Set menu items for sd-devices and sd-whonix

These are the only two VMs that will be visible on production systems and have specific tools we want users to be able to directly start. * sd-devices: Files (Nautilus) and Disks * sd-whonix: Anon Connection Wizard and Tor Control Panel We already run qvm-sync-appmenus for the sd-large template that sd-devices is based on, copy that logic over for the whonix gateway template that sd-whonix is based on. Since none of the sd-small VMs are displayed in the menu, remove its qvm-sync-appmenus step. Fixes #520. Fixes #1109.
freedomofpress · Jun 27, 2024 · 26679e8 · 26679e8
1 parent c3f4dce
commit 26679e8
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 12 deletions.
diff --git a/securedrop_salt/sd-app.sls b/securedrop_salt/sd-app.sls
@@ -55,15 +55,3 @@ sd-app-private-volume-size:
         qvm-volume resize sd-app:private {{ d.vmsizes.sd_app }}GiB
     - require:
       - qvm: sd-app
-
-# Ensure the Qubes menu is populated with relevant app entries,
-# so that Nautilus/Files can be started via GUI interactions.
-sd-app-template-sync-appmenus:
-  cmd.run:
-    - name: >
-        qvm-start --skip-if-running sd-small-{{ sdvars.distribution }}-template &&
-        qvm-sync-appmenus --force-root sd-small-{{ sdvars.distribution }}-template
-    - require:
-      - qvm: sd-small-{{ sdvars.distribution }}-template
-    - onchanges:
-      - qvm: sd-small-{{ sdvars.distribution }}-template
diff --git a/securedrop_salt/sd-devices.sls b/securedrop_salt/sd-devices.sls
@@ -64,5 +64,7 @@ sd-devices-create-named-dispvm:
         - service.securedrop-mime-handling
       - set:
         - vm-config.SD_MIME_HANDLING: sd-devices
+        - menu-items: "org.gnome.Nautilus.desktop org.gnome.DiskUtility.desktop"
     - require:
       - qvm: sd-devices-dvm
+      - cmd: sd-devices-template-sync-appmenus
diff --git a/securedrop_salt/sd-sys-whonix-vms.sls b/securedrop_salt/sd-sys-whonix-vms.sls
@@ -59,3 +59,13 @@ anon-whonix-template-config:
       - template: whonix-workstation-{{ sd_supported_whonix_version }}
     - require:
       - qvm: dom0-enabled-apparmor-on-whonix-ws-template
+
+# Ensure the Qubes menu is populated with relevant app entries,
+# so that some Tor tools can be started via GUI interactions.
+sd-whonix-template-sync-appmenus:
+  cmd.run:
+    - name: >
+        qvm-start --skip-if-running whonix-gateway-{{ sd_supported_whonix_version }} &&
+        qvm-sync-appmenus --force-root whonix-gateway-{{ sd_supported_whonix_version }}
+    - require:
+      - qvm: dom0-enabled-apparmor-on-whonix-ws-template
diff --git a/securedrop_salt/sd-whonix.sls b/securedrop_salt/sd-whonix.sls
@@ -50,3 +50,4 @@ sd-whonix-config:
     - set:
         - vm-config.SD_HIDSERV_HOSTNAME: {{ d.hidserv.hostname }}
         - vm-config.SD_HIDSERV_KEY: {{ d.hidserv.key }}
+        - menu-items: "anon_connection_wizard.desktop tor-control-panel.desktop"