Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using qubes-rpc-multiplexer #141

Merged
merged 12 commits into from
Feb 4, 2025
Merged

Stop using qubes-rpc-multiplexer #141

merged 12 commits into from
Feb 4, 2025

Conversation

DemiMarie
Copy link
Contributor

@DemiMarie DemiMarie commented Apr 10, 2024
edited
Loading

Instead, directly execute the command from C.

The command’s environment inherits all environment variables from the
calling process except for those that start with QREXEC. Environment
variables that start with QREXEC are not inherited, except for
QREXEC_SERVICE_PATH and QREXEC_AGENT_PID, but the following are set
explicitly:

  • QREXEC_SERVICE_FULL_NAME
  • QREXEC_REMOTE_DOMAIN
  • QREXEC_SERVICE_ARGUMENT if the service argument is present and non-empty.
  • QREXEC_AGENT_PID is set for calls to a VM that do not use MSG_JUST_EXEC.
    Its handling in other cases is inconsistent, so such services should avoid it.

When the request is made to dom0, the following are also set:

  • QREXEC_REQUESTED_TARGET_TYPE is set to name if the requested target does not start with
  • QREXEC_REQUESTED_TARGET for services in dom0 if the target does not start with @.
  • QREXEC_REQUESTED_TARGET_KEYWORD for services in dom0 if the target does start with @.
    The leading @ is removed, but subsequent @ are left unchanged.

This is a backwards-incompatible change to libqrexec. Therefore, it cannot be backported to R4.2.

Fixes: QubesOS/qubes-issues#9062

@DemiMarie DemiMarie force-pushed the no-multiplexer branch 4 times, most recently from 189d832 to b4a2de9 Compare April 11, 2024 22:14
@DemiMarie DemiMarie mentioned this pull request Apr 14, 2024
Merged
@DemiMarie DemiMarie force-pushed the no-multiplexer branch 3 times, most recently from 3de2f4b to 39f909f Compare April 16, 2024 23:58
@DemiMarie DemiMarie marked this pull request as ready for review April 17, 2024 00:03
@DemiMarie DemiMarie force-pushed the no-multiplexer branch 3 times, most recently from 9f69888 to a4de39f Compare May 4, 2024 00:10
@codecov Codecov
Copy link

codecov bot commented May 4, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 70.81967% with 89 lines in your changes missing coverage. Please review.

Project coverage is 78.85%. Comparing base (b40d3da) to head (68a427f).
Report is 13 commits behind head on main.

Files with missing lines Patch % Lines
libqrexec/exec.c 58.09% 44 Missing ⚠️
daemon/qrexec-client.c 60.00% 16 Missing ⚠️
libqrexec/open_logger.c 66.66% 7 Missing ⚠️
libqrexec/buffer.c 0.00% 5 Missing ⚠️
agent/qrexec-agent-data.c 87.50% 3 Missing ⚠️
agent/qrexec-fork-server.c 0.00% 3 Missing ⚠️
daemon/qrexec-daemon.c 0.00% 3 Missing ⚠️
qrexec/client.py 40.00% 3 Missing ⚠️
agent/qrexec-agent.c 60.00% 2 Missing ⚠️
qrexec/tests/socket/agent.py 94.59% 2 Missing ⚠️
... and 1 more
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #141      +/-   ##
==========================================
- Coverage   79.17%   78.85%   -0.32%     
==========================================
  Files          54       55       +1     
  Lines        9953    10145     +192     
==========================================
+ Hits         7880     8000     +120     
- Misses       2073     2145      +72

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@DemiMarie DemiMarie changed the title Draft: Rip out qubes-rpc-multiplexer Rip out qubes-rpc-multiplexer May 4, 2024
@marmarek marmarek mentioned this pull request May 18, 2024
Merged
@qubesos-bot
Copy link

qubesos-bot commented Jun 28, 2024
edited
Loading

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2025020121-4.3&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2024111705-4.3&flavor=update

  • system_tests_qrexec

  • system_tests_dispvm

    • TC_20_DispVM_fedora-41-xfce: test_100_open_in_dispvm (failure)
      AssertionError: './open-file test.txt' failed with ./open-file test...

  • system_tests_kde_gui_interactive

    • gui_keyboard_layout: wait_serial (wait serial expected)
      # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

  • system_tests_guivm_vnc_gui_interactive

    • gui_keyboard_layout: Failed (test died)
      # Test died: command 'test "$(qvm-run --nogui -p sys-gui-vnc 'ls e1...

    • gui_keyboard_layout: unnamed test (unknown)

  • system_tests_qrexec_perf@hw1

    • TC_00_QrexecPerf_debian-12-xfce: test_110_simple_data_duplex (failure)
      AssertionError: '/usr/lib/qubes/tests/qrexec_perf.py --vm1=test-ins...

    • TC_00_QrexecPerf_whonix-workstation-17: test_110_simple_data_duplex (failure)
      AssertionError: '/usr/lib/qubes/tests/qrexec_perf.py --vm1=test-ins...

Failed tests

8 failures

  • system_tests_qrexec

  • system_tests_dispvm

    • TC_20_DispVM_fedora-41-xfce: test_100_open_in_dispvm (failure)
      AssertionError: './open-file test.txt' failed with ./open-file test...

  • system_tests_kde_gui_interactive

    • gui_keyboard_layout: wait_serial (wait serial expected)
      # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

    • gui_keyboard_layout: Failed (test died)
      # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...

  • system_tests_guivm_vnc_gui_interactive

    • gui_keyboard_layout: Failed (test died)
      # Test died: command 'test "$(qvm-run --nogui -p sys-gui-vnc 'ls e1...

    • gui_keyboard_layout: unnamed test (unknown)

  • system_tests_qrexec_perf@hw1

    • TC_00_QrexecPerf_debian-12-xfce: test_110_simple_data_duplex (failure)
      AssertionError: '/usr/lib/qubes/tests/qrexec_perf.py --vm1=test-ins...

    • TC_00_QrexecPerf_whonix-workstation-17: test_110_simple_data_duplex (failure)
      AssertionError: '/usr/lib/qubes/tests/qrexec_perf.py --vm1=test-ins...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/119126#dependencies

3 fixed

  • system_tests_extra

    • TC_00_QVCTest_whonix-gateway-17: test_010_screenshare (failure)
      ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 0 == 0

  • system_tests_basic_vm_qrexec_gui_zfs

    • switch_pool: Failed (test died)
      # Test died: command 'dnf install -y ./zfs-release.rpm' failed at /...

  • system_tests_audio@hw1

Unstable tests

This was referenced Jun 28, 2024
Merged
Merged
Merged
Merged
@marmarek
Copy link
Member

Ugh, upgrade will require a bit more care. Right now, just after upgrading dom0, qrexec calls (to dom0) fails for currently running VMs:

2024-06-28 13:11:55.919 qrexec-daemon[26518]: exec.c:85:exec_qubes_rpc_if_requested: exec qubes-rpc-multiplexer: No such file or directory

Release upgrade script will need to handle this case.

@marmarek marmarek mentioned this pull request Jun 28, 2024
Open
7 tasks
@marmarek
Copy link
Member

Maybe keep the script in repo, and remove only later (R4.4?) ?
I noticed the problem in dom0, but it probably affect domUs too.

This was referenced Jan 25, 2025
Merged
Merged
Merged
@DemiMarie
Copy link
Contributor Author

Policy prompt in sys-gui doesn't work. This is what I find in the log there:

Exact same error is still there with the most recent version of this PR

I fixed the bug in #187 but git rebase added it back in the form of an unwanted commit. I fixed this by removing the unwanted commit.

@marmarek
Copy link
Member

Now indeed sys-gui tests are green :)

marmarek added a commit to QubesOS/qubes-core-admin that referenced this pull request Jan 26, 2025
@marmarek
Merge remote-tracking branch 'origin/pr/647'
1f2dbf5 
* origin/pr/647:
  tests: add qrexec performance tests

Pull request description:

Add simple connection latency, and throughput tests. Run them with
different type of services (scripts, socket, via fork-server or not).
They print a test run time for comparison - the lower the better.

QubesOS/qubes-issues#5740

This will be especially useful to measure impact of QubesOS/qubes-core-qrexec#141 and similar changes.
@marmarek
Copy link
Member

All variables with names beginning with QREXEC are stripped from the
environment, except for QREXEC_SERVICE_PATH. This is a change in
behavior compared to the current code.

Why actually doing it? Is it intended to remove some specific variable(s)?

@DemiMarie
Copy link
Contributor Author

All variables with names beginning with QREXEC are stripped from the
environment, except for QREXEC_SERVICE_PATH. This is a change in
behavior compared to the current code.

Why actually doing it? Is it intended to remove some specific variable(s)?

The intent is to ensure that with the exception of QREXEC_SERVICE_PATH, all QREXEC* variables are unset if qrexec did not set them explicitly, even if the user has them set in the environment somewhere. This is especially useful for testing, as it ensures that QREXEC* variables from the user’s environment don’t leak into the test environment.

@marmarek
Copy link
Member

The way you described it may suggest various QREXEC_* variables like QREXEC_REMOTE_DOMAIN stopped being supported, which would be bad.

For testing, you don't need to modify release behavior to avoid those variables - simply exclude them in tests when calling various qrexec tools.

Anyway, I'm not strongly against this change, as it feels harmless (if not useful), but it needs better description. But also, would it be feasible to add some logging when excluding a variable that isn't going to be set a moment later (so, a variable that would be "leaked" to the service)? That would help finding unintended effects of this change.

@DemiMarie DemiMarie force-pushed the no-multiplexer branch 3 times, most recently from 17be9de to 7316fdc Compare January 29, 2025 01:07
@qubesos-bot qubesos-bot mentioned this pull request Jan 29, 2025
Merged
marmarek
marmarek reviewed Jan 31, 2025
View reviewed changes
@DemiMarie
Stop using qubes-rpc-multiplexer for service calls
8728002 
Instead, directly execute the command from C.

Environment variables with names beginning with QREXEC are stripped from
the environment, except for QREXEC_SERVICE_PATH and QREXEC_AGENT_PID.
This stripping happens before qrexec-specific environment variables are
set, so the following variables are still set as before:

- QREXEC_SERVICE_FULL_NAME
- QREXEC_REMOTE_DOMAIN
- QREXEC_SERVICE_ARGUMENT
- QREXEC_REQUESTED_TARGET_TYPE
- QREXEC_REQUESTED_TARGET (dom0 only)
- QREXEC_REQUESTED_TARGET_KEYWORD (dom0 only)

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.  It also requires changing
the SELinux policy so that the labels on /etc/qubes-rpc/ and
/usr/local/etc/qubes-rpc/ (and their contents) are correct.

qubes-rpc-multiplexer is still present because it has legacy uses in
Python code and for compatibility.

Fixes: QubesOS/qubes-issues#9062
@DemiMarie
Avoid qubes-rpc-multiplexer for dom0 -> dom0 calls
1adc290 
Instead, just use qrexec-client, as with any other service call.
@DemiMarie
Strip "QUBESRPC " prefix from service call commands
41bdc97 
It carries no information, and various parts of the code must strip it.
Just omit it from the command entirely.  Whether a command is an RPC
command should be determined by the service descriptor being non-NULL.

Review with "git diff --ignore-space-change".
@DemiMarie
libqrexec SONAME bump
68a427f 
The previous two changes were ABI breaks.
@DemiMarie DemiMarie requested a review from marmarek February 1, 2025 00:32
@marmarek marmarek merged commit 68a427f into QubesOS:main Feb 4, 2025
3 of 5 checks passed
@DemiMarie DemiMarie deleted the no-multiplexer branch February 4, 2025 02:17
CertainLach added a commit to CertainLach/nixos-qubes that referenced this pull request Feb 15, 2025
@CertainLach
qubes-core-qrexec: self-rpc-multiplexer dependency was removed upstream
51ae978 
Upstream: QubesOS/qubes-core-qrexec#141
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marmarek marmarek marmarek approved these changes

Assignees
No one assigned
Labels
openqa-pending
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Stop using qubes-rpc-multiplexer
3 participants
@DemiMarie @qubesos-bot @marmarek