From f016c44d6ea1fa126795c0dd6d180df0245433f1 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Fri, 27 Mar 2020 14:27:12 -0700
Subject: [PATCH 1/3] Shuts down SDW VMs before sys-* VMs

The updater logic now ensures that all SDW VMs are powered off *before*
beginning to force-halt (via qvm-kill) the Fedora-based sys-* VMs.
Doing so should help to reduce errors with SDW VMs coming back up.
---
 launcher/sdw_updater_gui/Updater.py | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/launcher/sdw_updater_gui/Updater.py b/launcher/sdw_updater_gui/Updater.py
index bb9463ff..e405652c 100644
--- a/launcher/sdw_updater_gui/Updater.py
+++ b/launcher/sdw_updater_gui/Updater.py
@@ -406,8 +406,20 @@ def shutdown_and_start_vms():
     in case they are being used by another non-workstation VM.
     """
 
+    sdw_vms_in_order = [
+        "sys-whonix",
+        "sd-proxy",
+        "sd-whonix",
+        "sd-app",
+        "sd-gpg",
+        "sd-log",
+    ]
+    sdlog.info("Shutting down SDW VMs for updates")
+    for vm in sdw_vms_in_order:
+        _safely_shutdown_vm(vm)
+
     sys_vms_in_order = ["sys-firewall", "sys-net", "sys-usb"]
-    sdlog.info("Rebooting system fedora-based VMs")
+    sdlog.info("Killing system fedora-based VMs for updates")
     for vm in sys_vms_in_order:
         try:
             subprocess.check_call(["qvm-kill", vm])
@@ -415,15 +427,12 @@ def shutdown_and_start_vms():
             sdlog.error("Error while killing {}".format(vm))
             sdlog.error(str(e))
 
+    sdlog.info("Starting system fedora-based VMs after updates")
     for vm in sys_vms_in_order:
         _safely_start_vm(vm)
 
-    vms_in_order = ["sys-whonix", "sd-proxy", "sd-whonix", "sd-app", "sd-gpg", "sd-log"]
-    sdlog.info("Rebooting all vms for updates")
-    for vm in vms_in_order:
-        _safely_shutdown_vm(vm)
-
-    for vm in vms_in_order:
+    sdlog.info("Starting SDW VMs after updates")
+    for vm in sdw_vms_in_order:
         _safely_start_vm(vm)
 
 

From 21cbd69fc217370c2b1bd96f94069c4e8dc81746 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Fri, 27 Mar 2020 15:36:39 -0700
Subject: [PATCH 2/3] Start VMs in reverse order from shutdown

We're careful to shut down machines in a certain order, particularly to
accommodate for "netvm" relationships. We haven't been similarly careful
about startup behavior, so let's try a naive reverse-order strategy and
see if that stabilizes the reboot behavior.
---
 launcher/sdw_updater_gui/Updater.py |  4 ++--
 launcher/tests/test_updater.py      | 16 ++++++++++------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/launcher/sdw_updater_gui/Updater.py b/launcher/sdw_updater_gui/Updater.py
index e405652c..b2a201ec 100644
--- a/launcher/sdw_updater_gui/Updater.py
+++ b/launcher/sdw_updater_gui/Updater.py
@@ -428,11 +428,11 @@ def shutdown_and_start_vms():
             sdlog.error(str(e))
 
     sdlog.info("Starting system fedora-based VMs after updates")
-    for vm in sys_vms_in_order:
+    for vm in reversed(sys_vms_in_order):
         _safely_start_vm(vm)
 
     sdlog.info("Starting SDW VMs after updates")
-    for vm in sdw_vms_in_order:
+    for vm in reversed(sdw_vms_in_order):
         _safely_start_vm(vm)
 
 
diff --git a/launcher/tests/test_updater.py b/launcher/tests/test_updater.py
index 92751456..12165d2c 100644
--- a/launcher/tests/test_updater.py
+++ b/launcher/tests/test_updater.py
@@ -649,9 +649,9 @@ def test_shutdown_and_start_vms(
         call(["qvm-kill", "sys-usb"]),
     ]
     sys_vm_start_calls = [
-        call("sys-firewall"),
-        call("sys-net"),
         call("sys-usb"),
+        call("sys-net"),
+        call("sys-firewall"),
     ]
     app_vm_calls = [
         call("sys-whonix"),
@@ -659,11 +659,13 @@ def test_shutdown_and_start_vms(
         call("sd-whonix"),
         call("sd-app"),
         call("sd-gpg"),
+        call("sd-log"),
     ]
     updater.shutdown_and_start_vms()
     mocked_call.assert_has_calls(sys_vm_kill_calls)
     mocked_shutdown.assert_has_calls(app_vm_calls)
-    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls)
+    app_vm_calls_reversed = list(reversed(app_vm_calls))
+    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls_reversed)
     assert not mocked_error.called
 
 
@@ -683,9 +685,9 @@ def test_shutdown_and_start_vms_sysvm_fail(
         call(["qvm-kill", "sys-usb"]),
     ]
     sys_vm_start_calls = [
-        call("sys-firewall"),
-        call("sys-net"),
         call("sys-usb"),
+        call("sys-net"),
+        call("sys-firewall"),
     ]
     app_vm_calls = [
         call("sys-whonix"),
@@ -693,6 +695,7 @@ def test_shutdown_and_start_vms_sysvm_fail(
         call("sd-whonix"),
         call("sd-app"),
         call("sd-gpg"),
+        call("sd-log"),
     ]
     error_calls = [
         call("Error while killing sys-firewall"),
@@ -705,7 +708,8 @@ def test_shutdown_and_start_vms_sysvm_fail(
     updater.shutdown_and_start_vms()
     mocked_call.assert_has_calls(sys_vm_kill_calls)
     mocked_shutdown.assert_has_calls(app_vm_calls)
-    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls)
+    app_vm_calls_reversed = list(reversed(app_vm_calls))
+    mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls_reversed)
     mocked_error.assert_has_calls(error_calls)
 
 

From 7635e16cb630a0ee6bfc80e78d4954d7b2a2588c Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Mon, 30 Mar 2020 10:40:02 -0700
Subject: [PATCH 3/3] securedrop-workstation 0.2.4

---
 VERSION                                                 | 2 +-
 rpm-build/SPECS/securedrop-workstation-dom0-config.spec | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/VERSION b/VERSION
index 71790396..abd41058 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.2.3
+0.2.4
diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec
index 3283bb85..b38da295 100644
--- a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec
+++ b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec
@@ -1,12 +1,12 @@
 Name:		securedrop-workstation-dom0-config
-Version:	0.2.3
+Version:	0.2.4
 Release:	1%{?dist}
 Summary:	SecureDrop Workstation
 
 Group:		Library
 License:	GPLv3+
 URL:		https://github.com/freedomofpress/securedrop-workstation
-Source0:	securedrop-workstation-dom0-config-0.2.3.tar.gz
+Source0:	securedrop-workstation-dom0-config-0.2.4.tar.gz
 
 BuildArch:      noarch
 BuildRequires:	python3-setuptools
@@ -104,6 +104,9 @@ find /srv/salt -maxdepth 1 -type f -iname '*.top' \
     | xargs qubesctl top.enable > /dev/null
 
 %changelog
+* Mon Mar 30 2020 SecureDrop Team <securedrop@freedom.press> - 0.2.4
+- Adjusts VM reboot order, to stabilize updater behavior
+
 * Wed Mar 11 2020 SecureDrop Team <securedrop@freedom.press> - 0.2.3
 - Aggregate logs for both TemplateVMs and AppVMs
 - Add securedrop-admin --uninstall