Skip to content

Configure dom0 rpm repo settings via boostrap rpm package#1210

Merged
rocodes merged 7 commits intofeat/sdw-keyring-compatfrom
945-use-boostrap-rpm
Aug 22, 2025
Merged

Configure dom0 rpm repo settings via boostrap rpm package#1210
rocodes merged 7 commits intofeat/sdw-keyring-compatfrom
945-use-boostrap-rpm

Conversation

@rocodes
Copy link
Copy Markdown
Contributor

@rocodes rocodes commented Dec 3, 2024
edited
Loading

Status

Ready for review

Description of Changes

Refs #945
Closes #1409 (cherry-picked)

Changes proposed in this pull request:

  • Remove yum repo URLs from salt provisioning
  • Remove test and prod pubkeys from this repo
  • Add make check for staging and dev that ensures that the requisite keyring package is installed
  • Remove rpm (re)installation during provisioning: to discuss

Depends on #1405

Testing

If you made non-trivial code changes, include a test plan and validated it for this PR.

Deployment

Any special considerations for deployment? Consider both:

  1. Upgrading existing pilot instances
  2. New installs

Checklist

If you have made changes to the provisioning logic

  • All tests (make test) pass in dom0

If you have added or removed files

  • I have updated MANIFEST.in and rpm-build/SPECS/securedrop-workstation-dom0-config.spec

If documentation is required

  • I have opened a PR in the docs repo for these changes, or will do so later
  • I would appreciate help with the documentation

@rocodes rocodes added the blocked label Dec 3, 2024
@rocodes rocodes mentioned this pull request Oct 2, 2025
Closed
@rocodes rocodes mentioned this pull request Jan 10, 2025
Closed
50 tasks
@eloquence eloquence moved this to Backlog in SecureDrop May 7, 2025
@eloquence eloquence moved this from Backlog to Blocked or Waiting in SecureDrop May 22, 2025
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch 2 times, most recently from e73cef0 to cb421e1 Compare July 22, 2025 18:46
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch 2 times, most recently from 39b7524 to 42ece9f Compare August 6, 2025 16:40
@rocodes rocodes changed the base branch from main to feat/sdw-keyring-compat August 6, 2025 18:20
@rocodes rocodes added keyring and removed blocked labels Aug 6, 2025
@rocodes rocodes changed the title WIP: Configure dom0 rpm repo settings via boostrap rpm package. Configure dom0 rpm repo settings via boostrap rpm package Aug 6, 2025
@eloquence eloquence moved this from Blocked or Waiting to In Progress in SecureDrop Aug 7, 2025
This was referenced Aug 13, 2025
Merged
Merged
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch 2 times, most recently from 7b4e285 to 161d42c Compare August 18, 2025 13:47
@rocodes
Copy link
Copy Markdown
Contributor Author

rocodes commented Aug 18, 2025
edited
Loading

This will require #1405 + a rebase for CI (edit: done)

@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch 3 times, most recently from 97897d5 to a3b8a25 Compare August 18, 2025 14:17
@rocodes rocodes moved this from In Progress to Ready For Review in SecureDrop Aug 18, 2025
@rocodes rocodes mentioned this pull request Aug 18, 2025
Closed
7 tasks
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch 2 times, most recently from d3fed14 to 8a2455d Compare August 19, 2025 17:41
rocodes
rocodes commented Aug 19, 2025
View reviewed changes
Comment thread Makefile
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch from 8a2455d to 29bc275 Compare August 19, 2025 21:58
@rocodes rocodes marked this pull request as ready for review August 19, 2025 21:58
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch from de7c8d2 to aef1cc5 Compare August 21, 2025 18:46
@rocodes
Copy link
Copy Markdown
Contributor Author

rocodes commented Aug 21, 2025
edited
Loading

Right, so even though the package is available, the dev installation uses locally-built rpms, so that's why we're still seeing the openqa failure.

I'm going to add a step to make bootstrap to pull in the prod keyring package.

@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch 3 times, most recently from e615789 to c686037 Compare August 21, 2025 19:56
@rocodes rocodes moved this from Under Review to In Progress in SecureDrop Aug 21, 2025
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch from c686037 to 9cb2693 Compare August 21, 2025 20:21
@rocodes rocodes moved this from In Progress to Ready For Review in SecureDrop Aug 21, 2025
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch from 9cb2693 to 1ffafbb Compare August 21, 2025 20:23
@rocodes rocodes moved this from Ready For Review to In Progress in SecureDrop Aug 21, 2025
@rocodes
Copy link
Copy Markdown
Contributor Author

rocodes commented Aug 21, 2025

Pulling in the dependency on the prod keyring early made things 5% more complicated, I'm putting this briefly back in progress.

@rocodes
Copy link
Copy Markdown
Contributor Author

rocodes commented Aug 21, 2025

We introduced a problem when we introduced the DIST substitution in the keyring. I've submitted freedomofpress/securedrop-workstation-keyring#30 to correct it; once it's merged I'll rebuild the keyring package for yum-test and yum-test nightlies, then we should be on track.

@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch from 1ffafbb to 694a058 Compare August 21, 2025 22:25
rocodes and others added 2 commits August 22, 2025 07:58
@rocodes
Merge pull request #1405 from freedomofpress/sdw-keyring-bootstrap-ta…
6df4d1a 
…rget

Create boostrap make target for keyring installation
@rocodes
Add make target to check keyring package during make dev/staging
b813cae 
On staging setups, check that the dev package is not installed,
because it will supersede the staging package due versioning
@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch 2 times, most recently from d7f737d to 0264f0c Compare August 22, 2025 15:22
legoktm
legoktm approved these changes Aug 22, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@legoktm legoktm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, ready to go once we're satisfied with OpenQA

@rocodes rocodes force-pushed the 945-use-boostrap-rpm branch from 0264f0c to 1855e14 Compare August 22, 2025 15:28
@rocodes
Copy link
Copy Markdown
Contributor Author

rocodes commented Aug 22, 2025

Per conversation with @deeplow the openqa failure looks like #1411 and the tests are passing; merging now and will resolve openqa stuff separately

@rocodes rocodes merged commit 3f38093 into feat/sdw-keyring-compat Aug 22, 2025
13 of 14 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in SecureDrop Aug 22, 2025
@nathandyer nathandyer removed this from SecureDrop Sep 2, 2025
deeplow pushed a commit that referenced this pull request Oct 3, 2025
@rocodes @deeplow
Merge pull request #1210 from freedomofpress/945-use-boostrap-rpm
8679a19 
Configure dom0 rpm repo settings via boostrap rpm package
deeplow pushed a commit that referenced this pull request Oct 13, 2025
@rocodes @deeplow
Merge pull request #1210 from freedomofpress/945-use-boostrap-rpm
e48ccd6 
Configure dom0 rpm repo settings via boostrap rpm package
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deeplow deeplow deeplow left review comments

@legoktm legoktm legoktm approved these changes

Assignees

@legoktm legoktm

Labels

keyring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rocodes @deeplow @legoktm @eloquence @nathandyer