diff --git a/Makefile b/Makefile index c366581a..043cf232 100644 --- a/Makefile +++ b/Makefile @@ -11,27 +11,16 @@ all: assert-dom0 @echo @echo "make dev" @echo "make staging" - @echo "make prod" @echo @echo "These targets will set your config.json to the appropriate environment." @false -dev: assert-dom0 ## Configures and builds a DEVELOPMENT install - ./scripts/configure-environment --env dev +dev staging: assert-dom0 ## Configures and builds a dev or staging environment + ./scripts/configure-environment --env $@ $(MAKE) validate $(MAKE) prep-dev sdw-admin --apply -prod: assert-dom0 ## Configures and builds a PRODUCTION install for pilot use - ./scripts/configure-environment --env prod - $(MAKE) validate - ./scripts/provision-all - -staging: assert-dom0 ## Configures and builds a STAGING install. To be used on test hardware ONLY - ./scripts/configure-environment --env staging - $(MAKE) validate - ./scripts/provision-all - dom0-rpm: ## Builds rpm package to be installed on dom0 @./scripts/build-dom0-rpm diff --git a/README.md b/README.md index e3f253fe..f74b35c0 100644 --- a/README.md +++ b/README.md @@ -180,8 +180,6 @@ When the installation process completes, a number of new VMs will be available o The staging environment is intended to provide an experience closer to a production environment. For example, it will alter power management settings on your laptop to prevent suspending it to disk, and make other changes that may not be desired during day-to-day development in Qubes. -**IMPORTANT: THE STAGING ENVIRONMENT SHOULD NEVER BE USED FOR PRODUCTION PURPOSES. IT SHOULD ALSO NOT BE USED ON DEVELOPER MACHINES, BUT ONLY ON TEST MACHINES THAT HOLD NO SENSITIVE DATA.** - #### Update `dom0`, `fedora-31`, `whonix-gw-15` and `whonix-ws-15` templates Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong. @@ -194,9 +192,9 @@ In the Qubes Menu, navigate to `System Tools` and click on `Qubes Update`. Click You can install the staging environment in two ways: -- If you have an up-to-date clone of this repo with a valid configuration in `dom0`, you can use the `make staging` target to provision a staging environment. Prior to provisioning, `make staging` will set your `config.json` environment to `staging`. As part of the provisioning, your package repository configuration will be updated to use the latest test release of the RPM package, and the latest nightlies of the Debian packages. +- If you have an up-to-date clone of this repo with a valid configuration in `dom0`, you can use the `make staging` target to provision a staging environment. Prior to provisioning, `make staging` will set your `config.json` environment to `staging`. As part of the provisioning, a locally built RPM will be installed in dom0, and your package repository configuration will be updated to use the latest test release of the RPM package, and the latest nightlies of the Debian packages (same as `make dev`). -- If you want to install a staging environment from scratch in a manner similar to a production install (starting from an RPM, and using `sdw-admin` for the installation), follow the process in the following sections. +- If you want to download a specific version of the RPM, and follow a verification procedure similar to that used in a production install, follow the process in the following sections. #### Download and install securedrop-workstation-dom0-config package diff --git a/scripts/configure-environment b/scripts/configure-environment index 437b486f..560f0dd7 100755 --- a/scripts/configure-environment +++ b/scripts/configure-environment @@ -1,15 +1,12 @@ #!/usr/bin/env python3 """ -Helper script to permit developers to select deployment -strategies for the dom0-based SecureDrop Workstation config. - -Updates the config.json in-place in dom0 in order to modify. +Updates the config.json in-place in dom0 to set the environment to 'dev' or +'staging'. """ import json import sys import argparse import os -from distutils.util import strtobool def parse_args(): @@ -23,10 +20,10 @@ def parse_args(): ) parser.add_argument( "--environment", - default="prod", + default="dev", required=False, action="store", - help="Target deploy strategy, e.g. 'prod', 'dev', or 'staging'", + help="Target deploy strategy, i.e. 'dev', or 'staging'", ) args = parser.parse_args() if not os.path.exists(args.config): @@ -35,28 +32,12 @@ def parse_args(): parser.print_help(sys.stderr) sys.exit(1) - if args.environment not in ("prod", "dev", "staging"): + if args.environment not in ("dev", "staging"): parser.print_help(sys.stderr) sys.exit(2) return args -def confirm_staging(): - """Prompt for confirmation if staging selected. - We only want to use staging on test machines. - """ - print("WARNING: Config environment 'staging' was requested.") - print("WARNING: The staging env should only be used on TEST HARDWARE.") - print("WARNING: If you are on a primary laptop for work/production use, ") - print("WARNING: please update your config.json with environment=prod.") - confirmation = input("WARNING: Are you sure you wish to continue? [y/N] ") - try: - assert strtobool(confirmation) - except (AssertionError, ValueError): - print("Confirmation declined, exiting...") - sys.exit(1) - - def set_env_in_config(args): with open(args.config, "r") as f: old_config = json.load(f) @@ -75,7 +56,4 @@ def set_env_in_config(args): if __name__ == "__main__": args = parse_args() - if args.environment == "staging": - confirm_staging() - set_env_in_config(args)