From cf454cf7c17b529a06e5437308fcf177cd962749 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Thu, 23 Apr 2020 10:26:36 -0700 Subject: [PATCH] Uses securedrop-admin in make-clean action Adjusts the "make clean" target to reuse the local securedrop-admin script for provisioning. Added two new cli flags to the script, both off by default, to accommodate dev-scenario settings: --keep-template-rpm (to avoid time spent redownloading) and --force (to avoid prompts). --- Makefile | 8 +++--- scripts/securedrop-admin.py | 50 ++++++++++++++++++++++++++----------- 2 files changed, 38 insertions(+), 20 deletions(-) mode change 100644 => 100755 scripts/securedrop-admin.py diff --git a/Makefile b/Makefile index 43b80885..1a378919 100644 --- a/Makefile +++ b/Makefile @@ -107,11 +107,9 @@ remove-sd-log: assert-dom0 ## Destroys SD logging VM @./scripts/destroy-vm sd-log clean: assert-dom0 prep-salt ## Destroys all SD VMs - sudo qubesctl --show-output state.sls sd-clean-default-dispvm - $(MAKE) destroy-all - sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.sls sd-clean-whonix - sudo qubesctl --show-output state.sls sd-clean-all - sudo dnf -y -q remove securedrop-workstation-dom0-config 2>/dev/null || true +# Use the local script path, since system PATH location will be absent +# if clean has already been run. + ./scripts/securedrop-admin.py --uninstall --keep-template-rpm --force test: assert-dom0 ## Runs all application tests (no integration tests yet) python3 -m unittest discover -v tests diff --git a/scripts/securedrop-admin.py b/scripts/securedrop-admin.py old mode 100644 new mode 100755 index 9e6b27c2..b1d71837 --- a/scripts/securedrop-admin.py +++ b/scripts/securedrop-admin.py @@ -39,6 +39,20 @@ def parse_args(): action="store_true", help="Completely Uninstalls the SecureDrop Workstation", ) + parser.add_argument( + "--keep-template-rpm", + default=False, + required=False, + action="store_true", + help="During uninstall action, leave TemplateVM RPM packag installed in dom0", + ) + parser.add_argument( + "--force", + default=False, + required=False, + action="store_true", + help="During uninstall action, don't prompt for confirmation, proceed immediately", + ) args = parser.parse_args() return args @@ -93,7 +107,7 @@ def refresh_salt(): raise SDAdminException("Error while synchronizing Salt") -def perform_uninstall(): +def perform_uninstall(keep_template_rpm=False): try: subprocess.check_call(["sudo", "qubesctl", "state.sls", "sd-clean-default-dispvm"]) @@ -111,14 +125,20 @@ def perform_uninstall(): ] ) print("Reverting dom0 configuration") - subprocess.check_call( - ["sudo", "qubesctl", "state.sls", "sd-clean-all"] - ) + subprocess.check_call(["sudo", "qubesctl", "state.sls", "sd-clean-all"]) subprocess.check_call([os.path.join(SCRIPTS_PATH, "scripts/clean-salt")]) - print("Uninstalling Template") - subprocess.check_call( - ["sudo", "dnf", "-y", "-q", "remove", "qubes-template-securedrop-workstation-buster"] - ) + if not keep_template_rpm: + print("Uninstalling Template") + subprocess.check_call( + [ + "sudo", + "dnf", + "-y", + "-q", + "remove", + "qubes-template-securedrop-workstation-buster", + ] + ) print("Uninstalling dom0 config package") subprocess.check_call( ["sudo", "dnf", "-y", "-q", "remove", "securedrop-workstation-dom0-config"] @@ -149,13 +169,13 @@ def main(): "with SecureDrop Workstation. It will also remove all SecureDrop tags\n" "from other VMs on the system." ) - response = input("Are you sure you want to uninstall (y/N)? ") - if response.lower() != "y": - print("Exiting.") - sys.exit(0) - else: - refresh_salt() - perform_uninstall() + if not args.force: + response = input("Are you sure you want to uninstall (y/N)? ") + if response.lower() != "y": + print("Exiting.") + sys.exit(0) + refresh_salt() + perform_uninstall(keep_template_rpm=args.keep_template_rpm) else: sys.exit(0)