From 12633d2eb65b788856c4b448266631c928d5da47 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Mon, 18 May 2020 09:31:10 -0700 Subject: [PATCH] Converts F30 -> F31 in dev env These changes ensure that fedora-31 is preferred everywhere. Running a `make dev` will ensure that the handle-upgrade logic is run, restarting the VMs as required. What's *not* included in this change is a method for handling automated upgrades in staging/prod. In order to accomplish unattended transition from f30 -> f31, we'll have to update the dom0 state management logic to "include" the handle-upgrade script. --- README.md | 6 +++--- dom0/sd-clean-all.sls | 2 +- dom0/sd-clean-default-dispvm.sls | 2 +- dom0/sd-dom0-files.sls | 4 ++-- dom0/sd-sys-vms.sls | 6 +++--- launcher/sdw_updater_gui/Updater.py | 2 +- launcher/tests/test_updater.py | 4 ++-- tests/test_qubes_vms.py | 2 +- tests/test_vms_platform.py | 6 +++--- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index bcf765b1..cf4b77c2 100644 --- a/README.md +++ b/README.md @@ -182,7 +182,7 @@ As of March 2020, the production environment is in beta. The staging environment **IMPORTANT: THE STAGING ENVIRONMENT SHOULD NEVER BE USED FOR PRODUCTION PURPOSES. IT SHOULD BE USED ON TEST MACHINES ONLY.** -#### Update `dom0`, `fedora-30`, `whonix-gw-15` and `whonix-ws-15` templates +#### Update `dom0`, `fedora-31`, `whonix-gw-15` and `whonix-ws-15` templates Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong. Before proceeding to updates, we must ensure that `sys-whonix` can bootstrap to the Tor network. In the Qubes menu, navigate to `sys-whonix` and click on `Anon Connection Wizard` and click `Next` and ensure the Tor Bootstrap process completes successfully. @@ -422,8 +422,8 @@ Your export devices should be labeled, and used for nothing else. ### Transferring files via OnionShare -1. Create an `sd-onionshare-template` VM based on `fedora-30`: - 1. Click on the Qubes menu in the upper left, select "Template: Fedora 30", click on "fedora-30: Qube Settings", and click on **Clone Qube** +1. Create an `sd-onionshare-template` VM based on `fedora-31`: + 1. Click on the Qubes menu in the upper left, select "Template: Fedora 31", click on "fedora-31: Qube Settings", and click on **Clone Qube** 2. Name the cloned qube `sd-onionshare-template` 3. In the Qubes menu on the top-left, select "Template: sd-onionshare-template" and click on "sd-onionshare-template: Terminal" 4. Install OnionShare: `sudo dnf install onionshare` diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls index 069b84c7..32691312 100644 --- a/dom0/sd-clean-all.sls +++ b/dom0/sd-clean-all.sls @@ -5,7 +5,7 @@ set-fedora-as-default-dispvm: cmd.run: - - name: qvm-check fedora-30-dvm && qubes-prefs default_dispvm fedora-30-dvm || qubes-prefs default_dispvm '' + - name: qvm-check fedora-31-dvm && qubes-prefs default_dispvm fedora-31-dvm || qubes-prefs default_dispvm '' {% set gui_user = salt['cmd.shell']('groupmems -l -g qubes') %} diff --git a/dom0/sd-clean-default-dispvm.sls b/dom0/sd-clean-default-dispvm.sls index 4acecc0f..e24f32e2 100644 --- a/dom0/sd-clean-default-dispvm.sls +++ b/dom0/sd-clean-default-dispvm.sls @@ -3,4 +3,4 @@ set-fedora-as-default-dispvm: cmd.run: - - name: qvm-check fedora-30-dvm && qubes-prefs default_dispvm fedora-30-dvm || qubes-prefs default_dispvm '' + - name: qvm-check fedora-31-dvm && qubes-prefs default_dispvm fedora-31-dvm || qubes-prefs default_dispvm '' diff --git a/dom0/sd-dom0-files.sls b/dom0/sd-dom0-files.sls index 3b909fcf..19bcf6d7 100644 --- a/dom0/sd-dom0-files.sls +++ b/dom0/sd-dom0-files.sls @@ -19,7 +19,7 @@ dom0-rpm-test-key: file.managed: # We write the pubkey to the repos config location, because the repos # config location is automatically sent to dom0's UpdateVM. Otherwise, - # we must place the GPG key inside the fedora-30 TemplateVM, then + # we must place the GPG key inside the fedora-31 TemplateVM, then # restart sys-firewall. - name: /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation - source: "salt://sd/sd-workstation/{{ sdvars.signing_key_filename }}" @@ -222,4 +222,4 @@ dom0-disable-unsafe-power-management-xfce: - name: salt://update-xfce-settings - args: disable-unsafe-power-management - runas: {{ gui_user }} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/dom0/sd-sys-vms.sls b/dom0/sd-sys-vms.sls index 5599f829..db6345d3 100644 --- a/dom0/sd-sys-vms.sls +++ b/dom0/sd-sys-vms.sls @@ -5,11 +5,11 @@ # an up-to-date version of Fedora, in order to receive security updates. include: - # Import the upstream Qubes-maintained default-dispvm to ensure fedora-30-dvm + # Import the upstream Qubes-maintained default-dispvm to ensure fedora-31-dvm # is created. - qvm.default-dispvm -{% set sd_supported_fedora_version = 'fedora-30' %} +{% set sd_supported_fedora_version = 'fedora-31' %} # Install latest templates required for SDW VMs. dom0-install-fedora-template: @@ -19,7 +19,7 @@ dom0-install-fedora-template: # qvm.default-dispvm is not strictly required here, but we want it to be # updated as soon as possible to ensure make clean completes successfully, as -# is sets the default_dispvm to fedora-30-dvm +# is sets the default_dispvm to fedora-31-dvm set-fedora-default-template-version: cmd.run: - name: qubes-prefs default_template {{ sd_supported_fedora_version }} diff --git a/launcher/sdw_updater_gui/Updater.py b/launcher/sdw_updater_gui/Updater.py index affb85cf..41f3e98c 100644 --- a/launcher/sdw_updater_gui/Updater.py +++ b/launcher/sdw_updater_gui/Updater.py @@ -30,7 +30,7 @@ # In the future, we could use qvm-prefs to extract this information. current_templates = { "dom0": "dom0", - "fedora": "fedora-30", + "fedora": "fedora-31", "sd-viewer": "sd-viewer-buster-template", "sd-app": "sd-app-buster-template", "sd-log": "sd-log-buster-template", diff --git a/launcher/tests/test_updater.py b/launcher/tests/test_updater.py index f886a546..6b6b02a7 100644 --- a/launcher/tests/test_updater.py +++ b/launcher/tests/test_updater.py @@ -688,7 +688,7 @@ def test_shutdown_and_start_vms( call("sys-usb"), ] template_vm_calls = [ - call("fedora-30"), + call("fedora-31"), call("sd-viewer-buster-template"), call("sd-app-buster-template"), call("sd-log-buster-template"), @@ -743,7 +743,7 @@ def test_shutdown_and_start_vms_sysvm_fail( call("sd-log"), ] template_vm_calls = [ - call("fedora-30"), + call("fedora-31"), call("sd-viewer-buster-template"), call("sd-app-buster-template"), call("sd-log-buster-template"), diff --git a/tests/test_qubes_vms.py b/tests/test_qubes_vms.py index e1031962..820404c7 100644 --- a/tests/test_qubes_vms.py +++ b/tests/test_qubes_vms.py @@ -3,7 +3,7 @@ from qubesadmin import Qubes -CURRENT_FEDORA_VERSION = "30" +CURRENT_FEDORA_VERSION = "31" CURRENT_WHONIX_VERSION = "15" diff --git a/tests/test_vms_platform.py b/tests/test_vms_platform.py index 64274f22..36961877 100644 --- a/tests/test_vms_platform.py +++ b/tests/test_vms_platform.py @@ -141,8 +141,8 @@ def test_all_fedora_vms_uptodate(self): """ # Technically we want to know whether the sys-firewall, sys-net, and # sys-usb VMs have their updates installed. This test assumes those - # AppVMs are based on fedora-30. - vm_name = "fedora-30" + # AppVMs are based on fedora-31. + vm_name = "fedora-31" vm = self.app.domains[vm_name] self._ensure_packages_up_to_date(vm, fedora=True) vm.shutdown() @@ -193,7 +193,7 @@ def test_sys_vms_use_supported_fedora(self): "sys-usb", ] for vm in sys_vms: - wanted_template = "fedora-30" + wanted_template = "fedora-31" found_template = self.app.domains[vm].template.name self.assertEqual(wanted_template, found_template)