Cleans up with comments and better way to remove package

`make clean` now cleans whonix-gw-15 with proper removal of `securedrop-log` package using Salt states.
freedomofpress · Feb 19, 2020 · 232c56f · 232c56f
1 parent c243d7b
commit 232c56f
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 18 deletions.
diff --git a/Makefile b/Makefile
@@ -113,6 +113,7 @@ remove-sd-log: assert-dom0 ## Destroys SD logging VM
 clean: assert-dom0 prep-salt ## Destroys all SD VMs
 	sudo qubesctl --show-output state.sls sd-clean-default-dispvm
 	$(MAKE) destroy-all
+	sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.sls sd-clean-whonix
 	sudo qubesctl --show-output state.sls sd-clean-all
 	sudo dnf -y -q remove securedrop-workstation-dom0-config 2>/dev/null || true
 	$(MAKE) clean-salt

diff --git a/dom0/sd-app-files.sls b/dom0/sd-app-files.sls
@@ -12,20 +12,15 @@ include:
   - fpf-apt-test-repo
 
 # FPF repo is setup in "securedrop-workstation" template
-install-securedrop-client-package:
+install-securedrop-client-and-securedrop-log-package:
   pkg.installed:
     - pkgs:
       - securedrop-client
-    - require:
-      - sls: fpf-apt-test-repo
-
-install-securedrop-log-package:
-  pkg.installed:
-    - pkgs:
       - securedrop-log
     - require:
       - sls: fpf-apt-test-repo
 
+
 sd-rsyslog-for-sd-app:
   file.managed:
     - name: /etc/sd-rsyslog.conf

diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls
@@ -15,9 +15,9 @@ sd-cleanup-whonix-gw-15:
     - names:
       - qvm-run whonix-gw-15 'sudo rm -f /etc/rsyslog.d/sdlog.conf'
       - qvm-run whonix-gw-15 'sudo rm -f /etc/apt/sources.list.d/securedrop_workstation.list'
-      - qvm-run whonix-gw-15 'sudo apt remove -y securedrop-log'
       - qvm-run whonix-gw-15 'sudo systemctl restart rsyslog'
       - qvm-run whonix-gw-15 'sudo apt-key del 4ED79CC3362D7D12837046024A3BE4A92211B03C'
+      - qvm-run whonix-gw-15 'sudo apt-key del 22245C81E3BAEB4138B36061310F561200F4AD77'
 
 
 

diff --git a/dom0/sd-clean-whonix.sls b/dom0/sd-clean-whonix.sls
@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+##
+# removes securedrop-log rsyslog plugin in whonix-gw-15
+##
+
+remove-securedrop-log-package-from-whonix:
+  pkg.removed:
+    - pkgs:
+      - securedrop-log
diff --git a/dom0/sd-log-template-files.sls b/dom0/sd-log-template-files.sls
@@ -3,7 +3,7 @@
 include:
   - fpf-apt-test-repo
 
-install-securedrop-log-package:
+sd-log-install-securedrop-log-package:
   pkg.installed:
     - pkgs:
       - redis-server

diff --git a/dom0/sd-proxy-template-files.sls b/dom0/sd-proxy-template-files.sls
@@ -41,20 +41,15 @@ sd-proxy-configure-mimetypes:
 
 # Depends on FPF-controlled apt repo, already present
 # in underlying "securedrop-workstation" base template.
-install-securedrop-proxy-package:
+install-securedrop-proxy-and-securedrop-log-package:
   pkg.installed:
     - pkgs:
       - securedrop-proxy
-    - require:
-      - sls: fpf-apt-test-repo
-
-install-securedrop-log-package:
-  pkg.installed:
-    - pkgs:
       - securedrop-log
     - require:
       - sls: fpf-apt-test-repo
 
+
 {% import_json "sd/config.json" as d %}
 
 install-securedrop-proxy-yaml-config:

diff --git a/dom0/sd-whonix-rsyslog-enable.sls b/dom0/sd-whonix-rsyslog-enable.sls
@@ -13,11 +13,17 @@ sd-rsyslog-for-sd-whonix:
     - context:
         vmname: sd-whonix
 
+
+# We can not place the file on the template under /etc/rsyslog.d/ because of whonix
+# template. This sdlog.conf file is the same from the securedrop-log package, to
+# make sure that rsyslogd use our logging plugin.
 sd-rsyslog-sdlog-conf-for-sd-whonix:
   file.managed:
     - name: /rw/config/sdlog.conf
     - source: "salt://sdlog.conf"
 
+# Because whonix-gw-15 template is not allowing to create the config file on
+# package install time, we do it via rc.local call.
 sd-rc-enable-logging:
   file.blockreplace:
     - name: /rw/config/rc.local

diff --git a/scripts/provision-all b/scripts/provision-all
@@ -21,8 +21,8 @@ echo "Setup sd-log-buster-template vm first"
 sudo qubesctl --show-output --skip-dom0 --targets sd-log-buster-template state.highstate
 # Provision whonix-gw-15 with log additions because it isn't tagged with sd-workstation (we don't want it removed after a make clean)
 sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.highstate
-sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.sls sd-whonix-template-files
-
+#sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.sls sd-whonix-template-files
+qvm-shutdown --wait whonix-gw-15
 
 # Format list of all VMs comma-separated, for use as qubesctl target
 # We run this after dom0's highstate, so that the VMs are available for listing by tag.