Switch to fedora-33 for sys-* VMs

README.md

@@ -186,7 +186,7 @@ When developing on the Workstation, make sure to edit files in `sd-dev`, then co
 
 The staging environment is intended to provide an experience closer to a production environment. For example, it will alter power management settings on your laptop to prevent suspending it to disk, and make other changes that may not be desired during day-to-day development in Qubes.
 
-#### Update `dom0`, `fedora-32`, `whonix-gw-15` and `whonix-ws-15` templates
+#### Update `dom0`, `fedora-33`, `whonix-gw-15` and `whonix-ws-15` templates
 
 Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong.
 

dom0/sd-clean-all.sls

@@ -5,7 +5,7 @@
 
 set-fedora-as-default-dispvm:
   cmd.run:
-    - name: qvm-check fedora-32-dvm && qubes-prefs default_dispvm fedora-32-dvm || qubes-prefs default_dispvm ''
+    - name: qvm-check fedora-33-dvm && qubes-prefs default_dispvm fedora-33-dvm || qubes-prefs default_dispvm ''
 
 {% set gui_user = salt['cmd.shell']('groupmems -l -g qubes') %}
 

dom0/sd-clean-default-dispvm.sls

@@ -3,4 +3,4 @@
 
 set-fedora-as-default-dispvm:
   cmd.run:
-    - name: qvm-check fedora-32-dvm && qubes-prefs default_dispvm fedora-32-dvm || qubes-prefs default_dispvm ''
+    - name: qvm-check fedora-33-dvm && qubes-prefs default_dispvm fedora-33-dvm || qubes-prefs default_dispvm ''

dom0/sd-sys-vms.sls

@@ -9,20 +9,32 @@ include:
   # DispVM is created
   - qvm.default-dispvm
 
-{% set sd_supported_fedora_version = 'fedora-32' %}
+{% set sd_supported_fedora_version = 'fedora-33' %}
 
 # Install latest templates required for SDW VMs.
 dom0-install-fedora-template:
   pkg.installed:
     - pkgs:
       - qubes-template-{{ sd_supported_fedora_version }}
 
+# Update the mgmt VM before updating the new Fedora VM. The order is required
+# and listed in the release notes for F32 & F33.
+set-fedora-template-as-default-mgmt-dvm:
+  cmd.run:
+    - name: >
+        qvm-shutdown --wait default-mgmt-dvm &&
+        qvm-prefs default-mgmt-dvm template {{ sd_supported_fedora_version }}
+    - require:
+      - pkg: dom0-install-fedora-template
+
 # If the VM has just been installed via package manager, update it immediately
 update-fedora-template-if-new:
   cmd.wait:
     - name: sudo qubesctl --skip-dom0 --targets {{ sd_supported_fedora_version }} state.sls update.qubes-vm
     - require:
       - pkg: dom0-install-fedora-template
+      # Update the mgmt-dvm setting first, to avoid problems during first update
+      - cmd: set-fedora-template-as-default-mgmt-dvm
     - watch:
       - pkg: dom0-install-fedora-template
 # qvm.default-dispvm is not strictly required here, but we want it to be
@@ -35,7 +47,8 @@ set-fedora-default-template-version:
       - pkg: dom0-install-fedora-template
       - sls: qvm.default-dispvm
 
-{% for sys_vm in ['sys-usb', 'sys-net', 'sys-firewall', 'default-mgmt-dvm'] %}
+# Now proceed with rebooting all the sys-* VMs, since the new template is up to date.
+{% for sys_vm in ['sys-usb', 'sys-net', 'sys-firewall'] %}
 {% if salt['cmd.shell']('qvm-prefs '+sys_vm+' template') != sd_supported_fedora_version %}
 sd-{{ sys_vm }}-fedora-version-halt:
   qvm.kill:

launcher/sdw_updater_gui/Updater.py

@@ -38,7 +38,7 @@
 # as well as their associated TemplateVMs.
 # In the future, we could use qvm-prefs to extract this information.
 current_vms = {
-    "fedora": "fedora-32",
+    "fedora": "fedora-33",
     "sd-viewer": "sd-large-buster-template",
     "sd-app": "sd-small-buster-template",
     "sd-log": "sd-small-buster-template",

launcher/tests/test_updater.py

@@ -500,7 +500,7 @@ def test_shutdown_and_start_vms(
         call("sys-usb"),
     ]
     template_vm_calls = [
-        call("fedora-32"),
+        call("fedora-33"),
         call("sd-large-buster-template"),
         call("sd-small-buster-template"),
         call("whonix-gw-15"),
@@ -548,7 +548,7 @@ def test_shutdown_and_start_vms_sysvm_fail(
         call("sd-log"),
     ]
     template_vm_calls = [
-        call("fedora-32"),
+        call("fedora-33"),
         call("sd-large-buster-template"),
         call("sd-small-buster-template"),
         call("whonix-gw-15"),

scripts/build-dom0-rpm

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Builds RPMs for installation in dom0. RPMs are fully reproducible.
-# Targets F25 & F32 for Qubes 4.0 and 4.1 support.
+# Targets fedora-25 & fedora-32 for Qubes 4.0 and 4.1 support.
 set -e
 set -u
 set -o pipefail
@@ -28,9 +28,9 @@ export SOURCE_DATE_EPOCH
 cp dist/*.tar.gz rpm-build/SOURCES/
 
 # Build for Qubes 4.0.x and 4.1.x, for which dom0 is based on
-# F25 and F32, respectively.
+# fedora-25 and fedora-32, respectively.
 for i in 25 32; do
-    # dom0 defaults to python3.5 in F25
+    # dom0 defaults to python3.5 in fedora-25
     python_version="python3.5"
     if [[ $i = 32 ]]; then
         python_version="python3.8"

scripts/prep-dev

@@ -12,7 +12,7 @@ dom0_dev_dir="$HOME/securedrop-workstation"
 
 function find_latest_rpm() {
     # Look up which version of dom0 we're using.
-    # Qubes 4.0 is fc25, Qubes 4.1 will be fc32.
+    # Qubes 4.0 is fedora-25, Qubes 4.1 will be fedora-32.
     fedora_version="$(rpm --eval '%{fedora}')"
     find "${dom0_dev_dir}/rpm-build/RPMS/" -type f -iname "*fc${fedora_version}.noarch.rpm" -print0 | xargs -0 ls -t | head -n 1
 }

tests/base.py

@@ -7,7 +7,7 @@
 
 # Reusable constant for DRY import across tests
 WANTED_VMS = ["sd-gpg", "sd-log", "sd-proxy", "sd-app", "sd-viewer", "sd-whonix", "sd-devices"]
-CURRENT_FEDORA_VERSION = "32"
+CURRENT_FEDORA_VERSION = "33"
 CURRENT_FEDORA_TEMPLATE = "fedora-" + CURRENT_FEDORA_VERSION
 CURRENT_WHONIX_VERSION = "15"