diff --git a/MANIFEST.in b/MANIFEST.in index d9766ad7..feacbcb0 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -2,6 +2,7 @@ include dom0/*.sls include dom0/*.top include dom0/*.j2 include dom0/*.yml +include dom0/*.conf include dom0/securedrop-admin include dom0/securedrop-login include dom0/securedrop-launcher.desktop diff --git a/Makefile b/Makefile index eb647fd6..28675f51 100644 --- a/Makefile +++ b/Makefile @@ -79,6 +79,7 @@ sd-log: prep-salt ## Provisions SD logging VM clean-salt: assert-dom0 ## Purges SD Salt configuration from dom0 @echo "Purging Salt config..." @sudo rm -rf /srv/salt/sd + @sudo rm -rf /srv/salt/launcher @sudo find /srv/salt -maxdepth 1 -type f -iname 'fpf*' -delete @sudo find /srv/salt -maxdepth 1 -type f -iname 'sd*' -delete @sudo find /srv/salt -maxdepth 1 -type f -iname 'securedrop*' -delete diff --git a/README.md b/README.md index d16c296e..41cb125b 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,14 @@ As of February 2020, the production and staging environments are experimental. I **IMPORTANT: THE STAGING ENVIRONMENT SHOULD NEVER BE USED FOR PRODUCTION PURPOSES.** + +#### Update `dom0`, `fedora-30`, `whonix-gw-15` and `whonix-ws-15` templates +Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong. + +Before proceeding to updates, we must ensure that `sys-whonix` can bootstrap to the Tor network. In the Qubes menu, navigate to `sys-whonix` and click on `Anon Connection Wizard` and click `Next` and ensure the Tor Bootstrap process completes successfully. + +In the Qubes Menu, naviage to `System Tools` and click on `Qubes Update`. Click the `Enable updates for qubes without known available updates` and select all VMs in the list. Click on `Next` and wait for updates to complete. + #### Download and install securedrop-workstation-dom0-config package Since `dom0` does not have network access, we will need to download the `securedrop-workstation-dom0-config` package in a Fedora-based VM. We can use the default Qubes-provisioned `work` VM. If you perform these changes in the `work` VM or another AppVM, they won't persist across reboots (recommended). @@ -202,7 +210,7 @@ In a terminal in `work`, run the following commands: [user@work ~]$ gpg --armor --export 22245C81E3BAEB4138B36061310F561200F4AD77 | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation ``` -Populate `/etc/yum/repos.d/securedrop-temp.repo` with the following contents: +Populate `/etc/yum.repos.d/securedrop-temp.repo` with the following contents: ``` [securedrop-workstation-temporary] gpgcheck=1 @@ -214,7 +222,7 @@ name=SecureDrop Workstation Qubes initial install bootstrap 3. Download the RPM package ``` -[user@work ~]$ sudo dnf download securedrop-workstation-dom0-config +[user@work ~]$ dnf download securedrop-workstation-dom0-config ``` The RPM file will be downloaded to your current working directory. @@ -226,7 +234,7 @@ The RPM file will be downloaded to your current working directory. In `dom0`, run the following commands (changing the version number to its current value): ``` -[dom0]$ qvm-run --pass-io work '/home/user/securedrop-workstation-dom0-config-x.y.z-1.fc25.noarch.rpm' > securedrop-workstation.rpm +[dom0]$ qvm-run --pass-io work 'cat /home/user/securedrop-workstation-dom0-config-x.y.z-1.fc25.noarch.rpm' > securedrop-workstation.rpm sudo dnf install securedrop-workstation.rpm ``` diff --git a/VERSION b/VERSION index 0ea3a944..0c62199f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.2.0 +0.2.1 diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec index f9fcb878..f1a1d434 100644 --- a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec +++ b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec @@ -1,12 +1,12 @@ Name: securedrop-workstation-dom0-config -Version: 0.2.0 +Version: 0.2.1 Release: 1%{?dist} Summary: SecureDrop Workstation Group: Library License: GPLv3+ URL: https://github.com/freedomofpress/securedrop-workstation -Source0: securedrop-workstation-dom0-config-0.2.0.tar.gz +Source0: securedrop-workstation-dom0-config-0.2.1.tar.gz BuildArch: noarch BuildRequires: python3-setuptools @@ -49,11 +49,16 @@ install -m 755 -d %{buildroot}/srv/salt/sd/sd-workstation install -m 755 -d %{buildroot}/srv/salt/sd/sys-firewall install -m 755 -d %{buildroot}/usr/share/%{name}/scripts install -m 755 -d %{buildroot}/srv/salt/sd/usb-autoattach +install -m 755 -d %{buildroot}/srv/salt/launcher +install -m 755 -d %{buildroot}/srv/salt/launcher/sdw_updater_gui +install -m 755 -d %{buildroot}/srv/salt/launcher/sdw_notify +install -m 755 -d %{buildroot}/srv/salt/launcher/sdw_util install -m 755 -d %{buildroot}/%{_bindir} install -m 644 dom0/*.sls %{buildroot}/srv/salt/ install -m 644 dom0/*.top %{buildroot}/srv/salt/ install -m 644 dom0/*.j2 %{buildroot}/srv/salt/ install -m 644 dom0/*.yml %{buildroot}/srv/salt/ +install -m 644 dom0/*.conf %{buildroot}/srv/salt/ install -m 644 dom0/securedrop-login %{buildroot}/srv/salt/ install -m 644 dom0/securedrop-launcher.desktop %{buildroot}/srv/salt/ install -m 655 dom0/securedrop-handle-upgrade %{buildroot}/srv/salt/ @@ -67,10 +72,15 @@ install -m 644 usb-autoattach/99-sd-devices.rules %{buildroot}/srv/salt/sd/usb-a install -m 755 usb-autoattach/sd-attach-export-device %{buildroot}/srv/salt/sd/usb-autoattach/ install -m 644 Makefile %{buildroot}/usr/share/%{name}/Makefile install -m 755 scripts/* %{buildroot}/usr/share/%{name}/scripts/ +# For the updater scripts, we want to provision them via rpm *and* also salt, since there's a salt step that will provision this install -m 644 launcher/*.py %{buildroot}/opt/securedrop/launcher/ +install -m 644 launcher/*.py %{buildroot}/srv/salt/launcher/ install -m 644 launcher/sdw_updater_gui/*.py %{buildroot}/opt/securedrop/launcher/sdw_updater_gui/ +install -m 644 launcher/sdw_updater_gui/*.py %{buildroot}/srv/salt/launcher/sdw_updater_gui/ install -m 644 launcher/sdw_notify/*.py %{buildroot}/opt/securedrop/launcher/sdw_notify/ +install -m 644 launcher/sdw_notify/*.py %{buildroot}/srv/salt/launcher/sdw_notify/ install -m 644 launcher/sdw_util/*.py %{buildroot}/opt/securedrop/launcher/sdw_util/ +install -m 644 launcher/sdw_util/*.py %{buildroot}/srv/salt/launcher/sdw_util/ %files %doc README.md LICENSE %attr(755, root, root) /opt/securedrop/launcher/sdw-launcher.py @@ -83,6 +93,7 @@ install -m 644 launcher/sdw_util/*.py %{buildroot}/opt/securedrop/launcher/sdw_u /srv/salt/dom0-xfce-desktop-file.j2 /srv/salt/securedrop-* /srv/salt/fpf* +/srv/salt/launcher* %post find /srv/salt -maxdepth 1 -type f -iname '*.top' \ @@ -91,6 +102,9 @@ find /srv/salt -maxdepth 1 -type f -iname '*.top' \ | xargs qubesctl top.enable > /dev/null %changelog +* Tue Feb 25 2020 SecureDrop Team - 0.2.1 +- Fixes logging and launcher configuration due to omitted file in manifest + * Mon Feb 24 2020 SecureDrop Team - 0.2.0 - Update version to 0.2.0 in preparation for beta release - Includes log forwarding from AppVMs to sd-log