Converts fedora-31 VMs to fedora-32 throughout (#642)

* Updates fedora-31 -> fedora-32 throughout

Updates all references fedora-31 -> fedora-32, both in documentation and
in the actual state files that configure dependencies.

* Bumps version to 0.5.1-rc1

README.md

@@ -182,7 +182,7 @@ When developing on the Workstation, make sure to edit files in `sd-dev`, then co
 
 The staging environment is intended to provide an experience closer to a production environment. For example, it will alter power management settings on your laptop to prevent suspending it to disk, and make other changes that may not be desired during day-to-day development in Qubes.
 
-#### Update `dom0`, `fedora-31`, `whonix-gw-15` and `whonix-ws-15` templates
+#### Update `dom0`, `fedora-32`, `whonix-gw-15` and `whonix-ws-15` templates
 
 Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong.
 

VERSION

@@ -1 +1 @@
-0.5.0
+0.5.1-rc1

dom0/sd-clean-all.sls

@@ -5,7 +5,7 @@
 
 set-fedora-as-default-dispvm:
   cmd.run:
-    - name: qvm-check fedora-31-dvm && qubes-prefs default_dispvm fedora-31-dvm || qubes-prefs default_dispvm ''
+    - name: qvm-check fedora-32-dvm && qubes-prefs default_dispvm fedora-32-dvm || qubes-prefs default_dispvm ''
 
 {% set gui_user = salt['cmd.shell']('groupmems -l -g qubes') %}
 

dom0/sd-clean-default-dispvm.sls

@@ -3,4 +3,4 @@
 
 set-fedora-as-default-dispvm:
   cmd.run:
-    - name: qvm-check fedora-31-dvm && qubes-prefs default_dispvm fedora-31-dvm || qubes-prefs default_dispvm ''
+    - name: qvm-check fedora-32-dvm && qubes-prefs default_dispvm fedora-32-dvm || qubes-prefs default_dispvm ''

dom0/sd-dom0-files.sls

@@ -19,7 +19,7 @@ dom0-rpm-test-key:
   file.managed:
     # We write the pubkey to the repos config location, because the repos
     # config location is automatically sent to dom0's UpdateVM. Otherwise,
-    # we must place the GPG key inside the fedora-31 TemplateVM, then
+    # we must place the GPG key inside the fedora TemplateVM, then
     # restart sys-firewall.
     - name: /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
     - source: "salt://sd/sd-workstation/{{ sdvars.signing_key_filename }}"

dom0/sd-sys-vms.sls

@@ -5,11 +5,11 @@
 # an up-to-date version of Fedora, in order to receive security updates.
 
 include:
-  # Import the upstream Qubes-maintained default-dispvm to ensure fedora-31-dvm
-  # is created.
+  # Import the upstream Qubes-maintained default-dispvm to ensure Fedora-based
+  # DispVM is created
   - qvm.default-dispvm
 
-{% set sd_supported_fedora_version = 'fedora-31' %}
+{% set sd_supported_fedora_version = 'fedora-32' %}
 
 # Install latest templates required for SDW VMs.
 dom0-install-fedora-template:
@@ -27,7 +27,7 @@ update-fedora-template-if-new:
       - pkg: dom0-install-fedora-template
 # qvm.default-dispvm is not strictly required here, but we want it to be
 # updated as soon as possible to ensure make clean completes successfully, as
-# is sets the default_dispvm to fedora-31-dvm
+# is sets the default_dispvm to the DispVM based on the wanted Fedora version.
 set-fedora-default-template-version:
   cmd.run:
     - name: qubes-prefs default_template {{ sd_supported_fedora_version }}

launcher/sdw_updater_gui/Updater.py

@@ -36,7 +36,7 @@
 # as well as their associated TemplateVMs.
 # In the future, we could use qvm-prefs to extract this information.
 current_vms = {
-    "fedora": "fedora-31",
+    "fedora": "fedora-32",
     "sd-viewer": "sd-large-buster-template",
     "sd-app": "sd-small-buster-template",
     "sd-log": "sd-small-buster-template",

launcher/tests/test_updater.py

@@ -500,7 +500,7 @@ def test_shutdown_and_start_vms(
         call("sys-usb"),
     ]
     template_vm_calls = [
-        call("fedora-31"),
+        call("fedora-32"),
         call("sd-large-buster-template"),
         call("sd-small-buster-template"),
         call("whonix-gw-15"),
@@ -548,7 +548,7 @@ def test_shutdown_and_start_vms_sysvm_fail(
         call("sd-log"),
     ]
     template_vm_calls = [
-        call("fedora-31"),
+        call("fedora-32"),
         call("sd-large-buster-template"),
         call("sd-small-buster-template"),
         call("whonix-gw-15"),

rpm-build/SPECS/securedrop-workstation-dom0-config.spec

@@ -1,12 +1,12 @@
 Name:		securedrop-workstation-dom0-config
-Version:	0.5.0
-Release:	1%{?dist}
+Version:	0.5.1
+Release:	0.rc1.1%{?dist}
 Summary:	SecureDrop Workstation
 
 Group:		Library
 License:	GPLv3+
 URL:		https://github.com/freedomofpress/securedrop-workstation
-Source0:	securedrop-workstation-dom0-config-0.5.0.tar.gz
+Source0:	securedrop-workstation-dom0-config-0.5.1rc1.tar.gz
 
 BuildArch:      noarch
 BuildRequires:	python3-setuptools
@@ -28,7 +28,7 @@ configuration over time.
 %undefine py_auto_byte_compile
 
 %prep
-%setup -n securedrop-workstation-dom0-config-0.5.0
+%setup -n securedrop-workstation-dom0-config-0.5.1rc1
 
 %build
 %{__python3} setup.py build
@@ -107,6 +107,9 @@ find /srv/salt -maxdepth 1 -type f -iname '*.top' \
     | xargs qubesctl top.enable > /dev/null
 
 %changelog
+* Tue Nov 17 2020 SecureDrop Team <securedrop@freedom.press> - 0.5.1-rc1
+- Migrates Fedora 31 templates to Fedora 32
+
 * Mon Nov 09 2020 SecureDrop Team <securedrop@freedom.press> - 0.5.0
 - Consolidates templates into small and large
 - Modifies updater UI to rerun full state if required

tests/base.py

@@ -7,6 +7,9 @@
 
 # Reusable constant for DRY import across tests
 WANTED_VMS = ["sd-gpg", "sd-log", "sd-proxy", "sd-app", "sd-viewer", "sd-whonix", "sd-devices"]
+CURRENT_FEDORA_VERSION = "32"
+CURRENT_FEDORA_TEMPLATE = "fedora-" + CURRENT_FEDORA_VERSION
+CURRENT_WHONIX_VERSION = "15"
 
 
 # base class for per-VM testing

tests/test_qubes_vms.py

@@ -1,10 +1,7 @@
 import unittest
 
 from qubesadmin import Qubes
-
-
-CURRENT_FEDORA_VERSION = "31"
-CURRENT_WHONIX_VERSION = "15"
+from base import CURRENT_FEDORA_TEMPLATE, CURRENT_WHONIX_VERSION
 
 
 class SD_Qubes_VM_Tests(unittest.TestCase):
@@ -32,7 +29,7 @@ def test_current_fedora_for_sys_vms(self):
         ]
         for sys_vm in sys_vms:
             vm = self.app.domains[sys_vm]
-            self.assertTrue(vm.template.name == "fedora-" + CURRENT_FEDORA_VERSION)
+            self.assertEqual(vm.template.name, CURRENT_FEDORA_TEMPLATE)
 
     def test_current_whonix_vms(self):
         """

tests/test_vms_platform.py

@@ -3,7 +3,7 @@
 import subprocess
 
 from qubesadmin import Qubes
-from base import WANTED_VMS
+from base import WANTED_VMS, CURRENT_FEDORA_TEMPLATE
 
 
 SUPPORTED_PLATFORMS = [
@@ -175,8 +175,8 @@ def test_all_fedora_vms_uptodate(self):
         """
         # Technically we want to know whether the sys-firewall, sys-net, and
         # sys-usb VMs have their updates installed. This test assumes those
-        # AppVMs are based on fedora-31.
-        vm_name = "fedora-31"
+        # AppVMs are based on the most recent Fedora version.
+        vm_name = CURRENT_FEDORA_TEMPLATE
         vm = self.app.domains[vm_name]
         self._ensure_packages_up_to_date(vm, fedora=True)
         vm.shutdown()
@@ -227,7 +227,7 @@ def test_sys_vms_use_supported_fedora(self):
             "sys-usb",
         ]
         for vm in sys_vms:
-            wanted_template = "fedora-31"
+            wanted_template = CURRENT_FEDORA_TEMPLATE
             found_template = self.app.domains[vm].template.name
             self.assertEqual(wanted_template, found_template)
 

utils/qa-switch/dom0.sls

@@ -10,7 +10,7 @@ dom0-rpm-test-key:
   file.managed:
     # We write the pubkey to the repos config location, because the repos
     # config location is automatically sent to dom0's UpdateVM. Otherwise,
-    # we must place the GPG key inside the fedora-31 TemplateVM, then
+    # we must place the GPG key inside the fedora TemplateVM, then
     # restart sys-firewall.
     - name: /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
     - source: "salt://sd/sd-workstation/apt-test-pubkey.asc"