Service VM for clock and update download?

[marmarek]

Reported by joanna on 6 Apr 2011 08:05 UTC
Perhaps we could have a service VM that would be doing two things:

1. Providing clock icon for Dom0 (Dom0 cannot really use ntp)
2. Downloading updates (wget) and transferring them to Dom0

While this domain might still get compromised (ntp client bug, wget bug, tcp/ip stack bug), nobody says Dom0 would trust the 'qubes-sp1.rpm' file that it will copy from it -- Dom0 would still verify signature on this update rpm before installing it.

We might use default firewallvm for this I think.

Problem: while we have support for tray, we don't have support for something like plasma widgets... Any ideas?

Migrated-From: https://wiki.qubes-os.org/ticket/198

[marmarek]

Comment by joanna on 7 Apr 2011 07:53 UTC
Actually we don't need to virtualize the clock widget -- all we need to do it so set clock in Dom0 evey once in a while using qvm-run and using the net-synced clock in the service VM -- something like this:

CURRENT_DATE=$(qvm-run $(SERVICEVM) --pass_io "date")
date -s $CURRENT_DATE

Additionally we should remove the date-setting screen from firstboot, and instead run system-config-date from within templateVM during firstboot.

[marmarek]

Comment by joanna on 7 Apr 2011 07:53 UTC
Actually we don't need to virtualize the clock widget -- all we need to do it so set clock in Dom0 evey once in a while using qvm-run and using the net-synced clock in the service VM -- something like this:

CURRENT_DATE=$(qvm-run $(SERVICEVM) --pass_io "date")
date -s $CURRENT_DATE

Additionally we should remove the date-setting screen from firstboot, and instead run system-config-date from within templateVM during firstboot.

[marmarek]

Comment by marmarek on 12 May 2011 14:07 UTC
This tool should also check if there are updates for VM itself (which is based on template). If updates for VM are available user should be asked to start template and update it (just click on gpk-update-icon).

Checking for updates can be achieved by yum check-update.

[marmarek]

Comment by marmarek on 12 May 2011 14:07 UTC
This tool should also check if there are updates for VM itself (which is based on template). If updates for VM are available user should be asked to start template and update it (just click on gpk-update-icon).

Checking for updates can be achieved by yum check-update.

[marmarek]

Comment by rafal on 12 May 2011 14:37 UTC

2. Downloading updates (wget) and transferring them to Dom0

While this domain might still get compromised (ntp client bug, wget bug, tcp/ip stack bug), nobody says > Dom0 would trust the 'qubes-sp1.rpm' file that it will copy from it -- Dom0 would still verify signature > on this update rpm before installing it.
The problem is: this compromised domain can simply stop fetching updates, and thus we will never know there is an update for dom0.
This can probably be solved by e.g. periodically (e.g. every day) posting a file CURRPACKAGES containing all the current packages versions plus timestamp; this file would be signed with qubes key, and thus safe to parse. Then, if dom0 does not get an updated CURRPACKAGES in time (say, every day), we can suspect something wrong. But it can be a bit work to integrate it with yum.

[marmarek]

Comment by rafal on 12 May 2011 14:37 UTC

2. Downloading updates (wget) and transferring them to Dom0

While this domain might still get compromised (ntp client bug, wget bug, tcp/ip stack bug), nobody says > Dom0 would trust the 'qubes-sp1.rpm' file that it will copy from it -- Dom0 would still verify signature > on this update rpm before installing it.
The problem is: this compromised domain can simply stop fetching updates, and thus we will never know there is an update for dom0.
This can probably be solved by e.g. periodically (e.g. every day) posting a file CURRPACKAGES containing all the current packages versions plus timestamp; this file would be signed with qubes key, and thus safe to parse. Then, if dom0 does not get an updated CURRPACKAGES in time (say, every day), we can suspect something wrong. But it can be a bit work to integrate it with yum.

[marmarek]

Comment by joanna on 12 May 2011 14:42 UTC
I would suggest making a sep ticket for "Dom0 should alert user when not getting info about updates within expected time period". This is not so critical and we might want to work on this later (TM).

[marmarek]

Comment by joanna on 12 May 2011 14:42 UTC
I would suggest making a sep ticket for "Dom0 should alert user when not getting info about updates within expected time period". This is not so critical and we might want to work on this later (TM).

[marmarek]

Comment by marmarek on 16 Jul 2011 23:48 UTC
Done. New tool qvm-dom0-upgrade can be used to force downloading updates. Beside that every 6h qubes-watch-updates.sh will check for updates (+ask the user for downloading) and sync clock with ClockVM (aka UpdatesVM).

Currently default firewallvm is used as UpdatesVM.

qvm-dom0-upgrade has nice feature that all args are passed to yumdownloader, so can be used to download any package to VM:

Download packages to qubes-dom0-cached repo

qvm-dom0-upgrade --resolve --enablerepo=fedora vim-enhanced

Actually install it

sudo yum install vim-enhanced

There are two additional parameters parsed by qvm-dom0-upgrade (actually at UpdatesVM side):
--doit - do not require confirmation
--nogui - do not show "progress" window (which actually does not show progres...), but show raw output from yumdownloader

This options must be placed before any other args. So above example can be extended to:
qvm-dom0-upgrade --doit --nogui --resolve --enablerepo=fedora vim-enhanced

[marmarek]

Comment by marmarek on 16 Jul 2011 23:48 UTC
Done. New tool qvm-dom0-upgrade can be used to force downloading updates. Beside that every 6h qubes-watch-updates.sh will check for updates (+ask the user for downloading) and sync clock with ClockVM (aka UpdatesVM).

Currently default firewallvm is used as UpdatesVM.

qvm-dom0-upgrade has nice feature that all args are passed to yumdownloader, so can be used to download any package to VM:

Download packages to qubes-dom0-cached repo

qvm-dom0-upgrade --resolve --enablerepo=fedora vim-enhanced

Actually install it

sudo yum install vim-enhanced

There are two additional parameters parsed by qvm-dom0-upgrade (actually at UpdatesVM side):
--doit - do not require confirmation
--nogui - do not show "progress" window (which actually does not show progres...), but show raw output from yumdownloader

This options must be placed before any other args. So above example can be extended to:
qvm-dom0-upgrade --doit --nogui --resolve --enablerepo=fedora vim-enhanced