suspend / resume scripts needed for NetVM and ProxyVM?

[clayt0nk]

I currently have a tinc VPN daemon running in NetVM / Qubes 3.1 (R3.1), and the VPN route disappears every time I resume from sleep. Currently the only way fix that is a manual restart of the tinc daemon.

A script that runs automatically on resume from sleep would be nice.

[adrelanos]

I wonder if I could implement this to speed up having this feature. (Required to fix #1764.)

What would be the way to implement this? The qrexec service is probably simple to figure out. Is there a hook to get this going?

Dropping a trivial, executive script into /etc/pm/sleep.d, which does not work for a unknown reason.

[adrelanos]

I wonder if I could implement this to speed up having this feature. (Required to fix #1764.)

What would be the way to implement this? The qrexec service is probably simple to figure out. Is there a hook to get this going?

Dropping a trivial, executive script into /etc/pm/sleep.d, which does not work for a unknown reason.

[adrelanos]

Looks like that would go into https://github.com/QubesOS/qubes-core-admin-linux/tree/master/pm-utils.

[adrelanos]

Looks like that would go into https://github.com/QubesOS/qubes-core-admin-linux/tree/master/pm-utils.

[marmarek]

qubes.SuspendPre/qubes.SuspendPost is called from https://github.com/QubesOS/qubes-core-admin-linux/blob/master/pm-utils/51qubes-suspend-netvm. Only in VMs with PCI device.
I wonder what would happen if it will be called in every VM. VM part is in https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/prepare-suspend. It looks like qubes.suspendPre will disable eth1 dummy interface for example.
So, here we need (1):

• change prepare-suspend script to not break non-NetVM
• add an option to call additional scripts from there

And only then (2):

• enable qubes.SuspendPre/qubes.SuspendPost for all the VMs

Since we can't enforce synchronous update dom0 and template (do (2) only after (1)), this is no-go in stable releases. We need something else. Two ideas:

• introduce another service, which will handle (1), call only the new one in (2) (keep calling the old one for NetVMs)
• assume that qubes.SuspendPost is safe to call in every VM (reading the script it is sane assumption, but needs testing), and call only this one in every VM (keep calling qubes.SuspendPre only in NetVMs)

What do you think?

[marmarek]

qubes.SuspendPre/qubes.SuspendPost is called from https://github.com/QubesOS/qubes-core-admin-linux/blob/master/pm-utils/51qubes-suspend-netvm. Only in VMs with PCI device.
I wonder what would happen if it will be called in every VM. VM part is in https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/prepare-suspend. It looks like qubes.suspendPre will disable eth1 dummy interface for example.
So, here we need (1):

• change prepare-suspend script to not break non-NetVM
• add an option to call additional scripts from there

And only then (2):

• enable qubes.SuspendPre/qubes.SuspendPost for all the VMs

Since we can't enforce synchronous update dom0 and template (do (2) only after (1)), this is no-go in stable releases. We need something else. Two ideas:

• introduce another service, which will handle (1), call only the new one in (2) (keep calling the old one for NetVMs)
• assume that qubes.SuspendPost is safe to call in every VM (reading the script it is sane assumption, but needs testing), and call only this one in every VM (keep calling qubes.SuspendPre only in NetVMs)

What do you think?

[adrelanos]

Perhaps not touch qubes.SuspendPre / qubes.SuspendPost at all to avoid breakage. And add an additional

• qubes.SuspendPostAll
• qubes.SuspendPreAll

? Or would that be too unclean?

If so... Just wondering which would should run first...?

[adrelanos]

Perhaps not touch qubes.SuspendPre / qubes.SuspendPost at all to avoid breakage. And add an additional

• qubes.SuspendPostAll
• qubes.SuspendPreAll

? Or would that be too unclean?

If so... Just wondering which would should run first...?

[marmarek]

I think qubes.SuspendPostAll (running before qubes.SuspendPost') /qubes.SuspendPreAll(running afterqubes.SuspendPre) makes sense. Wondering about VM interface. What do you think about/etc/qubes/suspend-pre.dand/etc/qubes/suspend-post.d`? Some details needs to be worked out:

• whether run script, or source them
• all of them, or only *.sh, or all executable

I'd run them (not source) and only *.sh (to ignore *.dpkg-*, *.rpm*, editor backups etc).
@adrelanos any preference?

[marmarek]

I think qubes.SuspendPostAll (running before qubes.SuspendPost') /qubes.SuspendPreAll(running afterqubes.SuspendPre) makes sense. Wondering about VM interface. What do you think about/etc/qubes/suspend-pre.dand/etc/qubes/suspend-post.d`? Some details needs to be worked out:

• whether run script, or source them
• all of them, or only *.sh, or all executable

I'd run them (not source) and only *.sh (to ignore *.dpkg-*, *.rpm*, editor backups etc).
@adrelanos any preference?

[adrelanos]

Marek Marczykowski-Górecki:

I think qubes.SuspendPostAll (running before qubes.SuspendPost') /qubes.SuspendPreAll(running afterqubes.SuspendPre`) makes sense.

Ok.

Wondering about VM interface. What do you think about /etc/qubes/suspend-pre.d and /etc/qubes/suspend-post.d?

[1]
I think we should rather create a new ticket to implement
/etc/qubes-rpc.d to have a generic solution. There might be already,
there likely will be other qubes-rpc where one might wish to have
several handlers, right? Being invoked before/after the stock one. To
allow modifying the handlers without interfering with upstream Qubes
default qubes-rpc script upgrades. What do you think?

Some details needs to be worked out:

• whether run script, or source them

Can you imagine situations where it's better to source them?

• all of them, or only *.sh, or all executable

*.sh only. While users should still be free to use bash, python, etc.
(Which is a bit strange but I wouldn't know how it could be implemented
more correctly due to lack of examples.)

I'd run them (not source) and only *.sh

For now I also think running them makes more sense than sourceing.

(FYI: grub has both, a .d folder that is being executed and a .d
folder that is being sourceed. systemd also has a drop-in snippnett
folder to extend existing units and systemd unit files are being dropped
into a folder also.)

When we are being presented later with a compelling argument why we
additionally also sourceing we can still go for it. Related to [1].

(to ignore *.dpkg-*, *.rpm*, editor backups etc).

Very important indeed.

[adrelanos]

Marek Marczykowski-Górecki:

I think qubes.SuspendPostAll (running before qubes.SuspendPost') /qubes.SuspendPreAll(running afterqubes.SuspendPre`) makes sense.

Ok.

Wondering about VM interface. What do you think about /etc/qubes/suspend-pre.d and /etc/qubes/suspend-post.d?

[1]
I think we should rather create a new ticket to implement
/etc/qubes-rpc.d to have a generic solution. There might be already,
there likely will be other qubes-rpc where one might wish to have
several handlers, right? Being invoked before/after the stock one. To
allow modifying the handlers without interfering with upstream Qubes
default qubes-rpc script upgrades. What do you think?

Some details needs to be worked out:

• whether run script, or source them

Can you imagine situations where it's better to source them?

• all of them, or only *.sh, or all executable

*.sh only. While users should still be free to use bash, python, etc.
(Which is a bit strange but I wouldn't know how it could be implemented
more correctly due to lack of examples.)

I'd run them (not source) and only *.sh

For now I also think running them makes more sense than sourceing.

(FYI: grub has both, a .d folder that is being executed and a .d
folder that is being sourceed. systemd also has a drop-in snippnett
folder to extend existing units and systemd unit files are being dropped
into a folder also.)

When we are being presented later with a compelling argument why we
additionally also sourceing we can still go for it. Related to [1].

(to ignore *.dpkg-*, *.rpm*, editor backups etc).

Very important indeed.

[marmarek]

I think we should rather create a new ticket to implement /etc/qubes-rpc.d to have a generic solution. There might be already, there likely will be other qubes-rpc where one might wish to have several handlers, right? Being invoked before/after the stock one. To allow modifying the handlers without interfering with upstream Qubes default qubes-rpc script upgrades. What do you think?

Good idea. Worth a separate ticket. Not something I'm comfortable with changing in stable release...
Also, this may be the case where sourceing will makes sense - to set some env variables.

*.sh only.
For now I also think running them makes more sense than sourceing.

Ok.

[marmarek]

I think we should rather create a new ticket to implement /etc/qubes-rpc.d to have a generic solution. There might be already, there likely will be other qubes-rpc where one might wish to have several handlers, right? Being invoked before/after the stock one. To allow modifying the handlers without interfering with upstream Qubes default qubes-rpc script upgrades. What do you think?

Good idea. Worth a separate ticket. Not something I'm comfortable with changing in stable release...
Also, this may be the case where sourceing will makes sense - to set some env variables.

*.sh only.
For now I also think running them makes more sense than sourceing.

Ok.

[marmarek]

@adrelanos do you work on this? If not, I'll take care of it. In fact I have dom0 part ready to commit and starting working on VM part.

[marmarek]

@adrelanos do you work on this? If not, I'll take care of it. In fact I have dom0 part ready to commit and starting working on VM part.

[adrelanos]

I was on my list to do next. Never mind. Please go for it.

[adrelanos]

I was on my list to do next. Never mind. Please go for it.

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.15-1+deb8u1 has been pushed to the r3.1 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.15-1+deb8u1 has been pushed to the r3.1 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.15-1+deb9u1 has been pushed to the r3.1 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.15-1+deb9u1 has been pushed to the r3.1 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.15-1.fc21 has been pushed to the r3.1 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.15-1.fc21 has been pushed to the r3.1 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.15-1.fc22 has been pushed to the r3.1 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.15-1.fc22 has been pushed to the r3.1 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.15-1.fc23 has been pushed to the r3.1 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.15-1.fc23 has been pushed to the r3.1 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.10-1.fc20 has been pushed to the r3.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.10-1.fc20 has been pushed to the r3.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.15-1+deb7u1 has been pushed to the r3.1 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.15-1+deb7u1 has been pushed to the r3.1 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[adrelanos]

Good idea. Worth a separate ticket.

generic qubes qrexec rpc '.d' "/etc/qubes-rpc.d" drop-in folder:
#1844

[adrelanos]

Good idea. Worth a separate ticket.

generic qubes qrexec rpc '.d' "/etc/qubes-rpc.d" drop-in folder:
#1844

[adrelanos]

This won't be triggered when using suspend / resume VM in QVMM?

From POV of the VM, Is suspend / resume in QVMM different from real host system suspend / resume?

[adrelanos]

This won't be triggered when using suspend / resume VM in QVMM?

From POV of the VM, Is suspend / resume in QVMM different from real host system suspend / resume?

[marmarek]

This won't be triggered when using suspend / resume VM in QVMM?

No. Only on real host suspend/resume. It is probably possible to simulate all that (for example call those services manually).

From POV of the VM, Is suspend / resume in QVMM different from real host system suspend / resume?

Not really, but those scripts are called only on host suspend / resume, not VM suspend/resume.

[marmarek]

This won't be triggered when using suspend / resume VM in QVMM?

No. Only on real host suspend/resume. It is probably possible to simulate all that (for example call those services manually).

From POV of the VM, Is suspend / resume in QVMM different from real host system suspend / resume?

Not really, but those scripts are called only on host suspend / resume, not VM suspend/resume.

[adrelanos]

Created #1855 for that.

[adrelanos]

Created #1855 for that.

[clayt0nk]

Just tried it and so far it works great, solves my problem! Thanks guys. :)

[clayt0nk]

Just tried it and so far it works great, solves my problem! Thanks guys. :)

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.16-1.fc21 has been pushed to the r3.1 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.16-1.fc21 has been pushed to the r3.1 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.16-1.fc22 has been pushed to the r3.1 stable repository for the Fedora fc22 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.16-1.fc22 has been pushed to the r3.1 stable repository for the Fedora fc22 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.16-1.fc23 has been pushed to the r3.1 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.16-1.fc23 has been pushed to the r3.1 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.10-1.fc20 has been pushed to the r3.1 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.10-1.fc20 has been pushed to the r3.1 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.16-1+deb8u1 has been pushed to the r3.1 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.16-1+deb8u1 has been pushed to the r3.1 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.16-1+deb9u1 has been pushed to the r3.1 stable repository for the Debian stretch template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.16-1+deb9u1 has been pushed to the r3.1 stable repository for the Debian stretch template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.16-1+deb7u1 has been pushed to the r3.1 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.1.16-1+deb7u1 has been pushed to the r3.1 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.0.26-1+deb8u1 has been pushed to the r3.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.0.26-1+deb8u1 has been pushed to the r3.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.0.26-1+deb7u1 has been pushed to the r3.0 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.0.26-1+deb7u1 has been pushed to the r3.0 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc20 has been pushed to the r3.0 testing repository for the Fedora fc20 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc20 has been pushed to the r3.0 testing repository for the Fedora fc20 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc21 has been pushed to the r3.0 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc21 has been pushed to the r3.0 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc22 has been pushed to the r3.0 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc22 has been pushed to the r3.0 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc23 has been pushed to the r3.0 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.0.26-1.fc23 has been pushed to the r3.0 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.0.20-1.fc20 has been pushed to the r3.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.0.20-1.fc20 has been pushed to the r3.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update