From 6ad44f924de62c4cd2ff070a86833f7788e6871c Mon Sep 17 00:00:00 2001 From: Michael Z Date: Wed, 15 Jun 2022 13:01:05 -0400 Subject: [PATCH] Use bullseye template on 4.1 and buster template on 4.0 --- dom0/fpf-apt-repo.sls | 3 ++- dom0/sd-app-files.sls | 6 +++--- dom0/sd-app.sls | 16 +++++++++------ dom0/sd-default-config.sls | 8 +++++--- dom0/sd-devices.sls | 20 +++++++++++-------- dom0/sd-dom0-files.sls | 4 ++-- dom0/sd-gpg.sls | 7 +++++-- dom0/sd-log.sls | 10 +++++++--- dom0/sd-logging-setup.sls | 7 +++++-- dom0/sd-proxy.sls | 9 ++++++--- dom0/sd-viewer.sls | 11 +++++++---- dom0/sd-whonix.sls | 5 ++++- dom0/sd-workstation-template.sls | 27 ++++++++++++++----------- dom0/sd-workstation.top | 9 ++++++--- scripts/provision-all | 5 ++++- scripts/sdw-admin.py | 7 ++++++- tests/test_dom0_config.py | 11 ++++++++--- tests/test_vms_exist.py | 34 ++++++++++++++++++-------------- tests/test_vms_platform.py | 25 +++++++++++++++-------- 19 files changed, 143 insertions(+), 81 deletions(-) diff --git a/dom0/fpf-apt-repo.sls b/dom0/fpf-apt-repo.sls index 82052cf4b..9881b0626 100644 --- a/dom0/fpf-apt-repo.sls +++ b/dom0/fpf-apt-repo.sls @@ -13,6 +13,7 @@ # - update.qubes-vm # - sd-default-config +# Imports "sdvars" for environment config {% from 'sd-default-config.sls' import sdvars with context %} # Debian Buster was changed from 'stable' to 'oldstable' on 2021-08, @@ -39,7 +40,7 @@ install-python-apt-for-repo-config: configure-fpf-apt-repo: pkgrepo.managed: - - name: "deb [arch=amd64] {{ sdvars.apt_repo_url }} {{ grains['oscodename'] }} {{ sdvars.component }}" + - name: "deb [arch=amd64] {{ sdvars.apt_repo_url }} {{ sdvars.distribution }} {{ sdvars.component }}" - file: /etc/apt/sources.list.d/securedrop_workstation.list - key_url: "salt://sd/sd-workstation/{{ sdvars.signing_key_filename }}" - clean_file: True # squash file to ensure there are no duplicates diff --git a/dom0/sd-app-files.sls b/dom0/sd-app-files.sls index 408c07b7c..ee9127b04 100644 --- a/dom0/sd-app-files.sls +++ b/dom0/sd-app-files.sls @@ -5,15 +5,15 @@ # sd-app-files # ======== # -# Moves files into place on sd-small-buster-template +# Moves files into place on sd-small-{{ sdvars.distribution }}-template # ## include: - fpf-apt-repo - sd-logging-setup -# FPF repo is setup in "securedrop-workstation-buster" template, -# and then cloned as "sd-small-buster-template" +# FPF repo is setup in "securedrop-workstation-{{ sdvars.distribution }}" template, +# and then cloned as "sd-small-{{ sdvars.distribution }}-template" install-securedrop-client-package: pkg.installed: - pkgs: diff --git a/dom0/sd-app.sls b/dom0/sd-app.sls index e40179d17..1a4126044 100644 --- a/dom0/sd-app.sls +++ b/dom0/sd-app.sls @@ -5,6 +5,10 @@ # Installs 'sd-app' AppVM, to persistently store SD data # This VM has no network configured. ## + +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-workstation-template - sd-upgrade-templates @@ -15,7 +19,7 @@ sd-app: - present: - label: yellow - prefs: - - template: sd-small-buster-template + - template: sd-small-{{ sdvars.distribution }}-template - netvm: "" - tags: - add: @@ -25,7 +29,7 @@ sd-app: - enable: - service.paxctld - require: - - qvm: sd-small-buster-template + - qvm: sd-small-{{ sdvars.distribution }}-template {% import_json "sd/config.json" as d %} @@ -42,9 +46,9 @@ sd-app-private-volume-size: sd-app-template-sync-appmenus: cmd.run: - name: > - qvm-start --skip-if-running sd-small-buster-template && - qvm-sync-appmenus sd-small-buster-template + qvm-start --skip-if-running sd-small-{{ sdvars.distribution }}-template && + qvm-sync-appmenus sd-small-{{ sdvars.distribution }}-template - require: - - qvm: sd-small-buster-template + - qvm: sd-small-{{ sdvars.distribution }}-template - onchanges: - - qvm: sd-small-buster-template + - qvm: sd-small-{{ sdvars.distribution }}-template diff --git a/dom0/sd-default-config.sls b/dom0/sd-default-config.sls index c0109cd6e..9a758d901 100644 --- a/dom0/sd-default-config.sls +++ b/dom0/sd-default-config.sls @@ -17,20 +17,22 @@ {% if d.environment == "dev" %} # use apt-test and nightlies {% set sdvars = sdvars_defaults["test"] %} - {% set _ = sdvars.update({"component": "nightlies"}) %} + {% set _ = sdvars.update({"component": "nightlies"}) %} {% elif d.environment == "staging" %} # use apt-test and main (RC/test builds) {% set sdvars = sdvars_defaults["test"] %} - {% set _ = sdvars.update({"component": "main"}) %} + {% set _ = sdvars.update({"component": "main"}) %} {% else %} {% set sdvars = sdvars_defaults["prod"] %} - {% set _ = sdvars.update({"component": "main"}) %} + {% set _ = sdvars.update({"component": "main"}) %} {% endif %} # Append repo URL with appropriate dom0 Fedora version {% if grains['osrelease'] == '4.1' %} {% set fedora_repo = "f32" %} + {% set _ = sdvars.update({"distribution": "bullseye"}) %} {% else %} {% set fedora_repo = "f24" %} + {% set _ = sdvars.update({"distribution": "buster"}) %} {% endif %} {% set _ = sdvars.update({"dom0_yum_repo_url": sdvars["dom0_yum_repo_url"] + fedora_repo}) %} diff --git a/dom0/sd-devices.sls b/dom0/sd-devices.sls index 241832524..945b21c0a 100644 --- a/dom0/sd-devices.sls +++ b/dom0/sd-devices.sls @@ -5,6 +5,10 @@ # Installs 'sd-devices' AppVM, to persistently store SD data # This VM has no network configured. ## + +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-workstation-template - sd-upgrade-templates @@ -13,33 +17,33 @@ sd-devices-dvm: qvm.vm: - name: sd-devices-dvm - present: - - template: sd-large-buster-template + - template: sd-large-{{ sdvars.distribution }}-template - label: red - prefs: - - template: sd-large-buster-template + - template: sd-large-{{ sdvars.distribution }}-template - netvm: "" - template_for_dispvms: True - tags: - add: - sd-workstation - - sd-buster + - sd-{{ sdvars.distribution }} - features: - enable: - service.paxctld - require: - - qvm: sd-large-buster-template + - qvm: sd-large-{{ sdvars.distribution }}-template # Ensure the Qubes menu is populated with relevant app entries, # so that Nautilus/Files can be started via GUI interactions. sd-devices-template-sync-appmenus: cmd.run: - name: > - qvm-start --skip-if-running sd-large-buster-template && - qvm-sync-appmenus sd-large-buster-template + qvm-start --skip-if-running sd-large-{{ sdvars.distribution }}-template && + qvm-sync-appmenus sd-large-{{ sdvars.distribution }}-template - require: - - qvm: sd-large-buster-template + - qvm: sd-large-{{ sdvars.distribution }}-template - onchanges: - - qvm: sd-large-buster-template + - qvm: sd-large-{{ sdvars.distribution }}-template sd-devices-create-named-dispvm: qvm.vm: diff --git a/dom0/sd-dom0-files.sls b/dom0/sd-dom0-files.sls index 9031e4240..83eec6369 100644 --- a/dom0/sd-dom0-files.sls +++ b/dom0/sd-dom0-files.sls @@ -78,11 +78,11 @@ dom0-install-securedrop-workstation-template: {% if grains['osrelease'] == '4.1' %} cmd.run: - name: > - qvm-template install securedrop-workstation-buster + qvm-template install securedrop-workstation-{{ sdvars.distribution }} {% else %} pkg.installed: - pkgs: - - qubes-template-securedrop-workstation-buster + - qubes-template-securedrop-workstation-{{ sdvars.distribution }} {% endif %} - require: - file: dom0-workstation-rpm-repo diff --git a/dom0/sd-gpg.sls b/dom0/sd-gpg.sls index 41706c65b..9ef086c34 100644 --- a/dom0/sd-gpg.sls +++ b/dom0/sd-gpg.sls @@ -9,6 +9,9 @@ # This VM has no network configured. ## +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-workstation-template - sd-upgrade-templates @@ -17,10 +20,10 @@ sd-gpg: qvm.vm: - name: sd-gpg - present: - - template: sd-small-buster-template + - template: sd-small-{{ sdvars.distribution }}-template - label: purple - prefs: - - template: sd-small-buster-template + - template: sd-small-{{ sdvars.distribution }}-template - netvm: "" - autostart: true - tags: diff --git a/dom0/sd-log.sls b/dom0/sd-log.sls index cc0bf6649..97b593f2f 100644 --- a/dom0/sd-log.sls +++ b/dom0/sd-log.sls @@ -6,6 +6,10 @@ # from all SecureDrop related VMs. # This VM has no network configured. ## + +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-workstation-template - sd-upgrade-templates @@ -14,10 +18,10 @@ sd-log: qvm.vm: - name: sd-log - present: - - template: sd-small-buster-template + - template: sd-small-{{ sdvars.distribution }}-template - label: red - prefs: - - template: sd-small-buster-template + - template: sd-small-{{ sdvars.distribution }}-template - netvm: "" - autostart: true - tags: @@ -29,7 +33,7 @@ sd-log: - service.redis - service.securedrop-log - require: - - qvm: sd-small-buster-template + - qvm: sd-small-{{ sdvars.distribution }}-template {% if grains['osrelease'] == '4.0' %} # Allow any SecureDrop VM to log to the centralized log VM diff --git a/dom0/sd-logging-setup.sls b/dom0/sd-logging-setup.sls index 274b3f246..5922bf992 100644 --- a/dom0/sd-logging-setup.sls +++ b/dom0/sd-logging-setup.sls @@ -1,7 +1,10 @@ # -*- coding: utf-8 -*- # vim: set syntax=yaml ts=2 sw=2 sts=2 et : -{% if grains['id'] in ["securedrop-workstation-buster", "sd-small-buster-template", "sd-large-buster-template"] %} +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + +{% if grains['id'] in ["securedrop-workstation-{}".format(sdvars["distribution"]), "sd-small-{}-template".format(sdvars["distribution"]), "sd-large-{}-template".format(sdvars["distribution"])] %} include: - fpf-apt-repo @@ -21,7 +24,7 @@ configure-rsyslog-for-sd: {% endif %} -{% if grains['id'] == "sd-small-buster-template" %} +{% if grains['id'] == "sd-small-{}-template".format(sdvars["distribution"]) %} install-redis-for-sd-log-template: pkg.installed: - pkgs: diff --git a/dom0/sd-proxy.sls b/dom0/sd-proxy.sls index 9e50c4d79..7636f4d45 100644 --- a/dom0/sd-proxy.sls +++ b/dom0/sd-proxy.sls @@ -6,6 +6,9 @@ # and the SecureDrop servers. ## +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-whonix - sd-upgrade-templates @@ -16,16 +19,16 @@ sd-proxy: - present: - label: blue - prefs: - - template: sd-small-buster-template + - template: sd-small-{{ sdvars.distribution }}-template - netvm: sd-whonix - autostart: true - tags: - add: - sd-workstation - - sd-buster + - sd-{{ sdvars.distribution }} - require: - qvm: sd-whonix - - qvm: sd-small-buster-template + - qvm: sd-small-{{ sdvars.distribution }}-template # Permit the SecureDrop Proxy to manage Client connections sd-proxy-dom0-securedrop.Proxy: diff --git a/dom0/sd-viewer.sls b/dom0/sd-viewer.sls index 414422c94..d28e157de 100644 --- a/dom0/sd-viewer.sls +++ b/dom0/sd-viewer.sls @@ -11,6 +11,9 @@ # This VM has no network configured. ## +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-workstation-template - sd-upgrade-templates @@ -19,10 +22,10 @@ sd-viewer: qvm.vm: - name: sd-viewer - present: - - template: sd-large-buster-template + - template: sd-large-{{ sdvars.distribution }}-template - label: green - prefs: - - template: sd-large-buster-template + - template: sd-large-{{ sdvars.distribution }}-template - netvm: "" - template_for_dispvms: True - default_dispvm: "" @@ -30,12 +33,12 @@ sd-viewer: - add: - sd-workstation - sd-viewer-vm - - sd-buster + - sd-{{ sdvars.distribution }} - features: - enable: - service.paxctld - require: - - qvm: sd-large-buster-template + - qvm: sd-large-{{ sdvars.distribution }}-template sd-viewer-default-dispvm: cmd.run: diff --git a/dom0/sd-whonix.sls b/dom0/sd-whonix.sls index 8c788ff23..9f9c09aa0 100644 --- a/dom0/sd-whonix.sls +++ b/dom0/sd-whonix.sls @@ -11,6 +11,9 @@ # ## +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-upgrade-templates @@ -29,6 +32,6 @@ sd-whonix: - tags: - add: - sd-workstation - - sd-buster + - sd-{{ sdvars.distribution }} - require: - sls: sd-upgrade-templates diff --git a/dom0/sd-workstation-template.sls b/dom0/sd-workstation-template.sls index 9cb3e25b9..4d8c28aea 100644 --- a/dom0/sd-workstation-template.sls +++ b/dom0/sd-workstation-template.sls @@ -1,20 +1,23 @@ # -*- coding: utf-8 -*- # vim: set syntax=yaml ts=2 sw=2 sts=2 et : +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + include: - sd-dom0-files # Sets virt_mode and kernel to use custom hardened kernel. sd-workstation-template: qvm.vm: - - name: securedrop-workstation-buster + - name: securedrop-workstation-{{ sdvars.distribution }} - prefs: - virt-mode: hvm - kernel: '' - tags: - add: - sd-workstation - - sd-buster + - sd-{{ sdvars.distribution }} - sd-workstation-updates - features: - enable: @@ -27,34 +30,34 @@ sd-workstation-template: {% endif %} # Installs consolidated templateVMs: -# - sd-small-buster-template, to be used for +# - sd-small-{{ sdvars.distribution }}-template, to be used for # sd-app, sd-gpg, sd-log, and sd-proxy -# - sd-large-buster-template, to be used for +# - sd-large-{{ sdvars.distribution }}-template, to be used for # sd-export and sd-viewer -sd-small-buster-template: +sd-small-{{ sdvars.distribution }}-template: qvm.vm: - - name: sd-small-buster-template + - name: sd-small-{{ sdvars.distribution }}-template - clone: - - source: securedrop-workstation-buster + - source: securedrop-workstation-{{ sdvars.distribution }} - label: red - tags: - add: - sd-workstation - - sd-buster + - sd-{{ sdvars.distribution }} - sd-workstation-updates - require: - qvm: sd-workstation-template -sd-large-buster-template: +sd-large-{{ sdvars.distribution }}-template: qvm.vm: - - name: sd-large-buster-template + - name: sd-large-{{ sdvars.distribution }}-template - clone: - - source: securedrop-workstation-buster + - source: securedrop-workstation-{{ sdvars.distribution }} - label: red - tags: - add: - sd-workstation - - sd-buster + - sd-{{ sdvars.distribution }} - sd-workstation-updates - require: - qvm: sd-workstation-template diff --git a/dom0/sd-workstation.top b/dom0/sd-workstation.top index b933ace3b..28cfe1d2c 100644 --- a/dom0/sd-workstation.top +++ b/dom0/sd-workstation.top @@ -1,6 +1,9 @@ # -*- coding: utf-8 -*- # vim: set syntax=yaml ts=2 sw=2 sts=2 et : +# Imports "sdvars" for environment config +{% from 'sd-default-config.sls' import sdvars with context %} + base: dom0: - sd-sys-vms @@ -20,12 +23,12 @@ base: - sd-whonix - sd-remove-unused-templates - sd-small-buster-template: + sd-small-{{ sdvars.distribution }}-template: - sd-logging-setup - sd-workstation-template-files - sd-app-files - sd-proxy-template-files - sd-large-buster-template: + sd-large-{{ sdvars.distribution }}-template: - sd-logging-setup - sd-workstation-template-files - sd-devices-files @@ -38,7 +41,7 @@ base: - sd-mime-handling sd-whonix: - sd-whonix-hidserv-key - securedrop-workstation-buster: + securedrop-workstation-{{ sdvars.distribution }}: - sd-workstation-template-files - sd-logging-setup # Depending on whether sys-usb is disposable or not, we want to diff --git a/scripts/provision-all b/scripts/provision-all index f4816ac5e..01885504b 100755 --- a/scripts/provision-all +++ b/scripts/provision-all @@ -17,7 +17,10 @@ echo "Set up dom0 config files, including RPC policies, and create VMs" sudo qubesctl --show-output state.highstate echo "Set up logging VMs early" -sudo qubesctl --show-output --skip-dom0 --targets sd-log,sd-small-buster-template state.highstate +grep -q "R4.1" /etc/qubes-release && \ + sudo qubesctl --show-output --skip-dom0 --targets sd-log,sd-small-bullseye-template state.highstate || \ + sudo qubesctl --show-output --skip-dom0 --targets sd-log,sd-small-buster-template state.highstate + # Reboot sd-log so it's ready to receive logs from other VMs about to be configured qvm-shutdown --wait sd-log && qvm-start sd-log diff --git a/scripts/sdw-admin.py b/scripts/sdw-admin.py index 9c8c3953d..5537335f2 100755 --- a/scripts/sdw-admin.py +++ b/scripts/sdw-admin.py @@ -15,6 +15,11 @@ sys.path.insert(1, os.path.join(SCRIPTS_PATH, "scripts/")) from validate_config import SDWConfigValidator, ValidationError # noqa: E402 +DEBIAN_VERSION = "bullseye" +with open("/etc/qubes-release") as qubes_release: + if "R4.0" in qubes_release.read(): + DEBIAN_VERSION = "buster" + def parse_args(): parser = argparse.ArgumentParser() @@ -116,7 +121,7 @@ def perform_uninstall(keep_template_rpm=False): print("Reverting dom0 configuration") subprocess.check_call(["sudo", "qubesctl", "state.sls", "sd-clean-all"]) subprocess.check_call([os.path.join(SCRIPTS_PATH, "scripts/clean-salt")]) - if not keep_template_rpm: + if not keep_template_rpm and DEBIAN_VERSION == "buster": print("Uninstalling Template") subprocess.check_call( [ diff --git a/tests/test_dom0_config.py b/tests/test_dom0_config.py index de42f5534..562f33003 100644 --- a/tests/test_dom0_config.py +++ b/tests/test_dom0_config.py @@ -17,12 +17,17 @@ "sd-log-buster-template", ] +DEBIAN_VERSION = "bullseye" +with open("/etc/qubes-release") as qubes_release: + if "R4.0" in qubes_release.read(): + DEBIAN_VERSION = "buster" + VMS_TO_UPDATE = [ - "sd-large-buster-template", - "sd-small-buster-template", + "sd-large-{}-template".format(DEBIAN_VERSION), + "sd-small-{}-template".format(DEBIAN_VERSION), "whonix-ws-16", "whonix-gw-16", - "securedrop-workstation-buster", + "securedrop-workstation-{}".format(DEBIAN_VERSION), ] diff --git a/tests/test_vms_exist.py b/tests/test_vms_exist.py index 3911cb621..90cc49994 100644 --- a/tests/test_vms_exist.py +++ b/tests/test_vms_exist.py @@ -7,6 +7,11 @@ EXPECTED_KERNEL_VERSION = "4.14.241-grsec-workstation" +DEBIAN_VERSION = "bullseye" +with open("/etc/qubes-release") as qubes_release: + if "R4.0" in qubes_release.read(): + DEBIAN_VERSION = "buster" + class SD_VM_Tests(unittest.TestCase): def setUp(self): @@ -40,9 +45,8 @@ def _check_kernel(self, vm): # kernel module anymore # This portion of the test assumes that 4.1 is always used with templates that use # repositories for 4.1 (in our case, bullseye based templates) - with open("/etc/qubes-release") as qubes_release: - if "R4.1" in qubes_release.read(): - return + if DEBIAN_VERSION == "bullseye": + return u2mfn_filepath = "/usr/lib/modules/{}/updates/dkms/u2mfn.ko".format(EXPECTED_KERNEL_VERSION) # cmd will raise exception if file not found @@ -76,7 +80,7 @@ def test_sd_proxy_config(self): vm = self.app.domains["sd-proxy"] nvm = vm.netvm self.assertTrue(nvm.name == "sd-whonix") - self.assertTrue(vm.template == "sd-small-buster-template") + self.assertTrue(vm.template == "sd-small-{}-template".format(DEBIAN_VERSION)) self.assertTrue(vm.autostart is True) self.assertFalse(vm.provides_network) self.assertFalse(vm.template_for_dispvms) @@ -86,7 +90,7 @@ def test_sd_app_config(self): vm = self.app.domains["sd-app"] nvm = vm.netvm self.assertTrue(nvm is None) - self.assertTrue(vm.template == "sd-small-buster-template") + self.assertTrue(vm.template == "sd-small-{}-template".format(DEBIAN_VERSION)) self.assertFalse(vm.provides_network) self.assertFalse(vm.template_for_dispvms) self._check_kernel(vm) @@ -104,7 +108,7 @@ def test_sd_viewer_config(self): vm = self.app.domains["sd-viewer"] nvm = vm.netvm self.assertTrue(nvm is None) - self.assertTrue(vm.template == "sd-large-buster-template") + self.assertTrue(vm.template == "sd-large-{}-template".format(DEBIAN_VERSION)) self.assertFalse(vm.provides_network) self.assertTrue(vm.template_for_dispvms) # sd-viewer should not be able to create other disposable VMs @@ -118,7 +122,7 @@ def test_sd_gpg_config(self): nvm = vm.netvm self.assertTrue(nvm is None) # No sd-gpg-template, since keyring is managed in $HOME - self.assertTrue(vm.template == "sd-small-buster-template") + self.assertTrue(vm.template == "sd-small-{}-template".format(DEBIAN_VERSION)) self.assertTrue(vm.autostart is True) self.assertFalse(vm.provides_network) self.assertFalse(vm.template_for_dispvms) @@ -129,7 +133,7 @@ def test_sd_log_config(self): vm = self.app.domains["sd-log"] nvm = vm.netvm self.assertTrue(nvm is None) - self.assertTrue(vm.template == "sd-small-buster-template") + self.assertTrue(vm.template == "sd-small-{}-template".format(DEBIAN_VERSION)) self.assertTrue(vm.autostart is True) self.assertFalse(vm.provides_network) self.assertFalse(vm.template_for_dispvms) @@ -146,7 +150,7 @@ def test_sd_log_config(self): self.assertEqual(vol.size, size * 1024 * 1024 * 1024) def test_sd_workstation_template(self): - vm = self.app.domains["securedrop-workstation-buster"] + vm = self.app.domains["securedrop-workstation-{}".format(DEBIAN_VERSION)] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue(vm.virt_mode == "hvm") @@ -156,27 +160,27 @@ def test_sd_workstation_template(self): self._check_service_running(vm, "paxctld") def test_sd_proxy_template(self): - vm = self.app.domains["sd-small-buster-template"] + vm = self.app.domains["sd-small-{}-template".format(DEBIAN_VERSION)] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue("sd-workstation" in vm.tags) def sd_app_template(self): - vm = self.app.domains["sd-small-buster-template"] + vm = self.app.domains["sd-small-{}-template".format(DEBIAN_VERSION)] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue("sd-workstation" in vm.tags) self._check_kernel(vm) def sd_viewer_template(self): - vm = self.app.domains["sd-large-buster-template"] + vm = self.app.domains["sd-large-{}-template".format(DEBIAN_VERSION)] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue("sd-workstation" in vm.tags) self.assertTrue(vm.template_for_dispvms) def sd_export_template(self): - vm = self.app.domains["sd-large-buster-template"] + vm = self.app.domains["sd-large-{}-template".format(DEBIAN_VERSION)] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue("sd-workstation" in vm.tags) @@ -200,7 +204,7 @@ def sd_export(self): self._check_kernel(vm) def sd_small_template(self): - vm = self.app.domains["sd-small-buster-template"] + vm = self.app.domains["sd-small-{}-template".format(DEBIAN_VERSION)] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue("sd-workstation" in vm.tags) @@ -208,7 +212,7 @@ def sd_small_template(self): self._check_kernel(vm) def sd_large_template(self): - vm = self.app.domains["sd-large-buster-template"] + vm = self.app.domains["sd-large-{}-template".format(DEBIAN_VERSION)] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue("sd-workstation" in vm.tags) diff --git a/tests/test_vms_platform.py b/tests/test_vms_platform.py index f116d9b96..31d7e2a63 100644 --- a/tests/test_vms_platform.py +++ b/tests/test_vms_platform.py @@ -6,16 +6,18 @@ from base import WANTED_VMS, CURRENT_FEDORA_TEMPLATE -SUPPORTED_SD_PLATFORMS = ["Debian GNU/Linux 10 (buster)"] +with open("/etc/qubes-release") as qubes_release: + if "R4.1" in qubes_release.read(): + SUPPORTED_SD_PLATFORMS = ["Debian GNU/Linux 11 (bullseye)"] + else: + SUPPORTED_SD_PLATFORMS = ["Debian GNU/Linux 10 (buster)"] SUPPORTED_WHONIX_PLATFORMS = ["Debian GNU/Linux 11 (bullseye)"] apt_url = "" -FPF_APT_SOURCES_STRETCH_DEV = "deb [arch=amd64] https://apt-test.freedom.press stretch nightlies" -FPF_APT_SOURCES_BUSTER_DEV = "deb [arch=amd64] https://apt-test.freedom.press buster nightlies" -FPF_APT_SOURCES_STRETCH = "deb [arch=amd64] https://apt.freedom.press stretch main" -FPF_APT_SOURCES_BUSTER = "deb [arch=amd64] https://apt.freedom.press buster main" +FPF_APT_TEST_SOURCES = "deb [arch=amd64] https://apt-test.freedom.press {dist} {component}" +FPF_APT_SOURCES = "deb [arch=amd64] https://apt.freedom.press {dist} {component}" APT_SOURCES_FILE = "/etc/apt/sources.list.d/securedrop_workstation.list" @@ -27,10 +29,17 @@ def setUp(self): if "environment" not in config: config["environment"] = "dev" + if "buster" in SUPPORTED_SD_PLATFORMS: + dist = "buster" + elif "bullseye" in SUPPORTED_SD_PLATFORMS: + dist = "bullseye" + if config["environment"] == "prod": - self.apt_url = FPF_APT_SOURCES_BUSTER + self.apt_url = FPF_APT_SOURCES.format(dist=dist, component="main") + elif config["environment"] == "staging": + self.apt_url = FPF_APT_TEST_SOURCES.format(dist=dist, component="main") else: - self.apt_url = FPF_APT_SOURCES_BUSTER_DEV + self.apt_url = FPF_APT_TEST_SOURCES.format(dist=dist, component="nightlies") def tearDown(self): pass @@ -76,7 +85,7 @@ def _validate_apt_sources(self, vm): contents = stdout.decode("utf-8").rstrip("\n") self.assertTrue(self.apt_url in contents) - self.assertFalse(FPF_APT_SOURCES_STRETCH in contents) + self.assertFalse(FPF_APT_SOURCES.format(dist="stretch", component="main") in contents) # Old alpha URL for apt repo should be absent self.assertFalse("apt-test-qubes.freedom.press" in contents)