Update base templates to buster

Makefile

@@ -50,7 +50,9 @@ sd-export: prep-salt ## Provisions SD Export VM
 clean-salt: assert-dom0 ## Purges SD Salt configuration from dom0
 	@echo "Purging Salt config..."
 	@sudo rm -rf /srv/salt/sd
+	@sudo find /srv/salt -maxdepth 1 -type f -iname 'fpf*' -delete
 	@sudo find /srv/salt -maxdepth 1 -type f -iname 'sd*' -delete
+	@sudo find /srv/salt -maxdepth 1 -type f -iname 'securedrop*' -delete
 	@sudo find /srv/salt/_tops -lname '/srv/salt/sd-*' -delete
 
 prep-salt: assert-dom0 ## Configures Salt layout for SD workstation VMs

dom0/fpf-apt-test-repo.sls

@@ -23,7 +23,7 @@ install-python-apt-for-repo-config:
 
 configure-apt-test-apt-repo:
   pkgrepo.managed:
-    - name: "deb [arch=amd64] https://apt-test-qubes.freedom.press stretch main"
+    - name: "deb [arch=amd64] https://apt-test-qubes.freedom.press {{ grains['oscodename'] }} main"
     - file: /etc/apt/sources.list.d/securedrop_workstation.list
     - key_url: "salt://sd/sd-workstation/apt-test-pubkey.asc"
     - clean_file: True # squash file to ensure there are no duplicates

dom0/sd-dom0-files.sls

@@ -46,7 +46,6 @@ dom0-workstation-rpm-repo:
 dom0-install-securedrop-workstation-template:
   pkg.installed:
     - pkgs:
-      - qubes-template-securedrop-workstation
       - qubes-template-securedrop-workstation-buster
     - require:
       - file: dom0-workstation-rpm-repo

dom0/sd-export.sls

@@ -10,45 +10,48 @@ include:
 
 sd-export-template:
   qvm.vm:
-    - name: sd-export-template
+    - name: sd-export-buster-template
     - clone:
-      - source: securedrop-workstation
+      - source: securedrop-workstation-buster
       - label: red
     - tags:
       - add:
         - sd-workstation
     - require:
       - sls: sd-workstation-template
+      - sls: sd-upgrade-templates
 
 sd-export-usb-dvm:
   qvm.vm:
     - name: sd-export-usb-dvm
     - present:
-      - template: sd-export-template
+      - template: sd-export-buster-template
       - label: red
     - prefs:
+      - template: sd-export-buster-template
       - netvm: ""
       - template_for_dispvms: True
     - tags:
       - add:
         - sd-workstation
+        - sd-buster
     - features:
       - enable:
         - service.paxctld
     - require:
-      - qvm: sd-export-template
+      - qvm: sd-export-buster-template
 
 # Ensure the Qubes menu is populated with relevant app entries,
 # so that Nautilus/Files can be started via GUI interactions.
 sd-export-template-sync-appmenus:
   cmd.run:
     - name: >
-        qvm-start --skip-if-running sd-export-template &&
-        qvm-sync-appmenus sd-export-template
+        qvm-start --skip-if-running sd-export-buster-template &&
+        qvm-sync-appmenus sd-export-buster-template
     - require:
-      - qvm: sd-export-template
+      - qvm: sd-export-buster-template
     - onchanges:
-      - qvm: sd-export-template
+      - qvm: sd-export-buster-template
 
 sd-export-create-named-dispvm:
   qvm.vm:

dom0/sd-gpg.sls

@@ -16,13 +16,15 @@ sd-gpg:
   qvm.vm:
     - name: sd-gpg
     - present:
-      - template: securedrop-workstation
+      - template: securedrop-workstation-buster
       - label: purple
     - prefs:
+      - template: securedrop-workstation-buster
       - netvm: ""
       - autostart: true
     - tags:
       - add:
         - sd-workstation
     - require:
       - sls: sd-workstation-template
+      - sls: sd-upgrade-templates

dom0/sd-remove-unused-templates.sls

@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+run-remove-upgrade-scripts:
+  cmd.script:
+    - name: salt://securedrop-handle-upgrade
+    - args: remove

dom0/sd-svs-disp.sls

@@ -16,31 +16,34 @@ include:
 
 sd-svs-disp-template:
   qvm.vm:
-    - name: sd-svs-disp-template
+    - name: sd-svs-disp-buster-template
     - clone:
-      - source: securedrop-workstation
+      - source: securedrop-workstation-buster
       - label: green
     - require:
       - sls: sd-workstation-template
+      - sls: sd-upgrade-templates
 
 sd-svs-disp:
   qvm.vm:
     - name: sd-svs-disp
     - present:
-      - template: sd-svs-disp-template
+      - template: sd-svs-disp-buster-template
       - label: green
     - prefs:
+      - template: sd-svs-disp-buster-template
       - netvm: ""
       - template_for_dispvms: True
     - tags:
       - add:
         - sd-workstation
         - sd-svs-disp-vm
+        - sd-buster
     - features:
       - enable:
         - service.paxctld
     - require:
-      - qvm: sd-svs-disp-template
+      - qvm: sd-svs-disp-buster-template
 
 sd-svs-disp-default-dispvm:
   cmd.run:

dom0/sd-svs.sls

@@ -13,23 +13,25 @@ include:
 
 sd-svs-template:
   qvm.vm:
-    - name: sd-svs-template
+    - name: sd-svs-buster-template
     - clone:
-      - source: securedrop-workstation
+      - source: securedrop-workstation-buster
       - label: yellow
     - tags:
       - add:
         - sd-workstation
+        - sd-buster
     - require:
       - sls: sd-workstation-template
+      - sls: sd-upgrade-templates
 
 sd-svs:
   qvm.vm:
     - name: sd-svs
     - present:
-      - template: sd-svs-template
       - label: yellow
     - prefs:
+      - template: sd-svs-buster-template
       - netvm: ""
     - tags:
       - add:
@@ -39,16 +41,16 @@ sd-svs:
       - enable:
         - service.paxctld
     - require:
-      - qvm: sd-svs-template
+      - qvm: sd-svs-buster-template
 
 # Ensure the Qubes menu is populated with relevant app entries,
 # so that Nautilus/Files can be started via GUI interactions.
 sd-svs-template-sync-appmenus:
   cmd.run:
     - name: >
-        qvm-start --skip-if-running sd-svs-template &&
-        qvm-sync-appmenus sd-svs-template
+        qvm-start --skip-if-running sd-svs-buster-template &&
+        qvm-sync-appmenus sd-svs-buster-template
     - require:
-      - qvm: sd-svs-template
+      - qvm: sd-svs-buster-template
     - onchanges:
-      - qvm: sd-svs-template
+      - qvm: sd-svs-buster-template

dom0/sd-upgrade-templates.sls

@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+run-prep-upgrade-scripts:
+  cmd.script:
+    - name: salt://securedrop-handle-upgrade
+    - args: prepare

dom0/sd-workstation-template.sls

@@ -7,13 +7,14 @@ include:
 # Sets virt_mode and kernel to use custom hardened kernel.
 sd-workstation-template:
   qvm.vm:
-    - name: securedrop-workstation
+    - name: securedrop-workstation-buster
     - prefs:
       - virt-mode: hvm
       - kernel: ''
     - tags:
       - add:
         - sd-workstation
+        - sd-buster
     - features:
       - enable:
         - service.paxctld

dom0/sd-workstation.top

@@ -6,30 +6,32 @@ base:
     - sd-sys-vms
     - sd-dom0-files
     - sd-workstation-template
+    - sd-upgrade-templates
     - sd-dom0-qvm-rpc
     - sd-export
     - sd-gpg
     - sd-proxy
     - sd-svs-disp
     - sd-svs
     - sd-whonix
-  sd-export-template:
+    - sd-remove-unused-templates
+  sd-export-buster-template:
     - sd-export-files
   sd-gpg:
     - sd-gpg-files
   sd-proxy-template:
     - sd-proxy-template-files
   sd-svs:
     - sd-svs-config
-  sd-svs-disp-template:
+  sd-svs-disp-buster-template:
     - sd-svs-disp-files
-  sd-svs-template:
+  sd-svs-buster-template:
     - sd-svs-files
   sys-firewall:
     - sd-sys-firewall-files
   sd-whonix:
     - sd-whonix-hidserv-key
-  securedrop-workstation:
+  securedrop-workstation-buster:
     - sd-workstation-template-files
 
   # "Placeholder" config to trigger TemplateVM boots,

dom0/securedrop-handle-upgrade

@@ -0,0 +1,72 @@
+#!/bin/bash
+
+set -e
+set -u
+set -o pipefail
+
+TASK=${1:-default}
+
+# To allow the template of an AppVM to be changed, the following two
+# conditions must be met:
+# 1. The AppVM must be powered off
+# 2. The AppVM must not be a DispVM template that used as the default DispVM
+#    for an AppVM, nor the system default DispVM.
+if [[ $TASK == "prepare" ]]; then
+	# sd-svs, we simply shutdown the machine as we want to preserve the data
+	if qvm-check sd-svs --quiet; then
+		BASE_TEMPLATE=$(qvm-prefs sd-svs template)
+		if [[ ! $BASE_TEMPLATE =~ "buster" ]]; then
+			if qvm-check --running sd-svs; then
+				qvm-shutdown --wait sd-svs
+			fi
+		fi
+	fi
+
+	# For sd-svs-disp and sd-export-usb-dvm, DispVM templates. We can delete both
+	# VMs since they contain no persistent data. The installer will re-create them
+	# as part of the provisioning process.
+	# We set the default DispVM to empty string to ensure nothing is opened in an
+	# insecure (unmanaged or not yet updated) or networked vm, until the
+	# provisioning process runs again and sets that value to sd-svs-disp
+	if qvm-check --quiet sd-svs-disp; then
+		BASE_TEMPLATE=$(qvm-prefs sd-svs-disp template)
+		if [[ ! $BASE_TEMPLATE =~ "buster" ]]; then
+			qubes-prefs default_dispvm ''
+			qvm-shutdown --wait sd-svs-disp
+			qvm-remove -f sd-svs-disp
+		fi
+	fi
+
+	if qvm-check --quiet sd-export-usb; then
+		BASE_TEMPLATE=$(qvm-prefs sd-export-usb-dvm template)
+		if [[ ! $BASE_TEMPLATE =~ "buster" ]]; then
+			qvm-shutdown --wait sd-export-usb
+			qvm-shutdown --wait sd-export-usb-dvm
+			qvm-remove -f sd-export-usb
+			qvm-remove -f sd-export-usb-dvm
+		fi
+	fi
+
+	# Finally for sd-gpg, we simply shutdown the machine
+	if qvm-check --quiet sd-gpg; then
+		BASE_TEMPLATE=$(qvm-prefs sd-gpg template)
+		if [[ ! $BASE_TEMPLATE =~ "buster" ]]; then
+			qvm-shutdown --wait sd-gpg
+		fi
+	fi
+elif [[ $TASK == "remove" ]]; then
+	# For each template, ensure the TemplateVM exists, that it is shut down
+	# before deleting it.
+	for template in sd-svs-template sd-svs-disp-template sd-export-template
+	do
+		if qvm-check "${template}" --quiet; then
+			if qvm-check --running "${template}"; then
+				qvm-shutdown --wait "${template}"
+			fi
+			qvm-remove -f "${template}"
+		fi
+	done
+else
+	echo "Please specify prepare or remove"
+	exit 1
+fi

tests/test_dom0_config.py

@@ -0,0 +1,26 @@
+import subprocess
+import unittest
+
+STRETCH_TEMPLATES = ["sd-svs-template",
+                     "sd-svs-disp-template",
+                     "sd-export-template"]
+
+
+class SD_Qubes_Dom0_Templates_Tests(unittest.TestCase):
+
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def test_Templates_cleaned_up(self):
+        cmd = ["qvm-ls", "--raw-list"]
+        contents = subprocess.check_output(cmd).decode("utf-8").strip()
+        for template in STRETCH_TEMPLATES:
+            self.assertTrue(template not in contents)
+
+
+def load_tests(loader, tests, pattern):
+    suite = unittest.TestLoader().loadTestsFromTestCase(SD_Qubes_Dom0_Templates_Tests)
+    return suite