From c66fd6b28f1fa96d48347f867c2ed1410a08e1a1 Mon Sep 17 00:00:00 2001 From: mickael e Date: Thu, 5 Mar 2020 16:55:59 -0500 Subject: [PATCH] Separately delete dom0-rpm provisioned files for dev This will ensure idempotency of delete operations when invoking `sd-clean-all` in staging and production scenarios. --- dom0/sd-clean-all.sls | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls index 567702a76..1d5b56474 100644 --- a/dom0/sd-clean-all.sls +++ b/dom0/sd-clean-all.sls @@ -28,17 +28,16 @@ dom0-reset-power-management-xfce: - runas: {{ gui_user }} {% endif %} +# Removes all salt-provisioned files (if these files are also provisioned via +# RPM, they should be removed as part of remove-dom0-sdw-config-files-dev) remove-dom0-sdw-config-files: file.absent: - names: - - /opt/securedrop - /etc/yum.repos.d/securedrop-workstation-dom0.repo - /usr/bin/securedrop-update - /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation - /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation-test - /etc/cron.daily/securedrop-update-cron - - /srv/salt/securedrop-update - - /srv/salt/update-xfce-settings - /usr/share/securedrop/icons - /home/{{ gui_user }}/.config/autostart/SDWLogin.desktop - /usr/bin/securedrop-login @@ -47,6 +46,17 @@ remove-dom0-sdw-config-files: - /home/{{ gui_user }}/Desktop/securedrop-launcher.desktop - /home/{{ gui_user }}/.securedrop_launcher +# Removes files that are provisioned by the dom0 RPM, only for the development +# environment, since dnf takes care of those provisioned in the RPM +{% if d.environment == "dev" %} +remove-dom0-sdw-config-files-dev: + file.absent: + - names: + - /opt/securedrop + - /srv/salt/securedrop-update + - /srv/salt/update-xfce-settings +{% endif %} + sd-cleanup-etc-changes: file.replace: - names: @@ -94,4 +104,4 @@ sd-cleanup-rpc-policy-grants: - DOTALL - repl: '' - backup: no -{% endif %} \ No newline at end of file +{% endif %}