Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rebuild TemplateVM RPM with new keyring package #579

Closed
6 tasks done
conorsch opened this issue Jun 25, 2020 · 4 comments
Closed
6 tasks done

Rebuild TemplateVM RPM with new keyring package #579

conorsch opened this issue Jun 25, 2020 · 4 comments
Assignees
@emkll

Comments

@conorsch
Copy link
Contributor

conorsch commented Jun 25, 2020
edited by emkll
Loading

Follow-up to #438. In addition to all the changes we've merged to do, we should also rebuild the base template, so that it includes the keyring package out of the box. Otherwise, after the expiry date, clean installs of the Workstation would fail, due to an expired apt pubkey.

The provisioning logic runs the upstream-maintained salt logic to update all packages inside VMs, the update.qubes-vm state, before running SD-specific logic. That's where the failure would occur.

Changes to the package list should be made in https://github.com/freedomofpress/qubes-template-securedrop-workstation
@emkll emkll self-assigned this Jun 25, 2020
@emkll emkll mentioned this issue Jun 26, 2020
Merged
10 tasks
@eloquence eloquence mentioned this issue Jun 30, 2020
Closed
15 tasks
@emkll
Copy link
Contributor

emkll commented Jul 7, 2020

Good news! I've done a clean install using this template today using the 0.4.0-rc1 dom0 RPM and the install completed successfully.

In order to promote this to production, it would be good to have at least another member test this out. @kushaldas mentioned today he would be interested in doing this.
It would make sense here to use the development environment to get test coverage. Here are the steps one should follow to test the new template:

  1. Run make clean to ensure the VMs are destroyed
  2. Uninstall the base template from dom0 dnf remove qubes-template-securedrop-workstation-buster
  3. Ensure the Qubes Manager does not include the securedrop-workstation-buster template.
  4. Clone/pull the latest changes in your work/dev VM
  5. Run make clone in dom0
  6. Populate config.json and sd-journalist.key
  7. Run make all and ensure the command completes successfully
  8. Run make test and ensure all tests pass (you may need to run the preflight updater to ensure all VMs are up to date)
  9. Client functionality (login, sync, download documents, open in dvm, and export) work as expected

@kushaldas
Copy link
Contributor

kushaldas commented Jul 8, 2020
edited
Loading

I got the following errors. Maybe something wrong in my box.

[ERROR   ] Recursive requisite found
local:
----------
          ID: template-whonix-ws-15
    Function: pkg.installed
        Name: qubes-template-whonix-ws-15
      Result: True
     Comment: Package qubes-template-whonix-ws-15 is already installed
     Started: 14:00:21.726891
    Duration: 1101.666 ms
     Changes:   
----------
          ID: whonix-ws-tag
    Function: qvm.vm
        Name: whonix-ws-15
      Result: True
     Comment: ====== ['features'] ======
              [SKIP] Feature already in desired state: ENABLE 'whonix-ws' = Enabled
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-workstation-updates,whonix-updatevm
     Started: 14:00:22.833766
    Duration: 374.288 ms
     Changes:   
----------
          ID: whonix-ws-update-policy
    Function: file.prepend
        Name: /etc/qubes-rpc/policy/qubes.UpdatesProxy
      Result: True
     Comment: File /etc/qubes-rpc/policy/qubes.UpdatesProxy is in correct state
     Started: 14:00:23.210319
    Duration: 3.617 ms
     Changes:   
----------
          ID: whonix-get-date-policy
    Function: file.prepend
        Name: /etc/qubes-rpc/policy/qubes.GetDate
      Result: True
     Comment: File /etc/qubes-rpc/policy/qubes.GetDate is in correct state
     Started: 14:00:23.214054
    Duration: 1.808 ms
     Changes:   
----------
          ID: template-whonix-gw-15
    Function: pkg.installed
        Name: qubes-template-whonix-gw-15
      Result: True
     Comment: Package qubes-template-whonix-gw-15 is already installed
     Started: 14:00:23.215987
    Duration: 0.435 ms
     Changes:   
----------
          ID: whonix-gw-tag
    Function: qvm.vm
        Name: whonix-gw-15
      Result: True
     Comment: ====== ['features'] ======
              [SKIP] Feature already in desired state: ENABLE 'whonix-gw' = Enabled
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-workstation-updates,whonix-updatevm
     Started: 14:00:23.216509
    Duration: 356.131 ms
     Changes:   
----------
          ID: whonix-gw-update-policy
    Function: file.prepend
        Name: /etc/qubes-rpc/policy/qubes.UpdatesProxy
      Result: True
     Comment: File /etc/qubes-rpc/policy/qubes.UpdatesProxy is in correct state
     Started: 14:00:23.572761
    Duration: 1.743 ms
     Changes:   
----------
          ID: sys-net
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-net None
     Started: 14:00:23.574620
    Duration: 246.154 ms
     Changes:   
----------
          ID: sys-firewall
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-firewall None
     Started: 14:00:23.821235
    Duration: 246.963 ms
     Changes:   
----------
          ID: sys-whonix
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-whonix None
     Started: 14:00:24.068638
    Duration: 251.692 ms
     Changes:   
----------
          ID: whonix-ws-15-dvm
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check whonix-ws-15-dvm None
     Started: 14:00:24.325727
    Duration: 250.995 ms
     Changes:   
----------
          ID: qvm-appmenus --update whonix-ws-15-dvm
    Function: cmd.run
      Result: True
     Comment: State was not run because none of the onchanges reqs changed
     Changes:   
----------
          ID: sys-whonix-template-config
    Function: qvm.vm
        Name: sys-whonix
      Result: False
     Comment: Recursive requisite found
     Changes:   
----------
          ID: anon-whonix
    Function: qvm.vm
      Result: False
     Comment: One or more requisite failed: sd-sys-whonix-vms.sys-whonix-template-config
     Changes:   
----------
          ID: dom0-rpm-test-key
    Function: file.managed
        Name: /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
      Result: True
     Comment: File /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation updated
     Started: 14:00:24.582477
    Duration: 24.77 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644
----------
          ID: dom0-rpm-test-key-import
    Function: cmd.run
        Name: sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
      Result: True
     Comment: Command "sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation" run
     Started: 14:00:24.610638
    Duration: 67.029 ms
     Changes:   
              ----------
              pid:
                  26700
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: dom0-workstation-rpm-repo
    Function: file.managed
        Name: /etc/yum.repos.d/securedrop-workstation-dom0.repo
      Result: True
     Comment: File /etc/yum.repos.d/securedrop-workstation-dom0.repo updated
     Started: 14:00:24.679120
    Duration: 4.13 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644
----------
          ID: dom0-remove-securedrop-workstation-stretch-template
    Function: pkg.removed
      Result: True
     Comment: All specified packages are already absent
     Started: 14:00:24.684130
    Duration: 0.69 ms
     Changes:   
----------
          ID: dom0-install-securedrop-workstation-template
    Function: pkg.installed
      Result: True
     Comment: 1 targeted package was installed/updated.
     Started: 14:00:24.685871
    Duration: 493959.893 ms
     Changes:   
              ----------
              qubes-template-securedrop-workstation-buster:
                  ----------
                  new:
                      4.0.1-202007062239
                  old:
----------
          ID: dom0-remove-legacy-updater
    Function: file.absent
        Name: /usr/bin/securedrop-update
      Result: True
     Comment: File /usr/bin/securedrop-update is not present
     Started: 14:08:38.651361
    Duration: 0.429 ms
     Changes:   
----------
          ID: dom0-remove-legacy-updater
    Function: file.absent
        Name: /etc/cron.daily/securedrop-update-cron
      Result: True
     Comment: File /etc/cron.daily/securedrop-update-cron is not present
     Started: 14:08:38.651878
    Duration: 0.52 ms
     Changes:   
----------
          ID: dom0-securedrop-icons-directory
    Function: file.directory
        Name: /usr/share/securedrop/icons
      Result: True
     Comment: Directory /usr/share/securedrop/icons updated
     Started: 14:08:38.652481
    Duration: 7.284 ms
     Changes:   
              ----------
              /usr/share/securedrop/icons:
                  New Dir
----------
          ID: dom0-securedrop-icon
    Function: file.managed
        Name: /usr/share/securedrop/icons/sd-logo.png
      Result: True
     Comment: File /usr/share/securedrop/icons/sd-logo.png updated
     Started: 14:08:38.660552
    Duration: 13.241 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644
----------
          ID: dom0-enabled-apparmor-on-whonix-gw-template
    Function: qvm.vm
        Name: whonix-gw-15
      Result: False
     Comment: One or more requisite failed: qvm.anon-whonix.anon-whonix
     Changes:   
----------
          ID: dom0-enabled-apparmor-on-whonix-ws-template
    Function: qvm.vm
        Name: whonix-ws-15
      Result: False
     Comment: One or more requisite failed: qvm.anon-whonix.anon-whonix
     Changes:   
----------
          ID: dom0-create-opt-securedrop-directory
    Function: file.directory
        Name: /opt/securedrop
      Result: True
     Comment: Directory /opt/securedrop updated
     Started: 14:08:38.677612
    Duration: 2.268 ms
     Changes:   
              ----------
              /opt/securedrop:
                  New Dir
----------
          ID: dom0-adjust-desktop-icon-size-xfce
    Function: cmd.script
        Name: salt://update-xfce-settings
      Result: True
     Comment: Command 'salt://update-xfce-settings' run
     Started: 14:08:38.682847
    Duration: 205.903 ms
     Changes:   
              ----------
              pid:
                  28347
              retcode:
                  0
              stderr:
              stdout:
                  update-xfce-settings: Adjusting icon size for user kdas to 64 px
----------
          ID: dom0-login-autostart-directory
    Function: file.directory
        Name: /home/kdas/.config/autostart
      Result: True
     Comment: Directory /home/kdas/.config/autostart is in the correct state
              Directory /home/kdas/.config/autostart updated
     Started: 14:08:38.889178
    Duration: 1.74 ms
     Changes:   
----------
          ID: dom0-login-autostart-desktop-file
    Function: file.managed
        Name: /home/kdas/.config/autostart/SDWLogin.desktop
      Result: True
     Comment: File /home/kdas/.config/autostart/SDWLogin.desktop updated
     Started: 14:08:38.892491
    Duration: 9.109 ms
     Changes:   
              ----------
              diff:
                  New file
              group:
                  kdas
              mode:
                  0664
              user:
                  kdas
----------
          ID: dom0-login-autostart-script
    Function: file.managed
        Name: /usr/bin/securedrop-login
      Result: True
     Comment: File /usr/bin/securedrop-login updated
     Started: 14:08:38.901720
    Duration: 3.604 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0755
----------
          ID: dom0-tag-whonix-ws-15
    Function: qvm.vm
        Name: whonix-ws-15
      Result: True
     Comment: ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-workstation-updates,whonix-updatevm
     Started: 14:08:38.905447
    Duration: 310.237 ms
     Changes:   
----------
          ID: dom0-tag-whonix-gw-15
    Function: qvm.vm
        Name: whonix-gw-15
      Result: True
     Comment: ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-workstation-updates,whonix-updatevm
     Started: 14:08:39.215804
    Duration: 306.573 ms
     Changes:   
----------
          ID: dom0-securedrop-launcher-directory
    Function: file.recurse
        Name: /opt/securedrop/launcher
      Result: True
     Comment: Recursively updated /opt/securedrop/launcher
     Started: 14:08:39.522511
    Duration: 170.738 ms
     Changes:   
              ----------
              /opt/securedrop/launcher/Makefile:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/pyproject.toml:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw-launcher.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw-notify.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw_notify:
                  ----------
                  /opt/securedrop/launcher/sdw_notify:
                      New Dir
              /opt/securedrop/launcher/sdw_notify/Notify.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw_updater_gui:
                  ----------
                  /opt/securedrop/launcher/sdw_updater_gui:
                      New Dir
              /opt/securedrop/launcher/sdw_updater_gui/Updater.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw_updater_gui/UpdaterApp.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw_updater_gui/UpdaterAppUi.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw_updater_gui/sdw_updater.ui:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw_updater_gui/strings.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/sdw_util:
                  ----------
                  /opt/securedrop/launcher/sdw_util:
                      New Dir
              /opt/securedrop/launcher/sdw_util/Util.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/test-requirements.in:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/test-requirements.txt:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/tests:
                  ----------
                  /opt/securedrop/launcher/tests:
                      New Dir
              /opt/securedrop/launcher/tests/test_notify.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/tests/test_updater.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              /opt/securedrop/launcher/tests/test_util.py:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
----------
          ID: dom0-securedrop-launcher-executables
    Function: file.managed
        Name: /opt/securedrop/launcher/sdw-launcher.py
      Result: True
     Comment: 
     Started: 14:08:39.696346
    Duration: 39.438 ms
     Changes:   
              ----------
              mode:
                  0755
----------
          ID: dom0-securedrop-launcher-executables
    Function: file.managed
        Name: /opt/securedrop/launcher/sdw-notify.py
      Result: True
     Comment: 
     Started: 14:08:39.738254
    Duration: 40.628 ms
     Changes:   
              ----------
              mode:
                  0755
----------
          ID: dom0-securedrop-launcher-desktop-shortcut
    Function: file.managed
        Name: /home/kdas/Desktop/securedrop-launcher.desktop
      Result: True
     Comment: File /home/kdas/Desktop/securedrop-launcher.desktop updated
     Started: 14:08:39.781223
    Duration: 8.703 ms
     Changes:   
              ----------
              diff:
                  New file
              group:
                  kdas
              mode:
                  0755
              user:
                  kdas
----------
          ID: dom0-remove-securedrop-workstation-dom0-config
    Function: pkg.removed
      Result: True
     Comment: All specified packages are already absent
     Started: 14:08:39.820840
    Duration: 0.409 ms
     Changes:   
----------
          ID: sd-workstation-template
    Function: qvm.vm
        Name: securedrop-workstation-buster
      Result: True
     Comment: ====== ['prefs'] ======
              
              
              ====== ['features'] ======
              
              
              ====== ['tags'] ======
     Started: 14:08:39.822936
    Duration: 1831.555 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  qvm.features:
                      ----------
                      service.paxctld:
                          ----------
                          new:
                              1
                          old:
                              None
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      kernel:
                          ----------
                          new:
                          old:
                              *default*
                      virt_mode:
                          ----------
                          new:
                              hvm
                          old:
                              *default*
              qvm.tags:
                  ----------
                  qvm.tags:
                      ----------
                      new:
                          - created-by-dom0
                          - sd-buster
                          - sd-workstation
                          - sd-workstation-updates
                      old:
                          - created-by-dom0
----------
          ID: run-prep-upgrade-scripts
    Function: cmd.script
        Name: salt://securedrop-handle-upgrade
      Result: True
     Comment: Command 'salt://securedrop-handle-upgrade' run
     Started: 14:08:41.655175
    Duration: 823.635 ms
     Changes:   
              ----------
              pid:
                  28351
              retcode:
                  0
              stderr:
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-app'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-viewer'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-devices'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-proxy'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-whonix'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-gpg'
              stdout:
----------
          ID: sd-gpg
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-create sd-gpg --class=AppVM --template=securedrop-workstation-buster --label=purple 
              
              ====== ['prefs'] ======
              [SKIP] template           : securedrop-workstation-buster
              
              ====== ['tags'] ======
     Started: 14:08:42.480185
    Duration: 3560.47 ms
     Changes:   
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      autostart:
                          ----------
                          new:
                              True
                          old:
                              *default*
                      netvm:
                          ----------
                          new:
                              None
                          old:
                              *default*
              qvm.tags:
                  ----------
                  qvm.tags:
                      ----------
                      new:
                          - created-by-dom0
                          - sd-workstation
                      old:
                          - created-by-dom0
----------
          ID: dom0-crontab-update-notify
    Function: file.blockreplace
        Name: /etc/crontab
      Result: True
     Comment: Changes were made
     Started: 14:08:46.040974
    Duration: 3.235 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -13,3 +13,6 @@
                   # |  |  |  |  |
                   # *  *  *  *  * user-name  command to be executed
                   
                  +### BEGIN securedrop-workstation ###
                  +0 * * * * kdas DISPLAY=:0 /opt/securedrop/launcher/sdw-notify.py
                  +### END securedrop-workstation ###
----------
          ID: create-fancy-template
    Function: qvm.vm
        Name: fancy-template
      Result: True
     Comment: ====== ['clone'] ======
              [SKIP] A VM with the name 'fancy-template' already exists.
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,playground
     Started: 14:08:46.044335
    Duration: 557.454 ms
     Changes:   
----------
          ID: create-fancy-vm
    Function: qvm.vm
        Name: fancy
      Result: True
     Comment: ====== ['present'] ======
              [SKIP] A VM with the name 'fancy' already exists.
              
              ====== ['prefs'] ======
              [SKIP] template           : fancy-template
     Started: 14:08:46.602166
    Duration: 284.574 ms
     Changes:   
----------
          ID: sd-viewer-template
    Function: qvm.vm
        Name: sd-viewer-buster-template
      Result: True
     Comment: ====== ['clone'] ======
              /usr/bin/qvm-check sd-viewer-buster-template 
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-buster,sd-workstation,sd-workstation-updates
     Started: 14:08:46.888034
    Duration: 14535.488 ms
     Changes:   
----------
          ID: sd-viewer
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-create sd-viewer --class=AppVM --template=sd-viewer-buster-template --label=green 
              
              ====== ['prefs'] ======
              [SKIP] template           : sd-viewer-buster-template
              
              ====== ['features'] ======
              
              
              ====== ['tags'] ======
     Started: 14:09:01.424895
    Duration: 4248.087 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  qvm.features:
                      ----------
                      service.paxctld:
                          ----------
                          new:
                              1
                          old:
                              None
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              None
                          old:
                              *default*
                      template_for_dispvms:
                          ----------
                          new:
                              True
                          old:
                              *default*
              qvm.tags:
                  ----------
                  qvm.tags:
                      ----------
                      new:
                          - created-by-dom0
                          - sd-buster
                          - sd-viewer-vm
                          - sd-workstation
                      old:
                          - created-by-dom0
----------
          ID: sd-viewer-default-dispvm
    Function: cmd.run
        Name: qubes-prefs default_dispvm sd-viewer
      Result: True
     Comment: Command "qubes-prefs default_dispvm sd-viewer" run
     Started: 14:09:05.674255
    Duration: 376.369 ms
     Changes:   
              ----------
              pid:
                  29770
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: sd-whonix
    Function: qvm.vm
      Result: False
     Comment: One or more requisite failed: qvm.anon-whonix.anon-whonix
     Changes:   
----------
          ID: sd-proxy-template
    Function: qvm.vm
        Name: sd-proxy-buster-template
      Result: True
     Comment: ====== ['clone'] ======
              /usr/bin/qvm-check sd-proxy-buster-template 
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-buster,sd-workstation,sd-workstation-updates
     Started: 14:09:06.052200
    Duration: 14940.959 ms
     Changes:   
----------
          ID: sd-proxy
    Function: qvm.vm
      Result: False
     Comment: One or more requisite failed: sd-whonix.sd-whonix
     Changes:   
----------
          ID: sd-proxy-dom0-securedrop.Proxy
    Function: file.prepend
        Name: /etc/qubes-rpc/policy/securedrop.Proxy
      Result: True
     Comment: Prepended 2 lines
     Started: 14:09:20.995155
    Duration: 4.345 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -0,0 +1,2 @@
                  +sd-app sd-proxy allow
                  +@anyvm @anyvm deny
----------
          ID: sd-app-template
    Function: qvm.vm
        Name: sd-app-buster-template
      Result: True
     Comment: ====== ['clone'] ======
              /usr/bin/qvm-check sd-app-buster-template 
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-buster,sd-workstation,sd-workstation-updates
     Started: 14:09:21.000094
    Duration: 14989.899 ms
     Changes:   
----------
          ID: sd-app
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-create sd-app --class=AppVM --label=yellow 
              
              ====== ['prefs'] ======
              
              
              ====== ['features'] ======
              
              
              ====== ['tags'] ======
     Started: 14:09:35.991387
    Duration: 3911.004 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  qvm.features:
                      ----------
                      service.paxctld:
                          ----------
                          new:
                              1
                          old:
                              None
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              None
                          old:
                              *default*
                      template:
                          ----------
                          new:
                              sd-app-buster-template
                          old:
                              fedora-31
              qvm.tags:
                  ----------
                  qvm.tags:
                      ----------
                      new:
                          - created-by-dom0
                          - sd-client
                          - sd-workstation
                      old:
                          - created-by-dom0
----------
          ID: sd-app-private-volume-size
    Function: cmd.run
        Name: qvm-volume resize sd-app:private 10GiB

      Result: True
     Comment: Command "qvm-volume resize sd-app:private 10GiB
              " run
     Started: 14:09:39.903698
    Duration: 1647.331 ms
     Changes:   
              ----------
              pid:
                  31656
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: sd-app-template-sync-appmenus
    Function: cmd.run
        Name: qvm-start --skip-if-running sd-app-buster-template && qvm-sync-appmenus sd-app-buster-template

      Result: True
     Comment: State was not run because none of the onchanges reqs changed
     Changes:   
----------
          ID: anon-whonix-template-config
    Function: qvm.vm
        Name: anon-whonix
      Result: False
     Comment: One or more requisite failed: qvm.anon-whonix.anon-whonix
     Changes:   
----------
          ID: run-remove-upgrade-scripts
    Function: cmd.script
        Name: salt://securedrop-handle-upgrade
      Result: True
     Comment: Command 'salt://securedrop-handle-upgrade' run
     Started: 14:09:41.553313
    Duration: 419.223 ms
     Changes:   
              ----------
              pid:
                  31753
              retcode:
                  0
              stderr:
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-app-template'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-viewer-template'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-devices-template'
                  usage: qvm-check [--verbose] [--quiet] [--help] [--all] [--exclude EXCLUDE]
                                   [--running] [--paused] [--template] [--networked]
                                   [VMNAME [VMNAME ...]]
                  qvm-check: error: no such domain: 'sd-proxy-template'
              stdout:
----------
          ID: dom0-rpc-qubes.ClipboardPaste
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.ClipboardPaste
      Result: True
     Comment: Changes were made
     Started: 14:09:41.972933
    Duration: 13.892 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@tag:sd-send-app-clipboard sd-app ask
                  sd-app @tag:sd-receive-app-clipboard ask
                  @anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   ## Note that policy parsing stops at the first match,
                   ## so adding anything below "$anyvm $anyvm action" line will have no effect
                   ##
----------
          ID: dom0-rpc-qubes.FeaturesRequest
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.FeaturesRequest
      Result: True
     Comment: Changes were made
     Started: 14:09:41.986961
    Duration: 1.808 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   ## Note that policy parsing stops at the first match,
                   ## so adding anything below "$anyvm $anyvm action" line will have no effect
                   
----------
          ID: dom0-rpc-qubes.Filecopy
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.Filecopy
      Result: True
     Comment: Changes were made
     Started: 14:09:41.988889
    Duration: 2.235 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +sd-log @default ask
                  sd-log @tag:sd-receive-logs ask
                  sd-proxy @tag:sd-client allow
                  @anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   disp-mgmt-dev-proxy dev-proxy allow,user=root
                   disp-mgmt-fedora-29 fedora-29 allow,user=root
                   disp-mgmt-fedora-26 fedora-26 allow,user=root
----------
          ID: dom0-rpc-qubes.OpenInVM
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.OpenInVM
      Result: True
     Comment: Changes were made
     Started: 14:09:41.991245
    Duration: 2.163 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@tag:sd-client @dispvm:sd-viewer allow
                  @tag:sd-client sd-devices allow
                  sd-devices @dispvm:sd-viewer allow
                  @anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   sd-journalist sd-decrypt allow
                   sd-journalist sd-svs allow
                   sd-decrypt sd-svs allow
----------
          ID: dom0-rpc-qubes.OpenURL
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.OpenURL
      Result: True
     Comment: Changes were made
     Started: 14:09:41.993517
    Duration: 1.99 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   ## Note that policy parsing stops at the first match,
                   ## so adding anything below "$anyvm $anyvm action" line will have no effect
                   
----------
          ID: dom0-rpc-qubes.PdfConvert
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.PdfConvert
      Result: True
     Comment: Changes were made
     Started: 14:09:41.995621
    Duration: 1.95 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   ## Note that policy parsing stops at the first match,
                   ## so adding anything below "$anyvm $anyvm action" line will have no effect
                   
----------
          ID: dom0-rpc-qubes.StartApp
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.StartApp
      Result: True
     Comment: Changes were made
     Started: 14:09:41.997698
    Duration: 1.992 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   ## Note that policy parsing stops at the first match,
                   ## so adding anything below "$anyvm $anyvm action" line will have no effect
                   
----------
          ID: dom0-rpc-qubes.USB
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.USB
      Result: True
     Comment: Changes were made
     Started: 14:09:41.999807
    Duration: 1.992 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1 +1,4 @@
                  +### BEGIN securedrop-workstation ###
                  +sd-devices sys-usb allow
                  @anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   $anyvm $anyvm deny
----------
          ID: dom0-rpc-qubes.ensure.USBAttach
    Function: file.managed
        Name: /etc/qubes-rpc/policy/qubes.USBAttach
      Result: True
     Comment: File /etc/qubes-rpc/policy/qubes.USBAttach exists with proper permissions. No changes made.
     Started: 14:09:42.001917
    Duration: 0.583 ms
     Changes:   
----------
          ID: dom0-rpc-qubes.USBAttach
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.USBAttach
      Result: True
     Comment: Changes were made
     Started: 14:09:42.004018
    Duration: 3.005 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1 +1,4 @@
                  +### BEGIN securedrop-workstation ###
                  +sys-usb sd-devices allow,user=root
                  @anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   @anyvm @anyvm ask
----------
          ID: dom0-rpc-qubes.VMRootShell
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.VMRootShell
      Result: True
     Comment: Changes were made
     Started: 14:09:42.007162
    Duration: 2.021 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   disp-mgmt-dev-proxy dev-proxy allow,user=root
                   disp-mgmt-fedora-29 fedora-29 allow,user=root
                   disp-mgmt-fedora-26 fedora-26 allow,user=root
----------
          ID: dom0-rpc-qubes.VMshell
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.VMShell
      Result: True
     Comment: Changes were made
     Started: 14:09:42.009300
    Duration: 2.007 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,3 +1,6 @@
                  +### BEGIN securedrop-workstation ###
                  +@anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   disp-mgmt-dev-proxy dev-proxy allow,user=root
                   disp-mgmt-fedora-29 fedora-29 allow,user=root
                   disp-mgmt-fedora-26 fedora-26 allow,user=root
----------
          ID: dom0-rpc-qubes.Gpg
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.Gpg
      Result: True
     Comment: Changes were made
     Started: 14:09:42.011412
    Duration: 2.059 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,2 +1,5 @@
                  +### BEGIN securedrop-workstation ###
                  +@tag:sd-client sd-gpg allow
                  @anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   sd-svs sd-gpg allow
                   $anyvm  $anyvm  ask
----------
          ID: dom0-rpc-qubes.GpgImportKey
    Function: file.blockreplace
        Name: /etc/qubes-rpc/policy/qubes.GpgImportKey
      Result: True
     Comment: Changes were made
     Started: 14:09:42.013581
    Duration: 2.04 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,2 +1,5 @@
                  +### BEGIN securedrop-workstation ###
                  +@tag:sd-client sd-gpg allow
                  @anyvm @tag:sd-workstation deny
                  @tag:sd-workstation @anyvm deny
                  +### END securedrop-workstation ###
                   $anyvm  $anyvm  ask
                   deb-build sd-gpg allow
----------
          ID: sd-devices-template
    Function: qvm.vm
        Name: sd-devices-buster-template
      Result: True
     Comment: ====== ['clone'] ======
              /usr/bin/qvm-check sd-devices-buster-template 
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-buster,sd-workstation,sd-workstation-updates
     Started: 14:09:42.016240
    Duration: 14915.395 ms
     Changes:   
----------
          ID: sd-devices-dvm
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-create sd-devices-dvm --class=AppVM --template=sd-devices-buster-template --label=red 
              
              ====== ['prefs'] ======
              [SKIP] template           : sd-devices-buster-template
              
              ====== ['features'] ======
              
              
              ====== ['tags'] ======
     Started: 14:09:56.933003
    Duration: 4081.75 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  qvm.features:
                      ----------
                      service.paxctld:
                          ----------
                          new:
                              1
                          old:
                              None
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              None
                          old:
                              *default*
                      template_for_dispvms:
                          ----------
                          new:
                              True
                          old:
                              *default*
              qvm.tags:
                  ----------
                  qvm.tags:
                      ----------
                      new:
                          - created-by-dom0
                          - sd-buster
                          - sd-workstation
                      old:
                          - created-by-dom0
----------
          ID: sd-devices-template-sync-appmenus
    Function: cmd.run
        Name: qvm-start --skip-if-running sd-devices-buster-template && qvm-sync-appmenus sd-devices-buster-template

      Result: True
     Comment: State was not run because none of the onchanges reqs changed
     Changes:   
----------
          ID: sd-devices-create-named-dispvm
    Function: qvm.vm
        Name: sd-devices
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-create sd-devices --class=DispVM --template=sd-devices-dvm --label=red 
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-buster,sd-workstation
     Started: 14:10:01.016988
    Duration: 2995.303 ms
     Changes:   
----------
          ID: fedora-31-dvm
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              [SKIP] A VM with the name 'fedora-31-dvm' already exists.
              
              ====== ['prefs'] ======
              [SKIP] template_for_dispvms: True
              [SKIP] label              : red
              
              ====== ['features'] ======
              [SKIP] Feature already in desired state: ENABLE 'appmenus-dispvm' = Enabled
     Started: 14:10:04.012637
    Duration: 373.99 ms
     Changes:   
----------
          ID: echo -e 'firefox.desktop\nxterm.desktop' | qvm-appmenus --set-whitelist=- --update fedora-31-dvm
    Function: cmd.run
      Result: True
     Comment: Command "echo -e 'firefox.desktop\nxterm.desktop' | qvm-appmenus --set-whitelist=- --update fedora-31-dvm" run
     Started: 14:10:04.387000
    Duration: 820.833 ms
     Changes:   
              ----------
              pid:
                  705
              retcode:
                  0
              stderr:
                  fedora-31-dvm: Creating appmenus
              stdout:
----------
          ID: dom0-install-fedora-template
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed
     Started: 14:10:05.208306
    Duration: 1.334 ms
     Changes:   
----------
          ID: update-fedora-template-if-new
    Function: cmd.wait
        Name: sudo qubesctl --skip-dom0 --targets fedora-31 state.sls update.qubes-vm
      Result: True
     Comment: 
     Started: 14:10:05.211688
    Duration: 0.433 ms
     Changes:   
----------
          ID: set-fedora-default-template-version
    Function: cmd.run
        Name: qubes-prefs default_template fedora-31
      Result: True
     Comment: Command "qubes-prefs default_template fedora-31" run
     Started: 14:10:05.212813
    Duration: 389.284 ms
     Changes:   
              ----------
              pid:
                  712
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: topd-always-passes
    Function: test.succeed_without_changes
        Name: foo
      Result: True
     Comment: Success!
     Started: 14:10:05.606221
    Duration: 0.634 ms
     Changes:   
----------
          ID: sd-log-template
    Function: qvm.vm
        Name: sd-log-buster-template
      Result: True
     Comment: ====== ['clone'] ======
              /usr/bin/qvm-check sd-log-buster-template 
              
              ====== ['tags'] ======
              [SKIP] All requested tags already set: created-by-dom0,sd-buster,sd-workstation,sd-workstation-updates
     Started: 14:10:05.607754
    Duration: 14999.55 ms
     Changes:   
----------
          ID: sd-log
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-create sd-log --class=AppVM --template=sd-log-buster-template --label=red 
              
              ====== ['prefs'] ======
              
              
              ====== ['features'] ======
              
              
              ====== ['tags'] ======
     Started: 14:10:20.608742
    Duration: 4649.983 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  qvm.features:
                      ----------
                      service.paxctld:
                          ----------
                          new:
                              1
                          old:
                              None
                      service.redis:
                          ----------
                          new:
                              1
                          old:
                              None
                      service.securedrop-log:
                          ----------
                          new:
                              1
                          old:
                              None
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      autostart:
                          ----------
                          new:
                              True
                          old:
                              *default*
                      netvm:
                          ----------
                          new:
                              None
                          old:
                              *default*
              qvm.tags:
                  ----------
                  qvm.tags:
                      ----------
                      new:
                          - created-by-dom0
                          - sd-workstation
                      old:
                          - created-by-dom0
----------
          ID: sd-log-dom0-securedrop.Log
    Function: file.prepend
        Name: /etc/qubes-rpc/policy/securedrop.Log
      Result: True
     Comment: Prepended 2 lines
     Started: 14:10:25.259084
    Duration: 3.689 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -0,0 +1,2 @@
                  +@tag:sd-workstation sd-log allow
                  +@anyvm @anyvm deny
----------
          ID: sd-log-private-volume-size
    Function: cmd.run
        Name: qvm-volume resize sd-log:private 5GiB

      Result: True
     Comment: Command "qvm-volume resize sd-log:private 5GiB
              " run
     Started: 14:10:25.263879
    Duration: 1708.968 ms
     Changes:   
              ----------
              pid:
                  1834
              retcode:
                  0
              stderr:
              stdout:

Summary for local
-------------
Succeeded: 77 (changed=43)
Failed:     7
-------------
Total states run:     84
Total run time:  605.127 s
DOM0 configuration failed, not continuing
Makefile:19: recipe for target 'dev' failed
make: *** [dev] Error 1

Update: Found the issue, working to fix anon-whonix first.

@kushaldas
Copy link
Contributor

The client works well. But, there is one error in make test.

FAIL: test_files_are_properly_copied (test_sys_usb.SD_SysUSB_Tests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/kdas/securedrop-workstation/tests/test_sys_usb.py", line 12, in test_files_are_properly_copied
    self.assertTrue(self._fileExists("/etc/udev/rules.d/99-sd-devices.rules"))
AssertionError: False is not true

@conorsch conorsch mentioned this issue Jul 9, 2020
Open
@emkll emkll mentioned this issue Jul 10, 2020
Open
@emkll
Copy link
Contributor

emkll commented Jul 14, 2020

Closed via freedomofpress/securedrop-yum-prod#11

@emkll emkll closed this as completed Jul 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emkll emkll

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kushaldas @conorsch @emkll