This caused qrexec-client to be killed when the local process
exited (by design) before consuming all the input, for instance
when receiving too much data for the admin.vm.volume.Import call.
- fix unescaped dot in package_regex
- if any package fails verification, remove the whole directory, not
only that single package
- abort (and remove the whole directory) on any exception
- don't include file name in the error message, if it failed
verification
This, among other things, fix handling symlinks and directories sent by
potentially malicious UpdateVM. os.remove() can't remove non-empty
directories, so it would fail.
Fortunately metadata is created only after successful verification, so
dnf/yum wouldn't touch packages that failed verification and also
weren't removed. But make the code better handle such situations.
Reported-by: Hans Jerry Illikainen <hji@dyntopia.com>
(cherry picked from commit e5e006d933)
This commit ensures that all arguments to qubes-download-dom0-updates.sh
are properly quoted. This allows the use of commands such as
sudo qubes-dom0-update --action=distro-sync '*'
where, prior to this commit, the asterisk would be expanded in the
update virtual machine's home directory, whereas this commit prevents
the undesirable shell expansion of wildcards.
FixesQubesOS/qubes-issues#5096
(cherry picked from commit 1089a7a07b)
Those files may easily accumulate in large quantities, to the point
where just listing the /etc/lvm/archive directory takes a long time.
This affects every lvm command call, so every VM start/stop.
Those archive files are rarely useful, as Qubes do multiple LVM
operations at each VM startup, so older data is really out of date very
quickly.
Automatically remove files in /etc/lvm/archive older than one day.
FixesQubesOS/qubes-issues#4927FixesQubesOS/qubes-issues#2963
(cherry picked from commit 2ec29a4d4c)
5 years ago
7 changed files with 79 additions and 48 deletions