Attaching a block to a DVM in dom0 script
34 views
Skip to first unread message
Vít Šesták
Nov 14, 2016, 8:33:39 AM11/14/16
to qubes-users
When trying to implement a backup script (for a different mechanism than the builtin one), I need to start a DVM with an attached (RO) image. How can I do it?
a. There is a script for starting some app in DVM. The problem is, I cannot get the DVM name in a reliable (non-forgeable) and easy way. The best solution I've found so far is to call back to dom0 and verify some token. Which is… quite hacky.
b. The qvm-trim-template does something in many ways similar. But it essentially uses a separate implementation of DVM.
Is there a better way to do it?
Regards,
Vít Šesták 'v6ak'
a. There is a script for starting some app in DVM. The problem is, I cannot get the DVM name in a reliable (non-forgeable) and easy way. The best solution I've found so far is to call back to dom0 and verify some token. Which is… quite hacky.
b. The qvm-trim-template does something in many ways similar. But it essentially uses a separate implementation of DVM.
Is there a better way to do it?
Regards,
Vít Šesták 'v6ak'
Rusty Bird
Nov 14, 2016, 9:13:29 AM11/14/16
to qubes-users, Vít Šesták
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Vít,
> When trying to implement a backup script (for a different mechanism
> than the builtin one), I need to start a DVM with an attached (RO)
> image. How can I do it?
If you're running R3.2:
set -e
dispvm=$(/usr/lib/qubes/qfile-daemon-dvm LAUNCH dom0 "" red)
qvm-block --attach-file --ro "$dispvm" image-vm:/path/to/image
...
qvm-block --detach "$dispvm"
/usr/lib/qubes/qfile-daemon-dvm FINISH "$dispvm"
Also check out <https://github.com/rustybird/qubes-split-dm-crypt>,
maybe it already does part of what you want.
Rusty
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYKcZJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfTbkP/2NczLklulmwIQH3ecRM+/7w
ek/RBZTiAQAhQoTTO7B7bwIciSfcYAExZHGHpWZxFdR9lwApN7jELv6VS2IjM56T
3qJyl7/SXu3NH+folQh62yKpAZi84L/v3/PmR1XtWptClBU87Tnd+subTDEVETOs
JA2nOrinZIQZlj58qdbkrTCelW+dZKutqkJs5i2K3L/vW9cGEit73llkxFe/8DDf
LnByVOJ2L7WKfjps5JKoxzKc817zrxJKIrzkfpyK/wNBA818/BhF6GZIRUhn91wU
1D8TAL/lBHq9inAJh8cXPa645z5bobN2Z/YewO2pdi42tZVV9vnx6d7krtlnHNh+
1zgPG9NwVFYr1sIZrqoi82tSZE1IsiWzHGbznB1tcyHJIRO1Adzwy0p9I0zcRHw3
YnH9W417yI8x65aNL+XEhAbzjbD0NMYhgislbsF5/vK/X6ejUu2NVEpeq0sLZtrt
nZteHB0n3H3yjZHG1LC/WOq5cSdUXQbYbrE3W6PRk2/2LX8WkXixCU/6DiIm82PR
njkUWlhWZx3MtQwdyaKENfqg5BJQuBk6OE7Sq/qcA9dlWKPQ92TAI2fjiIzi+S14
TzYnAehc0GJkanz8KjaWKLIADAfGBcwJuLGeI2qStToywimXbizvh8+hXKIzj+a/
9uQfJcZ4o5p9SA3WW9Fn
=QDtR
-----END PGP SIGNATURE-----
Hash: SHA512
Hi Vít,
> When trying to implement a backup script (for a different mechanism
> than the builtin one), I need to start a DVM with an attached (RO)
> image. How can I do it?
set -e
dispvm=$(/usr/lib/qubes/qfile-daemon-dvm LAUNCH dom0 "" red)
qvm-block --attach-file --ro "$dispvm" image-vm:/path/to/image
...
qvm-block --detach "$dispvm"
/usr/lib/qubes/qfile-daemon-dvm FINISH "$dispvm"
Also check out <https://github.com/rustybird/qubes-split-dm-crypt>,
maybe it already does part of what you want.
Rusty
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYKcZJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfTbkP/2NczLklulmwIQH3ecRM+/7w
ek/RBZTiAQAhQoTTO7B7bwIciSfcYAExZHGHpWZxFdR9lwApN7jELv6VS2IjM56T
3qJyl7/SXu3NH+folQh62yKpAZi84L/v3/PmR1XtWptClBU87Tnd+subTDEVETOs
JA2nOrinZIQZlj58qdbkrTCelW+dZKutqkJs5i2K3L/vW9cGEit73llkxFe/8DDf
LnByVOJ2L7WKfjps5JKoxzKc817zrxJKIrzkfpyK/wNBA818/BhF6GZIRUhn91wU
1D8TAL/lBHq9inAJh8cXPa645z5bobN2Z/YewO2pdi42tZVV9vnx6d7krtlnHNh+
1zgPG9NwVFYr1sIZrqoi82tSZE1IsiWzHGbznB1tcyHJIRO1Adzwy0p9I0zcRHw3
YnH9W417yI8x65aNL+XEhAbzjbD0NMYhgislbsF5/vK/X6ejUu2NVEpeq0sLZtrt
nZteHB0n3H3yjZHG1LC/WOq5cSdUXQbYbrE3W6PRk2/2LX8WkXixCU/6DiIm82PR
njkUWlhWZx3MtQwdyaKENfqg5BJQuBk6OE7Sq/qcA9dlWKPQ92TAI2fjiIzi+S14
TzYnAehc0GJkanz8KjaWKLIADAfGBcwJuLGeI2qStToywimXbizvh8+hXKIzj+a/
9uQfJcZ4o5p9SA3WW9Fn
=QDtR
-----END PGP SIGNATURE-----
Vít Šesták
Nov 15, 2016, 4:12:00 AM11/15/16
to qubes-users
Thank you, it seems to do exactly what I was looking for. (I will probably use trap in order to ensure the DVM is destroyed.)
Regards,
Vít Šesták 'v6ak'
Regards,
Vít Šesták 'v6ak'
Reply all
Reply to author
Forward
0 new messages