Allow GUIVM clients to know if GUIVM has session

[ben-grande]

Or if GUID of the client can be found on the server. This script is replicated on qubes-core-qrexec.

For: QubesOS/qubes-notification-proxy#13
For: QubesOS/qubes-gui-agent-linux#251
For: QubesOS/qubes-core-admin#757
For: QubesOS/qubes-issues#1512
For: QubesOS/qubes-issues#9940
Fixes: QubesOS/qubes-issues#10443

---

Please note that this requires version bump of core-qrexec to avoid conflicting package (same file name):

• Query GUIVM session or GUID from client in GUIVM qubes-core-qrexec#217

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.30%. Comparing base (2e5866f) to head (9ae685c).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #625      +/-   ##
==========================================
+ Coverage   69.89%   70.30%   +0.40%     
==========================================
  Files           3        3              
  Lines         495      495              
==========================================
+ Hits          346      348       +2     
+ Misses        149      147       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ben-grande]

Non-dom0 GUIVM doesn't have /var/run/qubes/qrexec.$qube... I think it will require using xenstore to get the qube xid or qvm-prefs, but the latter might be slower. qvm-start-daemon uses vm.xid or vm.stubdom_xid.

[ben-grande]

Non-dom0 GUIVM doesn't have /var/run/qubes/qrexec.$qube... I think it will require using xenstore to get the qube xid or qvm-prefs, but the latter might be slower. qvm-start-daemon uses vm.xid or vm.stubdom_xid.

• I didn't find stubdom_xid being used, not sure it is relevant.
• I didn't find a way to get xid from a domain without using qvm-prefs $qube xid, xenstore-ls doesn't seem to be accessible for clients of a GUIVM and using qubesadmin makes it go through policy evaluation. Technically, I could create guid-running.$qube in qvm-start-daemon if you find this appropriate.

[marmarek]

It's okay to use qvm-prefs here - GUI domain has access to it anyway.
And also, you don't need dom0 case here - core-agent-linux is never running in dom0.

[ben-grande]

And also, you don't need dom0 case here - core-agent-linux is never running in dom0.

It is just to have a single script to copy around both places. If you really don't want it, I can remove the dom0 part from here.

[marmarek]

In this repository I'd prefer to keep just VM part (AKA no dead code). It would make sense if the same script would be in a package installed in both dom0 and VM - we don't have such gui-agent/gui-daemon related package, but maybe linux-utils? Note that moving file between packages requires careful package dependencies, for the package manager to not complain about conflicting files. Debian has specific guidelines for that, maybe Fedora has something like this too?

[ben-grande]

Didn't find Fedora's guidelines, just Debian's. https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces https://wiki.debian.org/PackageTransition -> number 10 For Fedora, will probably be a mix of Conflicts, Obsoletes, Requires keys bound to versions. @fepitre, any insight on this?

…

On Tue, Dec 2, 2025, 7:52 PM Marek Marczykowski-Górecki < ***@***.***> wrote: *marmarek* left a comment (QubesOS/qubes-core-agent-linux#625) <#625 (comment)> In this repository I'd prefer to keep just VM part (AKA no dead code). It would make sense if the same script would be in a package installed in both dom0 and VM - we don't have such gui-agent/gui-daemon related package, but maybe linux-utils? Note that moving file between packages requires careful package dependencies, for the package manager to not complain about conflicting files. Debian has specific guidelines for that, maybe Fedora has something like this too? — Reply to this email directly, view it on GitHub <#625 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCE2O4P7S4WXPGXVALR5AYD37XNXPAVCNFSM6AAAAACNZDRI7OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMMBTGUYTMMJQGI> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[qubesos-bot]

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2026031512-4.3&flavor=pull-requests

Test run included the following:

• Add option to wait for GUI session qubes-app-linux-input-proxy#42 (QubesOS/qubes-app-linux-input-proxy@cd6d205)
• Add Arch packaging qubes-core-admin-client#332 (QubesOS/qubes-core-admin-client@71b1e21)
• version 4.3.999 qubes-core-admin-client#454 (QubesOS/qubes-core-admin-client@fa35e91)
• re-add qubesadmin.tags import qubes-core-admin-client#456 (QubesOS/qubes-core-admin-client@cbdd653)
• tests: log more info on failure qubes-core-admin#736 (QubesOS/qubes-core-admin@a3fc21c)
• Allow GUIVM clients to know if GUIVM has session #625 (e7db241)
• minimal-vms: mask gvfs-daemon to prevent dbus timeout #636 (c28c0f1)
• Query GUIVM session or GUID from client in GUIVM qubes-core-qrexec#217 (QubesOS/qubes-core-qrexec@5dc1b28)
• Add disk2 status and update volume retrieval method qubes-desktop-linux-i3-settings-qubes#23 (QubesOS/qubes-desktop-linux-i3-settings-qubes@8b3f6d3)
• Rewrite qubes-i3-sensible-terminal qubes-desktop-linux-i3-settings-qubes#24 (QubesOS/qubes-desktop-linux-i3-settings-qubes@34e4251)
• Delay connecting with gui-daemon until after starting Xorg qubes-gui-agent-linux#251 (QubesOS/qubes-gui-agent-linux@a981e36)
• Don't hang is-system-running when GUI is disabled qubes-gui-agent-linux#255 (QubesOS/qubes-gui-agent-linux@9129d1c)
• Fix reporting error status for multi-command actions qubes-mgmt-salt-base#20 (QubesOS/qubes-mgmt-salt-base@53ec41a)
• Allow GUIVM clients to know if GUIVM has session qubes-mgmt-salt-dom0-virtual-machines#88 (QubesOS/qubes-mgmt-salt-dom0-virtual-machines@4c3007f)
• Wait for GUI session on the server side qubes-notification-proxy#14 (QubesOS/qubes-notification-proxy@6da96ee)

Installing updates failed, skipping the report!

[ben-grande]

In this repository I'd prefer to keep just VM part (AKA no dead code). It would make sense if the same script would be in a package installed in both dom0 and VM - we don't have such gui-agent/gui-daemon related package, but maybe linux-utils? Note that moving file between packages requires careful package dependencies, for the package manager to not complain about conflicting files. Debian has specific guidelines for that, maybe Fedora has something like this too?

linux-utils doesn't seem to have RPCs. What about maintaining on qubes-core-qrexec repo but moving from packge qubes-core-qrexec to qubes-core-qrexec?

[ben-grande]

Would be very nice if CI could combine this PR with:

• Query GUIVM session or GUID from client in GUIVM qubes-core-qrexec#217

To test if the packaging is right. In the meantime, I will do manually. I don't have this process streamlined yet.

[ben-grande]

Would be very nice if CI could combine this PR with:

* [Query GUIVM session or GUID from client in GUIVM qubes-core-qrexec#217](https://github.com/QubesOS/qubes-core-qrexec/pull/217)

To test if the packaging is right. In the meantime, I will do manually. I don't have this process streamlined yet.

I am still fixing some conflicts by:

• downloading the artifact
• using package manager to install local files

And I see this is still tagged with openqa-pending, so I hope to get it fixed before it is openqaed.

[ben-grande]

Packaging is broken...

user@disp3871:~/QubesIncoming/disp5212/artifacts/repository/vm-trixie$ sudo apt install ./core-agent-linux_4.3.38/qubes-core-agent_4.3.38-1+deb13u1+devel1_amd64.deb ./core-qrexec_4.3.12/qubes-core-qrexec_4.3.12-1+deb13u1+devel1_amd64.deb ./core-qrexec_4.3.12/libqrexec-utils4_4.3.12-1+deb13u1+devel1_amd64.deb
Note, selecting 'qubes-core-agent' instead of './core-agent-linux_4.3.38/qubes-core-agent_4.3.38-1+deb13u1+devel1_amd64.deb'
Note, selecting 'qubes-core-qrexec' instead of './core-qrexec_4.3.12/qubes-core-qrexec_4.3.12-1+deb13u1+devel1_amd64.deb'
Note, selecting 'libqrexec-utils4' instead of './core-qrexec_4.3.12/libqrexec-utils4_4.3.12-1+deb13u1+devel1_amd64.deb'
The following packages were automatically installed and are no longer required:
  conntrack         libunbound8                 python3-jmespath           python3-unbound
  curl              network-manager-gnome       python3-legacy-cgi         python3-webob
  debugedit         python-apt-common           python3-libcomps           python3-yarl
  deltarpm          python-babel-localedata     python3-libdnf             python3-zc.lockfile
  dnf               python3-aiodns              python3-looseversion       python3-zmq
  dnf-data          python3-aiohappyeyeballs    python3-markupsafe         qubes-core-agent-dom0-updates
  fakeroot          python3-aiohttp             python3-msgpack            qubes-core-agent-passwordless-root
  fwupd-qubes-vm    python3-aiosignal           python3-multidict          qubes-gpg-split
  jcat              python3-apt                 python3-numpy              qubes-img-converter
  libcares2         python3-async-timeout       python3-numpy-dev          qubes-input-proxy-sender
  libcomps0         python3-attr                python3-olefile            qubes-mgmt-salt-vm-connector
  libdnf2-common    python3-babel               python3-pil                qubes-notification-agent
  libdnf2t64        python3-certifi             python3-portend            qubes-pdf-converter
  libfakeroot       python3-chardet             python3-propcache          qubes-repo-templates
  libfsverity0      python3-charset-normalizer  python3-pycares            qubes-usb-proxy
  libjcat1          python3-cheroot             python3-pycryptodome       rpm
  liblua5.3-0       python3-cherrypy3           python3-pytz               rpm-common
  libmodulemd2      python3-croniter            python3-qubesimgconverter  rpm2cpio
  libraqm0          python3-dateutil            python3-repoze.lru         salt-common
  librepo0          python3-dnf                 python3-requests           salt-ssh
  librpm-sequoia-1  python3-frozenlist          python3-routes             socat
  librpm10          python3-gnupg               python3-rpm                sqlite3
  librpmbuild10     python3-gpg                 python3-simplejson         tinyproxy
  librpmio10        python3-hawkey              python3-tempora            tinyproxy-bin
  librpmsign10      python3-jaraco.collections  python3-tornado            usbutils
  libsolv1          python3-jaraco.text         python3-tqdm
  libsolvext1       python3-jinja2              python3-tz
Use 'sudo apt autoremove' to remove them.

Upgrading:
  libqrexec-utils4  qubes-core-agent  qubes-core-qrexec

REMOVING:
  qubes-core-agent-network-manager  qubes-core-agent-networking  qubes-vm-recommended

[user@disp5212 vm-fc42]$ rpm -vv -i core-agent-linux_4.3.38/qubes-core-agent-4.3.38-1.1.fc42.x86_64.rpm core-qrexec_4.3.12/qubes-core-qrexec-4.3.12-1.1.fc42.x86_64.rpm core-qrexec_4.3.12/qubes-core-qrexec-vm-4.3.12-1.1.fc42.x86_64.rpm core-qrexec_4.3.12/qubes-core-qrexec-libs-4.3.12-1.1.fc42.x86_64.rpm 2>&1 | grep -e qubes-core-qrexec -e qubes-core-agent -e '======'
D: ============== core-agent-linux_4.3.38/qubes-core-agent-4.3.38-1.1.fc42.x86_64.rpm
D: core-agent-linux_4.3.38/qubes-core-agent-4.3.38-1.1.fc42.x86_64.rpm: Header SHA256 digest: OK
D: core-agent-linux_4.3.38/qubes-core-agent-4.3.38-1.1.fc42.x86_64.rpm: Header SHA1 digest: OK
D: ============== core-qrexec_4.3.12/qubes-core-qrexec-4.3.12-1.1.fc42.x86_64.rpm
D: core-qrexec_4.3.12/qubes-core-qrexec-4.3.12-1.1.fc42.x86_64.rpm: Header SHA256 digest: OK
D: core-qrexec_4.3.12/qubes-core-qrexec-4.3.12-1.1.fc42.x86_64.rpm: Header SHA1 digest: OK
D: ============== core-qrexec_4.3.12/qubes-core-qrexec-vm-4.3.12-1.1.fc42.x86_64.rpm
D: core-qrexec_4.3.12/qubes-core-qrexec-vm-4.3.12-1.1.fc42.x86_64.rpm: Header SHA256 digest: OK
D: core-qrexec_4.3.12/qubes-core-qrexec-vm-4.3.12-1.1.fc42.x86_64.rpm: Header SHA1 digest: OK
D: ============== core-qrexec_4.3.12/qubes-core-qrexec-libs-4.3.12-1.1.fc42.x86_64.rpm
D: core-qrexec_4.3.12/qubes-core-qrexec-libs-4.3.12-1.1.fc42.x86_64.rpm: Header SHA256 digest: OK
D: core-qrexec_4.3.12/qubes-core-qrexec-libs-4.3.12-1.1.fc42.x86_64.rpm: Header SHA1 digest: OK
D: ========== +++ qubes-core-agent-4.3.38-1.1.fc42 x86_64/linux 0x2
D:  Requires: qubes-core-agent-selinux                      YES (db provides)
D:  Requires: (qubes-core-agent-selinux if selinux-policy)  YES (rich)
D:  Requires: config(qubes-core-agent) = 4.3.38-1.1.fc42    YES (added provide)
D:  Requires: qubes-core-qrexec >= 4.3.12                   YES (added provide)
D:  Requires: qubes-core-qrexec-vm >= 4.3.12                YES (added provide)
D: Obsoletes: qubes-core-qrexec < 4.3.12                    YES (db provides)
D: ========== +++ qubes-core-qrexec-4.3.12-1.1.fc42 x86_64/linux 0x0
D:  Requires: qubes-core-agent >= 4.3.38                    YES (added provide)
D: Conflicts: qubes-core-agent-qrexec < 4.1.0               NO
D: Obsoletes: qubes-core-agent < 4.3.38                     YES (db provides)
D: ========== +++ qubes-core-qrexec-vm-4.3.12-1.1.fc42 x86_64/linux 0x2
D:  Requires: qubes-core-qrexec-vm-selinux                  YES (db provides)
D:  Requires: (qubes-core-qrexec-vm-selinux if selinux-policy) YES (rich)
D:  Requires: config(qubes-core-qrexec-vm) = 4.3.12-1.1.fc42 YES (added provide)
D:  Requires: qubes-core-qrexec = 4.3.12-1.1.fc42           YES (added provide)
D:  Requires: qubes-core-qrexec-libs >= 4.3.12-1.1.fc42     YES (added provide)
D: Obsoletes: qubes-core-agent-qrexec < 4.1.0-1             NO
D: ========== +++ qubes-core-qrexec-libs-4.3.12-1.1.fc42 x86_64/linux 0x2
        qubes-core-qrexec < 4.3.12 is obsoleted by qubes-core-agent-4.3.38-1.1.fc42.x86_64
        qubes-core-agent < 4.3.38 is obsoleted by qubes-core-qrexec-4.3.12-1.1.fc42.x86_64

[marmarek]

This should be the other way around - qrexec package declaring those on core-agent

[marmarek]

I don't think obsoletes is relevant here. But qrexec may need similar Conflict: dependency (to force update ordering)