From 70729aafeb321d52a4ed0e3725db63bdcddeaf0d Mon Sep 17 00:00:00 2001
From: Zaz Brown <zazbrown@zazbrown.com>
Date: Thu, 16 Jan 2025 13:22:07 +0000
Subject: [PATCH 1/4] strip trailing slash from source directory

FIXES `qubes-fs-tree-check: Refusing to copy unsafe symbolic link "dir//link"` when you run `qvm-copy dir/`
---
 qubes-rpc/qvm-copy | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/qubes-rpc/qvm-copy b/qubes-rpc/qvm-copy
index 12930ca1..4c70254a 100755
--- a/qubes-rpc/qvm-copy
+++ b/qubes-rpc/qvm-copy
@@ -93,8 +93,11 @@ else
   VM="@default"
 fi
 
+# strip trailing slash from source directory
+SOURCE="${@%/}"
+
 if FILECOPY_TOTAL_BYTES=$("$scriptdir/qubes/qubes-fs-tree-check" \
-    --allow-symlinks --allow-directories --machine -- "$@"); then
+    --allow-symlinks --allow-directories --machine -- "${SOURCE}"); then
     service=qubes.Filecopy
 else
     status=$?
@@ -104,8 +107,8 @@ fi
 if [[ "$PROGRESS_TYPE" = 'console' ]]; then export FILECOPY_TOTAL_BYTES; fi
 
 "$scriptdir/qubes/qrexec-client-vm" --filter-escape-chars-stderr -- "$VM" \
-    "$service" "$scriptdir/qubes/qfile-agent" ${ignore_symlinks+--ignore-symlinks} -- "$@"
+    "$service" "$scriptdir/qubes/qfile-agent" ${ignore_symlinks+--ignore-symlinks} -- "${SOURCE}"
 
 if [ "$OPERATION_TYPE" = "move" ] ; then
-    rm -rf -- "$@"
+    rm -rf -- "${SOURCE}"
 fi

From 8fb8e267618cd9bde94ee58868e06a4301ff045f Mon Sep 17 00:00:00 2001
From: Zaz Brown <zazbrown@zazbrown.com>
Date: Thu, 16 Jan 2025 14:19:58 +0000
Subject: [PATCH 2/4] FIX --ignore-symlinks

Previously, `qvm-copy --ignore-symlinks` could result in `qubes-fs-tree-check: Refusing to copy unsafe symbolic link`
---
 qubes-rpc/qvm-copy | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qubes-rpc/qvm-copy b/qubes-rpc/qvm-copy
index 4c70254a..f60eb014 100755
--- a/qubes-rpc/qvm-copy
+++ b/qubes-rpc/qvm-copy
@@ -97,6 +97,7 @@ fi
 SOURCE="${@%/}"
 
 if FILECOPY_TOTAL_BYTES=$("$scriptdir/qubes/qubes-fs-tree-check" \
+    ${ignore_symlinks+--ignore-symlinks} \
     --allow-symlinks --allow-directories --machine -- "${SOURCE}"); then
     service=qubes.Filecopy
 else

From baa8c345b7e13d2e335f24b3c34f6df32f907a56 Mon Sep 17 00:00:00 2001
From: Zaz Brown <zazbrown@zazbrown.com>
Date: Thu, 16 Jan 2025 14:25:35 +0000
Subject: [PATCH 3/4] refactor

---
 qubes-rpc/qvm-copy | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/qubes-rpc/qvm-copy b/qubes-rpc/qvm-copy
index f60eb014..26ae5b46 100755
--- a/qubes-rpc/qvm-copy
+++ b/qubes-rpc/qvm-copy
@@ -75,7 +75,7 @@ while [ "$#" -gt 0 ]; do
     case $1 in
         (--without-progress) export PROGRESS_TYPE=none; shift;;
         (--with-progress) export PROGRESS_TYPE=console; shift;;
-        (--ignore-symlinks) ignore_symlinks=true; shift;;
+        (--ignore-symlinks) ignore_symlinks="--ignore-symlinks"; shift;;
         (--no-ignore-symlinks) unset ignore_symlinks; shift;;
         (-h|--help) usage 0;;
         (--) shift; break;;
@@ -97,7 +97,7 @@ fi
 SOURCE="${@%/}"
 
 if FILECOPY_TOTAL_BYTES=$("$scriptdir/qubes/qubes-fs-tree-check" \
-    ${ignore_symlinks+--ignore-symlinks} \
+    ${ignore_symlinks} \
     --allow-symlinks --allow-directories --machine -- "${SOURCE}"); then
     service=qubes.Filecopy
 else
@@ -108,7 +108,7 @@ fi
 if [[ "$PROGRESS_TYPE" = 'console' ]]; then export FILECOPY_TOTAL_BYTES; fi
 
 "$scriptdir/qubes/qrexec-client-vm" --filter-escape-chars-stderr -- "$VM" \
-    "$service" "$scriptdir/qubes/qfile-agent" ${ignore_symlinks+--ignore-symlinks} -- "${SOURCE}"
+    "$service" "$scriptdir/qubes/qfile-agent" ${ignore_symlinks} -- "${SOURCE}"
 
 if [ "$OPERATION_TYPE" = "move" ] ; then
     rm -rf -- "${SOURCE}"

From 397b8c1d4aba12d0c31bae5fbfba07a23a918952 Mon Sep 17 00:00:00 2001
From: Zaz Brown <zazbrown@zazbrown.com>
Date: Fri, 17 Jan 2025 17:32:44 +0000
Subject: [PATCH 4/4] FIX qvm-copy for multiple sources

fixes bug introduced in previous commit
---
 qubes-rpc/qvm-copy | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/qubes-rpc/qvm-copy b/qubes-rpc/qvm-copy
index 26ae5b46..db74946d 100755
--- a/qubes-rpc/qvm-copy
+++ b/qubes-rpc/qvm-copy
@@ -94,11 +94,11 @@ else
 fi
 
 # strip trailing slash from source directory
-SOURCE="${@%/}"
+SOURCE=( "${@%/}" )
 
 if FILECOPY_TOTAL_BYTES=$("$scriptdir/qubes/qubes-fs-tree-check" \
     ${ignore_symlinks} \
-    --allow-symlinks --allow-directories --machine -- "${SOURCE}"); then
+    --allow-symlinks --allow-directories --machine -- "${SOURCE[@]}"); then
     service=qubes.Filecopy
 else
     status=$?
@@ -108,8 +108,8 @@ fi
 if [[ "$PROGRESS_TYPE" = 'console' ]]; then export FILECOPY_TOTAL_BYTES; fi
 
 "$scriptdir/qubes/qrexec-client-vm" --filter-escape-chars-stderr -- "$VM" \
-    "$service" "$scriptdir/qubes/qfile-agent" ${ignore_symlinks} -- "${SOURCE}"
+    "$service" "$scriptdir/qubes/qfile-agent" ${ignore_symlinks} -- "${SOURCE[@]}"
 
 if [ "$OPERATION_TYPE" = "move" ] ; then
-    rm -rf -- "${SOURCE}"
+    rm -rf -- "${SOURCE[@]}"
 fi