version 3.2.18

Fix current EFI boot dir discovery script.

Also, adjust scripts order:
50-dracut generates initramfs in /boot/(efi/)?/$MACHINE_ID/.../initrd
80-grub2 copies it to /boot/initramfs-....img
90-xen-efi copies it to /boot/efi/EFI/qubes/initramfs-....img

Make the above order explicit, rather than relying on xen sorted later
than grub2.

QubesOS/qubes-issues#3234

(cherry picked from commit 9eefe23f4c)

dom0-updates/qubes-dom0-update

@@ -163,6 +163,8 @@ echo "Using $UPDATEVM as UpdateVM to download updates for Dom0; this may take so
 
 # Start VM if not running already
 qvm-run $QVMRUN_OPTS -a $UPDATEVM true || exit 1
+qvm-run -u root  $UPDATEVM 'mkdir -m 775 -p /var/lib/qubes/dom0-updates/' || exit 1
+qvm-run -u root  $UPDATEVM 'chown user:user /var/lib/qubes/dom0-updates/' || exit 1
 qvm-run  $UPDATEVM 'rm -rf /var/lib/qubes/dom0-updates/etc' || exit 1
 tar c /var/lib/rpm /etc/yum.repos.d /etc/yum.conf 2>/dev/null | \
    qvm-run -p "$UPDATEVM" 'LC_MESSAGES=C tar x -C /var/lib/qubes/dom0-updates 2>&1 | grep -v -E "s in the future"'
@@ -209,7 +211,7 @@ if [ "x$PKGS" != "x" ]; then
     yum $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$?
 
     if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
-        if [ $RETCODE -eq 0 ] ; then
+        if [[ $RETCODE -eq 0 && -f "$BAK_TEMPLATE_ROOT" ]]; then
         # Reinstall went OK, remove backup files.
             rm -f "$BAK_TEMPLATE_ROOT-bak"
             rm -f "$BAK_TEMPLATE_PRIVATE-bak"
@@ -218,13 +220,13 @@ if [ "x$PKGS" != "x" ]; then
             mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT"
             mv "$BAK_TEMPLATE_PRIVATE-bak" "$BAK_TEMPLATE_PRIVATE"
         fi
+        if [ -f "$TDIR/firewall.xml-bak" ]; then
+            mv "$TDIR/firewall.xml-bak" "$TDIR/firewall.xml"
+        fi
         if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM ; then
             echo "ERROR: NetVM setting could not be restored!"
             exit 1
         fi
-        if [ -f "$TDIR/firewall.xml-bak" ]; then
-            mv "$TDIR/firewall.xml-bak" "$TDIR/firewall.xml"
-        fi
         
     fi
 elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then

dracut/dracut.conf.d/luks-aesni-missing-drivers.conf

@@ -1,4 +1,4 @@
 # Apprently some of the drivers required when using a processor with AESNI for LUKS
 # are missing in the initramfs, so lets include them manually here:
 
-add_drivers+=" xts aesni-intel aes-x86_64 crc32c-intel ghash-clmulni-intel salsa20-x86_64 twofish-x86_64 "
+add_drivers+=" xts aesni-intel aes-x86_64 crc32c-intel ghash-clmulni-intel twofish-x86_64 "

pm-utils/51qubes-suspend-netvm

@@ -6,7 +6,7 @@ get_running_netvms() {
     RUNNING_NETVMS=""
     for VM in $RUNNING_VMS; do
         if [ -n "`xl pci-list $VM|tail -n +2`" ]; then
-            echo "$VM"
+            echo "${VM%-dm}"
         fi
     done
 }

qrexec/qrexec-client.c

@@ -47,6 +47,8 @@ pid_t local_pid = 0;
 int is_service = 0;
 int child_exited = 0;
 
+extern char **environ;
+
 static int handle_agent_handshake(libvchan_t *vchan, int remote_send_first)
 {
     struct msg_header hdr;
@@ -164,9 +166,15 @@ static void sigchld_handler(int x __attribute__((__unused__)))
 }
 
 /* called from do_fork_exec */
-void do_exec(const char *prog)
+_Noreturn void do_exec(char *prog)
 {
+    /* avoid calling qubes-rpc-multiplexer through shell */
+    exec_qubes_rpc_if_requested(prog, environ);
+
+    /* if above haven't executed qubes-rpc-multiplexer, pass it to shell */
     execl("/bin/bash", "bash", "-c", prog, NULL);
+    perror("exec bash");
+    exit(1);
 }
 
 static void do_exit(int code)

qrexec/qrexec-daemon.c

@@ -417,7 +417,7 @@ static int handle_cmdline_body_from_client(int fd, struct msg_header *hdr)
                     strncmp(policy_pending[i].params.ident, buf, len) == 0) {
                 policy_pending[i].pid = 0;
                 while (policy_pending_max > 0 &&
-                        policy_pending[policy_pending_max].pid > 0)
+                        policy_pending[policy_pending_max].pid == 0)
                     policy_pending_max--;
                 break;
             }
@@ -632,8 +632,11 @@ static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars)
             continue;
         if (*untrusted_s >= '0' && *untrusted_s <= '9')
             continue;
-        if (*untrusted_s == '$' ||
-               *untrusted_s == '_' ||
+        if (*untrusted_s == '$' && strchr(extra_allowed_chars, '@')) {
+            *untrusted_s = '@';
+            continue;
+        }
+        if (*untrusted_s == '_' ||
                *untrusted_s == '-' ||
                *untrusted_s == '.')
             continue;
@@ -665,7 +668,7 @@ static void handle_execute_service(void)
     ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
     ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
     sanitize_name(untrusted_params.service_name, "+");
-    sanitize_name(untrusted_params.target_domain, "");
+    sanitize_name(untrusted_params.target_domain, "@");
     sanitize_name(untrusted_params.request_id.ident, " ");
     params = untrusted_params;
     /* sanitize end */

qrexec/qrexec-policy

@@ -63,6 +63,7 @@ def read_policy_file(service_name):
     f = open(policy_file)
     fcntl.flock(f, fcntl.LOCK_SH)
     for iter in f.readlines():
+        iter = iter.replace('$', '@')
         dict = line_to_dict(iter)
         if dict is not None:
             policy_list.append(dict)
@@ -70,7 +71,7 @@ def read_policy_file(service_name):
     return policy_list
 
 def is_match(item, config_term):
-    return (item != "dom0" and config_term == "$anyvm") or item == config_term
+    return (item != "dom0" and config_term == "@anyvm") or item == config_term
 
 def get_default_policy():
     dict={}
@@ -89,7 +90,7 @@ def find_policy(policy, domain, target):
 
 def validate_target(target):
     # special targets
-    if target in ['$dispvm']:
+    if target in ['@dispvm']:
         return True
 
     qc = QubesVmCollection()
@@ -110,7 +111,7 @@ def spawn_target_if_necessary(vm):
     null.close()
 
 def do_execute(domain, target, user, service_name, process_ident, vm=None):
-    if target == "$dispvm":
+    if target == "@dispvm":
         cmd = "/usr/lib/qubes/qfile-daemon-dvm " + service_name + " " + domain + " " +user
         os.execl(QREXEC_CLIENT, "qrexec-client",
                 "-d", "dom0", "-c", process_ident, cmd)
@@ -118,7 +119,7 @@ def do_execute(domain, target, user, service_name, process_ident, vm=None):
         if isinstance(vm, qubes.qubes.QubesVm):
             spawn_target_if_necessary(vm)
         if target == "dom0":
-            cmd = QUBES_RPC_MULTIPLEXER_PATH + " " + service_name + " " + domain
+            cmd = "QUBESRPC " + service_name + " " + domain
         else:
             cmd = user + ":QUBESRPC "+ service_name + " " + domain
         # stderr should be logged in source/target VM
@@ -179,11 +180,11 @@ def create_policy(service_name):
     policyFile = "/etc/qubes-rpc/policy/"+service_name
     policy = open(policyFile, "w")
     policy.write("## Note that policy parsing stops at the first match,\n")
-    policy.write("## so adding anything below \"$anyvm $anyvm action\" line will have no effect\n")
+    policy.write("## so adding anything below \"@anyvm @anyvm action\" line will have no effect\n")
     policy.write("\n")
     policy.write("## Please use a single # to start your custom comments\n")
     policy.write("\n")
-    policy.write("$anyvm  $anyvm  ask\n")
+    policy.write("@anyvm  @anyvm  ask\n")
     policy.close()
 
 def main():
@@ -244,6 +245,13 @@ def main():
     if policy_dict["action"] == "allow":
         if policy_dict.has_key("action.target"):
             target=policy_dict["action.target"]
+            vm = validate_target(target)
+            if vm is None:
+                print >> sys.stderr, "Rpc failed (unknown domain specified by policy):", domain, target, service_name
+                text = "Domain '%s' doesn't exist (service %s called by domain %s)." % (
+                        target, service_name, domain)
+                info_dialog("error", text)
+                exit(1)
         if policy_dict.has_key("action.user"):
             user=policy_dict["action.user"]
         else:

rpm_spec/core-dom0-linux.spec

@@ -45,8 +45,10 @@ BuildRequires:  ImageMagick
 BuildRequires:  pandoc
 BuildRequires:  qubes-utils-devel >= 3.1.3
 BuildRequires:  qubes-libvchan-devel
+BuildRequires:  python
 Requires:	qubes-core-dom0
 Requires:	qubes-utils >= 3.1.3
+Requires:	qubes-utils-libs >= 3.2.7
 Requires:	%{name}-kernel-install
 Requires:	xdotool
 
@@ -152,8 +154,8 @@ install -D system-config/qubes-sync-clock.cron $RPM_BUILD_ROOT/etc/cron.d/qubes-
 install -d $RPM_BUILD_ROOT/etc/udev/rules.d
 install -m 644 system-config/00-qubes-ignore-devices.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
 install -m 644 system-config/60-persistent-storage.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
-install -m 644 -D system-config/disable-lesspipe $RPM_BUILD_ROOT/etc/profile.d/zz-disable-lesspipe
-install -m 755 -D system-config/kernel-grub2.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/90-grub2.install
+install -m 644 -D system-config/disable-lesspipe.sh $RPM_BUILD_ROOT/etc/profile.d/zz-disable-lesspipe.sh
+install -m 755 -D system-config/kernel-grub2.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/80-grub2.install
 install -m 755 -D system-config/kernel-xen-efi.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/90-xen-efi.install
 install -m 755 -D system-config/kernel-remove-bls.install $RPM_BUILD_ROOT/usr/lib/kernel/install.d/99-remove-bls.install
 install -m 644 -D system-config/75-qubes-dom0.preset \
@@ -282,7 +284,7 @@ chmod -x /etc/grub.d/10_linux
 %config /etc/udev/rules.d/00-qubes-ignore-devices.rules
 %config(noreplace) /etc/udev/rules.d/60-persistent-storage.rules
 %attr(0644,root,root) /etc/cron.d/qubes-sync-clock.cron
-%config(noreplace) /etc/profile.d/zz-disable-lesspipe
+%config(noreplace) /etc/profile.d/zz-disable-lesspipe.sh
 /usr/lib/systemd/system-preset/75-qubes-dom0.preset
 /usr/lib/systemd/system-preset/99-qubes-default-disable.preset
 /usr/bin/qvm-xkill
@@ -291,7 +293,7 @@ chmod -x /etc/grub.d/10_linux
 %{_mandir}/man1/qubes-*.1*
 
 %files kernel-install
-/usr/lib/kernel/install.d/90-grub2.install
+/usr/lib/kernel/install.d/80-grub2.install
 /usr/lib/kernel/install.d/90-xen-efi.install
 /usr/lib/kernel/install.d/99-remove-bls.install
 

system-config/kernel-grub2.install

@@ -2,10 +2,17 @@
 
 COMMAND="$1"
 KVER="$2"
+BOOT_DIR_ABS="$3"
 
 case "$COMMAND" in
     add)
-        dracut -f "/boot/initramfs-${KVER}.img" "$KVER"
+        # use newer image if available
+        if [ -e "$BOOT_DIR_ABS"/initrd ]; then
+            cp -u "$BOOT_DIR_ABS"/initrd "/boot/initramfs-${KVER}.img"
+        fi
+        if [ ! -e "/boot/initramfs-${KVER}.img" ]; then
+            dracut "/boot/initramfs-${KVER}.img" "$KVER"
+        fi
         ;;
     remove)
         rm -f "/boot/initramfs-${KVER}.img"

system-config/kernel-remove-bls.install

@@ -13,3 +13,9 @@
 if [[ $MACHINE_ID ]] && ( [[ -d /boot/${MACHINE_ID} ]] || [[ -L /boot/${MACHINE_ID} ]] ); then
     rm -rf /boot/${MACHINE_ID}
 fi
+if [[ $MACHINE_ID ]] && ( [[ -d /boot/efi/${MACHINE_ID} ]] || [[ -L /boot/efi/${MACHINE_ID} ]] ); then
+    rm -rf /boot/efi/${MACHINE_ID}
+    rm -f /boot/efi/loader/entries/${MACHINE_ID}-*.conf
+    # remove only when empty
+    rmdir /boot/efi/loader/entries /boot/efi/loader || :
+fi

system-config/kernel-xen-efi.install

@@ -9,7 +9,7 @@ ESP_MOUNTPOINT=/boot/efi
 
 EFI_DIR=$(efibootmgr -v 2>/dev/null | awk '
         /^BootCurrent:/ { current=$2; }
-        /^Boot....\* / { 
+        /^Boot....\* .*xen\.efi/ { 
             if ("Boot" current "*" == $1) {
                 sub(".*File\\(", "");
                 sub("\\\\xen.efi\\).*", "");
@@ -77,7 +77,11 @@ case "$COMMAND" in
         fi
 
         cp "/boot/vmlinuz-$KVER" "$EFI_DIR/"
-        dracut -f "$EFI_DIR/initramfs-${KVER}.img" "$KVER"
+        if [ -e "/boot/initramfs-${KVER}.img" ]; then
+            cp -f "/boot/initramfs-${KVER}.img" "$EFI_DIR/"
+        else
+            dracut -f "$EFI_DIR/initramfs-${KVER}.img" "$KVER"
+        fi
         ;;
     remove)
         # don't care about changing default= line - yum should prevent removing
@@ -101,5 +105,6 @@ case "$COMMAND" in
             mv $EFI_DIR/xen.cfg.new $EFI_DIR/xen.cfg
         fi
         rm -f "$EFI_DIR/initramfs-${KVER}.img"
+        rm -f "$EFI_DIR/vmlinuz-${KVER}"
         ;;
 esac

version

@@ -1 +1 @@
-3.2.12
+3.2.18