Release SecureDrop Workstation 1.1.0

[rocodes]

Description

Release SecureDrop Workstation 1.1.0, with Fedora 41 support and other bugfixes and improvements.
Note: keyring bootstrap package support has been deferred til [1.2.0], so reopening this ticket. (https://github.com/freedomofpress/securedrop-workstation/milestone/11).

• RM and Deputy RM: @rocodes + @deeplow pairing
• Comms: @rocodes @nathandyer
• additional QA: @nathandyer

Pre-release tasks

• Update docs with f40 -> f41 , update Qubes install docs to reference 4.2.4 : Update Fedora version to 41 and Qubes iso version to 4.2.4.  securedrop-workstation-docs#304

QA / Test plan

Testers, please choose one of Clean install or Upgrade. Instructions:
https://github.com/freedomofpress/securedrop-workstation/wiki/QA-Testing#dom0-testing-securedrop-workstation-dom0-config

Clean Install (Qubes 4.2.4)

Follow Clean install (RC) setup instructions.

• Install completes successfully (Move provision-all to sdw-admin.py #1159)
• Ensure sd-viewer has libreoffice installed (Remove Salt logic installing libreoffice #1162)
• Basic regression testing: VMs boot, basic functionality, send-receive-decrypt-export (one tester total)
• Rest of test plan (below)

Upgrade (no f41 template present)

Follow Upgrade (RC) setup instructions. Do not install fedora-41-xfce template before upgrading.

• fedora-41-xfce not present before upgrade
• Upgrade completes successfully using updater (Replace salt updater in sd-sys-vms #1165) - check updater detail log and dom0 journal, ensure no errors
• Basic regression testing: VMs boot, basic functionality, send-receive-decrypt-export (one tester total)
• Rest of test plan (below)

Upgrade B: f41 template already present (@rocodes)

• Same as test plan above, I'll do this one
• rest of test plan

1.1.0 test plan (start in dom0)

Key validation
In dom0 /usr/share/securedrop-workstation-dom0-config, test the following validation conditions for sd-journalist.sec by running sdw-admin --validate and observing the output. #1205

• Missing private key (sd-journalist.sec) fails validation
• Pubkey instead of private key fails validation (test with eg sudo sed -i "s/PRIVATE/PUBLIC/g" /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec) and a message that it's not a private key
• Password-protected private key fails validation and yields descriptive error message (you may want to generate a keypair outside dom0 in an environment with pinentry, password-protect the key, then copy into dom0)

VM config

• Visible in Qubes Menu (APPS tab): sd-app, sd-gpg (Revert marking sd-log as internal #1191, Do not mark sd-app/sd-gpg as internal #1216, Explicitly unset internalness of sd-app and sd-proxy #1237, Always set a VM's internalness #1219, Explicitly unset internalness of sd-app and sd-proxy #1237)
• qvm-prefs sd-proxy provides_network is False (Set named dispvm sd-proxy as a servicevm #1146)

systemd units
Observe when running each (#1088):

• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

Fedora 41 bump

• Examine output of qvm-ls | grep fedora-41-xfce: (Bump supported fedora version to 41 #1221)
• fedora-41-xfce is present (TemplateVM), fedora-41-xfce-dvm is template for sys-net, sys-firewall
• sd-fedora-41-dvm exists and has fedora-41-xfce template; sd-fedora-41-dvm is sys-usb template
• qvm-check --quiet sd-fedora-40-dvm || echo "Not installed" shows "Not installed"

Correct packages

• qvm-run --pass-io sd-base-bookworm-template 'apt list --installed | grep securedrop' (Refactor: Avoid duplicative salt states #1161)
  • securedrop-workstation-config is present
  • securedrop-workstation-grsec is present

late sd-log setup (#1253)

Open terminal in sd-log:

• and type ls ~/QubesIncomingLogs/. Various sd-* qubes should be listed
• type tail -f ~/QubesIncomingLogs/sd-proxy/syslog.log
• open terminal in sd-proxy and type sudo journalctl -f
• on sd-proxy, open another teminal (to cause something to show in the systemctl journal)
• Compare the output of the log in sd-log and in sd-proxy. They should be approximately the same.

Example of what it should look like:

Uninstall (optional/one tester)
sdw-admin --uninstall then reboot or reload systemd daemon (sudo systemctl daemon-reload).

• securedrop-related systemd units (user and system) are all removed. On the following dom0 commands it should show "... could not be found":
• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

---

Excluded from QA

Dev-facing

• Enable and fix tests that weren't running Enable and fix tests that weren't running #1090
• docs(readme): link to contribution guidelines docs(readme): link to contribution guidelines #1177
• Bump the dependencies group across 1 directory with 5 updates Bump the dependencies group across 1 directory with 5 updates #1182
• Verify PGP key embedded in .sources files are correct Verify PGP key embedded in .sources files are correct #1183
• Actually test that logs are flowing to sd-log Actually test that logs are flowing to sd-log #1087
• Test that apt interprets our .sources files correctly Test that apt interprets our .sources files correctly #1093
• Remove perl from tests Remove perl from tests #1184
• Automatically log into the client application Automatically log into the client application #1188
• Bump the dependencies group across 1 directory with 8 updates Bump the dependencies group across 1 directory with 8 updates #1220
• Lint our GitHub Actions workflows with zizmor Lint our GitHub Actions workflows with zizmor #1222
• Bump the dependencies group across 1 directory with 5 updates Bump the dependencies group across 1 directory with 5 updates #1228
• Use script to capture rpm build log Use script to capture rpm build log #1241

Due to test coverage

• Remove unecessary nopat kernelopt Remove unecessary nopat kernelopt #1172
• Set vm template consistently across Salt files; cleanup unused requisites Set vm template consistently across Salt files; cleanup unused requisites #1226

Release

See https://developers.securedrop.org/en/latest/workstation_release_management.html#release-an-rpm-package

• Check if any security fixes need to be pulled in
• Create release/1.1.0 branch
• On release branch, update version and changelog, create rc tag
• Build and reproduce RC packages, open PR on yum-test
• merge yum-test PR, start RC QA (test plan tk)
• Prod changelog, version bump, and prod-signed tag
• Prod packages on yum-qa: open (draft) PR to release branch
• Pre-release QA (yum-prod review checklist can be stepped through without approving/merging)
• Go/no-go meeting, finalize comms roles and timeline
• Deploy
• Comms (blog post), docs update, socials
• Backport + close release issue

[nathandyer]

QA / Test plan

Testers, please choose one of Clean install or Upgrade. Instructions:
https://github.com/freedomofpress/securedrop-workstation/wiki/QA-Testing#dom0-testing-securedrop-workstation-dom0-config

Upgrade (no f41 template present) IN PROGRESS

Follow Upgrade (RC) setup instructions. Do not install fedora-41-xfce template before upgrading.

• fedora-41-xfce not present before upgrade
• Upgrade completes successfully using updater (Replace salt updater in sd-sys-vms #1165) - check updater detail log and dom0 journal, ensure no errors
• Basic regression testing: VMs boot, basic functionality, send-receive-decrypt-export (one tester total)
• Rest of test plan (below)

1.1.0 test plan (start in dom0)

Key validation
In dom0 /usr/share/securedrop-workstation-dom0-config, test the following validation conditions for sd-journalist.sec by running sdw-admin --validate and observing the output. #1205

• Missing private key (sd-journalist.sec) fails validation
• Pubkey instead of private key fails validation (test with eg sudo sed -i "s/PRIVATE/PUBLIC/g" /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec) and a message that it's not a private key
• Password-protected private key fails validation and yields descriptive error message (you may want to generate a keypair outside dom0 in an environment with pinentry, password-protect the key, then copy into dom0)

VM config

• Visible in Qubes Menu (APPS tab): sd-app, sd-gpg, sd-viewer (Revert marking sd-log as internal #1191, Do not mark sd-app/sd-gpg as internal #1216, Explicitly unset internalness of sd-app and sd-proxy #1237, Always set a VM's internalness #1219, Explicitly unset internalness of sd-app and sd-proxy #1237)

FAIL: sd-viewer not visible in menu under APPS tab

• Visible in Qubes Menu (SERVICE tab): sd-proxy (Set named dispvm sd-proxy as a servicevm #1146)

FAIL: sd-proxy not visible in SERVICE tab

• Qubes Menu -> sd-proxy -> settings: provides network is unchecked (Set named dispvm sd-proxy as a servicevm #1146)

systemd units
Observe when running each (#1088):

• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

Fedora 41 bump

• Examine output of qvm-ls | grep fedora-41-xfce: (Bump supported fedora version to 41 #1221)
• fedora-41-xfce is present (TemplateVM), is template for sys-usb, sys-net, sys-firewall

POSSIBLE FAIL: sys-usb not listed in output; when checking, it appears that the sd-fedora-41-dvm1 is the template (which may be correct? just not what's in the test plan)

• sd-fedora-41-dvm exists and has fedora-41-xfce template available
• qvm-check --quiet sd-fedora-40-dvm || echo "Not installed" shows "Not installed"

Correct packages

• qvm-run --pass-io sd-base-bookworm-template 'apt list --installed | grep securedrop' (Refactor: Avoid duplicative salt states #1161)
  • securedrop-workstation-config is present
  • securedrop-workstation-grsec is present

Uninstall (optional/one tester)
sdw-admin --uninstall then reboot or reload systemd daemon (sudo systemctl daemon-reload).

• securedrop-related systemd units (user and system) are all removed. On the following dom0 commands it should show "... could not be found":
• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

---

Excluded from QA

Dev-facing

• Enable and fix tests that weren't running Enable and fix tests that weren't running #1090
• docs(readme): link to contribution guidelines docs(readme): link to contribution guidelines #1177
• Bump the dependencies group across 1 directory with 5 updates Bump the dependencies group across 1 directory with 5 updates #1182
• Verify PGP key embedded in .sources files are correct Verify PGP key embedded in .sources files are correct #1183
• Actually test that logs are flowing to sd-log Actually test that logs are flowing to sd-log #1087
• Test that apt interprets our .sources files correctly Test that apt interprets our .sources files correctly #1093
• Remove perl from tests Remove perl from tests #1184
• Automatically log into the client application Automatically log into the client application #1188
• Bump the dependencies group across 1 directory with 8 updates Bump the dependencies group across 1 directory with 8 updates #1220
• Lint our GitHub Actions workflows with zizmor Lint our GitHub Actions workflows with zizmor #1222
• Bump the dependencies group across 1 directory with 5 updates Bump the dependencies group across 1 directory with 5 updates #1228
• Use script to capture rpm build log Use script to capture rpm build log #1241

Due to test coverage

• Remove unecessary nopat kernelopt Remove unecessary nopat kernelopt #1172
• Set vm template consistently across Salt files; cleanup unused requisites Set vm template consistently across Salt files; cleanup unused requisites #1226

[rocodes]

@nathandyer Thank you for your testing, and apologies - those were errors in the test plan not in your results. I have amended the test plan to clarify a couple cases (sd-viewer and sd-proxy are still internal, so other testers will do qvm-prefs for them rather than searching in the app menu); and sys-usb is disposable so you have the correct template for it (assuming the 1 at the end is a typo and you meant sd-fedora-41-dvm.

Your test run LGTM! thanks again. I will provide some additional test coverage.

[deeplow]

Clean Install (Qubes 4.2.4)

A small during Qubes install and update

I did see errors updating fedora-41-xfce, before SDW was even installed.

Follow Clean install (RC) setup instructions.

• Install completes successfully (Move provision-all to sdw-admin.py #1159)
• Ensure sd-viewer has libreoffice installed (Remove Salt logic installing libreoffice #1162)
• SKIPPED Basic regression testing: VMs boot, basic functionality, send-receive-decrypt-export (one tester total)
• Rest of test plan (below)

Key validation
In dom0 /usr/share/securedrop-workstation-dom0-config, test the following validation conditions for sd-journalist.sec by running sdw-admin --validate and observing the output. #1205

• Missing private key (sd-journalist.sec) fails validation
• Pubkey instead of private key fails validation (test with eg sudo sed -i "s/PRIVATE/PUBLIC/g" /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec) and a message that it's not a private key
• Password-protected private key fails validation and yields descriptive error message (you may want to generate a keypair outside dom0 in an environment with pinentry, password-protect the key, then copy into dom0)

⚠ Note: It does show the errors for all of the above, but in traceback form. Is this a regression?

VM config

• Visible in Qubes Menu (APPS tab): sd-app, sd-gpg, sd-viewer (Revert marking sd-log as internal #1191, Do not mark sd-app/sd-gpg as internal #1216, Explicitly unset internalness of sd-app and sd-proxy #1237, Always set a VM's internalness #1219, Explicitly unset internalness of sd-app and sd-proxy #1237)

  Observation 1: Small issue with test plan

  • sd-viewer shows (and is supposed to show in the TEMPLATE tab)

  Observation 2: sd-viewer's disposable shows as being under sd-log. I believe this is and upstream issue.
  
  And I did confirm the templates were as expected:

  $ qvm-prefs disp6897 template
  sd-viewer
  $ qvm-prefs sd-viewer template
  sd-large-bookworm-template
  $ qvm-prefs sd-log template
  sd-small-bookworm-template
  

• Visible in Qubes Menu (SERVICE tab): sd-proxy (Set named dispvm sd-proxy as a servicevm #1146)

  Note: it originally showed up in the APPS tab, but I think this was before I restart the machine. The menu does not handle super well relatively niche properties dynamically.

• Qubes Menu -> sd-proxy -> settings: provides network is unchecked (Set named dispvm sd-proxy as a servicevm #1146)

systemd units
Observe when running each (#1088):

• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

Fedora 41 bump

• Examine output of qvm-ls | grep fedora-41-xfce: (Bump supported fedora version to 41 #1221)
• FAIL fedora-41-xfce is present (TemplateVM), is template for sys-usb, sys-net, sys-firewall

  ✅ for sys-net and sys-firewall, but not for sys-usb, of course. sys-usb had sd-fedora-41-dvm. This was an issue with the test plan.

• sd-fedora-41-dvm exists and has fedora-41-xfce template available
• qvm-check --quiet sd-fedora-40-dvm || echo "Not installed" shows "Not installed"

Correct packages

• qvm-run --pass-io sd-base-bookworm-template 'apt list --installed | grep securedrop' (Refactor: Avoid duplicative salt states #1161)
  • securedrop-workstation-config is present
  • securedrop-workstation-grsec is present

  Note: turns out we could have used apt list *securedrop* instead

Uninstall (optional/one tester)
sdw-admin --uninstall then reboot or reload systemd daemon (sudo systemctl daemon-reload).

• securedrop-related systemd units (user and system) are all removed. On the following dom0 commands it should show "... could not be found":
• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

---

Excluded from QA

Dev-facing

• Enable and fix tests that weren't running Enable and fix tests that weren't running #1090
• docs(readme): link to contribution guidelines docs(readme): link to contribution guidelines #1177
• Bump the dependencies group across 1 directory with 5 updates Bump the dependencies group across 1 directory with 5 updates #1182
• Verify PGP key embedded in .sources files are correct Verify PGP key embedded in .sources files are correct #1183
• Actually test that logs are flowing to sd-log Actually test that logs are flowing to sd-log #1087
• Test that apt interprets our .sources files correctly Test that apt interprets our .sources files correctly #1093
• Remove perl from tests Remove perl from tests #1184
• Automatically log into the client application Automatically log into the client application #1188
• Bump the dependencies group across 1 directory with 8 updates Bump the dependencies group across 1 directory with 8 updates #1220
• Lint our GitHub Actions workflows with zizmor Lint our GitHub Actions workflows with zizmor #1222
• Bump the dependencies group across 1 directory with 5 updates Bump the dependencies group across 1 directory with 5 updates #1228
• Use script to capture rpm build log Use script to capture rpm build log #1241

Due to test coverage

• Remove unecessary nopat kernelopt Remove unecessary nopat kernelopt #1172
• Set vm template consistently across Salt files; cleanup unused requisites Set vm template consistently across Salt files; cleanup unused requisites #1226

---

Missing bit in test plan

We had missed the RC4 inclusion in the test plan: #1253

I confirmed that sd-log is working. There is some mismatch between earlier entries for logs in sd-proxy's journalctl and the one stored in sd-log under ~/QubesIncoming/sd-proxy/syslog.log. But later entries were consistent.

I don't have a baseline comparison to assess the initial inconsistency, but given that app qubes inheirt the template's journalctl, the logs become hard to compare.

I would give this one a pass. Given that we are not concerned about logs during the installation.

[deeplow]

I have amended the test plan to clarify a couple cases (sd-viewer and sd-proxy are still internal, so other testers will do qvm-prefs for them rather than searching in the app menu);

I may have wrongly assumed we were testing using staging while on yum-test, but according to this, they should not be marked as internal. Perhaps I should have noted in the test plan that this will only be visible when testing on yum-qa.

[rocodes]

I have amended the test plan to clarify a couple cases (sd-viewer and sd-proxy are still internal, so other testers will do qvm-prefs for them rather than searching in the app menu);

I may have wrongly assumed we were testing using staging while on yum-test, but according to this, they should not be marked as internal. Perhaps I should have noted in the test plan that this will only be visible when testing on yum-qa.

Right, good point; I think though that we shouldn't have a different test plan for prod vs yum-test. (I guess this argues against the conditional "sometimes internal sometimes not" logic more than anything tbh)

[deeplow]

I have added to the test plan something about the late setup of sd-log introduced in RC4.

Right, good point; I think though that we shouldn't have a different test plan for prod vs yum-test. (I guess this argues against the conditional "sometimes internal sometimes not" logic more than anything tbh)

💯 #1053

[rocodes]

(neglected to post my QA results yesterday, but I went through QA on the "upgrade / f41 templates already installed" scenario. Successful provisioning run, confirmed basic assurances (correctly updated fedora templates, correct vm properties, autoattach rules in sys-usb).

We have proceeded to prod tag + artifact building and will update when time for pre-release QA.

[rocodes]

Prod qa packages are live on yum-qa. Testers, please ensure that if you are testing the "Upgrade - no fedora 41 templates" test plan, you do not have the fedora-41-xfce template installed before you start QA. QA environment setup instructions are in the wiki page linked in the issue body.

(My results: clean install successful - didn't QA just did a provisioning run. Upgrade in progress.)

[rocodes]

My (smoketest) pre-release qa:

• Clean install 1 (f41 templates already present) successful: Provisioning completes, VMs boot, correct templates and preferences; sdw-admin --uninstall completes successfully
• Upgrade install (1.0.2 -> 1.1.0) via the updater: Update is successful, VMs, boot, correct templates, correct properties in sys vms; sdw-admin --uninstall successful
• Clean install 2 (f41 templates already present): WIP, will update as soon as provisioning completes

[deeplow]

QA / Test plan

Testers, please choose one of Clean install or Upgrade. Instructions:
https://github.com/freedomofpress/securedrop-workstation/wiki/QA-Testing#dom0-testing-securedrop-workstation-dom0-config

Upgrade (no f41 template present)

Follow Upgrade (RC) setup instructions. Do not install fedora-41-xfce template before upgrading.

• fedora-41-xfce not present before upgrade
• Upgrade completes successfully using updater (Replace salt updater in sd-sys-vms #1165) - check updater detail log and dom0 journal, ensure no errors
• Basic regression testing: VMs boot, basic functionality, send-receive-decrypt-export (one tester total)
• Rest of test plan (below)

1.1.0 test plan (start in dom0)

Key validation
In dom0 /usr/share/securedrop-workstation-dom0-config, test the following validation conditions for sd-journalist.sec by running sdw-admin --validate and observing the output. #1205

• Missing private key (sd-journalist.sec) fails validation
• Pubkey instead of private key fails validation (test with eg sudo sed -i "s/PRIVATE/PUBLIC/g" /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec) and a message that it's not a private key
• Password-protected private key fails validation and yields descriptive error message (you may want to generate a keypair outside dom0 in an environment with pinentry, password-protect the key, then copy into dom0)

VM config

• Visible in Qubes Menu (APPS tab): sd-app, sd-gpg (Revert marking sd-log as internal #1191, Do not mark sd-app/sd-gpg as internal #1216, Explicitly unset internalness of sd-app and sd-proxy #1237, Always set a VM's internalness #1219, Explicitly unset internalness of sd-app and sd-proxy #1237)
• qvm-prefs sd-proxy provides_network is False (Set named dispvm sd-proxy as a servicevm #1146)

systemd units
Observe when running each (#1088):

• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

Fedora 41 bump

• Examine output of qvm-ls | grep fedora-41-xfce: (Bump supported fedora version to 41 #1221)
• fedora-41-xfce is present (TemplateVM), fedora-41-xfce-dvm is template for sys-net, sys-firewall
• sd-fedora-41-dvm exists and has fedora-41-xfce template; sd-fedora-41-dvm is sys-usb template
• qvm-check --quiet sd-fedora-40-dvm || echo "Not installed" shows "Not installed"

Correct packages

• qvm-run --pass-io sd-base-bookworm-template 'apt list --installed | grep securedrop' (Refactor: Avoid duplicative salt states #1161)
  • securedrop-workstation-config is present
  • securedrop-workstation-grsec is present

late sd-log setup (#1253)

Open terminal in sd-log:

• and type ls ~/QubesIncomingLogs/. Various sd-* qubes should be listed
• type tail -f ~/QubesIncomingLogs/sd-proxy/syslog.log
• open terminal in sd-proxy and type sudo journalctl -f
• on sd-proxy, open another teminal (to cause something to show in the systemctl journal)
• Compare the output of the log in sd-log and in sd-proxy. They should be approximately the same.

Example of what it should look like:

Uninstall (optional/one tester)
sdw-admin --uninstall then reboot or reload systemd daemon (sudo systemctl daemon-reload).

• securedrop-related systemd units (user and system) are all removed. On the following dom0 commands it should show "... could not be found":
• systemctl --user status sdw-notify.timer
• systemctl --user status securedrop-user-xfce-icon-size
• systemctl --user status securedrop-user-xfce-settings

[rocodes]

We are superseding 1.1.0 with a hotfix release, 1.1.1, due to an issue uncovered in pre-release QA with the updater.

Testers, please follow this amended test plan:

• Start with a production setup flipped to the yum-qa repos, as described in "pre-release qa" in this guide: https://github.com/freedomofpress/securedrop-workstation/wiki/QA-Testing#dom0-testing-securedrop-workstation-dom0-config. Instead of just dnf download, you may have to specify version 1.0.2 to download. If upgrade path: reboot your machine once you have provisioned. If clean install: just download the 1.1.1 rpm and install in dom0.
• Be sure that, if you QA'd previously, you do not have the log file /var/log/qubes/update-fedora-41-xfce.log owned by root in place. (You may remove this file.)
• At least one tester: please test from a machine that does not have fedora-41-xfce template preinstalled.
• If upgrade path: Run the updater. Updater completes successfully. If clean install path: provision. Provisioning completes successfully.
• Flip back to yum-qa repos in srv/salt and sd-default-config.yml again, following the wiki QA setup instructions. 🙃
• Run the updater a second time (sdw-updater --skip-delta 0), or run the qubes GUI updater selecting fedora-41-xfce. Updates complete successfully.

[nathandyer]

Just completed a successful clean install QA run on 1.1.1:

• Start with a production setup flipped to the yum-qa repos, as described in "pre-release qa" in this guide: https://github.com/freedomofpress/securedrop-workstation/wiki/QA-Testing#dom0-testing-securedrop-workstation-dom0-config. Instead of just dnf download, you may have to specify version 1.0.2 to download. If upgrade path: reboot your machine once you have provisioned. If clean install: just download the 1.1.1 rpm and install in dom0.
• Be sure that, if you QA'd previously, you do not have the log file /var/log/qubes/update-fedora-41-xfce.log owned by root in place. (You may remove this file.) (NA, clean install)
• At least one tester: please test from a machine that does not have fedora-41-xfce template preinstalled. (NA, started from Qubes 2.4.2 with fedora-41-xfce installed and set to default template)
• If upgrade path: Run the updater. Updater completes successfully. If clean install path: provision. Provisioning completes successfully.
• Flip back to yum-qa repos in srv/salt and sd-default-config.yml again, following the wiki QA setup instructions. 🙃
• Run the updater a second time (sdw-updater --skip-delta 0), or run the qubes GUI updater selecting fedora-41-xfce. Updates complete successfully.

• Basic smoke tests. LGTM!

[zenmonkeykstop]

• Start with a production setup flipped to the yum-qa repos, as described in "pre-release qa" in this guide: https://github.com/freedomofpress/securedrop-workstation/wiki/QA-Testing#dom0-testing-securedrop-workstation-dom0-config. Instead of just dnf download, you may have to specify version 1.0.2 to download. If upgrade path: reboot your machine once you have provisioned. If clean install: just download the 1.1.1 rpm and install in dom0.
• Be sure that, if you QA'd previously, you do not have the log file /var/log/qubes/update-fedora-41-xfce.log owned by root in place. (You may remove this file.)
• At least one tester: please test from a machine that does not have fedora-41-xfce template preinstalled. CONFIRMED
• If upgrade path: Run the updater. Updater completes successfully. If clean install path: provision. Provisioning completes successfully.
• Flip back to yum-qa repos in srv/salt and sd-default-config.yml again, following the wiki QA setup instructions. 🙃
• Run the updater a second time (sdw-updater --skip-delta 0), or run the qubes GUI updater selecting fedora-41-xfce. Updates complete successfully.