From aeb6d188cc89c7d0096949807f5ff9e01c907ecb Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Thu, 22 Oct 2015 15:26:24 +0000 Subject: [PATCH 1/3] Improved upgrade notifications sent to QVMM. Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared. No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.) No longer clear upgrade notification in QVMM on arbitrary package installation. Check if upgrades have been actually installed before clearing the notifications. https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906 --- Makefile | 3 +++ misc/upgrades-installed-check | 22 ++++++++++++++++++++++ misc/upgrades-status-notify | 11 +++++++++++ network/00notify-hook | 2 +- 4 files changed, 37 insertions(+), 1 deletion(-) create mode 100755 misc/upgrades-installed-check create mode 100755 misc/upgrades-status-notify diff --git a/Makefile b/Makefile index 7d8faf8..611bd70 100644 --- a/Makefile +++ b/Makefile @@ -171,6 +171,9 @@ install-common: install misc/dispvm-prerun.sh $(DESTDIR)$(LIBDIR)/qubes/dispvm-prerun.sh install misc/close-window $(DESTDIR)$(LIBDIR)/qubes/close-window + install misc/upgrades-installed-check $(DESTDIR)$(LIBDIR)/qubes/upgrades-installed-check + install misc/upgrades-status-notify $(DESTDIR)$(LIBDIR)/qubes/upgrades-status-notify + install -m 0644 network/udev-qubes-network.rules $(DESTDIR)/etc/udev/rules.d/99-qubes-network.rules install network/qubes-setup-dnat-to-ns $(DESTDIR)$(LIBDIR)/qubes install network/setup-ip $(DESTDIR)$(LIBDIR)/qubes/ diff --git a/misc/upgrades-installed-check b/misc/upgrades-installed-check new file mode 100755 index 0000000..3afbfe5 --- /dev/null +++ b/misc/upgrades-installed-check @@ -0,0 +1,22 @@ +#!/bin/bash + +## `echo`s: +## * 'true' - if all upgrades have been installed +## * 'false' - if there are pending upgrades +## * nothing - if apt-get is currently locked +## +## Forwards the exit code of the package manager. + +if [ -e /etc/system-release ]; then + ## Fedora + yum_output="$(yum -q check-update 2>&1)" + exit_code="$?" + [ "$exit_code" -eq 100 ] && echo "true" || echo "false" +else + ## Debian + apt_get_output="$(LANG="C" apt-get -s upgrade 2>&1)" + exit_code="$?" + echo "$apt_get_output" | awk "/^Inst/{ print $2 }" | [ "$(wc -L)" -eq 0 ] && echo "true" || echo "false" +fi + +exit "$exit_code" diff --git a/misc/upgrades-status-notify b/misc/upgrades-status-notify new file mode 100755 index 0000000..a623df5 --- /dev/null +++ b/misc/upgrades-status-notify @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +upgrades_installed="$(/usr/lib/qubes/upgrades-installed-check 2>&1)" + +if [ "$upgrades_installed" = "true" ]; then + /usr/lib/qubes/qrexec-client-vm dom0 qubes.NotifyUpdates /bin/sh -c 'echo 0' +elif [ "$upgrades_installed" = "false" ]; then + /usr/lib/qubes/qrexec-client-vm dom0 qubes.NotifyUpdates /bin/sh -c 'echo 1' +fi diff --git a/network/00notify-hook b/network/00notify-hook index 2d56c2e..adc34af 100644 --- a/network/00notify-hook +++ b/network/00notify-hook @@ -1 +1 @@ -DPkg::Post-Invoke {"/usr/lib/qubes/qrexec-client-vm dom0 qubes.NotifyUpdates /bin/sh -c 'echo 0' || true";}; +DPkg::Post-Invoke {"/usr/lib/qubes/upgrades-status-notify || true";}; From d5acf83916a3722279a60679fe1638387054f8e3 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 11 Nov 2015 16:10:23 +0000 Subject: [PATCH 2/3] fixed inverted logic issue in upgrades-installed-check https://github.com/adrelanos/qubes-core-agent-linux/commit/928013f819973e55738887cc9cb5e7c773eb15f6#commitcomment-13968627 --- misc/upgrades-installed-check | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misc/upgrades-installed-check b/misc/upgrades-installed-check index 3afbfe5..a285b94 100755 --- a/misc/upgrades-installed-check +++ b/misc/upgrades-installed-check @@ -11,7 +11,8 @@ if [ -e /etc/system-release ]; then ## Fedora yum_output="$(yum -q check-update 2>&1)" exit_code="$?" - [ "$exit_code" -eq 100 ] && echo "true" || echo "false" + [ "$exit_code" -eq 100 ] && echo "false" && exit 0 + [ "$exit_code" -eq 0 ] && echo "true" else ## Debian apt_get_output="$(LANG="C" apt-get -s upgrade 2>&1)" From 52917593c5b717cde849c34bd533ff211a5cb5aa Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 11 Nov 2015 21:13:17 +0000 Subject: [PATCH 3/3] misc/upgrades-installed-check: handle apt-get errors --- misc/upgrades-installed-check | 2 ++ 1 file changed, 2 insertions(+) diff --git a/misc/upgrades-installed-check b/misc/upgrades-installed-check index a285b94..c392976 100755 --- a/misc/upgrades-installed-check +++ b/misc/upgrades-installed-check @@ -15,6 +15,8 @@ if [ -e /etc/system-release ]; then [ "$exit_code" -eq 0 ] && echo "true" else ## Debian + set -e + set -o pipefail apt_get_output="$(LANG="C" apt-get -s upgrade 2>&1)" exit_code="$?" echo "$apt_get_output" | awk "/^Inst/{ print $2 }" | [ "$(wc -L)" -eq 0 ] && echo "true" || echo "false"