diff --git a/dom0/sd-export-files.sls b/dom0/sd-export-files.sls index 8bcf8664..11e72189 100644 --- a/dom0/sd-export-files.sls +++ b/dom0/sd-export-files.sls @@ -11,6 +11,11 @@ include: - fpf-apt-test-repo +sd-export-template-install-cryptsetup: + pkg.installed: + - pkgs: + - cryptsetup + sd-export-send-to-usb-script: file.managed: - name: /usr/bin/send-to-usb diff --git a/dom0/sd-export.sls b/dom0/sd-export.sls index a947aa38..58cc2697 100644 --- a/dom0/sd-export.sls +++ b/dom0/sd-export.sls @@ -12,8 +12,8 @@ sd-export-template: qvm.vm: - name: sd-export-template - clone: - - source: sd-workstation-template - - label: yellow + - source: securedrop-workstation + - label: red - tags: - add: - sd-workstation @@ -25,7 +25,7 @@ sd-export-usb-dvm: - name: sd-export-usb-dvm - present: - template: sd-export-template - - label: yellow + - label: red - prefs: - netvm: "" - template_for_dispvms: True @@ -55,6 +55,8 @@ sd-export-template-sync-appmenus: create-named-sd-export-dispvm-and-permanently-attach: cmd.run: - name: > + qvm-kill sd-export-usb || true; qvm-remove --force sd-export-usb || true; qvm-create --class DispVM --template sd-export-usb-dvm --label red sd-export-usb; qvm-usb attach --persistent sd-export-usb {{ d.usb.device }} || true; + qvm-tags sd-export-usb add sd-workstation diff --git a/scripts/list-vms b/scripts/list-vms index 92722214..bc721647 100755 --- a/scripts/list-vms +++ b/scripts/list-vms @@ -6,6 +6,8 @@ set -u set -o pipefail +# When adding new VMs, ensure the template is listed *after* the AppVMs that +# use it. declare -a sd_workstation_vm_names=( sd-gpg sd-proxy @@ -16,9 +18,9 @@ declare -a sd_workstation_vm_names=( sd-whonix sd-svs-disp sd-svs-disp-template - sd-export-template sd-export-usb-dvm sd-export-usb + sd-export-template ) for vm in "${sd_workstation_vm_names[@]}" ; do diff --git a/sd-export/send-to-usb b/sd-export/send-to-usb index e7ce7689..0d57fe74 100755 --- a/sd-export/send-to-usb +++ b/sd-export/send-to-usb @@ -3,7 +3,6 @@ import datetime import json import os -import shutil import subprocess import sys import tarfile @@ -83,16 +82,15 @@ if os.path.exists(FILE): target_folder_path = os.path.join(MOUNTPOINT, target_folder) subprocess.check_call(["mkdir", target_folder_path]) export_data = os.path.join(tmpdir, folder_name, "export_data/") - shutil.move(export_data, target_folder_path) + subprocess.check_call(["cp", "-r", export_data, target_folder_path]) # sync the filesystem, unmount drive and lock the luks volume # we use call here to ensure they are blocking and avoid races subprocess.check_call(["sync"]) subprocess.check_call(["sudo", "umount", MOUNTPOINT]) subprocess.check_call(["sudo", "cryptsetup", "luksClose", ENCRYPTED_DEVICE]) - # race condition when using shutils subprocess.check_call(["rm", "-rf", tmpdir]) - except (subprocess.CalledProcessError, os.OSError) as e: + except (subprocess.CalledProcessError, OSError) as e: print("An error occurred while mounting disk or copying files to disk:") print(e.output) sys.exit(0) diff --git a/tests/test_sd_export.py b/tests/test_sd_export.py index 2053f698..c6dc4e47 100644 --- a/tests/test_sd_export.py +++ b/tests/test_sd_export.py @@ -17,6 +17,9 @@ def test_files_are_properly_copied(self): self.assertFilesMatch("/usr/share/mime/packages/application-x-sd-export.xml", # noqa "sd-export/application-x-sd-export.xml") + def test_sd_export_package_installed(self): + self.assertTrue(self._package_is_installed("cryptsetup")) + def load_tests(loader, tests, pattern): suite = unittest.TestLoader().loadTestsFromTestCase(SD_Export_Tests)