From b267e5c30589404047bc0871323c09757c9df692 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Sat, 5 Mar 2016 00:28:56 +0100
Subject: [PATCH 1/2] qrexec: write service stderr to both syslog and caller

In case of some services it makes much sense for caller to receive also
stderr in addition to stdout. For example:
 - qubes.VMShell (stderr required for salt-ssh over qrexec)
 - qubes.OpenInVM - especially when called to DispVM - otherwise
 diagnosing errors can be hard

And generally all sort of error reporting (the purpose of stderr). It
would ease debugging - instead of message "error occurred, check here and
there for more details", it could be "error occurred: the reason".

Fixes QubesOS/qubes-issues#1808
---
 qrexec/qubes-rpc-multiplexer | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/qrexec/qubes-rpc-multiplexer b/qrexec/qubes-rpc-multiplexer
index e772d27..ecd9bc9 100755
--- a/qrexec/qubes-rpc-multiplexer
+++ b/qrexec/qubes-rpc-multiplexer
@@ -1,9 +1,18 @@
 #!/bin/sh
 
-mkfifo /tmp/qrexec-rpc-stderr.$$
-logger -t "$1-$2" -f /tmp/qrexec-rpc-stderr.$$ >/dev/null 2>&1 </dev/null &
-exec 2>/tmp/qrexec-rpc-stderr.$$
-rm -f /tmp/qrexec-rpc-stderr.$$
+# write stderr to both calling party and local log; be very careful about
+# closing file descriptors here - if either stdout or stderr will not be closed
+# when service process does the same - service call will hang (waiting for EOF
+# on stdout/stderr)
+stderr_pipe=/tmp/qrexec-rpc-stderr.$$
+mkfifo $stderr_pipe
+# tee can't write to file descriptor, nor /proc/self/fd/2 (EXIO on open)
+return_stderr_pipe=/tmp/qrexec-rpc-stderr-return.$$
+mkfifo $return_stderr_pipe
+{ cat <$return_stderr_pipe >&2 2>/dev/null; rm -f $return_stderr_pipe; } &
+{ tee $return_stderr_pipe 2>/dev/null <$stderr_pipe |\
+       logger -t "$1-$2" >/dev/null 2>&1; rm -f $stderr_pipe; } &
+exec 2>$stderr_pipe
 
 QUBES_RPC=/etc/qubes-rpc
 LOCAL_QUBES_RPC=/usr/local/etc/qubes-rpc

From 7c459853317c24086019f4bbfb1b15b4c605a7b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Sat, 5 Mar 2016 00:38:56 +0100
Subject: [PATCH 2/2] qrexec: hide timing debug messages in vm-file-editor

Those are currently barely useful, since starting the application isn't
the biggest bottleneck of DispVM. And since stderr is now visible on
qvm-open-in-dvm output, not scare the user with it.
---
 qubes-rpc/vm-file-editor.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/qubes-rpc/vm-file-editor.c b/qubes-rpc/vm-file-editor.c
index 7ba7bb4..dbc7d2c 100644
--- a/qubes-rpc/vm-file-editor.c
+++ b/qubes-rpc/vm-file-editor.c
@@ -12,6 +12,7 @@
 
 #define USER_HOME "/home/user"
 #define TMP_LOC "/tmp/qopen/"
+// #define DEBUG
 
 static const char *cleanup_filename = NULL;
 
@@ -154,7 +155,9 @@ main()
 		perror("stat pre");
 		exit(1);
 	}
+#ifdef DEBUG
 	fprintf(stderr, "time=%s, waiting for qubes-session\n", gettime());
+#endif
 	// wait for X server to starts (especially in DispVM)
 	if (stat("/tmp/qubes-session-env", &session_stat)) {
 		switch (child = fork()) {
@@ -183,7 +186,9 @@ main()
 				}
 		}
 	}
+#ifdef DEBUG
 	fprintf(stderr, "time=%s, starting editor\n", gettime());
+#endif
 	switch (child = fork()) {
 		case -1:
 			perror("fork");