New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Supports opening submissions in DispVMs from Qubes dev env #490
Conversation
Includes required files for the securedrop-client to run inside Qubes, and references those files in the package MANIFEST, so they are included the tarball emitted by the sdist prep process. These files were previously put in place by Salt, but here we fold them into the packaging logic. In addition to achieving slightly cleaner packaging workflows, having the mime handler files in this repo exposes them to the run.sh script for spinning up a local dev environment within a Qubes AppVM.
Similar to the --no-proxy flag, here we add a --no-qubes flag, off by default, to denote that the Client is running on a non-Qubes OS (typically macOS, used by developers).
Infers whether the developer's host OS is Qubes, based on the presence of env vars matching pattern `^QUBES_`. If Qubes, we can permit the use of DispVMs for opening submissions. The logic assumes that the Qubes AppVM running the client (e.g. `sd-dev`) has the tag `sd-client` applied. We cannot inspect this from within the AppVM, so we'll lean on documentation to instruct developers about this.
The `wait` call must ensure that the dev env setup steps complete *prior* to executing the local app code. We need not background running the app code, since that's the final action in the run.sh script.
The recent changes provide improved Qubes dev env support in the `run.sh` script. Modified the possible scenarios to explain the different environments now possible. These changes make the dev env docs rather verbose, so some consolidation may be warranted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This works for me. I had to do a little post docker install setup to make it so I could run docker as a non-root user, but otherwise, everything worked as advertised.
I like how this change makes it so you can run all the client developer workflows on one computer. I think this is ready to merge (after ci jobs show all green) whether or not we recommend it, but let's wait until freedomofpress/securedrop-workstation#301 is finished with documentation to make sure everyone is on the same page.
freedomofpress/securedrop-workstation#299 was merged into |
Ensure the `qubes` variable is false when checking the function call.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @conorsch it seems to be working as expected in my local Qubes environment. Thanks for the great test plan:
- Clone/checkout Uses tags for RPC grants denoting Client privileges securedrop-workstation#299 and run
make all
(ran on latest onmaster
since that PR was merged already_ - In
dom0
, runqvm-tags sd-dev add sd-client
- In
sd-dev
, clone/checkout the "securedrop" repository and runmake dev
to start the containers - In
sd-dev
, clone/checkout this PR branch, and run./run.sh
to start the client interface - Submit a PDF to the Source Interface, confirm visible in the Client
- Open the PDF submission in the Client, confirm it opens in a DispVM
- Send a reply to a source, confirm no errors
- I have tested these changes in Qubes
Pushed 00532a2 to fix a failing test, otherwise LGTM.
Intentionally not merging this in case @creviera would like to make some changes (docs or otherwise)
0e90461
to
cae3685
Compare
@emkll I updated the README to include a link to the securedrop docs, mentioned the requirement to run docker as non-root user in Qubes, and an extra bit about end-to-end client testing. This is ready once again for your 👀 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @creviera for the great docs addition, if you don't mind addressing a couple of typos and good to merge (some of which weren't introduced by your diff)
6c64a3e
to
63ae2f4
Compare
Opened #497 to track the use of split-gpg in dev env as a potential follow-up. |
Description
Adds support for running the client code (via
./run.sh
) within a Qubes AppVM, and opening submissions in DispVMs from the client interface. Related issues:Test Plan
Throughout these instructions,
sd-dev
is assumed to be the name of the developer's AppVM where code is written. If you use a different VM name, substitute that below.make all
dom0
, runqvm-tags sd-dev add sd-client
sd-dev
, clone/checkout the "securedrop" repository and runmake dev
to start the containerssd-dev
, clone/checkout this PR branch, and run./run.sh
to start the client interfaceChecklist
If these changes modify code paths involving cryptography, the opening of files in VMs, network (via the RPC service) traffic, or fine tuning of the graphical user interface, Qubes testing is required. Please check as applicable: