-
Notifications
You must be signed in to change notification settings - Fork 39
/
securedrop-handle-upgrade
executable file
·119 lines (108 loc) · 4.3 KB
/
securedrop-handle-upgrade
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/bin/bash
set -e
set -u
set -o pipefail
TASK=${1:-default}
# Helper function so that we (under "set -e") don't error out when
# qvm-check returns nonzero for a domain that isn't running.
function shutdown_if_running () {
set +e
qvm-check --running "$1" && qvm-shutdown --wait "$1"
set -e
}
# To allow the template of an AppVM to be changed, the following two
# conditions must be met:
# 1. The AppVM must be powered off
# 2. The AppVM must not be a DispVM template that used as the default DispVM
# for an AppVM, nor the system default DispVM.
if [[ $TASK == "prepare" ]]; then
# sd-app, we simply shutdown the machine as we want to preserve the data
if qvm-check sd-app --quiet; then
BASE_TEMPLATE=$(qvm-prefs sd-app template)
if [[ ! $BASE_TEMPLATE =~ "small-bookworm" ]]; then
shutdown_if_running "sd-app"
fi
fi
# For sd-viewer and sd-devices-dvm, DispVM templates. We can delete both
# VMs since they contain no persistent data. The installer will re-create them
# as part of the provisioning process.
# We set the default DispVM to empty string to ensure nothing is opened in an
# insecure (unmanaged or not yet updated) or networked vm, until the
# provisioning process runs again and sets that value to sd-viewer
if qvm-check --quiet sd-viewer; then
BASE_TEMPLATE=$(qvm-prefs sd-viewer template)
if [[ ! $BASE_TEMPLATE =~ "large-bookworm" ]]; then
qubes-prefs default_dispvm ''
shutdown_if_running "sd-viewer"
qvm-remove -f sd-viewer
fi
fi
if qvm-check --quiet sd-devices; then
BASE_TEMPLATE=$(qvm-prefs sd-devices-dvm template)
if [[ ! $BASE_TEMPLATE =~ "large-bookworm" ]]; then
shutdown_if_running "sd-devices"
shutdown_if_running "sd-devices-dvm"
qvm-remove -f sd-devices
qvm-remove -f sd-devices-dvm
fi
fi
# For Whonix VMs, shut them down, so we can upate the TemplateVM settings.
# We shut down sd-proxy before sd-whonix, since its netvm is sd-whonix, which won't
# shutdown if a client is connected.
if qvm-check --quiet sd-proxy; then
BASE_TEMPLATE=$(qvm-prefs sd-proxy template)
if [[ ! $BASE_TEMPLATE =~ "large-bookworm" ]]; then
shutdown_if_running "sd-proxy"
fi
fi
# for sd-whonix, we must make sure sd-proxy is shut down as well as sd-whonix
# is netvm for sd-proxy. In the unlikely even proxy is updated but whonix
# is not, we want to ensure a smooth upgrade.
if qvm-check --quiet sd-whonix; then
BASE_TEMPLATE=$(qvm-prefs sd-whonix template)
if [[ ! $BASE_TEMPLATE =~ "17" ]]; then
shutdown_if_running "sd-proxy"
shutdown_if_running "sd-whonix"
fi
fi
# Kill sys-whonix, to make sure connected clients don't prevent shutdown.
if qvm-check --quiet sys-whonix; then
BASE_TEMPLATE=$(qvm-prefs sys-whonix template)
if [[ ! $BASE_TEMPLATE =~ "17" ]]; then
if qvm-check --quiet --running sys-whonix; then
qvm-kill sys-whonix
# Wait for machine to stop fully, since qvm-kill doesn't block
sleep 5
fi
fi
fi
# For sd-gpg, we simply shutdown the machine
if qvm-check --quiet sd-gpg; then
BASE_TEMPLATE=$(qvm-prefs sd-gpg template)
if [[ ! $BASE_TEMPLATE =~ "small-bookworm" ]]; then
shutdown_if_running "sd-gpg"
fi
fi
# Shut down sd-log last, since other VMs will autostart it by sending logs
if qvm-check --quiet sd-log; then
BASE_TEMPLATE=$(qvm-prefs sd-log template)
if [[ ! $BASE_TEMPLATE =~ "small-bookworm" ]]; then
shutdown_if_running "sd-log"
fi
fi
elif [[ $TASK == "remove" ]]; then
# For each template, ensure the TemplateVM exists, that it is shut down
# before deleting it.
# TODO: clean this up, we don't have separate templates anymore and nobody
# will be upgrading from the original setup
for template in sd-small-bullseye-template sd-large-bullseye-template
do
if qvm-check "${template}" --quiet; then
shutdown_if_running "${template}"
qvm-remove -f "${template}"
fi
done
else
echo "Please specify prepare or remove"
exit 1
fi