Remove old templates after upgrade to buster templates

Shut down and remove the following Debian Stretch templates: * sd-svs-template * sd-svs-disp-template * sd-export-template * securedrop-workstation Adds test to ensure the templates have been properly deleted.
freedomofpress · Dec 2, 2019 · 35c1a20 · 35c1a20
1 parent 92770b6
commit 35c1a20
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 2 deletions.
diff --git a/dom0/sd-dom0-files.sls b/dom0/sd-dom0-files.sls
@@ -46,7 +46,6 @@ dom0-workstation-rpm-repo:
 dom0-install-securedrop-workstation-template:
   pkg.installed:
     - pkgs:
-      - qubes-template-securedrop-workstation
       - qubes-template-securedrop-workstation-buster
     - require:
       - file: dom0-workstation-rpm-repo

diff --git a/dom0/sd-export.sls b/dom0/sd-export.sls
@@ -34,6 +34,7 @@ sd-export-usb-dvm:
     - tags:
       - add:
         - sd-workstation
+        - buster
     - features:
       - enable:
         - service.paxctld

diff --git a/dom0/sd-remove-unused-templates.sls b/dom0/sd-remove-unused-templates.sls
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+run-remove-upgrade-scripts:
+  cmd.script:
+    - name: salt://handle-upgrade
+    - args: remove
diff --git a/dom0/sd-svs-disp.sls b/dom0/sd-svs-disp.sls
@@ -38,6 +38,7 @@ sd-svs-disp:
       - add:
         - sd-workstation
         - sd-svs-disp-vm
+        - buster
     - features:
       - enable:
         - service.paxctld

diff --git a/dom0/sd-svs.sls b/dom0/sd-svs.sls
@@ -20,6 +20,7 @@ sd-svs-template:
     - tags:
       - add:
         - sd-workstation
+        - buster
     - require:
       - sls: sd-workstation-template
       - sls: sd-upgrade-templates

diff --git a/dom0/sd-workstation-template.sls b/dom0/sd-workstation-template.sls
@@ -14,6 +14,7 @@ sd-workstation-template:
     - tags:
       - add:
         - sd-workstation
+        - buster
     - features:
       - enable:
         - service.paxctld

diff --git a/dom0/sd-workstation.top b/dom0/sd-workstation.top
@@ -14,6 +14,7 @@ base:
     - sd-svs-disp
     - sd-svs
     - sd-whonix
+    - sd-remove-unused-templates
   sd-export-template:
     - sd-export-files
   sd-gpg:

diff --git a/scripts/handle-upgrade b/scripts/handle-upgrade
@@ -53,7 +53,17 @@ if [[ $TASK == "prepare" ]]; then
 		fi
 	fi
 elif [[ $TASK == "remove" ]]; then
-	echo "placeholder"
+	# For each template, ensure the TemplateVM exists, that it is shut down
+	# before deleting it.
+	for template in sd-svs-template sd-svs-disp-template sd-export-template
+	do
+		if qvm-check "${template}" --quiet; then
+			if qvm-check --running "${template}"; then
+				qvm-shutdown --wait "${template}"
+			fi
+			qvm-remove -f "${template}"
+		fi
+	done
 else
 	echo "Please specify prepare or remove"
 	exit 1

diff --git a/tests/test_dom0_config.py b/tests/test_dom0_config.py
@@ -0,0 +1,26 @@
+import subprocess
+import unittest
+
+STRETCH_TEMPLATES = ["sd-svs-template",
+                     "sd-svs-disp-template",
+                     "sd-export-template"]
+
+
+class SD_Qubes_Dom0_Templates_Tests(unittest.TestCase):
+
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def test_Templates_cleaned_up(self):
+        cmd = ["qvm-ls", "--raw-list"]
+        contents = subprocess.check_output(cmd).decode("utf-8").strip()
+        for template in contents.split():
+            self.assertTrue(template not in STRETCH_TEMPLATES)
+
+
+def load_tests(loader, tests, pattern):
+    suite = unittest.TestLoader().loadTestsFromTestCase(SD_Qubes_Dom0_Templates_Tests)
+    return suite
-Original file line number
+Diff line change
@@ Expand Up / @@ -34,6 +34,7 @@ sd-export-usb-dvm: @@
         - tags:
           - add:
             - sd-workstation
+            - buster
         - features:
           - enable:
             - service.paxctld
@@ Expand Down @@