Removes "test" from yum repo filename

Using a single filename for the RPM repo configuration, same as for the apt repo, regardless of dev/prod URL within that file.
freedomofpress · Jan 25, 2020 · c378758 · c378758
1 parent 17c3ea4
commit c378758
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 9 deletions.
diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls
@@ -13,6 +13,7 @@ remove-dom0-sdw-config-files:
       - /opt/securedrop
       - /etc/yum.repos.d/securedrop-workstation-dom0.repo
       - /usr/bin/securedrop-update
+      - /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
       - /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
       - /etc/cron.daily/securedrop-update-cron
       - /usr/share/securedrop/icons
@@ -25,8 +26,10 @@ remove-dom0-sdw-config-files:
 sd-cleanup-sys-firewall:
   cmd.run:
     - names:
+      - qvm-run sys-firewall 'sudo rm -f /rw/config/RPM-GPG-KEY-securedrop-workstation'
       - qvm-run sys-firewall 'sudo rm -f /rw/config/RPM-GPG-KEY-securedrop-workstation-test'
       - qvm-run sys-firewall 'sudo rm -f /rw/config/sd-copy-rpm-repo-pubkey.sh'
+      - qvm-run sys-firewall 'sudo rm -f /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation'
       - qvm-run sys-firewall 'sudo rm -f /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test'
       - qvm-run sys-firewall 'sudo perl -pi -E "s#^/rw/config/sd-copy-rpm-repo-pubkey.sh##" /rw/config/rc.local'
 

diff --git a/dom0/sd-dom0-files.sls b/dom0/sd-dom0-files.sls
@@ -32,15 +32,15 @@ dom0-rpm-test-key:
     # config location is automatically sent to dom0's UpdateVM. Otherwise,
     # we must place the GPG key inside the fedora-30 TemplateVM, then
     # restart sys-firewall.
-    - name: /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
+    - name: /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
     - source: "salt://sd/sd-workstation/{{ sdvars.signing_key_filename }}"
     - user: root
     - group: root
     - mode: 644
 
 dom0-rpm-test-key-import:
   cmd.run:
-    - name: sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
+    - name: sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
     - require:
       - file: dom0-rpm-test-key
 
@@ -56,7 +56,7 @@ dom0-workstation-rpm-repo:
     - contents: |
         [securedrop-workstation-dom0]
         gpgcheck=1
-        gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
+        gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
         enabled=1
         baseurl={{ sdvars.dom0_yum_repo_url }}
         name=SecureDrop Workstation Qubes dom0 repo

diff --git a/dom0/sd-sys-firewall-files.sls b/dom0/sd-sys-firewall-files.sls
@@ -3,7 +3,7 @@
 #
 sys-firewall-rpm-test-key:
   file.managed:
-    - name: /rw/config/RPM-GPG-KEY-securedrop-workstation-test
+    - name: /rw/config/RPM-GPG-KEY-securedrop-workstation
     - source: "salt://sd/sd-workstation/apt-test-pubkey.asc"
     - user: root
     - group: root

diff --git a/sys-firewall/sd-copy-rpm-repo-pubkey.sh b/sys-firewall/sd-copy-rpm-repo-pubkey.sh
@@ -6,5 +6,5 @@ set -e
 set -u
 set -o pipefail
 
-cp /rw/config/RPM-GPG-KEY-securedrop-workstation-test /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
-rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
+cp /rw/config/RPM-GPG-KEY-securedrop-workstation /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
diff --git a/tests/test_dom0_rpm_repo.py b/tests/test_dom0_rpm_repo.py
@@ -8,7 +8,7 @@ def setUp(self):
         self.maxDiff = None
 
     def test_rpm_repo_public_key(self):
-        pubkey_actual = "/etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test"  # noqa
+        pubkey_actual = "/etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation"  # noqa
         pubkey_wanted = "sd-workstation/apt-test-pubkey.asc"
 
         with open(pubkey_actual, "r") as f:
@@ -24,7 +24,7 @@ def test_rpm_repo_config(self):
         wanted_lines = [
             "[securedrop-workstation-dom0]",
             "gpgcheck=1",
-            "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test",  # noqa
+            "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation",  # noqa
             "enabled=1",
             "baseurl=https://yum-test.securedrop.org/workstation/dom0/f25",
             "name=SecureDrop Workstation Qubes dom0 repo",

diff --git a/tests/test_sys_firewall.py b/tests/test_sys_firewall.py
@@ -10,7 +10,7 @@ def setUp(self):
         super(SD_Sys_Firewall_Tests, self).setUp()
 
     def test_rpm_repo_public_key(self):
-        self.assertFilesMatch("/etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test",  # noqa
+        self.assertFilesMatch("/etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation",  # noqa
                               "sd-workstation/apt-test-pubkey.asc")
 
     def test_rpm_repo_public_key_script(self):