Skip to content

Commit

Permalink
Switch staging target to RPM; remove prod target
Browse files Browse the repository at this point in the history
  • Loading branch information
eloquence committed Aug 18, 2020
1 parent 58cedea commit 9dc287a
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 44 deletions.
15 changes: 2 additions & 13 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -11,27 +11,16 @@ all: assert-dom0
@echo
@echo "make dev"
@echo "make staging"
@echo "make prod"
@echo
@echo "These targets will set your config.json to the appropriate environment."
@false

dev: assert-dom0 ## Configures and builds a DEVELOPMENT install
./scripts/configure-environment --env dev
dev staging: assert-dom0 ## Configures and builds a dev or staging environment
./scripts/configure-environment --env $@
$(MAKE) validate
$(MAKE) prep-dev
sdw-admin --apply

prod: assert-dom0 ## Configures and builds a PRODUCTION install for pilot use
./scripts/configure-environment --env prod
$(MAKE) validate
./scripts/provision-all

staging: assert-dom0 ## Configures and builds a STAGING install. To be used on test hardware ONLY
./scripts/configure-environment --env staging
$(MAKE) validate
./scripts/provision-all

dom0-rpm: ## Builds rpm package to be installed on dom0
@./scripts/build-dom0-rpm

Expand Down
6 changes: 2 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -180,8 +180,6 @@ When the installation process completes, a number of new VMs will be available o

The staging environment is intended to provide an experience closer to a production environment. For example, it will alter power management settings on your laptop to prevent suspending it to disk, and make other changes that may not be desired during day-to-day development in Qubes.

**IMPORTANT: THE STAGING ENVIRONMENT SHOULD NEVER BE USED FOR PRODUCTION PURPOSES. IT SHOULD ALSO NOT BE USED ON DEVELOPER MACHINES, BUT ONLY ON TEST MACHINES THAT HOLD NO SENSITIVE DATA.**

#### Update `dom0`, `fedora-31`, `whonix-gw-15` and `whonix-ws-15` templates

Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong.
Expand All @@ -194,9 +192,9 @@ In the Qubes Menu, navigate to `System Tools` and click on `Qubes Update`. Click

You can install the staging environment in two ways:

- If you have an up-to-date clone of this repo with a valid configuration in `dom0`, you can use the `make staging` target to provision a staging environment. Prior to provisioning, `make staging` will set your `config.json` environment to `staging`. As part of the provisioning, your package repository configuration will be updated to use the latest test release of the RPM package, and the latest nightlies of the Debian packages.
- If you have an up-to-date clone of this repo with a valid configuration in `dom0`, you can use the `make staging` target to provision a staging environment. Prior to provisioning, `make staging` will set your `config.json` environment to `staging`. As part of the provisioning, a locally built RPM will be installed in dom0, and your package repository configuration will be updated to use the latest test release of the RPM package, and the latest nightlies of the Debian packages (same as `make dev`).

- If you want to install a staging environment from scratch in a manner similar to a production install (starting from an RPM, and using `sdw-admin` for the installation), follow the process in the following sections.
- If you want to download a specific version of the RPM, and follow a verification procedure similar to that used in a production install, follow the process in the following sections.

#### Download and install securedrop-workstation-dom0-config package

Expand Down
32 changes: 5 additions & 27 deletions scripts/configure-environment
Original file line number Diff line number Diff line change
@@ -1,15 +1,12 @@
#!/usr/bin/env python3
"""
Helper script to permit developers to select deployment
strategies for the dom0-based SecureDrop Workstation config.
Updates the config.json in-place in dom0 in order to modify.
Updates the config.json in-place in dom0 to set the environment to 'dev' or
'staging'.
"""
import json
import sys
import argparse
import os
from distutils.util import strtobool


def parse_args():
Expand All @@ -23,10 +20,10 @@ def parse_args():
)
parser.add_argument(
"--environment",
default="prod",
default="dev",
required=False,
action="store",
help="Target deploy strategy, e.g. 'prod', 'dev', or 'staging'",
help="Target deploy strategy, i.e. 'dev', or 'staging'",
)
args = parser.parse_args()
if not os.path.exists(args.config):
Expand All @@ -35,28 +32,12 @@ def parse_args():
parser.print_help(sys.stderr)
sys.exit(1)

if args.environment not in ("prod", "dev", "staging"):
if args.environment not in ("dev", "staging"):
parser.print_help(sys.stderr)
sys.exit(2)
return args


def confirm_staging():
"""Prompt for confirmation if staging selected.
We only want to use staging on test machines.
"""
print("WARNING: Config environment 'staging' was requested.")
print("WARNING: The staging env should only be used on TEST HARDWARE.")
print("WARNING: If you are on a primary laptop for work/production use, ")
print("WARNING: please update your config.json with environment=prod.")
confirmation = input("WARNING: Are you sure you wish to continue? [y/N] ")
try:
assert strtobool(confirmation)
except (AssertionError, ValueError):
print("Confirmation declined, exiting...")
sys.exit(1)


def set_env_in_config(args):
with open(args.config, "r") as f:
old_config = json.load(f)
Expand All @@ -75,7 +56,4 @@ def set_env_in_config(args):
if __name__ == "__main__":
args = parse_args()

if args.environment == "staging":
confirm_staging()

set_env_in_config(args)

0 comments on commit 9dc287a

Please sign in to comment.