From 32f2c3e78cbd30e3b314d93a752043386cf7dfa7 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Mon, 24 Sep 2018 19:07:32 -0400 Subject: [PATCH 01/10] Converts all SDW AppVMs to Debian 9 All of the `sd-*` VMs for the SecureDrop Workstation now use Debian 9 as the base template. This will allow us to use deb packages across the board for all AppVMs, as well as the hardened based image with a custom kernel in the near future, as well. Updates the test suites to accommodate for gpg v1/v2 output variance, as well as removes Fedora 28 as a permitted base for the AppVMs in the platform tests. --- dom0/sd-gpg.sls | 2 +- dom0/sd-svs-disp.sls | 2 +- dom0/sd-svs.sls | 2 +- tests/test_gpg.py | 8 ++++++-- tests/test_vms_platform.py | 1 - 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/dom0/sd-gpg.sls b/dom0/sd-gpg.sls index a7008215..5fd47c19 100644 --- a/dom0/sd-gpg.sls +++ b/dom0/sd-gpg.sls @@ -13,7 +13,7 @@ sd-gpg: qvm.vm: - name: sd-gpg - present: - - template: fedora-28 + - template: debian-9 - label: purple - prefs: - netvm: "" diff --git a/dom0/sd-svs-disp.sls b/dom0/sd-svs-disp.sls index 3a13588e..bdb1b4fa 100644 --- a/dom0/sd-svs-disp.sls +++ b/dom0/sd-svs-disp.sls @@ -15,7 +15,7 @@ sd-svs-disp: qvm.vm: - name: sd-svs-disp - present: - - template: fedora-28 + - template: debian-9 - label: green - prefs: - netvm: "" diff --git a/dom0/sd-svs.sls b/dom0/sd-svs.sls index 5a23c36d..55602604 100644 --- a/dom0/sd-svs.sls +++ b/dom0/sd-svs.sls @@ -13,7 +13,7 @@ sd-svs: qvm.vm: - name: sd-svs - present: - - template: fedora-28 + - template: debian-9 - label: yellow - prefs: - netvm: "" diff --git a/tests/test_gpg.py b/tests/test_gpg.py index 9b864f5e..1ef2d7ac 100644 --- a/tests/test_gpg.py +++ b/tests/test_gpg.py @@ -10,9 +10,13 @@ def find_fp_from_gpg_output(gpg): lines = gpg.split("\n") for line in lines: - m = re.match('\s*Key fingerprint = (.*)$', line) + # dom0 uses Fedora25 with gpg 1.4.22, whereas AppVMs + # use Debian9 with gpg 2.1.18, so we'll match fingerprint + # by a loose regex rather than substring match. + regex = '\s*(Key fingerprint = )?([A-F0-9\s]{50})$' + m = re.match(regex, line) if m is not None: - fp = m.groups()[0] + fp = m.groups()[1] return fp diff --git a/tests/test_vms_platform.py b/tests/test_vms_platform.py index ae44250c..34219d22 100644 --- a/tests/test_vms_platform.py +++ b/tests/test_vms_platform.py @@ -5,7 +5,6 @@ SUPPORTED_PLATFORMS = [ - "Fedora 28 (Twenty Eight)", "Debian GNU/Linux 9 (stretch)", ] From 97a680681f12e725b9cbe114de71ab7b9f4cbc84 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Mon, 1 Oct 2018 12:57:04 -0400 Subject: [PATCH 02/10] Forces use of gedit for text files via mailcap This may be a larger problem with the Debian 9 transition: xdg-open when run via a terminal (rather than invoked via e.g. Nautilus integration, or otherwise in a GUI desktop environment) does not honor the mimetype handlers declared in the desktop files. For text/plain, edited the mailcap file in order to address. --- dom0/sd-svs-files.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dom0/sd-svs-files.sls b/dom0/sd-svs-files.sls index 2e501aff..e51f67e8 100644 --- a/dom0/sd-svs-files.sls +++ b/dom0/sd-svs-files.sls @@ -55,6 +55,13 @@ - mode: 644 - makedirs: True +# xdg-open falls back to run-mailcap on debian-9, so CLI invocations +# will not use gedit as intended. Let's force use of gedit via mailcap. +sd-svs-force-gedit-for-xdg-open: + file.prepend: + - name: /etc/mailcap + - text: "text/plain; gedit %s; test=test -x /usr/bin/gedit" + sudo update-mime-database /usr/local/share/mime: cmd.run From aeedca13eea2f7a6be1d188af6efbf5f02859bcb Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Tue, 2 Oct 2018 10:38:07 -0400 Subject: [PATCH 03/10] Moves mailcap mimetype shim to sd-svs-disp We'll have to circle back on making sure that all mimetypes are honored, but for now we can simply ensure that submitted plaintext files are opened correctly in `sd-svs-disp`, not `sd-svs`; the latter should never open files directly, only call out to the former for opening. --- Makefile | 1 + dom0/sd-svs-disp-files.sls | 23 +++++++++++++++++++++++ dom0/sd-svs-disp-files.top | 6 ++++++ dom0/sd-svs-files.sls | 7 ------- 4 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 dom0/sd-svs-disp-files.sls create mode 100644 dom0/sd-svs-disp-files.top diff --git a/Makefile b/Makefile index ee07a80d..dba623d0 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ sd-whonix: prep-salt ## Provisions SD Whonix VM sd-svs-disp: prep-salt ## Provisions SD Submission Viewing VM sudo qubesctl top.enable sd-svs-disp + sudo qubesctl top.enable sd-svs-disp-files sudo qubesctl --targets sd-svs-disp state.highstate clean-salt: assert-dom0 ## Purges SD Salt configuration from dom0 diff --git a/dom0/sd-svs-disp-files.sls b/dom0/sd-svs-disp-files.sls new file mode 100644 index 00000000..3fa50acd --- /dev/null +++ b/dom0/sd-svs-disp-files.sls @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +## +# sd-svs-disp-files +# ======== +# +# Moves files into place on sd-svs-disp +# +## + +# xdg-open falls back to run-mailcap on debian-9, so CLI invocations +# will not use gedit as intended. Let's force use of gedit via mailcap. +sd-svs-force-gedit-for-xdg-open: + file.prepend: + - name: /etc/mailcap + - text: "text/plain; gedit %s; test=test -x /usr/bin/gedit" + +sudo update-mime-database /usr/local/share/mime: + cmd.run + +sudo update-desktop-database /usr/local/share/applications: + cmd.run diff --git a/dom0/sd-svs-disp-files.top b/dom0/sd-svs-disp-files.top new file mode 100644 index 00000000..0862aa64 --- /dev/null +++ b/dom0/sd-svs-disp-files.top @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +base: + sd-svs-disp: + - sd-svs-disp-files diff --git a/dom0/sd-svs-files.sls b/dom0/sd-svs-files.sls index e51f67e8..2e501aff 100644 --- a/dom0/sd-svs-files.sls +++ b/dom0/sd-svs-files.sls @@ -55,13 +55,6 @@ - mode: 644 - makedirs: True -# xdg-open falls back to run-mailcap on debian-9, so CLI invocations -# will not use gedit as intended. Let's force use of gedit via mailcap. -sd-svs-force-gedit-for-xdg-open: - file.prepend: - - name: /etc/mailcap - - text: "text/plain; gedit %s; test=test -x /usr/bin/gedit" - sudo update-mime-database /usr/local/share/mime: cmd.run From dcfd2025f7dc7d10ff73f58e893ced27f2d7d86d Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Tue, 2 Oct 2018 14:22:46 -0400 Subject: [PATCH 04/10] Moves mimetype tweak to debian-9 template We can't configure sd-svs-disp directly via Salt, since changes won't persist between VM instantiations. Let's instead modify the base template, currently debian-9. This is not clean, since it will pollute the debian-9 template (which is not SecureDrop Workstation-specific) for all uses, but it's a temporary measure until we have SDW-specific templates. --- Makefile | 1 + dom0/sd-svs-disp-files.top | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index dba623d0..890940ea 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,7 @@ sd-whonix: prep-salt ## Provisions SD Whonix VM sd-svs-disp: prep-salt ## Provisions SD Submission Viewing VM sudo qubesctl top.enable sd-svs-disp sudo qubesctl top.enable sd-svs-disp-files + sudo qubesctl --targets debian-9 state.highstate sudo qubesctl --targets sd-svs-disp state.highstate clean-salt: assert-dom0 ## Purges SD Salt configuration from dom0 diff --git a/dom0/sd-svs-disp-files.top b/dom0/sd-svs-disp-files.top index 0862aa64..e810b5eb 100644 --- a/dom0/sd-svs-disp-files.top +++ b/dom0/sd-svs-disp-files.top @@ -2,5 +2,6 @@ # vim: set syntax=yaml ts=2 sw=2 sts=2 et : base: - sd-svs-disp: + # Target Debian-9, since changes to sd-svs-disp won't persist + debian-9: - sd-svs-disp-files From 0f27eafa96e8b2d0604187a18cf913dd0a44cd5c Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Mon, 24 Sep 2018 19:07:32 -0400 Subject: [PATCH 05/10] Converts all SDW AppVMs to Debian 9 All of the `sd-*` VMs for the SecureDrop Workstation now use Debian 9 as the base template. This will allow us to use deb packages across the board for all AppVMs, as well as the hardened based image with a custom kernel in the near future, as well. Updates the test suites to accommodate for gpg v1/v2 output variance, as well as removes Fedora 28 as a permitted base for the AppVMs in the platform tests. --- dom0/sd-gpg.sls | 2 +- dom0/sd-svs-disp.sls | 2 +- dom0/sd-svs.sls | 2 +- tests/test_gpg.py | 8 ++++++-- tests/test_vms_platform.py | 1 - 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/dom0/sd-gpg.sls b/dom0/sd-gpg.sls index a7008215..5fd47c19 100644 --- a/dom0/sd-gpg.sls +++ b/dom0/sd-gpg.sls @@ -13,7 +13,7 @@ sd-gpg: qvm.vm: - name: sd-gpg - present: - - template: fedora-28 + - template: debian-9 - label: purple - prefs: - netvm: "" diff --git a/dom0/sd-svs-disp.sls b/dom0/sd-svs-disp.sls index 3a13588e..bdb1b4fa 100644 --- a/dom0/sd-svs-disp.sls +++ b/dom0/sd-svs-disp.sls @@ -15,7 +15,7 @@ sd-svs-disp: qvm.vm: - name: sd-svs-disp - present: - - template: fedora-28 + - template: debian-9 - label: green - prefs: - netvm: "" diff --git a/dom0/sd-svs.sls b/dom0/sd-svs.sls index 5a23c36d..55602604 100644 --- a/dom0/sd-svs.sls +++ b/dom0/sd-svs.sls @@ -13,7 +13,7 @@ sd-svs: qvm.vm: - name: sd-svs - present: - - template: fedora-28 + - template: debian-9 - label: yellow - prefs: - netvm: "" diff --git a/tests/test_gpg.py b/tests/test_gpg.py index 9b864f5e..1ef2d7ac 100644 --- a/tests/test_gpg.py +++ b/tests/test_gpg.py @@ -10,9 +10,13 @@ def find_fp_from_gpg_output(gpg): lines = gpg.split("\n") for line in lines: - m = re.match('\s*Key fingerprint = (.*)$', line) + # dom0 uses Fedora25 with gpg 1.4.22, whereas AppVMs + # use Debian9 with gpg 2.1.18, so we'll match fingerprint + # by a loose regex rather than substring match. + regex = '\s*(Key fingerprint = )?([A-F0-9\s]{50})$' + m = re.match(regex, line) if m is not None: - fp = m.groups()[0] + fp = m.groups()[1] return fp diff --git a/tests/test_vms_platform.py b/tests/test_vms_platform.py index ae44250c..34219d22 100644 --- a/tests/test_vms_platform.py +++ b/tests/test_vms_platform.py @@ -5,7 +5,6 @@ SUPPORTED_PLATFORMS = [ - "Fedora 28 (Twenty Eight)", "Debian GNU/Linux 9 (stretch)", ] From 62424b20e7961c7f73a4533db6557db99baf5f9d Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Mon, 1 Oct 2018 12:57:04 -0400 Subject: [PATCH 06/10] Forces use of gedit for text files via mailcap This may be a larger problem with the Debian 9 transition: xdg-open when run via a terminal (rather than invoked via e.g. Nautilus integration, or otherwise in a GUI desktop environment) does not honor the mimetype handlers declared in the desktop files. For text/plain, edited the mailcap file in order to address. --- dom0/sd-svs-files.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dom0/sd-svs-files.sls b/dom0/sd-svs-files.sls index 2e501aff..e51f67e8 100644 --- a/dom0/sd-svs-files.sls +++ b/dom0/sd-svs-files.sls @@ -55,6 +55,13 @@ - mode: 644 - makedirs: True +# xdg-open falls back to run-mailcap on debian-9, so CLI invocations +# will not use gedit as intended. Let's force use of gedit via mailcap. +sd-svs-force-gedit-for-xdg-open: + file.prepend: + - name: /etc/mailcap + - text: "text/plain; gedit %s; test=test -x /usr/bin/gedit" + sudo update-mime-database /usr/local/share/mime: cmd.run From 593ea326b0e2b07cb224fd651f05ca39b1e46be2 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Tue, 2 Oct 2018 10:38:07 -0400 Subject: [PATCH 07/10] Moves mailcap mimetype shim to sd-svs-disp We'll have to circle back on making sure that all mimetypes are honored, but for now we can simply ensure that submitted plaintext files are opened correctly in `sd-svs-disp`, not `sd-svs`; the latter should never open files directly, only call out to the former for opening. --- Makefile | 1 + dom0/sd-svs-disp-files.sls | 23 +++++++++++++++++++++++ dom0/sd-svs-disp-files.top | 6 ++++++ dom0/sd-svs-files.sls | 7 ------- 4 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 dom0/sd-svs-disp-files.sls create mode 100644 dom0/sd-svs-disp-files.top diff --git a/Makefile b/Makefile index ee07a80d..dba623d0 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ sd-whonix: prep-salt ## Provisions SD Whonix VM sd-svs-disp: prep-salt ## Provisions SD Submission Viewing VM sudo qubesctl top.enable sd-svs-disp + sudo qubesctl top.enable sd-svs-disp-files sudo qubesctl --targets sd-svs-disp state.highstate clean-salt: assert-dom0 ## Purges SD Salt configuration from dom0 diff --git a/dom0/sd-svs-disp-files.sls b/dom0/sd-svs-disp-files.sls new file mode 100644 index 00000000..3fa50acd --- /dev/null +++ b/dom0/sd-svs-disp-files.sls @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +## +# sd-svs-disp-files +# ======== +# +# Moves files into place on sd-svs-disp +# +## + +# xdg-open falls back to run-mailcap on debian-9, so CLI invocations +# will not use gedit as intended. Let's force use of gedit via mailcap. +sd-svs-force-gedit-for-xdg-open: + file.prepend: + - name: /etc/mailcap + - text: "text/plain; gedit %s; test=test -x /usr/bin/gedit" + +sudo update-mime-database /usr/local/share/mime: + cmd.run + +sudo update-desktop-database /usr/local/share/applications: + cmd.run diff --git a/dom0/sd-svs-disp-files.top b/dom0/sd-svs-disp-files.top new file mode 100644 index 00000000..0862aa64 --- /dev/null +++ b/dom0/sd-svs-disp-files.top @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +base: + sd-svs-disp: + - sd-svs-disp-files diff --git a/dom0/sd-svs-files.sls b/dom0/sd-svs-files.sls index e51f67e8..2e501aff 100644 --- a/dom0/sd-svs-files.sls +++ b/dom0/sd-svs-files.sls @@ -55,13 +55,6 @@ - mode: 644 - makedirs: True -# xdg-open falls back to run-mailcap on debian-9, so CLI invocations -# will not use gedit as intended. Let's force use of gedit via mailcap. -sd-svs-force-gedit-for-xdg-open: - file.prepend: - - name: /etc/mailcap - - text: "text/plain; gedit %s; test=test -x /usr/bin/gedit" - sudo update-mime-database /usr/local/share/mime: cmd.run From 6f90ef09acc621b7e9eb2e5c3f54ecb6a7798342 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Tue, 2 Oct 2018 14:22:46 -0400 Subject: [PATCH 08/10] Moves mimetype tweak to debian-9 template We can't configure sd-svs-disp directly via Salt, since changes won't persist between VM instantiations. Let's instead modify the base template, currently debian-9. This is not clean, since it will pollute the debian-9 template (which is not SecureDrop Workstation-specific) for all uses, but it's a temporary measure until we have SDW-specific templates. --- Makefile | 1 + dom0/sd-svs-disp-files.top | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index dba623d0..890940ea 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,7 @@ sd-whonix: prep-salt ## Provisions SD Whonix VM sd-svs-disp: prep-salt ## Provisions SD Submission Viewing VM sudo qubesctl top.enable sd-svs-disp sudo qubesctl top.enable sd-svs-disp-files + sudo qubesctl --targets debian-9 state.highstate sudo qubesctl --targets sd-svs-disp state.highstate clean-salt: assert-dom0 ## Purges SD Salt configuration from dom0 diff --git a/dom0/sd-svs-disp-files.top b/dom0/sd-svs-disp-files.top index 0862aa64..e810b5eb 100644 --- a/dom0/sd-svs-disp-files.top +++ b/dom0/sd-svs-disp-files.top @@ -2,5 +2,6 @@ # vim: set syntax=yaml ts=2 sw=2 sts=2 et : base: - sd-svs-disp: + # Target Debian-9, since changes to sd-svs-disp won't persist + debian-9: - sd-svs-disp-files From 1bc5c283d71bc758a8f90d490b28873376a366f4 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Wed, 3 Oct 2018 05:38:25 -0400 Subject: [PATCH 09/10] Refines mailcap mimetype tweak line placement It's critical that any intended overrides to mailcap mimetype rules be declared in a specific section of the /etc/mailcap file, otherwise the declarations will be handled along with all the other package/system-provided rules, and likely be ignored. --- dom0/sd-svs-disp-files.sls | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dom0/sd-svs-disp-files.sls b/dom0/sd-svs-disp-files.sls index 3fa50acd..609822e3 100644 --- a/dom0/sd-svs-disp-files.sls +++ b/dom0/sd-svs-disp-files.sls @@ -12,8 +12,12 @@ # xdg-open falls back to run-mailcap on debian-9, so CLI invocations # will not use gedit as intended. Let's force use of gedit via mailcap. sd-svs-force-gedit-for-xdg-open: - file.prepend: + file.insert: - name: /etc/mailcap + # User-defined (non-package-provided) overrides must be placed + # in a specific section of the mailcap file, otherwise they won't + # take precedence. + - after: "# ----- User Section Begins ----- #" - text: "text/plain; gedit %s; test=test -x /usr/bin/gedit" sudo update-mime-database /usr/local/share/mime: From 10f7054f329b29a0b05484c9755fdb66edfc1532 Mon Sep 17 00:00:00 2001 From: Joshua Thayer Date: Thu, 4 Oct 2018 00:28:13 -0700 Subject: [PATCH 10/10] Adds xdg and python reqs to whonix template --- dom0/sd-journalist.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom0/sd-journalist.sls b/dom0/sd-journalist.sls index 464e73a1..1c8929b0 100644 --- a/dom0/sd-journalist.sls +++ b/dom0/sd-journalist.sls @@ -39,7 +39,7 @@ sd-journalist: # install python-qt4 and python-futures: cmd.run: - - name: qvm-run -a whonix-ws-14 'sudo apt-get update && sudo apt-get install -qq python-futures python-qt4' + - name: qvm-run -a whonix-ws-14 'sudo apt-get update && sudo apt-get install -qq python-futures python3-pyqt4 gvfs-bin libgnomevfs2-bin' # When our Qubes bug is fixed, this will *not* be used sd-journalist-dom0-qubes.OpenInVM: