Using python to manage labels doesn't work

User Support
1

As far as I understand, the following code should result in creating a new label. However, it doesn’t work.

import qubes
q=qubes.Qubes()
q.labels[999]=qubes.Label(999, '0x000000', 'foo')
q.save()

checking this in qubesd afterwards returns QubesValueError, showing that no change was actually made

qubesd-query --null --empty dom0 admin.labels.Get dom0 foo

meanwhile, starting another python interpreter to check shows that the changes have persisted.

import qubes
q=qubes.Qubes
q.labels[999]

Can someone please explain why this doesn’t work? and why the python interface and qubesd are diverging?

2

You need to import qubesadmin .

Don’t use the qubes module, that one is only for internal use by QubesOS.

1 Like
3

I’m not sure how to achieve what I want using the qubesadmin package. Any suggestions?

4

According to Properly handle concurrent access to qubes.xml · Issue #1729 · QubesOS/qubes-issues · GitHub there seems to be some kind of lock mechanism implemented on qubes.xml, which is where the relevant changes are made by the qubes package. According to Admin API | Qubes OS the service qubesd is normally in charge of modifying qubes.xml, so it turns out it was just rolling back the changes made by the python script.
The solution is stopping the qubesd service temporarily, running the python script in OP, then starting the service again.

systemctl stop qubesd
systemctl start qubesd

Even more easily, if you shut down the qubesd service you can just directly edit qubes.xml.

5

qubes library is only available in dom0. qubesadmin is what to use. Sample program to list all lables and their values:

#!/usr/lib/python3

from qubesadmin import Qubes

app = Qubes()

for label in app.labels:
    print(label, app.labels[label].color)

The qubesadmin library does not implement admin.label.Create and admin.label.Remove API calls. but it is relatively easy to implement. Take a look at /usr/lib/python3.1x/site-packages/qubesadmin/label.py and color or index methods for more information. The details about API calls are available online on Qubes API Admin page.

3 Likes
6

Thanks, my method actually allows you to edit/change existing labels as well, including system default ones. For whatever reason, the devs chose not to implement a straight forward way of doing this.