From d9e386278749d66e63ef7776081eaa5cb9607ce9 Mon Sep 17 00:00:00 2001 From: Erik Moeller Date: Thu, 6 May 2021 14:48:58 -0700 Subject: [PATCH 1/2] Switch to fedora-33 for sys-* VMs --- README.md | 2 +- dom0/sd-clean-all.sls | 2 +- dom0/sd-clean-default-dispvm.sls | 2 +- dom0/sd-sys-vms.sls | 2 +- launcher/sdw_updater_gui/Updater.py | 2 +- launcher/tests/test_updater.py | 4 ++-- scripts/build-dom0-rpm | 6 +++--- scripts/prep-dev | 2 +- tests/base.py | 2 +- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index fddac6fb..fe0778f2 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,7 @@ When developing on the Workstation, make sure to edit files in `sd-dev`, then co The staging environment is intended to provide an experience closer to a production environment. For example, it will alter power management settings on your laptop to prevent suspending it to disk, and make other changes that may not be desired during day-to-day development in Qubes. -#### Update `dom0`, `fedora-32`, `whonix-gw-15` and `whonix-ws-15` templates +#### Update `dom0`, `fedora-33`, `whonix-gw-15` and `whonix-ws-15` templates Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong. diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls index 75ce13dc..d2a6adaa 100644 --- a/dom0/sd-clean-all.sls +++ b/dom0/sd-clean-all.sls @@ -5,7 +5,7 @@ set-fedora-as-default-dispvm: cmd.run: - - name: qvm-check fedora-32-dvm && qubes-prefs default_dispvm fedora-32-dvm || qubes-prefs default_dispvm '' + - name: qvm-check fedora-33-dvm && qubes-prefs default_dispvm fedora-33-dvm || qubes-prefs default_dispvm '' {% set gui_user = salt['cmd.shell']('groupmems -l -g qubes') %} diff --git a/dom0/sd-clean-default-dispvm.sls b/dom0/sd-clean-default-dispvm.sls index 7de59a89..75528733 100644 --- a/dom0/sd-clean-default-dispvm.sls +++ b/dom0/sd-clean-default-dispvm.sls @@ -3,4 +3,4 @@ set-fedora-as-default-dispvm: cmd.run: - - name: qvm-check fedora-32-dvm && qubes-prefs default_dispvm fedora-32-dvm || qubes-prefs default_dispvm '' + - name: qvm-check fedora-33-dvm && qubes-prefs default_dispvm fedora-33-dvm || qubes-prefs default_dispvm '' diff --git a/dom0/sd-sys-vms.sls b/dom0/sd-sys-vms.sls index bb148acd..3f0194d4 100644 --- a/dom0/sd-sys-vms.sls +++ b/dom0/sd-sys-vms.sls @@ -9,7 +9,7 @@ include: # DispVM is created - qvm.default-dispvm -{% set sd_supported_fedora_version = 'fedora-32' %} +{% set sd_supported_fedora_version = 'fedora-33' %} # Install latest templates required for SDW VMs. dom0-install-fedora-template: diff --git a/launcher/sdw_updater_gui/Updater.py b/launcher/sdw_updater_gui/Updater.py index 36760a7a..605877d0 100644 --- a/launcher/sdw_updater_gui/Updater.py +++ b/launcher/sdw_updater_gui/Updater.py @@ -38,7 +38,7 @@ # as well as their associated TemplateVMs. # In the future, we could use qvm-prefs to extract this information. current_vms = { - "fedora": "fedora-32", + "fedora": "fedora-33", "sd-viewer": "sd-large-buster-template", "sd-app": "sd-small-buster-template", "sd-log": "sd-small-buster-template", diff --git a/launcher/tests/test_updater.py b/launcher/tests/test_updater.py index cd18ef6c..007eafdb 100644 --- a/launcher/tests/test_updater.py +++ b/launcher/tests/test_updater.py @@ -500,7 +500,7 @@ def test_shutdown_and_start_vms( call("sys-usb"), ] template_vm_calls = [ - call("fedora-32"), + call("fedora-33"), call("sd-large-buster-template"), call("sd-small-buster-template"), call("whonix-gw-15"), @@ -548,7 +548,7 @@ def test_shutdown_and_start_vms_sysvm_fail( call("sd-log"), ] template_vm_calls = [ - call("fedora-32"), + call("fedora-33"), call("sd-large-buster-template"), call("sd-small-buster-template"), call("whonix-gw-15"), diff --git a/scripts/build-dom0-rpm b/scripts/build-dom0-rpm index 7d771a91..54ad218a 100755 --- a/scripts/build-dom0-rpm +++ b/scripts/build-dom0-rpm @@ -1,6 +1,6 @@ #!/bin/bash # Builds RPMs for installation in dom0. RPMs are fully reproducible. -# Targets F25 & F32 for Qubes 4.0 and 4.1 support. +# Targets fedora-25 & fedora-32 for Qubes 4.0 and 4.1 support. set -e set -u set -o pipefail @@ -28,9 +28,9 @@ export SOURCE_DATE_EPOCH cp dist/*.tar.gz rpm-build/SOURCES/ # Build for Qubes 4.0.x and 4.1.x, for which dom0 is based on -# F25 and F32, respectively. +# fedora-25 and fedora-32, respectively. for i in 25 32; do - # dom0 defaults to python3.5 in F25 + # dom0 defaults to python3.5 in fedora-25 python_version="python3.5" if [[ $i = 32 ]]; then python_version="python3.8" diff --git a/scripts/prep-dev b/scripts/prep-dev index 37f4462d..5e4abaa5 100755 --- a/scripts/prep-dev +++ b/scripts/prep-dev @@ -12,7 +12,7 @@ dom0_dev_dir="$HOME/securedrop-workstation" function find_latest_rpm() { # Look up which version of dom0 we're using. - # Qubes 4.0 is fc25, Qubes 4.1 will be fc32. + # Qubes 4.0 is fedora-25, Qubes 4.1 will be fedora-32. fedora_version="$(rpm --eval '%{fedora}')" find "${dom0_dev_dir}/rpm-build/RPMS/" -type f -iname "*fc${fedora_version}.noarch.rpm" -print0 | xargs -0 ls -t | head -n 1 } diff --git a/tests/base.py b/tests/base.py index a6c8cec7..4f659da3 100644 --- a/tests/base.py +++ b/tests/base.py @@ -7,7 +7,7 @@ # Reusable constant for DRY import across tests WANTED_VMS = ["sd-gpg", "sd-log", "sd-proxy", "sd-app", "sd-viewer", "sd-whonix", "sd-devices"] -CURRENT_FEDORA_VERSION = "32" +CURRENT_FEDORA_VERSION = "33" CURRENT_FEDORA_TEMPLATE = "fedora-" + CURRENT_FEDORA_VERSION CURRENT_WHONIX_VERSION = "15" From f416a58db7faf96f1a9fb462499d4db57c7c8b17 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Fri, 7 May 2021 13:07:25 -0700 Subject: [PATCH 2/2] Update the mgmt-dvm setting early When installing a new Fedora template, we must update the default-mgmt-dvm template setting to be the new package, even before updating the new template itself. That requirement is documented in the release notes, e.g. https://www.qubes-os.org/news/2021/02/25/fedora-33-templates-available/ --- dom0/sd-sys-vms.sls | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/dom0/sd-sys-vms.sls b/dom0/sd-sys-vms.sls index 3f0194d4..804aa7af 100644 --- a/dom0/sd-sys-vms.sls +++ b/dom0/sd-sys-vms.sls @@ -17,12 +17,24 @@ dom0-install-fedora-template: - pkgs: - qubes-template-{{ sd_supported_fedora_version }} +# Update the mgmt VM before updating the new Fedora VM. The order is required +# and listed in the release notes for F32 & F33. +set-fedora-template-as-default-mgmt-dvm: + cmd.run: + - name: > + qvm-shutdown --wait default-mgmt-dvm && + qvm-prefs default-mgmt-dvm template {{ sd_supported_fedora_version }} + - require: + - pkg: dom0-install-fedora-template + # If the VM has just been installed via package manager, update it immediately update-fedora-template-if-new: cmd.wait: - name: sudo qubesctl --skip-dom0 --targets {{ sd_supported_fedora_version }} state.sls update.qubes-vm - require: - pkg: dom0-install-fedora-template + # Update the mgmt-dvm setting first, to avoid problems during first update + - cmd: set-fedora-template-as-default-mgmt-dvm - watch: - pkg: dom0-install-fedora-template # qvm.default-dispvm is not strictly required here, but we want it to be @@ -35,7 +47,8 @@ set-fedora-default-template-version: - pkg: dom0-install-fedora-template - sls: qvm.default-dispvm -{% for sys_vm in ['sys-usb', 'sys-net', 'sys-firewall', 'default-mgmt-dvm'] %} +# Now proceed with rebooting all the sys-* VMs, since the new template is up to date. +{% for sys_vm in ['sys-usb', 'sys-net', 'sys-firewall'] %} {% if salt['cmd.shell']('qvm-prefs '+sys_vm+' template') != sd_supported_fedora_version %} sd-{{ sys_vm }}-fedora-version-halt: qvm.kill: