Separately delete dom0-rpm provisioned files for dev

This will ensure idempotency of delete operations when invoking `sd-clean-all` in staging and production scenarios.
freedomofpress · Mar 5, 2020 · c66fd6b · c66fd6b
1 parent 22adc28
commit c66fd6b
Showing 1 changed file with 14 additions and 4 deletions.
diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls
@@ -28,17 +28,16 @@ dom0-reset-power-management-xfce:
     - runas: {{ gui_user }}
 {% endif %}
 
+# Removes all salt-provisioned files (if these files are also provisioned via
+# RPM, they should be removed as part of remove-dom0-sdw-config-files-dev)
 remove-dom0-sdw-config-files:
   file.absent:
     - names:
-      - /opt/securedrop
       - /etc/yum.repos.d/securedrop-workstation-dom0.repo
       - /usr/bin/securedrop-update
       - /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
       - /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test
       - /etc/cron.daily/securedrop-update-cron
-      - /srv/salt/securedrop-update
-      - /srv/salt/update-xfce-settings
       - /usr/share/securedrop/icons
       - /home/{{ gui_user }}/.config/autostart/SDWLogin.desktop
       - /usr/bin/securedrop-login
@@ -47,6 +46,17 @@ remove-dom0-sdw-config-files:
       - /home/{{ gui_user }}/Desktop/securedrop-launcher.desktop
       - /home/{{ gui_user }}/.securedrop_launcher
 
+# Removes files that are provisioned by the dom0 RPM, only for the development
+# environment, since dnf takes care of those provisioned in the RPM
+{% if d.environment == "dev" %}
+remove-dom0-sdw-config-files-dev:
+  file.absent:
+    - names:
+      - /opt/securedrop
+      - /srv/salt/securedrop-update
+      - /srv/salt/update-xfce-settings
+{% endif %}
+
 sd-cleanup-etc-changes:
   file.replace:
     - names:
@@ -94,4 +104,4 @@ sd-cleanup-rpc-policy-grants:
       - DOTALL
     - repl: ''
     - backup: no
-{% endif %}
+{% endif %}