Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installs Buster-based SDW template RPM #346

Merged
merged 2 commits into from
Nov 21, 2019
Merged

Installs Buster-based SDW template RPM #346

merged 2 commits into from
Nov 21, 2019

Conversation

conorsch
Copy link
Contributor

Status

Refs #306. Closes #344.

Updates the Salt logic to pull in the latest, Buster-based template RPM. The artifact that should be installed is presented here: freedomofpress/securedrop-yum-test#3

Testing

In dom0:

sudo dnf remove qubes-template-securedrop-workstation-buster # in case you had a copy before, make sure it's gone
make all
qvm-check securedrop-workstation-buster # confirm it exists

Conor Schaefer added 2 commits November 20, 2019 17:14
Updates RPM signature verification
9b73753 
The sig verification for dom0 RPM packages was failing, due to a regex
problem with the validation lines. Presumably since F29 -> F30, SHA512
is now used, so we should honor both SHA256 and SHA512 checksums.

We plan to decommission the S3-hosting strategy for distributing RPMs,
but since I needed to make this change in order to upload the latest
Buster template RPM, I'm submitting for inclusion into master.
Installs Buster-based SDW template RPM
ebac44b 
Simply pulls in the package, to make it available to developers for
further testing. No changes are made to SDW TemplateVM settings at this
time, we're simply adding the package so it's available.
@conorsch conorsch requested a review from emkll November 21, 2019 02:26
emkll
emkll approved these changes Nov 21, 2019
View reviewed changes
Copy link
Contributor

@emkll emkll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes, this works as expected:

  • make all on master (as of this PR) does not pull in the buster template
  • make all on this branch pulls in the buster template.
  • securedrop-workstation-buster boots, and when hvm is enabled, the grsecurity kernel is running
  • All tests pass when running make test

We should note that once this is merged to master, any make all from master will pull in both templates, which will result in a one-time additional 5-10 minutes to the run, depending on network speed.

@emkll emkll merged commit e63773d into master Nov 21, 2019
@emkll emkll deleted the installs-securedrop-workstation-buster-template branch November 21, 2019 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emkll emkll emkll approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upload Buster-based securedrop-workstation template RPM
2 participants
@conorsch @emkll