Use new TCP support in qrexec instead of calling socat #495

marmarek · 2024-04-26T02:45:46Z

Convert qubes.UpdatesProxy and qubes.ConnectTCP services to use TCP support built into qrexec itself since QubesOS/qubes-issues#9037

qubesos-bot · 2024-04-27T04:36:56Z

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.2&build=2024050800-4.2&flavor=pull-requests

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.2&build=2024050210-4.2&flavor=update

system_tests_network_updates
- VmUpdates_debian-12-xfce: test_130_no_network_qubes_vm_update (failure)
  AssertionError: qubes-vm-update return unexpected code: 5 in (1, 2)
- VmUpdates_fedora-39-xfce: test_130_no_network_qubes_vm_update (failure)
  AssertionError: qubes-vm-update return unexpected code: 5 in (1, 2)
system_tests_basic_vm_qrexec_gui_zfs
- TC_20_AudioVM_PipeWire_debian-12-xfce-pool: test_250_audio_playback_audiovm_pipewire (failure)
  AssertionError: only silence detected, no useful audio data

Failed tests

7 failures

system_tests_basic_vm_qrexec_gui
- [unstable] TC_20_AudioVM_PipeWire_debian-12-xfce: test_250_audio_playback_audiovm_pipewire (failure)
  AssertionError: only silence detected, no useful audio data
system_tests_pvgrub_salt_storage
- [unstable] TC_41_HVMGrub_fedora-39-xfce: test_000_standalone_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- [unstable] TC_41_HVMGrub_fedora-39-xfce: test_010_template_based_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_network_updates
- VmUpdates_debian-12-xfce: test_130_no_network_qubes_vm_update (failure)
  AssertionError: qubes-vm-update return unexpected code: 5 in (1, 2)
- VmUpdates_fedora-39-xfce: test_130_no_network_qubes_vm_update (failure)
  AssertionError: qubes-vm-update return unexpected code: 5 in (1, 2)
system_tests_dispvm
- [unstable] TC_20_DispVM_fedora-39-xfce: test_100_open_in_dispvm (failure)
  AssertionError: Timeout waiting for editor window
system_tests_basic_vm_qrexec_gui_zfs
- TC_20_AudioVM_PipeWire_debian-12-xfce-pool: test_250_audio_playback_audiovm_pipewire (failure)
  AssertionError: only silence detected, no useful audio data

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/98585#dependencies

2 fixed

system_tests_splitgpg
- TC_10_Thunderbird_whonix-workstation-17: test_020_send_receive_inline_with_attachment (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
system_tests_extra
- TC_00_QVCTest_whonix-workstation-17: test_020_webcam (failure)
  AssertionError: 'qubes-video-companion webcam' exited early (0): b'...

Unstable tests

system_tests_basic_vm_qrexec_gui
TC_20_AudioVM_Pulse_whonix-workstation-17/test_220_audio_play_pulseaudio (3/5 times with errors)
- job 97080 AssertionError: only silence detected, no useful audio data
- job 97185 AssertionError: only silence detected, no useful audio data
- job 97620 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17/test_222_audio_rec_unmuted_pulseaudio (3/5 times with errors)
- job 97080 AssertionError: only silence detected, no useful audio data
- job 97185 AssertionError: only silence detected, no useful audio data
- job 97620 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_debian-12-xfce/test_223_audio_play_hvm (2/5 times with errors)
- job 97620 AssertionError: only silence detected, no useful audio data
- job 98341 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce/test_223_audio_play_hvm (2/5 times with errors)
- job 97620 AssertionError: only silence detected, no useful audio data
- job 98341 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce/test_225_audio_rec_unmuted_hvm (2/5 times with errors)
- job 97620 AssertionError: only silence detected, no useful audio data
- job 98341 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_PipeWire_debian-12-xfce/test_250_audio_playback_audiovm_pipewire (1/5 times with errors)
- job 98601 AssertionError: only silence detected, no useful audio data
system_tests_pvgrub_salt_storage
TC_41_HVMGrub_debian-12-xfce/test_000_standalone_vm (3/5 times with errors)
- job 96359 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97092 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97197 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_fedora-39-xfce/test_000_standalone_vm (4/5 times with errors)
- job 95176 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 96359 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97092 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97197 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_42_PVHGrub_fedora-39-xfce/test_000_standalone_vm (4/5 times with errors)
- job 95176 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 96359 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97092 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97197 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_debian-12-xfce/test_010_template_based_vm (3/5 times with errors)
- job 96359 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97092 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97197 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_fedora-39-xfce/test_010_template_based_vm (4/5 times with errors)
- job 95176 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 96359 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97092 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97197 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_42_PVHGrub_fedora-39-xfce/test_010_template_based_vm (4/5 times with errors)
- job 95176 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 96359 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97092 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- job 97197 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_splitgpg
TC_10_Thunderbird_fedora-39-xfce/test_000_send_receive_default (4/5 times with errors)
- job 96361 Exception: Failed to send message with error 'unknown'
- job 97094 Exception: Failed to send message with error 'unknown'
- job 97199 Exception: Failed to send message with error 'unknown'
- job 97634 Exception: Failed to send message with error 'unknown'
TC_10_Thunderbird_fedora-39-xfce/test_010_send_receive_inline_signed_only (4/5 times with errors)
- job 96361 Exception: Failed to send message with error 'unknown'
- job 97094 Exception: Failed to send message with error 'unknown'
- job 97199 Exception: Failed to send message with error 'unknown'
- job 97634 Exception: Failed to send message with error 'unknown'
TC_10_Thunderbird_fedora-39-xfce/test_020_send_receive_inline_with_attachment (4/5 times with errors)
- job 96361 Exception: Failed to send message with error 'unknown'
- job 97094 Exception: Failed to send message with error 'unknown'
- job 97199 Exception: Failed to send message with error 'unknown'
- job 97634 Exception: Failed to send message with error 'unknown'
system_tests_extra
TC_00_QVCTest_whonix-gateway-17/test_020_webcam (1/5 times with errors)
- job 98336 AssertionError: 'qubes-video-companion webcam' exited early (0): b'...
system_tests_usbproxy
TC_20_USBProxy_core3_whonix-gateway-17/test_070_attach_not_installed_front (1/5 times with errors)
- job 97173 qubesusbproxy.core3ext.QubesUSBException: Device attach failed: 202...
TC_20_USBProxy_core3_whonix-workstation-17/test_070_attach_not_installed_front (1/5 times with errors)
- job 98333 qubesusbproxy.core3ext.QubesUSBException: Device attach failed: 202...
TC_20_USBProxy_core3_debian-12-xfce/test_090_attach_stubdom (2/5 times with errors)
- job 97608 AssertionError: 1 != 0 : Device connection failed
- job 98333 AssertionError: 1 != 0 : Device connection failed
TC_20_USBProxy_core3_fedora-39-xfce/test_090_attach_stubdom (2/5 times with errors)
- job 97608 AssertionError: 1 != 0 : Device connection failed
- job 98333 AssertionError: 1 != 0 : Device connection failed
system_tests_network_ipv6
VmIPv6Networking_debian-12-xfce/test_031_firewall_dynamic_block (1/5 times with errors)
- job 97090 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError
VmIPv6Networking_fedora-39-xfce/test_031_firewall_dynamic_block (2/5 times with errors)
- job 96357 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError
- job 97090 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError
system_tests_network_updates
TC_10_QvmTemplate_fedora-39-xfce/test_010_template_install (1/5 times with errors)
- job 97631 AssertionError: libvirt event impl drain timeout
TC_10_QvmTemplate_whonix-gateway-17/test_010_template_install (1/5 times with errors)
- job 97201 AssertionError: libvirt event impl drain timeout
TC_11_QvmTemplateMgmtVM_fedora-39-xfce/test_010_template_install (1/5 times with errors)
- job 96358 AssertionError: libvirt event impl drain timeout
system_tests_dispvm
TC_20_DispVM_fedora-39-xfce/test_100_open_in_dispvm (2/5 times with errors)
- job 97625 AssertionError: Timeout waiting for editor window
- job 98346 AssertionError: Timeout waiting for editor window
system_tests_devices
TC_00_List_debian-12-xfce/test_001_list_loop_mounted (1/5 times with errors)
- job 96351 AssertionError: Device test-inst-vm:loop0 (/tmp/test.img) should no...
system_tests_basic_vm_qrexec_gui_btrfs
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_220_audio_play_pulseaudio (1/5 times with errors)
- job 95165 AssertionError: too short audio, expected 10s, got 8.28539682539682...
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_220_audio_play_pulseaudio (1/5 times with errors)
- job 95165 AssertionError: too short audio, expected 10s, got 9.25759637188208...
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_220_audio_play_pulseaudio (5/5 times with errors)
- job 95165 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
- job 96348 AssertionError: only silence detected, no useful audio data
- job 97081 AssertionError: only silence detected, no useful audio data
- job 97186 AssertionError: only silence detected, no useful audio data
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_221_audio_rec_muted_pulseaudio (1/5 times with errors)
- job 95165 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_222_audio_rec_unmuted_pulseaudio (5/5 times with errors)
- job 95165 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
- job 96348 AssertionError: only silence detected, no useful audio data
- job 97081 AssertionError: only silence detected, no useful audio data
- job 97186 AssertionError: only silence detected, no useful audio data
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 95165 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_224_audio_rec_muted_hvm (1/5 times with errors)
- job 95165 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 97621 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 95165 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
system_tests_basic_vm_qrexec_gui_ext4
TC_00_Basic/test_141_libvirt_objects_reconnect (1/5 times with errors)
- job 98343 AssertionError: libvirt event impl drain timeout
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_220_audio_play_pulseaudio (4/5 times with errors)
- job 96349 AssertionError: only silence detected, no useful audio data
- job 97082 AssertionError: only silence detected, no useful audio data
- job 97187 AssertionError: only silence detected, no useful audio data
- job 97622 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_222_audio_rec_unmuted_pulseaudio (4/5 times with errors)
- job 96349 AssertionError: only silence detected, no useful audio data
- job 97082 AssertionError: only silence detected, no useful audio data
- job 97187 AssertionError: only silence detected, no useful audio data
- job 97622 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_223_audio_play_hvm (2/5 times with errors)
- job 97622 AssertionError: only silence detected, no useful audio data
- job 98343 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_223_audio_play_hvm (2/5 times with errors)
- job 97622 AssertionError: only silence detected, no useful audio data
- job 98343 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_225_audio_rec_unmuted_hvm (2/5 times with errors)
- job 97622 AssertionError: only silence detected, no useful audio data
- job 98343 AssertionError: only silence detected, no useful audio data
system_tests_basic_vm_qrexec_gui_xfs
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_220_audio_play_pulseaudio (1/5 times with errors)
- job 95167 AssertionError: too short audio, expected 10s, got 8.98888888888888...
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_220_audio_play_pulseaudio (4/5 times with errors)
- job 95167 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
- job 97083 AssertionError: only silence detected, no useful audio data
- job 97188 AssertionError: only silence detected, no useful audio data
- job 97623 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_221_audio_rec_muted_pulseaudio (1/5 times with errors)
- job 95167 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_222_audio_rec_unmuted_pulseaudio (1/5 times with errors)
- job 97083 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_222_audio_rec_unmuted_pulseaudio (4/5 times with errors)
- job 95167 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
- job 97083 AssertionError: only silence detected, no useful audio data
- job 97188 AssertionError: only silence detected, no useful audio data
- job 97623 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_223_audio_play_hvm (2/5 times with errors)
- job 97623 AssertionError: only silence detected, no useful audio data
- job 98344 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_223_audio_play_hvm (2/5 times with errors)
- job 97623 AssertionError: only silence detected, no useful audio data
- job 98344 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_223_audio_play_hvm (1/5 times with errors)
- job 95167 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_224_audio_rec_muted_hvm (1/5 times with errors)
- job 95167 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_225_audio_rec_unmuted_hvm (2/5 times with errors)
- job 97623 AssertionError: only silence detected, no useful audio data
- job 98344 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 95167 AssertionError: Timeout waiting for pulseaudio start in test-inst-v...
TC_20_AudioVM_PipeWire_debian-12-xfce-pool/test_226_audio_playback_pipewire (1/5 times with errors)
- job 95167 AssertionError: too short audio, expected 10s, got 9.48408163265306...
TC_20_AudioVM_PipeWire_fedora-39-xfce-pool/test_226_audio_playback_pipewire (1/5 times with errors)
- job 95167 AssertionError: too short audio, expected 10s, got 9.47213151927437...
system_tests_basic_vm_qrexec_gui_zfs
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_220_audio_play_pulseaudio (4/5 times with errors)
- job 96337 AssertionError: only silence detected, no useful audio data
- job 97096 AssertionError: only silence detected, no useful audio data
- job 97175 AssertionError: only silence detected, no useful audio data
- job 97636 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17-pool/test_222_audio_rec_unmuted_pulseaudio (4/5 times with errors)
- job 96337 AssertionError: only silence detected, no useful audio data
- job 97096 AssertionError: only silence detected, no useful audio data
- job 97175 AssertionError: only silence detected, no useful audio data
- job 97636 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_debian-12-xfce-pool/test_223_audio_play_hvm (2/5 times with errors)
- job 97636 AssertionError: only silence detected, no useful audio data
- job 98335 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_223_audio_play_hvm (2/5 times with errors)
- job 97636 AssertionError: only silence detected, no useful audio data
- job 98335 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce-pool/test_225_audio_rec_unmuted_hvm (2/5 times with errors)
- job 97636 AssertionError: only silence detected, no useful audio data
- job 98335 AssertionError: only silence detected, no useful audio data
system_tests_basic_vm_qrexec_gui@hw1
TC_20_AudioVM_Pulse_whonix-workstation-17/test_220_audio_play_pulseaudio (3/5 times with errors)
- job 97080 AssertionError: only silence detected, no useful audio data
- job 97185 AssertionError: only silence detected, no useful audio data
- job 97620 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_whonix-workstation-17/test_222_audio_rec_unmuted_pulseaudio (3/5 times with errors)
- job 97080 AssertionError: only silence detected, no useful audio data
- job 97185 AssertionError: only silence detected, no useful audio data
- job 97620 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_debian-12-xfce/test_223_audio_play_hvm (2/5 times with errors)
- job 97620 AssertionError: only silence detected, no useful audio data
- job 98341 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce/test_223_audio_play_hvm (2/5 times with errors)
- job 97620 AssertionError: only silence detected, no useful audio data
- job 98341 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_Pulse_fedora-39-xfce/test_225_audio_rec_unmuted_hvm (2/5 times with errors)
- job 97620 AssertionError: only silence detected, no useful audio data
- job 98341 AssertionError: only silence detected, no useful audio data
TC_20_AudioVM_PipeWire_debian-12-xfce/test_250_audio_playback_audiovm_pipewire (1/5 times with errors)
- job 98601 AssertionError: only silence detected, no useful audio data

codecov · 2024-05-04T03:09:57Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.89%. Comparing base (a8375d8) to head (8874cb5).
Report is 6 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #495   +/-   ##
=======================================
  Coverage   69.89%   69.89%           
=======================================
  Files           3        3           
  Lines         475      475           
=======================================
  Hits          332      332           
  Misses        143      143

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Enable exit-on-service-eof feature, since that is what socat did. QubesOS/qubes-issues#9037

When qrexec-client-vm is called from a systemd unit connected to a socket, it the same socket on both stdin and stdout. Tell qrexec-client-vm about it, so it can use shutdown() instead of close() to properly deliver EOF. It will also make the qrexec-client-vm to use just stdin FD. QubesOS/qubes-issues#9169

StandardError defaults to "inherit", which would connect the socket from the package manager here. Do not send qrexec error messages as HTTP proxy response...

qubes.UpdatesProxy and qubes.ConnecTCP are converted to use the built-in TCP support in qrexec. QubesOS/qubes-issues#9037

It isn't compatible anymore

ben-grande · 2024-05-23T15:05:17Z

I can see this breaking setups that use qubes.ConnecTCP because it requires the client command qrexec-client-vm to have --use-stdin-socket.

Is this feature going to be delayed to R4.3?

Side note: Although /dev/tcp works on Bash and Zsh, future templates such as Alpine come without them, having Ksh as the default shell.

marmarek · 2024-05-23T15:28:22Z

I can see this breaking setups that use qubes.ConnecTCP because it requires the client command qrexec-client-vm to have --use-stdin-socket.

qrexec-client-vm does have this option in a newer version, and efa37e4 ensures the proper version is installed.

Side note: Although /dev/tcp works on Bash and Zsh, future templates such as Alpine come without them, having Ksh as the default shell.

It doesn't matter, as /dev/tcp support is implemented in qrexec internally, it doesn't rely on specific shell support. It just uses the same path for familiarity.

ben-grande · 2024-05-23T15:46:52Z

I can see this breaking setups that use qubes.ConnecTCP because it requires the client command qrexec-client-vm to have --use-stdin-socket.

qrexec-client-vm does have this option in a newer version, and efa37e4 ensures the proper version is installed.

Ok, yeah. I guess third party packagers will have to keep up with this change. It is an API break though, maybe delay to R4.3? Although it is easy to handle with deb and rpm packaging targetting a certain Qrexec package version, installation via Salt will break as it is "set and forget" instead of always being updated.

Side note: Although /dev/tcp works on Bash and Zsh, future templates such as Alpine come without them, having Ksh as the default shell.

It doesn't matter, as /dev/tcp support is implemented in qrexec internally, it doesn't rely on specific shell support. It just uses the same path for familiarity.

That is very nice, thanks for the explanation.

marmarek · 2024-05-23T16:54:13Z

installation via Salt will break as it is "set and forget" instead of always being updated.

Well, if you use proper packages, it doesn't matter how you install them - installing newer qubes-core-agent will enforce installing newer qrexec too (or, if not available, installing newer qubes-core-agent will fail) - either way, you are not getting broken state you describe. If you do your own packaging, then yes, you need to take care of dependencies too, the qrexec one is not any exception here, and not even the only versioned one.

The update here doesn't change cross-VM API, it's okay to use older qubes.ConnectTCP implementation with newer qrexec-client-vm call and vice versa (it was an issue in an earlier version of this change, but it got fixed). You don't need to update them at the same time.

ben-grande · 2024-05-24T07:03:05Z

Thank you!

marmarek added the openqa-pending label Apr 26, 2024

This was referenced Apr 27, 2024

qrexec-fork-server ignores RPC config QubesOS/qubes-issues#9161

Closed

Default logging about TCP qrexec service is a bit too verbose QubesOS/qubes-issues#9162

Open

marmarek mentioned this pull request Apr 27, 2024

Using TCP qrexec for updates proxy hangs on EOF QubesOS/qubes-issues#9169

Closed

marmarek force-pushed the connect-tcp-direct branch from bc8572a to c98f106 Compare May 4, 2024 02:38

marmarek added 4 commits May 6, 2024 04:09

Use new built-in TCP support in qrexec for qubes.ConnectTCP

3ba3709

Enable exit-on-service-eof feature, since that is what socat did. QubesOS/qubes-issues#9037

Use new built-in TCP support in qrexec for qubes.UpdatesProxy

110064b

Enable exit-on-service-eof feature, since that is what socat did. QubesOS/qubes-issues#9037

Log updates proxy connection errors to journal

7cddb88

StandardError defaults to "inherit", which would connect the socket from the package manager here. Do not send qrexec error messages as HTTP proxy response...

marmarek force-pushed the connect-tcp-direct branch from c98f106 to 7cddb88 Compare May 6, 2024 02:10

marmarek added 2 commits May 9, 2024 05:20

Require qrexec >= 4.2.19 for built-in TCP support

efa37e4

qubes.UpdatesProxy and qubes.ConnecTCP are converted to use the built-in TCP support in qrexec. QubesOS/qubes-issues#9037

ci: drop R4.1 builds

8874cb5

It isn't compatible anymore

marmarek merged commit 502de4d into QubesOS:main May 9, 2024
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use new TCP support in qrexec instead of calling socat #495

Use new TCP support in qrexec instead of calling socat #495

marmarek commented Apr 26, 2024

qubesos-bot commented Apr 27, 2024 •

edited

Loading

codecov bot commented May 4, 2024 •

edited

Loading

ben-grande commented May 23, 2024

marmarek commented May 23, 2024

ben-grande commented May 23, 2024

marmarek commented May 23, 2024

ben-grande commented May 24, 2024

Use new TCP support in qrexec instead of calling socat #495

Use new TCP support in qrexec instead of calling socat #495

Conversation

marmarek commented Apr 26, 2024

qubesos-bot commented Apr 27, 2024 • edited Loading

OpenQA test summary

New failures, excluding unstable

Failed tests

Fixed failures

Unstable tests

codecov bot commented May 4, 2024 • edited Loading

Codecov Report

ben-grande commented May 23, 2024

marmarek commented May 23, 2024

ben-grande commented May 23, 2024

marmarek commented May 23, 2024

ben-grande commented May 24, 2024

qubesos-bot commented Apr 27, 2024 •

edited

Loading

codecov bot commented May 4, 2024 •

edited

Loading