version 4.0.22

Fixes side note of QubesOS/qubes-issues#5562

(cherry picked from commit c600b1b39c)

.travis.yml

@@ -1,8 +1,7 @@
 sudo: required
-dist: trusty
+dist: bionic
 language: generic
 install: git clone https://github.com/QubesOS/qubes-builder ~/qubes-builder
 script: ~/qubes-builder/scripts/travis-build
 env:
  - DIST_DOM0=fc25 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DIST_DOM0=fc29 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1

dom0-updates/qubes-dom0-update

@@ -1,5 +1,28 @@
 #!/bin/bash
 
+escape_args() {
+    local eargs=""
+
+    for arg in "$@"; do
+	printf -v eargs '%s%q ' "$eargs" "$arg"
+    done
+
+    echo "${eargs%?}"
+}
+
+find_regex_in_args() {
+    local regex="${1}"
+    shift 1
+
+    for arg in "${@}"; do
+        if echo "${arg}" | grep -q -e "${regex}"; then
+            return 0
+        fi
+    done
+
+    return 1
+}
+
 UPDATEVM=`qubes-prefs --force-root updatevm`
 UPDATES_STAT_FILE=/var/lib/qubes/updates/dom0-updates-available
 
@@ -22,11 +45,11 @@ if [ "$1" = "--help" ]; then
     exit
 fi
 
-PKGS=
-YUM_OPTS=
+PKGS=()
+YUM_OPTS=()
 GUI=
 CHECK_ONLY=
-ALL_OPTS="$*"
+ALL_OPTS=( "${@}" )
 YUM_ACTION=
 QVMRUN_OPTS=
 CLEAN=
@@ -51,10 +74,10 @@ while [ $# -gt 0 ]; do
             YUM_ACTION=${1#--action=}
             ;;
         -*)
-            YUM_OPTS="$YUM_OPTS $1"
+            YUM_OPTS+=( "${1}" )
             ;;
         *)
-            PKGS="$PKGS $1"
+            PKGS+=( "${1}" )
             if [ -z "$YUM_ACTION" ]; then
                 YUM_ACTION=install
             fi
@@ -66,13 +89,16 @@ done
 # Prevent implicit update of template - this would override user changes -
 # but do allow explicit template upgrade, downgrade, reinstall
 if [ "$YUM_ACTION" == "reinstall" ] || [ "$YUM_ACTION" == "upgrade" ] || [ "$YUM_ACTION" == "upgrade-to" ] \
-|| [ "$YUM_ACTION" == "downgrade" ] && [[ "$PKGS" == *"qubes-template-"* ]]; then
-    TEMPLATE_EXCLUDE_OPTS=""
+|| [ "$YUM_ACTION" == "downgrade" ] && find_regex_in_args '^qubes-template-' "${PKGS[@]}"; then
+    TEMPLATE_EXCLUDE_OPTS=()
     echo "WARNING: Replacing a template will erase all files in template's /home and /rw !"
 
-    ONEPKG=`cut -f 1 -d ' ' <<<$PKGS`
-    if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space
-        ONEPKG=`sed -r 's/-[0-9]+(\.[0-9-]+)+(\.noarch)*$//' <<<$ONEPKG` # Remove version suffix
+    # At least one package name matches the regex '^qubes-template-',
+    # so if there is only one package name in the array, then the
+    # code can safely assume that the array includes only a template
+    # package name.
+    if [[ ${#PKGS[@]} -eq 1 ]]; then
+        ONEPKG="$(echo "${PKGS[0]}" | sed -r 's/-[0-9]+(\.[0-9-]+)+(\.noarch)*$//')" # Remove version suffix
         TEMPLATE=${ONEPKG#qubes-template-} # Remove prefix
 
         if qvm-shutdown --wait $TEMPLATE ; then
@@ -96,12 +122,13 @@ if [ "$YUM_ACTION" == "reinstall" ] || [ "$YUM_ACTION" == "upgrade" ] || [ "$YUM
         exit 1
     fi
 elif [ "$YUM_ACTION" == "search" ] || [ "$YUM_ACTION" == "info" ]; then # No need to shutdown for search/info
-    TEMPLATE_EXCLUDE_OPTS=""
+    TEMPLATE_EXCLUDE_OPTS=()
 else
-    TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*|head -c -1`"
+    TEMPLATE_EXCLUDE_OPTS=( "--exclude=$(rpm -qa --qf '%{NAME},' qubes-template-\*|head -c -1)" )
 fi
-YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS $YUM_OPTS"
-ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $ALL_OPTS"
+
+YUM_OPTS=( "${TEMPLATE_EXCLUDE_OPTS[@]}" "${YUM_OPTS[@]}" )
+ALL_OPTS=( "${TEMPLATE_EXCLUDE_OPTS[@]}" "${ALL_OPTS[@]}" )
 
 ID=$(id -ur)
 if [ $ID != 0 -a -z "$GUI" -a -z "$CHECK_ONLY" ] ; then
@@ -109,7 +136,7 @@ if [ $ID != 0 -a -z "$GUI" -a -z "$CHECK_ONLY" ] ; then
     exit 1
 fi
 
-if [ "$GUI" == "1" -a -n "$PKGS" ]; then
+if [ "$GUI" == "1" -a ${#PKGS[@]} -ne 0 ]; then
     echo "ERROR: GUI mode can be used only for updates" >&2
     exit 1
 fi
@@ -174,7 +201,7 @@ qvm-run --nogui -q $UPDATEVM 'rm -rf /var/lib/qubes/dom0-updates/etc' || exit 1
 tar c /var/lib/rpm /etc/yum.repos.d /etc/yum.conf 2>/dev/null | \
    qvm-run --nogui -q --pass-io "$UPDATEVM" 'LC_MESSAGES=C tar x -C /var/lib/qubes/dom0-updates 2>&1 | grep -v -E "s in the future"'
 
-qvm-run $QVMRUN_OPTS --pass-io $UPDATEVM "script --quiet --return --command '/usr/lib/qubes/qubes-download-dom0-updates.sh --doit --nogui $ALL_OPTS' /dev/null"
+qvm-run $QVMRUN_OPTS --pass-io $UPDATEVM "script --quiet --return --command '/usr/lib/qubes/qubes-download-dom0-updates.sh --doit --nogui $(escape_args "${ALL_OPTS[@]}")' /dev/null" < /dev/null
 RETCODE=$?
 if [ "$CHECK_ONLY" == "1" ]; then
     exit $RETCODE
@@ -195,18 +222,18 @@ if [ -z "$YUM_ACTION" ]; then
     YUM_ACTION=upgrade
 fi
 
-if [ -n "$PKGS" ]; then
+if [ ${#PKGS[@]} -gt 0 ]; then
     if [ -n "$TEMPLATE" ]; then
         TEMPLATE_NETVM=$(qvm-prefs --force-root $TEMPLATE netvm)
     fi
 
-    dnf $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$?
+    dnf "${YUM_OPTS[@]}" $YUM_ACTION "${PKGS[@]}" ; RETCODE=$?
 
     if [ -n "$TEMPLATE_BACKUP" -a "$RETCODE" -eq 0 ]; then
         # Remove backup, if we made one. Better to do this only on success and
         # potentially leave extra backups around than do it on an exit trap and
         # clean up more reliably but potentially brick a system.
-        qvm-remove -- "$TEMPLATE_BACKUP"
+        qvm-remove -f -- "$TEMPLATE_BACKUP"
     fi
 
     if [ -n "$TEMPLATE" -a -n "$TEMPLATE_NETVM" -a x"$TEMPLATE_NETVM" != xNone ]; then
@@ -224,7 +251,7 @@ elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then
     else
         dnf check-update
         if [ $? -eq 100 ]; then # Run dnf with options
-            dnf $YUM_OPTS $YUM_ACTION
+            dnf "${YUM_OPTS[@]}" $YUM_ACTION
         fi
     fi
     dnf -q check-update && qvm-features dom0 updates-available ''

dom0-updates/qubes-receive-updates

@@ -31,13 +31,12 @@ updates_dir = "/var/lib/qubes/updates"
 updates_rpm_dir = updates_dir + "/rpm"
 updates_repodata_dir = updates_dir + "/repodata"
 updates_error_file = updates_dir + "/errors"
-updates_error_file_handle = None
 
 comps_file = None
 if os.path.exists('/usr/share/qubes/Qubes-comps.xml'):
     comps_file = '/usr/share/qubes/Qubes-comps.xml'
 
-package_regex = re.compile(r"^[A-Za-z0-9._+-]{1,128}.rpm$")
+package_regex = re.compile(r"^[A-Za-z0-9._+-]{1,128}\.rpm$")
 # example valid outputs:
 #  .....rpm: rsa sha1 (md5) pgp md5 OK
 #  .....rpm: (sha1) dsa sha1 md5 gpg OK
@@ -47,18 +46,15 @@ package_regex = re.compile(r"^[A-Za-z0-9._+-]{1,128}.rpm$")
 gpg_ok_regex = re.compile(r": [a-z0-9() ]* (pgp|gpg) [a-z0-9 ]*OK$")
 
 
-def dom0updates_fatal(pkg, msg):
-    global updates_error_file_handle
+def dom0updates_fatal(msg):
     print(msg, file=sys.stderr)
-    if updates_error_file_handle is None:
-        updates_error_file_handle = open(updates_error_file, "a")
-    updates_error_file_handle.write(msg + "\n")
-    os.remove(pkg)
+    with open(updates_error_file, "a") as updates_error_file_handle:
+        updates_error_file_handle.write(msg + "\n")
+    shutil.rmtree(updates_rpm_dir)
+    exit(1)
 
 
 def handle_dom0updates(updatevm):
-    global updates_error_file_handle
-
     source = os.getenv("QREXEC_REMOTE_DOMAIN")
     if source != updatevm.name:
         print('Domain ' + str(source) + ' not allowed to send dom0 updates',
@@ -77,14 +73,14 @@ def handle_dom0updates(updatevm):
     os.mkdir(updates_rpm_dir)
     os.chown(updates_rpm_dir, -1, qubes_gid)
     os.chmod(updates_rpm_dir, 0o0775)
-    subprocess.check_call(["/usr/libexec/qubes/qfile-dom0-unpacker",
-        str(os.getuid()), updates_rpm_dir])
-    # Verify received files
-    for untrusted_f in os.listdir(updates_rpm_dir):
-        if not package_regex.match(untrusted_f):
-            dom0updates_fatal(updates_rpm_dir + '/' + untrusted_f,
-                'Domain ' + source + ' sent unexpected file: ' + untrusted_f)
-        else:
+    try:
+        subprocess.check_call(["/usr/libexec/qubes/qfile-dom0-unpacker",
+            str(os.getuid()), updates_rpm_dir])
+        # Verify received files
+        for untrusted_f in os.listdir(updates_rpm_dir):
+            if not package_regex.match(untrusted_f):
+                raise Exception(
+                    'Domain ' + source + ' sent unexpected file')
             f = untrusted_f
             assert '/' not in f
             assert '\0' not in f
@@ -92,19 +88,19 @@ def handle_dom0updates(updatevm):
 
             full_path = updates_rpm_dir + "/" + f
             if os.path.islink(full_path) or not os.path.isfile(full_path):
-                dom0updates_fatal(
-                    full_path, 'Domain ' + source + ' sent not regular file')
+                raise Exception(
+                    'Domain ' + source + ' sent not regular file')
             p = subprocess.Popen(["/bin/rpm", "-K", full_path],
                     stdout=subprocess.PIPE)
             output = p.communicate()[0].decode('ascii')
             if p.returncode != 0:
-                dom0updates_fatal(full_path,
+                raise Exception(
                     'Error while verifing %s signature: %s' % (f, output))
             if not gpg_ok_regex.search(output.strip()):
-                dom0updates_fatal(full_path,
+                raise Exception(
                     'Domain ' + source + ' sent not signed rpm: ' + f)
-    if updates_error_file_handle is not None:
-        updates_error_file_handle.close()
+    except Exception as e:
+        dom0updates_fatal(str(e))
     # After updates received - create repo metadata
     createrepo_cmd = ["/usr/bin/createrepo_c"]
     if comps_file:
@@ -128,4 +124,6 @@ def main():
         exit(1)
     handle_dom0updates(updatevm)
 
-main()
+
+if __name__ == '__main__':
+    main()

qrexec/qrexec-client.c

@@ -708,6 +708,8 @@ int main(int argc, char **argv)
         usage(argv[0]);
     remote_cmdline = argv[optind];
 
+    signal(SIGPIPE, SIG_IGN);
+
     register_exec_func(&do_exec);
 
     if (just_exec + connect_existing + (local_cmdline != 0) > 1) {

rpm_spec/core-dom0-linux.spec.in

@@ -127,6 +127,7 @@ install -m 0440 -D system-config/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qub
 install -D system-config/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules
 install -D system-config/qubes-dom0.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes-dom0.modules
 install -D system-config/qubes-sync-clock.cron $RPM_BUILD_ROOT/etc/cron.d/qubes-sync-clock.cron
+install -D system-config/lvm-cleanup.cron-daily $RPM_BUILD_ROOT/etc/cron.daily/lvm-cleanup
 install -d $RPM_BUILD_ROOT/etc/udev/rules.d
 install -m 644 system-config/00-qubes-ignore-devices.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
 install -m 644 system-config/12-qubes-ignore-lvm-devices.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
@@ -235,6 +236,7 @@ chmod -x /etc/grub.d/10_linux
 %config /etc/udev/rules.d/00-qubes-ignore-devices.rules
 %config /etc/udev/rules.d/12-qubes-ignore-lvm-devices.rules
 %attr(0644,root,root) /etc/cron.d/qubes-sync-clock.cron
+/etc/cron.daily/lvm-cleanup
 %config(noreplace) /etc/profile.d/zz-disable-lesspipe.sh
 %config(noreplace) /etc/dnf/protected.d/qubes-core-dom0.conf
 /usr/lib/systemd/system-preset/75-qubes-dom0.preset

system-config/lvm-cleanup.cron-daily

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+find /etc/lvm/archive/ -type f -mtime +1 -name '*.vg' -delete

version

@@ -1,2 +1,2 @@
-4.0.18
+4.0.22
 1.6.1