qvm-device: add --force flag for dom0 device attachment

[nihalxkumar]

Attaching a device directly to dom0 carries security risks, so the tool now requires explicit user confirmation when the target is an AdminVM(dom0).

A new --force / -f flag bypasses the interactive prompt for scripted or automated use.

The confirmation reads from stdin and treats EOF (closed/piped stdin) as a cancellation, preventing silent attachments in non-interactive contexts.

fixes: QubesOS/qubes-issues#10825

related: QubesOS/qubes-core-admin#798

[parulin]

It should also be documented.

[nihalxkumar]

It should also be documented.

Thanks @parulin. The introduction of this change is still in discussion. Would of course document it.

[marmarek]

The build fails because of missing man page entry:

11:59:54 [qb.build_rpm.core-admin-client.host-fc41.build] DEBUG: Undocumented arguments for command 'qvm-device attach': '--force, -f'

[rustybird]

When invoked without --force, IMO it should behave like qvm-remove or qvm-volume clear do when invoked without --force. They interactively prompt to confirm:

https://github.com/QubesOS/qubes-core-admin-client/blob/v4.3.30/qubesadmin/tools/qvm_volume.py#L175-L180

[ben-grande]

About the use of --force or a flag with another name, wait for a response to Rusty's comment on QubesOS/qubes-issues#10825 (comment).

[ben-grande]

Also, next time, don't use your main branch, create a separate branch for making commits. Now, if you force push to base on a different branch, I think Github will force close this PR, so keep as is.

[ben-grande]

Please add "Fixes: QubesOS/qubes-issues#10825" to the commit message.

[nihalxkumar]

@ben-grande commit message or PR description or both?

[ben-grande]

Both is better.

[nihalxkumar]

@parulin @marmarek @rustybird
MAN page + interactive confirmation
I prefer --force as with the consensus on the issue

[ben-grande]

Please squash the commits.

[ben-grande]

There is a merge commit. To squash, I normally do git rebase -i upstream/main and do "fixup".

[nihalxkumar]

all good now

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.86%. Comparing base (f79b7ee) to head (7df44bf).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #466      +/-   ##
==========================================
+ Coverage   76.82%   76.86%   +0.03%     
==========================================
  Files          53       53              
  Lines        9361     9374      +13     
==========================================
+ Hits         7192     7205      +13     
  Misses       2169     2169              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ben-grande]

• I think you can make this try block less repetitive.
• Please add appropriate test
• In the case of EOFError, it should not exit 0.

[nihalxkumar]

Updated, pls check