c94d	version 3.2.18	6 years ago
Marek Marczykowski-Górecki	ce2193d85b	kernel-install: fix initramfs copying scripts Fix current EFI boot dir discovery script. Also, adjust scripts order: 50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd 80-grub2 copies it to /boot/initramfs-....img 90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img Make the above order explicit, rather than relying on xen sorted later than grub2. QubesOS/qubes-issues#3234 (cherry picked from commit `9eefe23f4c`)	6 years ago
Marek Marczykowski-Górecki	cc8bffb664	kernel-install: remove EFI variant of BLS dirs too Remove also EFI version of BootLoader Specification dirs. This will: - really force to re-generate initramfs during installation, after all relevant configs are updated; previously, dracut (called by anaconda through kernel-install) refuse to update already existing /boot/efi/.../initrd file. - save some precious space in /boot/efi Fixes QubesOS/qubes-issues#3234 (cherry picked from commit `53730c4ba2`)	6 years ago
Marek Marczykowski-Górecki	06e260e92d	kernel-install: cleanup old kernel binary on remove Don't let kernel images accumulate on EFI partition. (cherry picked from commit `861ddc9ce0`)	6 years ago
Marek Marczykowski-Górecki	306330e042	kernel-install: use up to date initramfs During installation, /usr/lib/kernel/install.d/50-dracut.install generate initramfs in $BOOT_DIR_ABS. It is important to use that one, even if there is one in /boot/initramfs-*.img already, because it was generated later and contains all required config files (including keyboard layout for entering LUKS passphrase). This fixes `d1f3be0eed` "kernel-install: avoid creating initramfs multiple times". Fixes QubesOS/qubes-issues#3234 (cherry picked from commit `bcf7c9e978`)	6 years ago
Marek Marczykowski-Górecki	72c2a30eab	kernel-install: avoid creating initramfs multiple times There are multiple places where initramfs can be created: - /boot/iniramfs-.img - /boot/$MACHINE_ID/.../initrd (unused on Qubes, but created by Fedora scripts) - /boot/efi/EFI/.../initramfs-.img Do not generate all of those from scratch, but try to reuse existing image (if exists). Since one dracut call may last even 5 minutes, this change should greatly reduce installation time. Fixes QubesOS/qubes-issues#3637 (cherry picked from commit `d1f3be0eed`)	6 years ago
Marek Marczykowski-Górecki	58f0af9d80	rpm: add missing BR: python It isn't implied by buildsys-build group anymore.	6 years ago
Marek Marczykowski-Górecki	9f18e6d742	Drop salsa20-x86_64 module from dracut image It isn't really used by default and x86_64 specific variant was recently dropped (4.14.47 at least). Fixes QubesOS/qubes-issues#4181	6 years ago
Marek Marczykowski-Górecki	61f83e888f	Merge remote-tracking branch 'qubesos/pr/39' into release3.2 * qubesos/pr/39: Added -p to mkdir for skip error if dir exists Make dir dom0-updates if not exists on UpdateVM Fixes QubesOS/qubes-issues#3620	6 years ago
donoban	e2ff40c188	Added -p to mkdir for skip error if dir exists	6 years ago
donoban	facf84a4e6	Make dir dom0-updates if not exists on UpdateVM	6 years ago
Marek Marczykowski-Górecki	86efd7e287	version 3.2.17	6 years ago
Marek Marczykowski-Górecki	a29580572e	rpm: adjust dependencies	6 years ago
Marek Marczykowski-Górecki	1a01417994	qubespolicy: unify calling qrexec service Rely on qrexec-client resolving QUBESRPC keyword, same as in case of VM call. This will allow applying special treatment to such calls, like calling qubes-rpc-multiplexer directly (avoiding shell), because we have defined protocol what can be used here.	6 years ago
Marek Marczykowski-Górecki	fe271c5672	qubespolicy: use '@' instead of '$' for policy keywords Using '$' is easy to misuse in shell scripts, shell commands etc. After all this years, lets abandon this dangerous character and move to something safer: '@'. The choice was made after reviewing specifications of various shells on different operating systems and this is the character that have no special meaning in none of them. To preserve compatibility, automatically translate '$' to '@' when loading policy files.	6 years ago
Marek Marczykowski-Górecki	6b0fef6dba	qrexec: automatically translate '$' to '@' in target name specification After the change of target keywords, apply transparen translation from old names. This will avoid breaking calls from not updated VMs. Apply this change only in stable branch.	6 years ago
Marek Marczykowski-Górecki	f481671782	qrexec: forbid '$' in target and service name Those parameters eventually may eventually be passed to a shell script (at least /usr/lib/qubes/qubes-rpc-multiplexer). While it is possible to properly escape shell special characters, lets do safer and less fragile thing: forbid such characters entirely. In case of target name, qrexec policy keywords are allowed, and after recent change, those contains '@', so allow this char. (cherry picked from commit cf28dad1943bd424b2ed23000cdcfd32d8e3190c)	6 years ago
Marek Marczykowski-Górecki	e6d8b52197	qrexec: use exec_qubes_rpc_if_requested() from qubes-utils This avoids duplicating service call parsing in multiple places. For dom0 part it was in qrexec-policy tool. Also, add execl() error handling. (cherry picked from commit `32b0c659a1`)	6 years ago
Simon Gaiser	e7f4fa9a5d	pm-utils: Fix handling of HVM domains `xl list` reports the PCI devies for the stub domain. But we want to call qubes.SuspendPre inside the domain itself.	6 years ago
Marek Marczykowski-Górecki	d67af4bfd9	version 3.2.16	7 years ago
Marek Marczykowski-Górecki	e4469c7fde	qrexec: fix domain autostart on qrexec call with 'target=' in policy When policy specify 'target=' option, update 'vm' variable too (used to start appropriate domain), not only 'target' variable (used to make the actual call. Otherwise wrong domain is started (original one, not the one overriden by target= option), and the call fails - since the right domain is not running.	7 years ago
Marek Marczykowski-Górecki	012ca712d2	version 3.2.15	7 years ago
Christopher Laprise	3bd5c13996	Fix root.img handling bug Per issue https://github.com/QubesOS/qubes-issues/issues/2848 (cherry picked from commit `6d251d5c58`) Notes from origin: Fixes QubesOS/qubes-issues#2848	7 years ago
Marek Marczykowski-Górecki	63e023883b	version 3.2.14	7 years ago
Marek Marczykowski-Górecki	bb88d74689	qrexec: fix pending requests cleanup code (cont) There was a second place with exactly the same bug. See `dad208a` "qrexec: fix pending requests cleanup code" for details. Fixes QubesOS/qubes-issues#2699 (cherry picked from commit `8719e5d74c`)	7 years ago
Marek Marczykowski-Górecki	a94102c940	Really disable lesspipe Only files with .sh suffix are loaded. Fixes QubesOS/qubes-issues#2808 (cherry picked from commit `e62acf815a`)	7 years ago
Marek Marczykowski-Górecki	5e79b88adc	version 3.2.13	7 years ago
 @ -1 +1 @@
 .2.12
 .2.18