-
Notifications
You must be signed in to change notification settings - Fork 5
/
qubes4-multi-update
executable file
·193 lines (162 loc) · 6.6 KB
/
qubes4-multi-update
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
#!/usr/bin/python3
##
## Update multiple operating systems on Qubes R4 systems
## by Chris Laprise 2017-2021
## [email protected] https://github.com/tasket
import re
import os
import sys
import subprocess
from subprocess import PIPE
from time import sleep
from optparse import OptionParser
import qubesadmin.tools
usage = "usage: %prog [options] [vms-to-be-included ...]"
parser = OptionParser (usage)
parser.add_option ("-a", "--all", action="store_true", dest="include_all",
default=False, help="Include all updateable VMs")
parser.add_option ("-l", "--available", action="store_true",
dest="include_available", default=False,
help="Include VMs known to have available updates")
parser.add_option ("-t", "--templates", action="store_true",
dest="templates_only", default=False,
help="Include only templates, not standalone")
parser.add_option ("-e", "--exclude", action="append", dest="exclude_list",
help="Exclude VM; repeat as needed")
parser.add_option ("-u", "--unattended", action="store_true",dest="unattended",
default=False, help="Non-interactive, supress prompts")
parser.add_option ("--shutdown-all", action="store_true", dest="shutdown_all",
default=False, help="Shutdown _all_ VMs at end of process")
parser.add_option ("--autoremove", action="store_true", dest="autoremove",
default=False, help="Clean up 'leaf' packages after update")
def main(args=None, app=None):
(options, args) = parser.parse_args ()
if options.exclude_list is None:
options.exclude_list = []
qc = qubesadmin.Qubes().app.domains
vmlist = []; errlist = []
excludes = ["dom0","windows7", "windows8", "windows10"]
exclude_file = "/etc/qubes/autoupdate-exclude"
exclude_from_file = []
if os.path.isfile(exclude_file):
with open(exclude_file) as f:
lines = f.readlines()
exclude_from_file = [str(e.strip()) for e in lines]
print("List from", exclude_file, "is in effect...")
# Process selections
for vm in qc:
if vm.qid > 0:
if not vm.updateable:
continue
elif vm.name in args:
vmlist.append(vm)
elif vm.name in excludes + options.exclude_list + exclude_from_file:
continue
elif options.templates_only and vm.klass != 'TemplateVM':
continue
elif options.include_all:
vmlist.append(vm)
elif options.include_available:
if vm.features.get("updates-available", False) == "1":
vmlist.append(vm)
print("\nMulti-Update Selections :")
for vm in vmlist:
print(" ", vm.name)
if (len (vmlist) < 1):
print("You must specify --all, --available or VM names.",
file=sys.stderr)
exit (1)
tmpscript = b"/tmp/multi-update-guest.sh"
for vm in vmlist:
if vm.qid == 0: # If dom0 selected, save it for last
continue
rows,cols = os.popen('stty size', 'r').read().split()
print("\n")
print("_" * int(cols))
print("\n Beginning update for", vm.name)
print("_" * int(cols))
was_running = vm.is_running()
if was_running:
print("VM is running.")
else:
print("Starting VM...")
p = vm.run("sync; sleep 2s", wait=True, connect_timeout=30)
pstate = vm.get_power_state()
if pstate != "Running":
print("\nVM State is", pstate, "and not usable - SKIPPING.\n")
vm.shutdown()
continue
# Write VM script header
p = subprocess.Popen(["qvm-run","-p","-u","root",vm.name,
b"cat >"+tmpscript], stdin=PIPE)
p.stdin.write(b"#!/bin/bash\n")
p.stdin.write(b"export yes_opt=" + [b" ", b"-y"][options.unattended] + b"\n")
p.stdin.write(b"export unattended=" + [b"false", b"true"][options.unattended] + b"\n")
p.stdin.write(b"export autoremove=" + [b"false", b"true"][options.autoremove] + b"\n")
###> BEGIN MAIN VM SCRIPT <###
p.stdin.write(b"""export TERM=vt100
if [ -e /var/lib/whonix ]; then
curl -s --connect-timeout 30 localhost:8082 >/dev/null
for i in 1 2 3 LAST; do
echo -n ' .'
sleep 3s
done
fi
set -e
if [ -e /etc/redhat-release ]; then
dnf update $yes_opt --best || dnf update $yes_opt
dnf clean packages $yes_opt
if [ "$autoremove" = "true" ]; then
echo Autoremove:
dnf autoremove -v $yes_opt
fi
elif [ -e /etc/debian_version ]; then
apt-get update
if [ "$unattended" = "true" ]; then
export DEBIAN_FRONTEND=noninteractive
apt-get dist-upgrade -V -q -y -o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold"
else
apt-get dist-upgrade -V
fi
if [ "$autoremove" = "true" ]; then
echo Autoremove:
apt-get autoremove $yes_opt
fi
apt-get clean
# elif [ -e /etc/arch-release ]; then
# pacman -Suy
else
echo '\nUnknown distribution type! Please update manually.\n'
fi
echo Done.
""")
###> END VM SCRIPT <###
p.stdin.close()
p = vm.run("sync; sleep 2s", wait=True, connect_timeout=10)
try:
subprocess.check_call(["qvm-run","-p","-u","root",vm.name, \
b"chmod +x "+tmpscript+b" && bash "+tmpscript])
except:
print("\n***", vm.name, "update returned non-zero status!")
errlist.append(vm.name)
finally:
subprocess.check_call(["qvm-run","-p","-u","root",vm.name, \
b"rm -f "+tmpscript])
if options.shutdown_all or not was_running:
print("Shutting down", vm.name, end=" ")
vm.shutdown()
while vm.is_running():
print(".", end=" ")
sleep(2)
print()
if options.shutdown_all:
subprocess.check_call(["qvm-shutdown", "--all", "--force",
"--wait", "--wait-time=40"])
print("\nEnd of Multi-Update process.")
if len(errlist) > 0:
print("\n*** The following VMs had update ERRORS:")
print("***", ", ".join(errlist))
exit(1)
if __name__ == '__main__':
sys.exit(main())