qvm-copy-to-vm broken in one VM? (R3.2)

[Robert Fisk]

Hi all,

I am unable to copy files to one particular AppVM, both from other VMs
and from dom0. Other AppVMs based on the same template are able to
receive files without problem. There is approx 1GB free space on the
AppVM in question, so that is not an issue.

When I run qvm-copy-to-vm from dom0, I see the following:

> [user@dom0 Pictures]$ qvm-copy-to-vm mail-1 Screenshot_2018_xxxxx.png
> /usr/lib/qubes/qubes-rpc-multiplexer: 24: export: gpg-1: bad variable name
> EOF

The "gpg-1" in the error message is the name of this mail VM's
associated GPG VM. This is coming from line 24 in qubes-rpc-multiplexer
which looks like this:

> export QREXEC_REMOTE_DOMAIN="$2"

This smells like a configuration issue with the VM in question, as other
VMs from the same template are working. But I'm only trying to copy a
file, not perform any GPG operation, so where is the gpg VM name coming
from!? Any advice on how to get my file copy working?

Regards,
Robert

[Andrew Clausen]

Hi Robert,

On 26 March 2018 at 06:20, Robert Fisk <rober...@fastmail.fm> wrote:

I am unable to copy files to one particular AppVM, both from other VMs
and from dom0. Other AppVMs based on the same template are able to
receive files without problem. There is approx 1GB free space on the
AppVM in question, so that is not an issue.

When I run qvm-copy-to-vm from dom0, I see the following:

> [user@dom0 Pictures]$ qvm-copy-to-vm mail-1 Screenshot_2018_xxxxx.png
> /usr/lib/qubes/qubes-rpc-multiplexer: 24: export: gpg-1: bad variable name
> EOF

The "gpg-1" in the error message is the name of this mail VM's
associated GPG VM. This is coming from line 24 in qubes-rpc-multiplexer
which looks like this:

> export QREXEC_REMOTE_DOMAIN="$2"

My line 24 looks different.  Have you got the latest updates?
 

This smells like a configuration issue with the VM in question, as other
VMs from the same template are working. But I'm only trying to copy a
file, not perform any GPG operation, so where is the gpg VM name coming
from!? Any advice on how to get my file copy working?

That is indeed a puzzle.  Perhaps you could send your configuration files?  In particular,

/var/lib/qubes/appvms/mail-1/mail-1.conf

/var/lib/qubes/appvms/gpg-1/gpg-1.conf

Note: you might want to look in the files before you send them.  I doubt they contain anything sensitive, but it's good to check.

Kind regards,

Andrew

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I try to figure how "gpg-1" got into qubes.Filecopy service execution
environment. One of ideas is that something is wrong with exporting
QUBES_GPG_DOMAIN variable by /etc/profile.d/qubes-gpg.sh. Can you check
if you get the same with other services? For example:

echo date | qvm-run -p mail-1 "QUBESRPC qubes.VMShell dom0"

(execute "date" using qubes.VMShell service)

Check also /tmp/qubes-session-env - maybe some strange formatting
happened there?

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlqvWrAACgkQ24/THMrX
1yz03AgAljucctGUUcECHl66BqksdNk2xkziqOzaRsVuBEW9khOV6RNajb7xcOXt
HtUastXbeT56DlNUDmZme25nQqjZ6N9LODZlKgVjYLrHpJbMc8Z44o57kfJj1HRq
iu80K/s4j+DRI7NGiXUKe5h0W0eP8M1Y2OV4Nj4VlBLExxOf6+gF/TFTilzNrnKs
2xp6DmPHNB6JqjAIfD30EwyhFfbpiA9QouJUpDRNQbliSGE9XQYJ1DxjUi/qeaHz
eDWDEdm2pYV6iAjBQhmN1hNr/hqt8GGMunJp+CwjFrVOAb3jbDiIw3Fa8W7OGB5o
0f6VSfHHoV5RScKVxZcj8bxrbklC3A==
=sT/x
-----END PGP SIGNATURE-----

[Robert Fisk]

Thanks everyone for the suggestions. Marek's idea also triggered the
bug/error:

> [user@dom0 ~]$ echo date | qvm-run -p mail-1 "QUBESRPC qubes.VMShell dom0"

> /usr/lib/qubes/qubes-rpc-multiplexer: 24: export: gpg-1: bad variable name

Running the same command on another AppVM reported the date correctly.
More info from the VM in question: (everything looks normal?)


user@mail-1:~$ echo $QUBES_GPG_DOMAIN
gpg-1

(empty lines inserted for clarity)

user@mail-1:~$ cat /etc/profile.d/qubes-gpg.sh
#### Setting for client vm ####
# VM with GPG server (default)
#export QUBES_GPG_DOMAIN="gpgvm"

# Per-VM override
if [ -s /rw/config/gpg-split-domain ]; then
export QUBES_GPG_DOMAIN=`cat /rw/config/gpg-split-domain`
fi

#### Settings for GPG VM ####
# Remember user choice for this many seconds - default 5min (300s)
#export QUBES_GPG_AUTOACCEPT=300



user@mail-1:~$ cat /tmp/qubes-session-env
declare -x DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"
declare -x DISPLAY=":0"
declare -x GNOME_DESKTOP_SESSION_ID="c1"
declare -x GPG_AGENT_INFO="/run/user/1000/gnupg/S.gpg-agent:0:1"
declare -x HOME="/home/user"
declare -x LANG="en_US.UTF-8"
declare -x MAIL="/var/mail/user"
declare -x OLDPWD
declare -x QT_ACCESSIBILITY="1"
declare -x QT_LINUX_ACCESSIBILITY_ALWAYS_ON="1"
declare -x QT_X11_NO_MITSHM="1"
declare -x QUBES_ENV_SOURCED="1"
declare -x QUBES_GPG_DOMAIN="gpg-1"
declare -x QUBES_KEYMAP="xkb_keymap {
xkb_keycodes { include \"evdev+aliases(qwerty)\" };
xkb_types { include \"complete\" };
xkb_compat { include \"complete\" };
xkb_symbols { include \"pc+us+inet(evdev)\" };
xkb_geometry { include \"pc(pc105)\" };
};"
declare -x QUBES_USER_KEYMAP=""
declare -x SSH_AGENT_PID="999"
declare -x SSH_AUTH_SOCK="/tmp/ssh-[redacted]/agent.999"
declare -x UPDTYPE="NonUpdateableVM"
declare -x VMTYPE="AppVM"
declare -x WINDOWPATH="7"
declare -x XDG_RUNTIME_DIR="/run/user/1000"
declare -x XDG_SEAT="seat0"
declare -x XDG_SESSION_ID="c1"
declare -x XDG_VTNR="7"


Package versions:
Package: qubes-core-agent
Version: 3.2.25-1+deb9u1

Package: libqubes-rpc-filecopy2
Source: qubes-utils
Version: 3.2.7+deb9u1


I haven't posted the VM config file
/var/lib/qubes/appvms/mail-1/mail-1.conf but it looks near identical to
other appvms. Any ideas what to check from here?

Thanks,
Robert

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, Mar 28, 2018 at 11:54:09PM +1300, Robert Fisk wrote:
> On 03/27/2018 10:11 AM, Marek Marczykowski-Górecki wrote:
> > I try to figure how "gpg-1" got into qubes.Filecopy service execution
> > environment. One of ideas is that something is wrong with exporting
> > QUBES_GPG_DOMAIN variable by /etc/profile.d/qubes-gpg.sh. Can you check
> > if you get the same with other services? For example:
> >
> > echo date | qvm-run -p mail-1 "QUBESRPC qubes.VMShell dom0"
> >
> > (execute "date" using qubes.VMShell service)
> >
> > Check also /tmp/qubes-session-env - maybe some strange formatting
> > happened there?
>
> Thanks everyone for the suggestions. Marek's idea also triggered the
> bug/error:
>
> > [user@dom0 ~]$ echo date | qvm-run -p mail-1 "QUBESRPC qubes.VMShell dom0"
> > /usr/lib/qubes/qubes-rpc-multiplexer: 24: export: gpg-1: bad variable name
>
>
> Running the same command on another AppVM reported the date correctly.
> More info from the VM in question: (everything looks normal?)

(...)

> Any ideas what to check from here?

Everything above looks normal.
I'd add 'set -x` at the beginning of
/usr/lib/qubes/qubes-rpc-multiplexer and see what's going on there
(using qubes.VMShell service).

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlqxcGoACgkQ24/THMrX
1yyhtAf+I+aUI79GM5JW5oQlqCvu+TjQXSPs6ybhNdLzQW+qbll+8u8eO0Ua1fvo
1c1otJPqahlbSvDjJLlXJHVNtM3vb90hxawCy1LbhZGt3DVj3IpWtB3eZrT9YX4H
AmRNYmAfIx39a7/9HeODe+OZ1tYFG0hqSq2wCCGjfcbsE7OFN4WGXZRr7ag7vMhf
ASr0iEYMbM0vg4Z+DADIwFcf+aj+n11nQfzuMu6r+vh80aufVw007cEIX0pKqgDD
aB36mGWpFn64wWDh3QUf4PkL3W7rw/bdjA4nRgD4qUFxoKdJx3sKYMrOtSF9DXBk
OOzVtkLHGYepREiRJxyaWUw83jf5fA==
=Pvfa
-----END PGP SIGNATURE-----

[Robert Fisk]

On 03/29/2018 12:09 AM, Marek Marczykowski-Górecki wrote:
> On Wed, Mar 28, 2018 at 11:54:09PM +1300, Robert Fisk wrote:
>> On 03/27/2018 10:11 AM, Marek Marczykowski-Górecki wrote:
>>> I try to figure how "gpg-1" got into qubes.Filecopy service execution
>>> environment. One of ideas is that something is wrong with exporting
>>> QUBES_GPG_DOMAIN variable by /etc/profile.d/qubes-gpg.sh. Can you check
>>> if you get the same with other services? For example:
>>>
>>> echo date | qvm-run -p mail-1 "QUBESRPC qubes.VMShell dom0"
>>>
>>> (execute "date" using qubes.VMShell service)
>>>
>>> Check also /tmp/qubes-session-env - maybe some strange formatting
>>> happened there?
>
>> Thanks everyone for the suggestions. Marek's idea also triggered the
>> bug/error:
>
>>> [user@dom0 ~]$ echo date | qvm-run -p mail-1 "QUBESRPC qubes.VMShell dom0"
>>> /usr/lib/qubes/qubes-rpc-multiplexer: 24: export: gpg-1: bad variable name
>
>
>> Running the same command on another AppVM reported the date correctly.
>> More info from the VM in question: (everything looks normal?)
>
> (...)
>
>> Any ideas what to check from here?
>
> Everything above looks normal.
> I'd add 'set -x` at the beginning of
> /usr/lib/qubes/qubes-rpc-multiplexer and see what's going on there
> (using qubes.VMShell service).
>
>

Hi all,

Here is a quick note to say that I found the problem, and it was a
configuration error in the AppVM. I had this line in ~/.profile:

> export QUBES_GPG_DOMAIN gpg-1
(missing '=')

Somehow this didn't cause any problem for the last > 1 year, then broke
recently. Thanks to everyone, and sorry for the noise!

Regards,
Robert