freedomofpress · emkll · Feb 26, 2020 · Feb 24, 2020 · Feb 24, 2020 · Feb 25, 2020
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -2,6 +2,7 @@ include dom0/*.sls
 include dom0/*.top
 include dom0/*.j2
 include dom0/*.yml
+include dom0/*.conf
 include dom0/securedrop-admin
 include dom0/securedrop-login
 include dom0/securedrop-launcher.desktop

diff --git a/Makefile b/Makefile
@@ -79,6 +79,7 @@ sd-log: prep-salt ## Provisions SD logging VM
 clean-salt: assert-dom0 ## Purges SD Salt configuration from dom0
 	@echo "Purging Salt config..."
 	@sudo rm -rf /srv/salt/sd
+	@sudo rm -rf /srv/salt/launcher
 	@sudo find /srv/salt -maxdepth 1 -type f -iname 'fpf*' -delete
 	@sudo find /srv/salt -maxdepth 1 -type f -iname 'sd*' -delete
 	@sudo find /srv/salt -maxdepth 1 -type f -iname 'securedrop*' -delete

diff --git a/README.md b/README.md
@@ -183,6 +183,14 @@ As of February 2020, the production and staging environments are experimental. I
 
 **IMPORTANT: THE STAGING ENVIRONMENT SHOULD NEVER BE USED FOR PRODUCTION PURPOSES.**
 
+
+#### Update `dom0`, `fedora-30`, `whonix-gw-15` and `whonix-ws-15` templates
+Updates to these VMs will be provided by the installer and updater, but to ensure they are up to date prior to install, it will be easier to debug, should something go wrong.
+
+Before proceeding to updates, we must ensure that `sys-whonix` can bootstrap to the Tor network. In the Qubes menu, navigate to `sys-whonix` and click on `Anon Connection Wizard` and click `Next` and ensure the Tor Bootstrap process completes successfully.
+
+In the Qubes Menu, naviage to `System Tools` and click on `Qubes Update`. Click the `Enable updates for qubes without known available updates` and select all VMs in the list. Click on `Next` and wait for updates to complete.
+
 #### Download and install securedrop-workstation-dom0-config package
 
 Since `dom0` does not have network access, we will need to download the `securedrop-workstation-dom0-config` package in a Fedora-based VM. We can use the default Qubes-provisioned `work` VM. If you perform these changes in the `work` VM or another AppVM, they won't persist across reboots (recommended).
@@ -202,7 +210,7 @@ In a terminal in `work`, run the following commands:
 [user@work ~]$ gpg --armor --export 22245C81E3BAEB4138B36061310F561200F4AD77 | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
 ```
 
-Populate `/etc/yum/repos.d/securedrop-temp.repo` with the following contents:
+Populate `/etc/yum.repos.d/securedrop-temp.repo` with the following contents:
 ```
 [securedrop-workstation-temporary]
 gpgcheck=1
@@ -214,7 +222,7 @@ name=SecureDrop Workstation Qubes initial install bootstrap
 
 3. Download the RPM package
 ```
-[user@work ~]$ sudo dnf download securedrop-workstation-dom0-config
+[user@work ~]$ dnf download securedrop-workstation-dom0-config
 ```
 
 The RPM file will be downloaded to your current working directory.
@@ -226,7 +234,7 @@ The RPM file will be downloaded to your current working directory.
 In `dom0`, run the following commands (changing the version number to its current value):
 
 ```
-[dom0]$ qvm-run --pass-io work '/home/user/securedrop-workstation-dom0-config-x.y.z-1.fc25.noarch.rpm' > securedrop-workstation.rpm
+[dom0]$ qvm-run --pass-io work 'cat /home/user/securedrop-workstation-dom0-config-x.y.z-1.fc25.noarch.rpm' > securedrop-workstation.rpm
 sudo dnf install securedrop-workstation.rpm
 ```
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.2.0
+0.2.1
diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec
@@ -1,12 +1,12 @@
 Name:		securedrop-workstation-dom0-config
-Version:	0.2.0
+Version:	0.2.1
 Release:	1%{?dist}
 Summary:	SecureDrop Workstation
 
 Group:		Library
 License:	GPLv3+
 URL:		https://github.com/freedomofpress/securedrop-workstation
-Source0:	securedrop-workstation-dom0-config-0.2.0.tar.gz
+Source0:	securedrop-workstation-dom0-config-0.2.1.tar.gz
 
 BuildArch:      noarch
 BuildRequires:	python3-setuptools
@@ -49,11 +49,16 @@ install -m 755 -d %{buildroot}/srv/salt/sd/sd-workstation
 install -m 755 -d %{buildroot}/srv/salt/sd/sys-firewall
 install -m 755 -d %{buildroot}/usr/share/%{name}/scripts
 install -m 755 -d %{buildroot}/srv/salt/sd/usb-autoattach
+install -m 755 -d %{buildroot}/srv/salt/launcher
+install -m 755 -d %{buildroot}/srv/salt/launcher/sdw_updater_gui
+install -m 755 -d %{buildroot}/srv/salt/launcher/sdw_notify
+install -m 755 -d %{buildroot}/srv/salt/launcher/sdw_util
 install -m 755 -d %{buildroot}/%{_bindir}
 install -m 644 dom0/*.sls %{buildroot}/srv/salt/
 install -m 644 dom0/*.top %{buildroot}/srv/salt/
 install -m 644 dom0/*.j2 %{buildroot}/srv/salt/
 install -m 644 dom0/*.yml %{buildroot}/srv/salt/
+install -m 644 dom0/*.conf %{buildroot}/srv/salt/
 install -m 644 dom0/securedrop-login %{buildroot}/srv/salt/
 install -m 644 dom0/securedrop-launcher.desktop %{buildroot}/srv/salt/
 install -m 655 dom0/securedrop-handle-upgrade %{buildroot}/srv/salt/
@@ -67,10 +72,15 @@ install -m 644 usb-autoattach/99-sd-devices.rules %{buildroot}/srv/salt/sd/usb-a
 install -m 755 usb-autoattach/sd-attach-export-device %{buildroot}/srv/salt/sd/usb-autoattach/
 install -m 644 Makefile %{buildroot}/usr/share/%{name}/Makefile
 install -m 755 scripts/* %{buildroot}/usr/share/%{name}/scripts/
+# For the updater scripts, we want to provision them via rpm *and* also salt, since there's a salt step that will provision this
 install -m 644 launcher/*.py %{buildroot}/opt/securedrop/launcher/
+install -m 644 launcher/*.py %{buildroot}/srv/salt/launcher/
 install -m 644 launcher/sdw_updater_gui/*.py %{buildroot}/opt/securedrop/launcher/sdw_updater_gui/
+install -m 644 launcher/sdw_updater_gui/*.py %{buildroot}/srv/salt/launcher/sdw_updater_gui/
 install -m 644 launcher/sdw_notify/*.py %{buildroot}/opt/securedrop/launcher/sdw_notify/
+install -m 644 launcher/sdw_notify/*.py %{buildroot}/srv/salt/launcher/sdw_notify/
 install -m 644 launcher/sdw_util/*.py %{buildroot}/opt/securedrop/launcher/sdw_util/
+install -m 644 launcher/sdw_util/*.py %{buildroot}/srv/salt/launcher/sdw_util/
 %files
 %doc README.md LICENSE
 %attr(755, root, root) /opt/securedrop/launcher/sdw-launcher.py
@@ -83,6 +93,7 @@ install -m 644 launcher/sdw_util/*.py %{buildroot}/opt/securedrop/launcher/sdw_u
 /srv/salt/dom0-xfce-desktop-file.j2
 /srv/salt/securedrop-*
 /srv/salt/fpf*
+/srv/salt/launcher*
 
 %post
 find /srv/salt -maxdepth 1 -type f -iname '*.top' \
@@ -91,6 +102,9 @@ find /srv/salt -maxdepth 1 -type f -iname '*.top' \
     | xargs qubesctl top.enable > /dev/null
 
 %changelog
+* Tue Feb 25 2020 SecureDrop Team <securedrop@freedom.press> - 0.2.1
+- Fixes logging and launcher configuration due to omitted file in manifest
+
 * Mon Feb 24 2020 SecureDrop Team <securedrop@freedom.press> - 0.2.0
 - Update version to 0.2.0 in preparation for beta release
 - Includes log forwarding from AppVMs to sd-log