Merge branch 'connect-tcp-direct'

* connect-tcp-direct: ci: drop R4.1 builds Require qrexec >= 4.2.19 for built-in TCP support Log updates proxy connection errors to journal Use 'qrexec-client-vm --use-stdin-socket' to properly handle EOF Use new built-in TCP support in qrexec for qubes.UpdatesProxy Use new built-in TCP support in qrexec for qubes.ConnectTCP
QubesOS · May 9, 2024 · 502de4d · 502de4d
2 parents 0cb80ae + 8874cb5
commit 502de4d
Show file tree

Hide file tree

Showing 13 changed files with 15 additions and 22 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -14,10 +14,6 @@ checks:tests:
   - shellcheck -e SC1117 $(grep -l '^#!/bin/\(ba\)\?sh' $(git ls-files))
   stage: checks
 include:
-- file: /r4.1/gitlab-base.yml
-  project: QubesOS/qubes-continuous-integration
-- file: /r4.1/gitlab-vm.yml
-  project: QubesOS/qubes-continuous-integration
 - file: /r4.2/gitlab-base.yml
   project: QubesOS/qubes-continuous-integration
 - file: /r4.2/gitlab-vm.yml

diff --git a/Makefile b/Makefile
@@ -229,8 +229,6 @@ install-netvm: install-systemd-networking-dropins install-networkmanager
 	install -m 0400 -D network/qubes-antispoof.nft $(DESTDIR)/etc/qubes/qubes-antispoof.nft
 	install -m 0400 -D network/qubes-ipv6-disabled.nft $(DESTDIR)/etc/qubes/qubes-ipv6-disabled.nft
 
-	install -m 0755 -D qubes-rpc/qubes.UpdatesProxy $(DESTDIR)/etc/qubes-rpc/qubes.UpdatesProxy
-
 # networkmanager install target allow integration of NetworkManager for Qubes VM:
 # * make connections config persistent
 # * adjust DNS redirections when needed

diff --git a/archlinux/PKGBUILD.in b/archlinux/PKGBUILD.in
@@ -59,6 +59,7 @@ package_qubes-vm-core() {
         qubes-vm-utils
         qubes-libvchan
         qubes-db-vm
+        'qubes-vm-qrexec>=4.2.19'
         python
         python-xdg
         ntp

diff --git a/debian/control b/debian/control
@@ -47,7 +47,7 @@ Depends:
     python3-xdg,
     python3-dbus,
     qubes-utils (>= 3.1.3),
-    qubes-core-qrexec,
+    qubes-core-qrexec (>= 4.2.19),
     qubesdb-vm,
     systemd,
     xdg-user-dirs,

diff --git a/debian/qubes-core-agent-networking.install b/debian/qubes-core-agent-networking.install
@@ -1,5 +1,6 @@
 etc/dhclient.d/qubes-setup-dnat-to-ns.sh
 etc/qubes-rpc/qubes.UpdatesProxy
+etc/qubes/rpc-config/qubes.UpdatesProxy
 etc/qubes/qubes-ipv6-disabled.nft
 etc/qubes/qubes-ipv6.nft
 etc/qubes/qubes-ipv4.nft

diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install
@@ -43,6 +43,7 @@ etc/qubes/autostart/*
 etc/qubes/applications/*
 etc/qubes/post-install.d/README
 etc/qubes/post-install.d/*.sh
+etc/qubes/rpc-config/qubes.ConnectTCP
 etc/qubes/rpc-config/qubes.OpenInVM
 etc/qubes/rpc-config/qubes.OpenURL
 etc/qubes/rpc-config/qubes.SelectFile

diff --git a/qubes-rpc/Makefile b/qubes-rpc/Makefile
@@ -76,10 +76,11 @@ install:
 		qubes.PostInstall \
 		qubes.GetDate \
 		qubes.ShowInTerminal \
-		qubes.ConnectTCP \
 		qubes.TemplateSearch \
 		qubes.TemplateDownload
 	$(LN) qubes.VMExec $(DESTDIR)$(QUBESRPCCMDDIR)/qubes.VMExecGUI
+	$(LN) /dev/tcp/127.0.0.1 $(DESTDIR)$(QUBESRPCCMDDIR)/qubes.ConnectTCP
+	$(LN) /dev/tcp/127.0.0.1/8082 $(DESTDIR)$(QUBESRPCCMDDIR)/qubes.UpdatesProxy
 	for config in *.config; do \
 		install -D -m 0644 "$$config" "$(DESTDIR)$(QUBESRPCCONFDIR)/$${config%.config}"; \
 	done

diff --git a/qubes-rpc/qubes.ConnectTCP b/qubes-rpc/qubes.ConnectTCP
diff --git a/qubes-rpc/qubes.ConnectTCP.config b/qubes-rpc/qubes.ConnectTCP.config
@@ -0,0 +1,2 @@
+skip-service-descriptor=true
+exit-on-service-eof=true
diff --git a/qubes-rpc/qubes.UpdatesProxy b/qubes-rpc/qubes.UpdatesProxy
diff --git a/qubes-rpc/qubes.UpdatesProxy.config b/qubes-rpc/qubes.UpdatesProxy.config
@@ -0,0 +1,2 @@
+skip-service-descriptor=true
+exit-on-service-eof=true
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
@@ -163,7 +163,7 @@ Requires:   librsvg2-tools
 %endif
 Requires:   zenity
 Requires:   dconf
-Requires:   qubes-core-qrexec-vm
+Requires:   qubes-core-qrexec-vm >= 4.2.19
 Requires:   qubes-libvchan
 Requires:   qubes-db-vm
 # qubes.Suspend{Pre,Post}
@@ -909,6 +909,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes-rpc/qubes.StartApp
 %config(noreplace) /etc/qubes-rpc/qubes.PostInstall
 %config(noreplace) /etc/qubes-rpc/qubes.GetDate
+%config(noreplace) /etc/qubes/rpc-config/qubes.ConnectTCP
 %config(noreplace) /etc/qubes/rpc-config/qubes.OpenInVM
 %config(noreplace) /etc/qubes/rpc-config/qubes.OpenURL
 %config(noreplace) /etc/qubes/rpc-config/qubes.SelectFile
@@ -1099,6 +1100,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes/qubes-ipv4.nft
 %config(noreplace) /etc/qubes/qubes-ipv6.nft
 %config(noreplace) /etc/qubes/qubes-ipv6-disabled.nft
+%config(noreplace) /etc/qubes/rpc-config/qubes.UpdatesProxy
 %config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
 %config(noreplace) /etc/tinyproxy/updates-blacklist
 %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules

diff --git a/vm-systemd/[email protected] b/vm-systemd/[email protected]
@@ -2,6 +2,7 @@
 Description=Forward connection to updates proxy over Qubes RPC
 
 [Service]
-ExecStart=/usr/bin/qrexec-client-vm '' qubes.UpdatesProxy
+ExecStart=/usr/bin/qrexec-client-vm --use-stdin-socket '' qubes.UpdatesProxy
 StandardInput=socket
 StandardOutput=inherit
+StandardError=journal
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		skip-service-descriptor=true
		exit-on-service-eof=true