Adds migration flag for mailcap-hardening

The updater must perform a full state run in order to apply the mailcap hardening inside AppVM private volumes. Create the necessary run-everything flag via RPM postinst. The updater logic will automatically clean up the flags are it runs. We'll need to remove this logic from postinst in the subsequent release of 'securedrop-workstation-dom0-config', so it doesn't recreate the flag.
freedomofpress · Mar 10, 2021 · 6cf625c · 6cf625c
1 parent fa60a26
commit 6cf625c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/dom0/securedrop-check-migration b/dom0/securedrop-check-migration
@@ -26,7 +26,4 @@ if [[ -n "$(qvm-ls --tags sd-workstation --raw-list | perl -nE '/sd-(?!small|lar
     reason="template-consolidation"
     echo "Migration required for ${reason}, will re-run Salt states."
     request_migration "$reason"
-else
-    echo "No migration required, skipping full state run against all VMs."
-    rm -rf "${flag_dir}"
 fi
diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec
@@ -105,6 +105,8 @@ find /srv/salt -maxdepth 1 -type f -iname '*.top' \
     | xargs -n1 basename \
     | sed -e 's/\.top$$//g' \
     | xargs qubesctl top.enable > /dev/null
+mkdir -p /tmp/sdw-migrations
+touch /tmp/sdw-migrations/mailcap-hardening
 
 %changelog
 * Fri Nov 20 2020 SecureDrop Team <securedrop@freedom.press> - 0.5.2