Merge pull request #522 from freedomofpress/498-shutdown-templates

Ensure TemplateVMs are shut down prior to rebooting
freedomofpress · Apr 6, 2020 · e90ca30 · e90ca30
2 parents 3b5bbc1 + 412761e
commit e90ca30
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 8 deletions.
diff --git a/launcher/sdw_updater_gui/Updater.py b/launcher/sdw_updater_gui/Updater.py
@@ -407,13 +407,21 @@ def shutdown_and_start_vms():
     """
 
     sdw_vms_in_order = [
-        "sys-whonix",
+        "sd-app",
         "sd-proxy",
+        "sys-whonix",
         "sd-whonix",
-        "sd-app",
         "sd-gpg",
         "sd-log",
     ]
+
+    # All TemplateVMs minus dom0
+    sdw_templates = [val for key, val in current_templates.items() if key != "dom0"]
+
+    sdlog.info("Ensure TemplateVMs are shut down")
+    for vm in sdw_templates:
+        _safely_shutdown_vm(vm)
+
     sdlog.info("Shutting down SDW VMs for updates")
     for vm in sdw_vms_in_order:
         _safely_shutdown_vm(vm)

diff --git a/launcher/tests/test_updater.py b/launcher/tests/test_updater.py
@@ -653,17 +653,27 @@ def test_shutdown_and_start_vms(
         call("sys-net"),
         call("sys-firewall"),
     ]
+    template_vm_calls = [
+        call("fedora-30"),
+        call("sd-viewer-buster-template"),
+        call("sd-app-buster-template"),
+        call("sd-log-buster-template"),
+        call("sd-devices-buster-template"),
+        call("sd-proxy-buster-template"),
+        call("whonix-gw-15"),
+        call("securedrop-workstation-buster"),
+    ]
     app_vm_calls = [
-        call("sys-whonix"),
+        call("sd-app"),
         call("sd-proxy"),
+        call("sys-whonix"),
         call("sd-whonix"),
-        call("sd-app"),
         call("sd-gpg"),
         call("sd-log"),
     ]
     updater.shutdown_and_start_vms()
     mocked_call.assert_has_calls(sys_vm_kill_calls)
-    mocked_shutdown.assert_has_calls(app_vm_calls)
+    mocked_shutdown.assert_has_calls(template_vm_calls + app_vm_calls)
     app_vm_calls_reversed = list(reversed(app_vm_calls))
     mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls_reversed)
     assert not mocked_error.called
@@ -690,13 +700,23 @@ def test_shutdown_and_start_vms_sysvm_fail(
         call("sys-firewall"),
     ]
     app_vm_calls = [
-        call("sys-whonix"),
+        call("sd-app"),
         call("sd-proxy"),
+        call("sys-whonix"),
         call("sd-whonix"),
-        call("sd-app"),
         call("sd-gpg"),
         call("sd-log"),
     ]
+    template_vm_calls = [
+        call("fedora-30"),
+        call("sd-viewer-buster-template"),
+        call("sd-app-buster-template"),
+        call("sd-log-buster-template"),
+        call("sd-devices-buster-template"),
+        call("sd-proxy-buster-template"),
+        call("whonix-gw-15"),
+        call("securedrop-workstation-buster"),
+    ]
     error_calls = [
         call("Error while killing sys-firewall"),
         call("Command 'check_call' returned non-zero exit status 1."),
@@ -707,7 +727,7 @@ def test_shutdown_and_start_vms_sysvm_fail(
     ]
     updater.shutdown_and_start_vms()
     mocked_call.assert_has_calls(sys_vm_kill_calls)
-    mocked_shutdown.assert_has_calls(app_vm_calls)
+    mocked_shutdown.assert_has_calls(template_vm_calls + app_vm_calls)
     app_vm_calls_reversed = list(reversed(app_vm_calls))
     mocked_start.assert_has_calls(sys_vm_start_calls + app_vm_calls_reversed)
     mocked_error.assert_has_calls(error_calls)