Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Whonix 17 #938

Merged
merged 6 commits into from
Feb 6, 2024
Merged

Support Whonix 17 #938

merged 6 commits into from
Feb 6, 2024

Conversation

rocodes
Copy link
Contributor

@rocodes rocodes commented Jan 22, 2024
edited
Loading

Status

Ready for review

Description of Changes

Fixes #934
Towards #937

Changes proposed in this pull request:

  • [qubes 4.1] Upgrade to whonix-workstation-17 and whonix-gateway-17
  • Move apparmor config of whonix templates from dom0-files sls to whonix vm config file

Testing

Upgrade scenario (Qubes 4.1, no whonix-17 templates installed)

  • Check out this branch and build an rpm, then install it in dom0 and run sdw-admin --apply.
  • Whonix-17-* templates downloaded
  • apply completes successfully; anon-whonix
  • dom0 tests pass (relevant ones: sd-whonix template is whonix-gateway-17, kernelopts for sd-whonix and whonix templates show apparmor enabled)

Other scenarios (eg templates already downloaded)

  • apply completes successfully

Deployment

  • TK

Any special considerations for deployment? Consider both:

  1. Upgrading existing pilot instances
  2. New installs

Checklist

If you have made changes to the provisioning logic

  • All tests (make test) pass in dom0

If you have added or removed files

  • I have updated MANIFEST.in and rpm-build/SPECS/securedrop-workstation-dom0-config.spec : n/a

If documentation is required

  • I have opened a PR in the docs repo for these changes, or will do so later
  • I would appreciate help with the documentation

@rocodes rocodes requested a review from a team January 22, 2024 16:16
@zenmonkeykstop zenmonkeykstop self-requested a review January 25, 2024 16:00
@zenmonkeykstop
Copy link
Contributor

zenmonkeykstop commented Jan 31, 2024
edited
Loading

Tested again (with rpm built from 9fa6c15):

  • installed 4.1
  • installed prod rpm and ran sdwadmin --apply
  • built test rpm and installed over prod one
  • ran sdw-admin --apply again
    • install run completed successfully
    • whonix-17 templates installed (from testing repo)
    • sd-whonix now using whonix 17 gateway as template
    • Updater triggered after reboot and completed successfully
    • make test run (against latest version of branch to pull in above changes) - only failing test is test_sd_whonix_repo_enabled (known, to be flagged upstream)

@zenmonkeykstop
Copy link
Contributor

(This is another example of where it would be good to have clean CI environments - unless we include salt logic to remove the whonix-17 templates, they're now already present on the runner.)

@rocodes
Copy link
Contributor Author

rocodes commented Feb 6, 2024

Agreed, the test failing is a red herring and is because the old template is still being used. Just downloaded the prod templates and they do have /etc/apt/sources.list.d/derivative.list.

@rocodes rocodes changed the base branch from release/0.10.0 to main February 6, 2024 16:16
zenmonkeykstop
zenmonkeykstop approved these changes Feb 6, 2024
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on previous test results, visual inspection post-rebase.

@zenmonkeykstop zenmonkeykstop merged commit 2b3b03d into main Feb 6, 2024
6 of 7 checks passed
@zenmonkeykstop zenmonkeykstop deleted the whonix-17 branch February 6, 2024 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees

@zenmonkeykstop zenmonkeykstop

@rocodes rocodes

Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Deal with Whonix 16 EOL
2 participants
@rocodes @zenmonkeykstop