Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optimize Fedora Template updates #486

Merged
merged 4 commits into from
Mar 5, 2020
Merged

Optimize Fedora Template updates #486

merged 4 commits into from
Mar 5, 2020

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Mar 4, 2020

Status

Ready for review

Description of Changes

Towards #459

  • fedora-30 updates no longer trigger workstation reboot: fedora-based AppVMs will be rebooted after the upgrade completes.
  • Assumes that fedora-30 updates are required, given the frequency of updates to fedora-30

Testing

  • This is a meaningful optimization for end-users and will reduce the total time to use the workstation, without impacting the patch level of VMs.
  • make clone and make prep-dom0
  • Run the updater (delete ~/.securedrop_launcher/sdw-update-status if required)
  • Rebooting of VMs occurs without issue (dnf downgrade zlib in fedora-30 to trigger updates)
  • Updates complete successfully
  • delete ~/.securedrop_launcher/sdw-update-status
  • Run updater again, whonix-based vms properly update (doesn't take a long time, as sys-whonix is functional)
  • Test coverage of Updater.py is 100%

Checklist

If you have made code changes

  • Linter (make flake8) passes in the development environment (this box may
    be left unchecked, as flake8 also runs in CI)

emkll added 3 commits March 4, 2020 10:31
@emkll
qvm-kill and qvm-start fedora-based sysvms
1b8453f 
In lieu of requiring a workstation reboot, this tradeoff will ensure that reboots are not required every time the workstation is used. The tradeoff is that the network will be temporarily interrupted.
@emkll
sys-whonix VM must be restarted after sys-firewall/sys-net
472c483 
This will ensure the tor circuit is rebuilt and functional after those reboots
@emkll
Assume fedora template always needs updates
2163be9 
Due to the rapid update cycle, we should assume updates are required to reduce the need to start the VM to check for updates
@emkll emkll marked this pull request as ready for review March 4, 2020 17:28
redshiftzero
redshiftzero reviewed Mar 5, 2020
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I first downgraded salt packages as described in #485 and then ran through the test plan here. All works as advertised and these changes make sense to me. A couple minor comments inline

launcher/sdw_updater_gui/strings.py Outdated Show resolved Hide resolved
launcher/sdw_updater_gui/Updater.py Outdated Show resolved Hide resolved
launcher/sdw_updater_gui/Updater.py Show resolved Hide resolved
@redshiftzero
Copy link
Contributor

Holding off on merge for a bit since @conorsch mentioned he also wanted to take a look at this pre-merge

@conorsch
Copy link
Contributor

conorsch commented Mar 5, 2020

Nothing to add, diff looks grand, all review comments addressed. 👍

@conorsch conorsch merged commit 8f60f29 into master Mar 5, 2020
@conorsch conorsch mentioned this pull request Mar 5, 2020
Merged
9 tasks
@eloquence eloquence mentioned this pull request Mar 6, 2020
Closed
@eloquence eloquence mentioned this pull request Mar 26, 2020
Closed
@emkll emkll mentioned this pull request May 21, 2020
Merged
15 tasks
cfm pushed a commit that referenced this pull request Apr 1, 2024
@conorsch
Merge pull request #486 from freedomofpress/459-fedora-template-optim…
e81a259 
…izations

Optimize Fedora Template updates
@legoktm legoktm deleted the 459-fedora-template-optimizations branch May 28, 2024 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@emkll @redshiftzero @conorsch