def do_create_vm(vmclass, vmname, label, template_vm, netvm,
standalone, allow_networking, thread_monitor):
vm = None
qc = QubesVmCollection()
qc.lock_db_for_writing()
qc.load()
try:
if not standalone:
vm = qc.add_new_vm(vmclass, name=vmname, template=template_vm,
label=label)
else:
vm = qc.add_new_vm(vmclass, name=vmname, template=None,
label=label)
vm.create_on_disk(verbose=False, source_template=template_vm)
if not allow_networking:
vm.uses_default_netvm = False
vm.netvm = None
else:
vm.netvm = netvm
if vm.netvm.qid == qc.get_default_netvm().qid:
vm.uses_default_netvm = True
else:
vm.uses_default_netvm = False
qc.save()
except Exception as ex:
thread_monitor.set_error_msg(str(ex))
if vm:
vm.remove_from_disk()
qc.pop(vm.qid)
finally:
qc.unlock_db()
thread_monitor.set_finished()
def setUpClass(cls):
if cls.template == 'whonix-gw' or 'minimal' in cls.template:
raise unittest.SkipTest(
'Template {} not supported by this test'.format(cls.template))
if cls.template == 'whonix-ws':
# TODO remove when Whonix-based DispVMs will work (Whonix 13?)
raise unittest.SkipTest(
'Template {} not supported by this test'.format(cls.template))
qc = QubesVmCollection()
cls._kill_test_vms(qc, prefix=qubes.tests.CLSVMPREFIX)
qc.lock_db_for_writing()
qc.load()
cls._remove_test_vms(qc,
qubes.qubes.vmm.libvirt_conn,
prefix=qubes.tests.CLSVMPREFIX)
cls.source_vmname = cls.make_vm_name('source', True)
source_vm = qc.add_new_vm("QubesAppVm",
template=qc.get_vm_by_name(cls.template),
name=cls.source_vmname)
source_vm.create_on_disk(verbose=False)
cls.target_vmname = cls.make_vm_name('target', True)
target_vm = qc.add_new_vm("QubesAppVm",
template=qc.get_vm_by_name(cls.template),
name=cls.target_vmname)
target_vm.create_on_disk(verbose=False)
qc.save()
qc.unlock_db()
source_vm.start()
target_vm.start()
# make sure that DispVMs will be started of the same template
retcode = subprocess.call(
['/usr/bin/qvm-create-default-dvm', cls.template],
stderr=open(os.devnull, 'w'))
assert retcode == 0, "Error preparing DispVM"
def setUpClass(cls):
if cls.template == 'whonix-gw' or 'minimal' in cls.template:
raise unittest.SkipTest(
'Template {} not supported by this test'.format(cls.template))
if cls.template == 'whonix-ws':
# TODO remove when Whonix-based DispVMs will work (Whonix 13?)
raise unittest.SkipTest(
'Template {} not supported by this test'.format(cls.template))
qc = QubesVmCollection()
cls._kill_test_vms(qc, prefix=qubes.tests.CLSVMPREFIX)
qc.lock_db_for_writing()
qc.load()
cls._remove_test_vms(qc, qubes.qubes.vmm.libvirt_conn,
prefix=qubes.tests.CLSVMPREFIX)
cls.source_vmname = cls.make_vm_name('source', True)
source_vm = qc.add_new_vm("QubesAppVm",
template=qc.get_vm_by_name(cls.template),
name=cls.source_vmname)
source_vm.create_on_disk(verbose=False)
cls.target_vmname = cls.make_vm_name('target', True)
target_vm = qc.add_new_vm("QubesAppVm",
template=qc.get_vm_by_name(cls.template),
name=cls.target_vmname)
target_vm.create_on_disk(verbose=False)
qc.save()
qc.unlock_db()
source_vm.start()
target_vm.start()
# make sure that DispVMs will be started of the same template
retcode = subprocess.call(['/usr/bin/qvm-create-default-dvm',
cls.template],
stderr=open(os.devnull, 'w'))
assert retcode == 0, "Error preparing DispVM"
def do_create_vm(vmclass, vmname, label, template_vm, netvm, standalone,
allow_networking, thread_monitor):
vm = None
qc = QubesVmCollection()
qc.lock_db_for_writing()
qc.load()
try:
if not standalone:
vm = qc.add_new_vm(vmclass,
name=vmname,
template=template_vm,
label=label)
else:
vm = qc.add_new_vm(vmclass,
name=vmname,
template=None,
label=label)
vm.create_on_disk(verbose=False, source_template=template_vm)
if not allow_networking:
vm.uses_default_netvm = False
vm.netvm = None
else:
vm.netvm = netvm
if vm.netvm.qid == qc.get_default_netvm().qid:
vm.uses_default_netvm = True
else:
vm.uses_default_netvm = False
qc.save()
except Exception as ex:
thread_monitor.set_error_msg(str(ex))
if vm:
vm.remove_from_disk()
qc.pop(vm.qid)
finally:
qc.unlock_db()
thread_monitor.set_finished()
def main():
module = AnsibleModule(argument_spec=dict(
name=dict(required=True, type='str'),
state=dict(default='present', choices=['present', 'absent']),
type=dict(default='appvm',
choices=['appvm', 'netvm', 'proxyvm', 'hvm', 'templatehvm']),
template=dict(type='str'),
standalone=dict(default=False, type='bool'),
label=dict(choices=[
'red', 'orange', 'yellow', 'green', 'gray', 'blue', 'purple',
'black'
]),
pool_name=dict(default='default', type='str'),
memory=dict(type='int'),
maxmem=dict(type='int'),
mac=dict(type='str'),
pci_strictreset=dict(type='bool'),
pci_e820_host=dict(default=False, type='bool'),
netvm=dict(type='str'),
dispvm_netvm=dict(type='str'),
kernel=dict(type='str'),
vcpus=dict(type='int'),
kernelopts=dict(type='str'),
drive=dict(type='str'),
debug=dict(type='bool'),
default_user=dict(type='str'),
include_in_backups=dict(type='bool'),
qrexec_installed=dict(type='bool'),
internal=dict(type='bool'),
guiagent_installed=dict(type='bool'),
seamless_gui_mode=dict(type='bool'),
autostart=dict(type='bool'),
qrexec_timeout=dict(type='int'),
timezone=dict(),
))
if not QUBES_DOM0:
module.fail_json(msg='This module must be run from QubeOS dom0')
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_writing()
qvm_collection.load()
# Set parameters
changed = True
options = set_options(module, qvm_collection)
if options['state'] == 'present':
if qvm_collection.get_vm_by_name(options['args']['name']) is not None:
changed = False
qube = qvm_collection.get_vm_by_name(options['args']['name'])
for key in options['args']:
if key == 'pool_name':
if qube.pool_name != options['args']['pool_name']:
module.fail_json(
msg='Existing VM storage pool cannot be changed')
elif getattr(qube, key) != options['args'][key]:
setattr(qube, key, options['args'][key])
changed = True
if not isinstance(qube, QubesVmClasses[options['type']]):
module.fail_json(msg='Existing VM type cannot be changed')
else:
try:
qube = qvm_collection.add_new_vm(options['type'],
**options['args'])
except QubesException as e:
module.fail_json(msg='Unable to create VM: %s' % e)
qube.create_on_disk(source_template=options['base_template'])
elif options['state'] == 'absent':
if qvm_collection.get_vm_by_name(options['args']['name']) is None:
changed = False
else:
qube = qvm_collection.get_vm_by_name(options['args']['name'])
if qube.is_running():
try:
qube.force_shutdown()
except (IOError, OSError, QubesException) as e:
module.fail_json(msg='Unable to shutdown VM: %s' % e)
if qube.is_template(): # Report what VMs use this template
dependent_qubes = qube.qvm_collection.get_vms_based_on(
qube.qid)
if len(dependent_qubes) > 0:
module.fail_json(
msg='Please remove VMs dependent on this template first'
)
if qvm_collection.default_template_qid == qube.qid:
qvm_collection.default_template_qid = None
if qube.is_netvm():
if qvm_collection.default_netvm_qid == qube.qid:
qvm_collection.default_netvm_qid = None
if qube.installed_by_rpm:
module.fail_json(msg='Qube managed by RPM/DNF')
qube.remove_from_disk()
qvm_collection.pop(qube.qid)
qvm_collection.save()
qvm_collection.unlock_db()
module.exit_json(changed=changed)
class TC_00_Dom0Upgrade(qubes.tests.QubesTestCase):
cleanup_paths = []
pkg_name = 'qubes-test-pkg'
dom0_update_common_opts = ['--disablerepo=*', '--enablerepo=test',
'--setopt=test.copy_local=1']
@classmethod
def generate_key(cls, keydir):
gpg_opts = ['gpg', '--quiet', '--no-default-keyring',
'--homedir', keydir]
p = subprocess.Popen(gpg_opts + ['--gen-key', '--batch'],
stdin=subprocess.PIPE,
stderr=open(os.devnull, 'w'))
p.stdin.write('''
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Qubes test
Expire-Date: 0
%commit
'''.format(keydir=keydir))
p.stdin.close()
p.wait()
subprocess.check_call(gpg_opts + ['-a', '--export',
'--output', os.path.join(keydir, 'pubkey.asc')])
p = subprocess.Popen(gpg_opts + ['--with-colons', '--list-keys'],
stdout=subprocess.PIPE)
for line in p.stdout.readlines():
fields = line.split(':')
if fields[0] == 'pub':
return fields[4][-8:].lower()
raise RuntimeError
@classmethod
def setUpClass(cls):
super(TC_00_Dom0Upgrade, cls).setUpClass()
cls.tmpdir = tempfile.mkdtemp()
cls.cleanup_paths += [cls.tmpdir]
cls.keyid = cls.generate_key(cls.tmpdir)
p = subprocess.Popen(['sudo', 'dd',
'status=none', 'of=/etc/yum.repos.d/test.repo'],
stdin=subprocess.PIPE)
p.stdin.write('''
[test]
name = Test
baseurl = file:///tmp/repo
enabled = 1
''')
p.stdin.close()
p.wait()
@classmethod
def tearDownClass(cls):
subprocess.check_call(['sudo', 'rm', '-f',
'/etc/yum.repos.d/test.repo'])
for dir in cls.cleanup_paths:
shutil.rmtree(dir)
cls.cleanup_paths = []
def setUp(self):
self.qc = QubesVmCollection()
self.qc.lock_db_for_writing()
self.qc.load()
self.updatevm = self.qc.add_new_vm("QubesProxyVm",
name="%supdatevm" % VM_PREFIX,
template=self.qc.get_default_template())
self.updatevm.create_on_disk(verbose=False)
self.saved_updatevm = self.qc.get_updatevm_vm()
self.qc.set_updatevm_vm(self.updatevm)
self.qc.save()
self.qc.unlock_db()
subprocess.call(['sudo', 'rpm', '-e', self.pkg_name],
stderr=open(os.devnull, 'w'))
subprocess.check_call(['sudo', 'rpm', '--import',
os.path.join(self.tmpdir, 'pubkey.asc')])
self.updatevm.start()
def remove_vms(self, vms):
self.qc.lock_db_for_writing()
self.qc.load()
self.qc.set_updatevm_vm(self.qc[self.saved_updatevm.qid])
for vm in vms:
if isinstance(vm, str):
vm = self.qc.get_vm_by_name(vm)
else:
vm = self.qc[vm.qid]
if vm.is_running():
try:
vm.force_shutdown()
except:
pass
try:
vm.remove_from_disk()
except OSError:
pass
self.qc.pop(vm.qid)
self.qc.save()
self.qc.unlock_db()
def tearDown(self):
vmlist = [vm for vm in self.qc.values() if vm.name.startswith(
VM_PREFIX)]
self.remove_vms(vmlist)
subprocess.call(['sudo', 'rpm', '-e', self.pkg_name], stderr=open(
os.devnull, 'w'))
subprocess.call(['sudo', 'rpm', '-e', 'gpg-pubkey-{}'.format(
self.keyid)], stderr=open(os.devnull, 'w'))
for pkg in os.listdir(self.tmpdir):
if pkg.endswith('.rpm'):
os.unlink(pkg)
def create_pkg(self, dir, name, version):
spec_path = os.path.join(dir, name+'.spec')
spec = open(spec_path, 'w')
spec.write(
'''
Name: {name}
Summary: Test Package
Version: {version}
Release: 1
Vendor: Invisible Things Lab
License: GPL
Group: Qubes
URL: http://www.qubes-os.org
%description
Test package
%install
%files
'''.format(name=name, version=version)
)
spec.close()
subprocess.check_call(
['rpmbuild', '--quiet', '-bb', '--define', '_rpmdir {}'.format(dir),
spec_path])
pkg_path = os.path.join(dir, 'x86_64',
'{}-{}-1.x86_64.rpm'.format(name, version))
subprocess.check_call(['sudo', 'chmod', 'go-rw', '/dev/tty'])
subprocess.check_call(
['rpm', '--quiet', '--define=_gpg_path {}'.format(dir),
'--define=_gpg_name {}'.format("Qubes test"),
'--addsign', pkg_path],
stdin=open(os.devnull),
stdout=open(os.devnull, 'w'),
stderr=subprocess.STDOUT)
subprocess.check_call(['sudo', 'chmod', 'go+rw', '/dev/tty'])
return pkg_path
def send_pkg(self, filename):
p = self.updatevm.run('mkdir -p /tmp/repo; cat > /tmp/repo/{}'.format(
os.path.basename(
filename)), passio_popen=True)
p.stdin.write(open(filename).read())
p.stdin.close()
p.wait()
self.updatevm.run('cd /tmp/repo; createrepo .', wait=True)
def test_000_update(self):
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
subprocess.check_call(['sudo', 'rpm', '-i', filename])
filename = self.create_pkg(self.tmpdir, self.pkg_name, '2.0')
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts,
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError:
self.fail("qubes-dom0-update failed: " + open(
logpath).read())
retcode = subprocess.call(['rpm', '-q', '{}-1.0'.format(
self.pkg_name)], stdout=open(os.devnull, 'w'))
self.assertEqual(retcode, 1, 'Package {}-1.0 still installed after '
'update'.format(self.pkg_name))
retcode = subprocess.call(['rpm', '-q', '{}-2.0'.format(
self.pkg_name)], stdout=open(os.devnull, 'w'))
self.assertEqual(retcode, 0, 'Package {}-2.0 not installed after '
'update'.format(self.pkg_name))
def test_010_instal(self):
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts + [
self.pkg_name],
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError:
self.fail("qubes-dom0-update failed: " + open(
logpath).read())
retcode = subprocess.call(['rpm', '-q', '{}-1.0'.format(
self.pkg_name)], stdout=open('/dev/null', 'w'))
self.assertEqual(retcode, 0, 'Package {}-1.0 not installed'.format(
self.pkg_name))
def test_020_install_wrong_sign(self):
subprocess.call(['sudo', 'rpm', '-e', 'gpg-pubkey-{}'.format(
self.keyid)])
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts + [
self.pkg_name],
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT)
self.fail("qubes-dom0-update unexpectedly succeeded: " + open(
logpath).read())
except subprocess.CalledProcessError:
pass
retcode = subprocess.call(['rpm', '-q', '{}-1.0'.format(
self.pkg_name)], stdout=open('/dev/null', 'w'))
self.assertEqual(retcode, 1,
'Package {}-1.0 installed although '
'signature is invalid'.format(self.pkg_name))
def test_030_install_unsigned(self):
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
subprocess.check_call(['rpm', '--delsign', filename],
stdout=open(os.devnull, 'w'),
stderr=subprocess.STDOUT)
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts +
[self.pkg_name],
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT
)
self.fail("qubes-dom0-update unexpectedly succeeded: " + open(
logpath).read())
except subprocess.CalledProcessError:
pass
retcode = subprocess.call(['rpm', '-q', '{}-1.0'.format(
self.pkg_name)], stdout=open('/dev/null', 'w'))
self.assertEqual(retcode, 1,
'UNSIGNED package {}-1.0 installed'.format(self.pkg_name))
class TC_00_Dom0Upgrade(qubes.tests.QubesTestCase):
cleanup_paths = []
pkg_name = 'qubes-test-pkg'
dom0_update_common_opts = [
'--disablerepo=*', '--enablerepo=test', '--setopt=test.copy_local=1'
]
@classmethod
def generate_key(cls, keydir):
gpg_opts = [
'gpg', '--quiet', '--no-default-keyring', '--homedir', keydir
]
p = subprocess.Popen(gpg_opts + ['--gen-key', '--batch'],
stdin=subprocess.PIPE,
stderr=open(os.devnull, 'w'))
p.stdin.write('''
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Qubes test
Expire-Date: 0
%commit
'''.format(keydir=keydir))
p.stdin.close()
p.wait()
subprocess.check_call(
gpg_opts +
['-a', '--export', '--output',
os.path.join(keydir, 'pubkey.asc')])
p = subprocess.Popen(gpg_opts + ['--with-colons', '--list-keys'],
stdout=subprocess.PIPE)
for line in p.stdout.readlines():
fields = line.split(':')
if fields[0] == 'pub':
return fields[4][-8:].lower()
raise RuntimeError
@classmethod
def setUpClass(cls):
super(TC_00_Dom0Upgrade, cls).setUpClass()
cls.tmpdir = tempfile.mkdtemp()
cls.cleanup_paths += [cls.tmpdir]
cls.keyid = cls.generate_key(cls.tmpdir)
p = subprocess.Popen(
['sudo', 'dd', 'status=none', 'of=/etc/yum.repos.d/test.repo'],
stdin=subprocess.PIPE)
p.stdin.write('''
[test]
name = Test
baseurl = file:///tmp/repo
enabled = 1
''')
p.stdin.close()
p.wait()
@classmethod
def tearDownClass(cls):
subprocess.check_call(
['sudo', 'rm', '-f', '/etc/yum.repos.d/test.repo'])
for dir in cls.cleanup_paths:
shutil.rmtree(dir)
cls.cleanup_paths = []
def setUp(self):
self.qc = QubesVmCollection()
self.qc.lock_db_for_writing()
self.qc.load()
self.updatevm = self.qc.add_new_vm(
"QubesProxyVm",
name="%supdatevm" % VM_PREFIX,
template=self.qc.get_default_template())
self.updatevm.create_on_disk(verbose=False)
self.saved_updatevm = self.qc.get_updatevm_vm()
self.qc.set_updatevm_vm(self.updatevm)
self.qc.save()
self.qc.unlock_db()
subprocess.call(['sudo', 'rpm', '-e', self.pkg_name],
stderr=open(os.devnull, 'w'))
subprocess.check_call([
'sudo', 'rpm', '--import',
os.path.join(self.tmpdir, 'pubkey.asc')
])
self.updatevm.start()
def remove_vms(self, vms):
self.qc.lock_db_for_writing()
self.qc.load()
self.qc.set_updatevm_vm(self.qc[self.saved_updatevm.qid])
for vm in vms:
if isinstance(vm, str):
vm = self.qc.get_vm_by_name(vm)
else:
vm = self.qc[vm.qid]
if vm.is_running():
try:
vm.force_shutdown()
except:
pass
try:
vm.remove_from_disk()
except OSError:
pass
self.qc.pop(vm.qid)
self.qc.save()
self.qc.unlock_db()
def tearDown(self):
vmlist = [
vm for vm in self.qc.values() if vm.name.startswith(VM_PREFIX)
]
self.remove_vms(vmlist)
subprocess.call(['sudo', 'rpm', '-e', self.pkg_name],
stderr=open(os.devnull, 'w'))
subprocess.call(
['sudo', 'rpm', '-e', 'gpg-pubkey-{}'.format(self.keyid)],
stderr=open(os.devnull, 'w'))
for pkg in os.listdir(self.tmpdir):
if pkg.endswith('.rpm'):
os.unlink(pkg)
def create_pkg(self, dir, name, version):
spec_path = os.path.join(dir, name + '.spec')
spec = open(spec_path, 'w')
spec.write('''
Name: {name}
Summary: Test Package
Version: {version}
Release: 1
Vendor: Invisible Things Lab
License: GPL
Group: Qubes
URL: http://www.qubes-os.org
%description
Test package
%install
%files
'''.format(name=name, version=version))
spec.close()
subprocess.check_call([
'rpmbuild', '--quiet', '-bb', '--define', '_rpmdir {}'.format(dir),
spec_path
])
pkg_path = os.path.join(dir, 'x86_64',
'{}-{}-1.x86_64.rpm'.format(name, version))
subprocess.check_call(['sudo', 'chmod', 'go-rw', '/dev/tty'])
subprocess.check_call([
'rpm', '--quiet', '--define=_gpg_path {}'.format(dir),
'--define=_gpg_name {}'.format("Qubes test"), '--addsign', pkg_path
],
stdin=open(os.devnull),
stdout=open(os.devnull, 'w'),
stderr=subprocess.STDOUT)
subprocess.check_call(['sudo', 'chmod', 'go+rw', '/dev/tty'])
return pkg_path
def send_pkg(self, filename):
p = self.updatevm.run('mkdir -p /tmp/repo; cat > /tmp/repo/{}'.format(
os.path.basename(filename)),
passio_popen=True)
p.stdin.write(open(filename).read())
p.stdin.close()
p.wait()
self.updatevm.run('cd /tmp/repo; createrepo .', wait=True)
def test_000_update(self):
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
subprocess.check_call(['sudo', 'rpm', '-i', filename])
filename = self.create_pkg(self.tmpdir, self.pkg_name, '2.0')
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts,
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError:
self.fail("qubes-dom0-update failed: " + open(logpath).read())
retcode = subprocess.call(
['rpm', '-q', '{}-1.0'.format(self.pkg_name)],
stdout=open(os.devnull, 'w'))
self.assertEqual(
retcode, 1, 'Package {}-1.0 still installed after '
'update'.format(self.pkg_name))
retcode = subprocess.call(
['rpm', '-q', '{}-2.0'.format(self.pkg_name)],
stdout=open(os.devnull, 'w'))
self.assertEqual(
retcode, 0, 'Package {}-2.0 not installed after '
'update'.format(self.pkg_name))
def test_010_instal(self):
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts +
[self.pkg_name],
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError:
self.fail("qubes-dom0-update failed: " + open(logpath).read())
retcode = subprocess.call(
['rpm', '-q', '{}-1.0'.format(self.pkg_name)],
stdout=open('/dev/null', 'w'))
self.assertEqual(retcode, 0,
'Package {}-1.0 not installed'.format(self.pkg_name))
def test_020_install_wrong_sign(self):
subprocess.call(
['sudo', 'rpm', '-e', 'gpg-pubkey-{}'.format(self.keyid)])
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts +
[self.pkg_name],
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT)
self.fail("qubes-dom0-update unexpectedly succeeded: " +
open(logpath).read())
except subprocess.CalledProcessError:
pass
retcode = subprocess.call(
['rpm', '-q', '{}-1.0'.format(self.pkg_name)],
stdout=open('/dev/null', 'w'))
self.assertEqual(
retcode, 1, 'Package {}-1.0 installed although '
'signature is invalid'.format(self.pkg_name))
def test_030_install_unsigned(self):
filename = self.create_pkg(self.tmpdir, self.pkg_name, '1.0')
subprocess.check_call(['rpm', '--delsign', filename],
stdout=open(os.devnull, 'w'),
stderr=subprocess.STDOUT)
self.send_pkg(filename)
logpath = os.path.join(self.tmpdir, 'dom0-update-output.txt')
try:
subprocess.check_call(['sudo', 'qubes-dom0-update', '-y'] +
self.dom0_update_common_opts +
[self.pkg_name],
stdout=open(logpath, 'w'),
stderr=subprocess.STDOUT)
self.fail("qubes-dom0-update unexpectedly succeeded: " +
open(logpath).read())
except subprocess.CalledProcessError:
pass
retcode = subprocess.call(
['rpm', '-q', '{}-1.0'.format(self.pkg_name)],
stdout=open('/dev/null', 'w'))
self.assertEqual(
retcode, 1,
'UNSIGNED package {}-1.0 installed'.format(self.pkg_name))
