From 49916a21b7c163904d8c770092ea483a348f62ba Mon Sep 17 00:00:00 2001 From: Erik Moeller Date: Tue, 21 Apr 2020 17:35:09 -0700 Subject: [PATCH] Run tag cleanup via Salt to avoid duplication --- MANIFEST.in | 1 + Makefile | 1 - {scripts => dom0}/remove-tags | 0 dom0/sd-clean-all.sls | 7 +++++++ rpm-build/SPECS/securedrop-workstation-dom0-config.spec | 2 ++ scripts/securedrop-admin.py | 2 -- 6 files changed, 10 insertions(+), 3 deletions(-) rename {scripts => dom0}/remove-tags (100%) diff --git a/MANIFEST.in b/MANIFEST.in index a3f77ee9..7a10c4f6 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -3,6 +3,7 @@ include dom0/*.top include dom0/*.j2 include dom0/*.yml include dom0/*.conf +include dom0/remove-tags include dom0/securedrop-admin include dom0/securedrop-login include dom0/securedrop-launcher.desktop diff --git a/Makefile b/Makefile index 8043c38b..bb9c20ac 100644 --- a/Makefile +++ b/Makefile @@ -110,7 +110,6 @@ clean: assert-dom0 prep-salt ## Destroys all SD VMs $(MAKE) destroy-all sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.sls sd-clean-whonix sudo qubesctl --show-output state.sls sd-clean-all - ./scripts/remove-tags sudo dnf -y -q remove securedrop-workstation-dom0-config 2>/dev/null || true $(MAKE) clean-salt diff --git a/scripts/remove-tags b/dom0/remove-tags similarity index 100% rename from scripts/remove-tags rename to dom0/remove-tags diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls index 1d5b5647..0778f2a0 100644 --- a/dom0/sd-clean-all.sls +++ b/dom0/sd-clean-all.sls @@ -46,6 +46,12 @@ remove-dom0-sdw-config-files: - /home/{{ gui_user }}/Desktop/securedrop-launcher.desktop - /home/{{ gui_user }}/.securedrop_launcher + +# Remove any custom RPC policy tags added to non-SecureDrop VMs by the user +remove-rpc-policy-tags: + cmd.script: + - name: salt://remove-tags + # Removes files that are provisioned by the dom0 RPM, only for the development # environment, since dnf takes care of those provisioned in the RPM {% if d.environment == "dev" %} @@ -53,6 +59,7 @@ remove-dom0-sdw-config-files-dev: file.absent: - names: - /opt/securedrop + - /srv/salt/remove-tags - /srv/salt/securedrop-update - /srv/salt/update-xfce-settings {% endif %} diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec index b38da295..c446c73a 100644 --- a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec +++ b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec @@ -59,6 +59,7 @@ install -m 644 dom0/*.top %{buildroot}/srv/salt/ install -m 644 dom0/*.j2 %{buildroot}/srv/salt/ install -m 644 dom0/*.yml %{buildroot}/srv/salt/ install -m 644 dom0/*.conf %{buildroot}/srv/salt/ +install -m 655 dom0/remove-tags %{buildroot}/srv/salt/ install -m 644 dom0/securedrop-login %{buildroot}/srv/salt/ install -m 644 dom0/securedrop-launcher.desktop %{buildroot}/srv/salt/ install -m 655 dom0/securedrop-handle-upgrade %{buildroot}/srv/salt/ @@ -92,6 +93,7 @@ install -m 644 launcher/sdw_util/*.py %{buildroot}/srv/salt/launcher/sdw_util/ /opt/securedrop/launcher/**/*.py /srv/salt/sd* /srv/salt/dom0-xfce-desktop-file.j2 +/srv/salt/remove-tags /srv/salt/securedrop-* /srv/salt/update-xfce-settings /srv/salt/fpf* diff --git a/scripts/securedrop-admin.py b/scripts/securedrop-admin.py index b4df75d5..b28c1e85 100644 --- a/scripts/securedrop-admin.py +++ b/scripts/securedrop-admin.py @@ -106,8 +106,6 @@ def perform_uninstall(): subprocess.check_call( ["sudo", "dnf", "-y", "-q", "remove", "qubes-template-securedrop-workstation-buster"] ) - print("Removing SecureDrop tags from remaining VMs") - subprocess.check_call([os.path.join(SCRIPTS_PATH, "scripts/remove-tags")]) print("Uninstalling dom0 config package") subprocess.check_call( ["sudo", "dnf", "-y", "-q", "remove", "securedrop-workstation-dom0-config"]