Uses securedrop-admin in make-clean action

Adjusts the "make clean" target to reuse the local securedrop-admin
script for provisioning. Added two new cli flags to the script, both off
by default, to accommodate dev-scenario settings: --keep-template-rpm
(to avoid time spent redownloading) and --force (to avoid prompts).

Makefile

@@ -107,11 +107,9 @@ remove-sd-log: assert-dom0 ## Destroys SD logging VM
 	@./scripts/destroy-vm sd-log
 
 clean: assert-dom0 prep-salt ## Destroys all SD VMs
-	sudo qubesctl --show-output state.sls sd-clean-default-dispvm
-	$(MAKE) destroy-all
-	sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.sls sd-clean-whonix
-	sudo qubesctl --show-output state.sls sd-clean-all
-	sudo dnf -y -q remove securedrop-workstation-dom0-config 2>/dev/null || true
+# Use the local script path, since system PATH location will be absent
+# if clean has already been run.
+	./scripts/securedrop-admin.py --uninstall --keep-template-rpm --force
 
 test: assert-dom0 ## Runs all application tests (no integration tests yet)
 	python3 -m unittest discover -v tests

scripts/securedrop-admin.py

@@ -39,6 +39,20 @@ def parse_args():
         action="store_true",
         help="Completely Uninstalls the SecureDrop Workstation",
     )
+    parser.add_argument(
+        "--keep-template-rpm",
+        default=False,
+        required=False,
+        action="store_true",
+        help="During uninstall action, leave TemplateVM RPM packag installed in dom0",
+    )
+    parser.add_argument(
+        "--force",
+        default=False,
+        required=False,
+        action="store_true",
+        help="During uninstall action, don't prompt for confirmation, proceed immediately",
+    )
     args = parser.parse_args()
 
     return args
@@ -93,7 +107,7 @@ def refresh_salt():
         raise SDAdminException("Error while synchronizing Salt")
 
 
-def perform_uninstall():
+def perform_uninstall(keep_template_rpm=False):
 
     try:
         subprocess.check_call(["sudo", "qubesctl", "state.sls", "sd-clean-default-dispvm"])
@@ -111,14 +125,20 @@ def perform_uninstall():
             ]
         )
         print("Reverting dom0 configuration")
-        subprocess.check_call(
-            ["sudo", "qubesctl", "state.sls", "sd-clean-all"]
-        )
+        subprocess.check_call(["sudo", "qubesctl", "state.sls", "sd-clean-all"])
         subprocess.check_call([os.path.join(SCRIPTS_PATH, "scripts/clean-salt")])
-        print("Uninstalling Template")
-        subprocess.check_call(
-            ["sudo", "dnf", "-y", "-q", "remove", "qubes-template-securedrop-workstation-buster"]
-        )
+        if not keep_template_rpm:
+            print("Uninstalling Template")
+            subprocess.check_call(
+                [
+                    "sudo",
+                    "dnf",
+                    "-y",
+                    "-q",
+                    "remove",
+                    "qubes-template-securedrop-workstation-buster",
+                ]
+            )
         print("Uninstalling dom0 config package")
         subprocess.check_call(
             ["sudo", "dnf", "-y", "-q", "remove", "securedrop-workstation-dom0-config"]
@@ -149,13 +169,13 @@ def main():
             "with SecureDrop Workstation. It will also remove all SecureDrop tags\n"
             "from other VMs on the system."
         )
-        response = input("Are you sure you want to uninstall (y/N)? ")
-        if response.lower() != "y":
-            print("Exiting.")
-            sys.exit(0)
-        else:
-            refresh_salt()
-            perform_uninstall()
+        if not args.force:
+            response = input("Are you sure you want to uninstall (y/N)? ")
+            if response.lower() != "y":
+                print("Exiting.")
+                sys.exit(0)
+        refresh_salt()
+        perform_uninstall(keep_template_rpm=args.keep_template_rpm)
     else:
         sys.exit(0)