Merge pull request #516 from freedomofpress/498-improve-updater-reboo…

…t-handling Improves updater reboot handling
freedomofpress · Mar 30, 2020 · f2afb12 · f2afb12
2 parents 8550983 + 7635e16
commit f2afb12
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 17 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.2.3
+0.2.4
diff --git a/launcher/sdw_updater_gui/Updater.py b/launcher/sdw_updater_gui/Updater.py
@@ -406,24 +406,33 @@ def shutdown_and_start_vms():
     in case they are being used by another non-workstation VM.
     """
 
+    sdw_vms_in_order = [
+        "sys-whonix",
+        "sd-proxy",
+        "sd-whonix",
+        "sd-app",
+        "sd-gpg",
+        "sd-log",
+    ]
+    sdlog.info("Shutting down SDW VMs for updates")
+    for vm in sdw_vms_in_order:
+        _safely_shutdown_vm(vm)
+
     sys_vms_in_order = ["sys-firewall", "sys-net", "sys-usb"]
-    sdlog.info("Rebooting system fedora-based VMs")
+    sdlog.info("Killing system fedora-based VMs for updates")
     for vm in sys_vms_in_order:
         try:
             subprocess.check_call(["qvm-kill", vm])
         except subprocess.CalledProcessError as e:
             sdlog.error("Error while killing {}".format(vm))
             sdlog.error(str(e))
 
-    for vm in sys_vms_in_order:
+    sdlog.info("Starting system fedora-based VMs after updates")
+    for vm in reversed(sys_vms_in_order):
         _safely_start_vm(vm)
 
-    vms_in_order = ["sys-whonix", "sd-proxy", "sd-whonix", "sd-app", "sd-gpg", "sd-log"]
-    sdlog.info("Rebooting all vms for updates")
-    for vm in vms_in_order:
-        _safely_shutdown_vm(vm)
-
-    for vm in vms_in_order:
+    sdlog.info("Starting SDW VMs after updates")
+    for vm in reversed(sdw_vms_in_order):
         _safely_start_vm(vm)
 
 

diff --git a/launcher/tests/test_updater.py b/launcher/tests/test_updater.py
@@ -649,21 +649,23 @@ def test_shutdown_and_start_vms(
         call(["qvm-kill", "sys-usb"]),
     ]
     sys_vm_start_calls = [
-        call("sys-firewall"),
-        call("sys-net"),
         call("sys-usb"),
+        call("sys-net"),
+        call("sys-firewall"),
     ]
     app_vm_calls = [
         call("sys-whonix"),
         call("sd-proxy"),
         call("sd-whonix"),
         call("sd-app"),
         call("sd-gpg"),
+        call("sd-log"),
     ]
     updater.shutdown_and_start_vms()
     mocked_call.assert_has_calls(sys_vm_kill_calls)
     mocked_shutdown.assert_has_calls(app_vm_calls)
-    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls)
+    app_vm_calls_reversed = list(reversed(app_vm_calls))
+    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls_reversed)
     assert not mocked_error.called
 
 
@@ -683,16 +685,17 @@ def test_shutdown_and_start_vms_sysvm_fail(
         call(["qvm-kill", "sys-usb"]),
     ]
     sys_vm_start_calls = [
-        call("sys-firewall"),
-        call("sys-net"),
         call("sys-usb"),
+        call("sys-net"),
+        call("sys-firewall"),
     ]
     app_vm_calls = [
         call("sys-whonix"),
         call("sd-proxy"),
         call("sd-whonix"),
         call("sd-app"),
         call("sd-gpg"),
+        call("sd-log"),
     ]
     error_calls = [
         call("Error while killing sys-firewall"),
@@ -705,7 +708,8 @@ def test_shutdown_and_start_vms_sysvm_fail(
     updater.shutdown_and_start_vms()
     mocked_call.assert_has_calls(sys_vm_kill_calls)
     mocked_shutdown.assert_has_calls(app_vm_calls)
-    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls)
+    app_vm_calls_reversed = list(reversed(app_vm_calls))
+    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls_reversed)
     mocked_error.assert_has_calls(error_calls)
 
 

diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec
@@ -1,12 +1,12 @@
 Name:		securedrop-workstation-dom0-config
-Version:	0.2.3
+Version:	0.2.4
 Release:	1%{?dist}
 Summary:	SecureDrop Workstation
 
 Group:		Library
 License:	GPLv3+
 URL:		https://github.com/freedomofpress/securedrop-workstation
-Source0:	securedrop-workstation-dom0-config-0.2.3.tar.gz
+Source0:	securedrop-workstation-dom0-config-0.2.4.tar.gz
 
 BuildArch:      noarch
 BuildRequires:	python3-setuptools
@@ -104,6 +104,9 @@ find /srv/salt -maxdepth 1 -type f -iname '*.top' \
     | xargs qubesctl top.enable > /dev/null
 
 %changelog
+* Mon Mar 30 2020 SecureDrop Team <[email protected]> - 0.2.4
+- Adjusts VM reboot order, to stabilize updater behavior
+
 * Wed Mar 11 2020 SecureDrop Team <[email protected]> - 0.2.3
 - Aggregate logs for both TemplateVMs and AppVMs
 - Add securedrop-admin --uninstall