dom0-update: In download mode, only send specifically requested packages to dom0

crass · crass · commit 603b81169194 · 2026-02-28T01:55:37.000-06:00
Save output of the package manager command. Then, if called with download action, parse out the requested packages and only send those to dom0. This fixes an issue where packages could be installed that were not intended or where packages could not be installed due to missing dependencies from packages not explicitly requested by the user. Fixes QubesOS/qubes-issues#10716
diff --git a/package-managers/qubes-download-dom0-updates.sh b/package-managers/qubes-download-dom0-updates.sh
@@ -169,15 +169,36 @@ fi
 
 set -e
 
-"${UPDATE_COMMAND[@]}" "${OPTS[@]}" "${PKGLIST[@]}"
+"${UPDATE_COMMAND[@]}" "${OPTS[@]}" "${PKGLIST[@]}" | tee "$DOM0_UPDATES_DIR/download.out"
 
+# Collect rpms from various download locations into one directory
 find "$DOM0_UPDATES_DIR/var/cache" -name '*.rpm' -print0 2>/dev/null |\
     xargs -0 -r ln -f -t "$DOM0_UPDATES_DIR/packages/"
 
-if ls "$DOM0_UPDATES_DIR"/packages/*.rpm > /dev/null 2>&1; then
+case "$UPDATE_ACTION" in
+    download|upgrade|install)
+        RPMS=$(
+            grep '^ ' "$DOM0_UPDATES_DIR/download.out" |
+            tail -n +2 |
+            while read PKG ARCH VER REPO SIZE; do
+                F="$PKG-${VER##*:}.$ARCH.rpm"
+                if [ -f "$DOM0_UPDATES_DIR"/packages/"$F" ]; then
+                    echo "$F"
+                else
+                    # Did not find package that was supposed to be downloaded... bail
+                    echo "Package $F requested but not downloaded" >&2
+                    exit 1
+                fi
+            done
+        )
+        ;;
+esac
+
+if [ -n "$RPMS" ]; then
     if [ -n "$SIGNATURE_REGEX" ]; then
         rpmkeys_error=0
-        for pkg in "$DOM0_UPDATES_DIR"/packages/*.rpm; do
+        for rpmfile in $RPMS; do
+            pkg="$DOM0_UPDATES_DIR"/packages/"$rpmfile"
             rpmkeys_exit_code=0
             output="$(rpmkeys --root "$DOM0_UPDATES_DIR" --checksig "$pkg")" \
                 || rpmkeys_exit_code="$?"
@@ -201,11 +222,13 @@ if ls "$DOM0_UPDATES_DIR"/packages/*.rpm > /dev/null 2>&1; then
 
     cmd="/usr/lib/qubes/qrexec-client-vm dom0 qubes.ReceiveUpdates /usr/lib/qubes/qfile-agent"
     qrexec_exit_code=0
-    $cmd "$DOM0_UPDATES_DIR"/packages/*.rpm || { qrexec_exit_code=$? ; true; };
+    rpmfiles=$(for rpmfile in $RPMS; do echo "$DOM0_UPDATES_DIR"/packages/"$rpmfile"; done)
+    $cmd $rpmfiles || { qrexec_exit_code=$? ; true; };
     if [ ! "$qrexec_exit_code" = "0" ]; then
-        echo "'$cmd $DOM0_UPDATES_DIR/packages/*.rpm' failed with exit code ${qrexec_exit_code}!" >&2
+        echo "'$cmd $rpmfiles failed with exit code ${qrexec_exit_code}!" >&2
         exit "$qrexec_exit_code"
     fi
 else
     echo "No packages downloaded" >&2
 fi
+rm -f "$DOM0_UPDATES_DIR/download.out"
