vm: update only network QDB entries on netvm change

Calling create_qdb_entries() on netvm change fires domain-qdb-create
which rewrites all QubesDB entries including /keyboard-layout, resetting
any custom layout set by the user in the AppVM.

Add update_qdb_netvm_entries() in QubesVM that writes only the
network-related QubesDB entries (IP, gateway, netmask, DNS, MAC).
Use it in create_qdb_entries() to avoid code duplication, and call it
from on_property_set_netvm() instead of create_qdb_entries().

Update tests to mock update_qdb_netvm_entries() instead of
create_qdb_entries() where netvm changes are tested.

Fixes QubesOS/qubes-issues#9892

Signed-off-by: Nancy <9d.24.nancy.sangani@gmail.com>

Author: nancysangani

qubes/tests/vm/mix/net.py

@@ -129,7 +129,7 @@ def test_145_netvm_change(self):
             patch("qubes.vm.qubesvm.QubesVM.is_running", lambda x: True),
             patch("qubes.vm.mix.net.NetVMMixin.attach_network") as mock_attach,
             patch("qubes.vm.mix.net.NetVMMixin.detach_network") as mock_detach,
-            patch("qubes.vm.qubesvm.QubesVM.create_qdb_entries"),
+            patch("qubes.vm.qubesvm.QubesVM.update_qdb_netvm_entries"),
         ):
 
             with self.subTest("setting netvm to none"):
@@ -167,7 +167,7 @@ def test_146_netvm_defer(self):
             patch("qubes.vm.qubesvm.QubesVM.is_paused", lambda x: True),
             patch("qubes.vm.mix.net.NetVMMixin.attach_network") as mock_attach,
             patch("qubes.vm.mix.net.NetVMMixin.detach_network") as mock_detach,
-            patch("qubes.vm.qubesvm.QubesVM.create_qdb_entries"),
+            patch("qubes.vm.qubesvm.QubesVM.update_qdb_netvm_entries"),
             patch("qubes.vm.qubesvm.QubesVM.run_service_for_stdio"),
         ):
 

qubes/vm/qubesvm.py

@@ -2812,25 +2812,7 @@ def create_qdb_entries(self):
             for i, addr in zip(("primary", "secondary"), self.dns):
                 self.untrusted_qdb.write("/qubes-netvm-{}-dns".format(i), addr)
 
-        if self.netvm is not None:
-            self.untrusted_qdb.write("/qubes-mac", str(self.mac))
-            self.untrusted_qdb.write("/qubes-ip", str(self.visible_ip))
-            self.untrusted_qdb.write(
-                "/qubes-netmask", str(self.visible_netmask)
-            )
-            self.untrusted_qdb.write(
-                "/qubes-gateway", str(self.visible_gateway)
-            )
-
-            for i, addr in zip(("primary", "secondary"), self.dns):
-                self.untrusted_qdb.write("/qubes-{}-dns".format(i), str(addr))
-
-            if self.visible_ip6:  # pylint: disable=using-constant-test
-                self.untrusted_qdb.write("/qubes-ip6", str(self.visible_ip6))
-            if self.visible_gateway6:  # pylint: disable=using-constant-test
-                self.untrusted_qdb.write(
-                    "/qubes-gateway6", str(self.visible_gateway6)
-                )
+        self.update_qdb_netvm_entries()
 
         tzname = qubes.utils.get_timezone()
         if tzname and not self.features.check_with_template(
@@ -2869,33 +2851,33 @@ def update_qdb_netvm_entries(self):
             self.untrusted_qdb.write("/qubes-ip", str(self.visible_ip))
             self.untrusted_qdb.write(
                 "/qubes-netmask", str(self.visible_netmask)
-                )
+            )
             self.untrusted_qdb.write(
                 "/qubes-gateway", str(self.visible_gateway)
-                )
+            )
             for i, addr in zip(("primary", "secondary"), self.dns):
                 self.untrusted_qdb.write(
                     "/qubes-{}-dns".format(i), str(addr)
-                    )
-                if self.visible_ip6:
-                    self.untrusted_qdb.write("/qubes-ip6", str(self.visible_ip6))
-                    if self.visible_gateway6:
-                        self.untrusted_qdb.write(
-                            "/qubes-gateway6", str(self.visible_gateway6)
-                            )
-                    else:
-                        # netvm set to None — remove network entries
-                        for key in (
-                            "/qubes-mac",
-                            "/qubes-ip",
-                            "/qubes-netmask",
-                            "/qubes-gateway",
-                            "/qubes-primary-dns",
-                            "/qubes-secondary-dns",
-                            "/qubes-ip6",
-                            "/qubes-gateway6",
-                            ):
-                            self.untrusted_qdb.rm(key)
+                )
+            if self.visible_ip6:
+                self.untrusted_qdb.write("/qubes-ip6", str(self.visible_ip6))
+            if self.visible_gateway6:
+                self.untrusted_qdb.write(
+                    "/qubes-gateway6", str(self.visible_gateway6)
+                )
+        else:
+            # netvm set to None — remove network entries
+            for key in (
+                "/qubes-mac",
+                "/qubes-ip",
+                "/qubes-netmask",
+                "/qubes-gateway",
+                "/qubes-primary-dns",
+                "/qubes-secondary-dns",
+                "/qubes-ip6",
+                "/qubes-gateway6",
+            ):
+                self.untrusted_qdb.rm(key)
 
     # TODO async; update this in constructor
     def _update_libvirt_domain(self):