Prepares path for sd-whonix whonix removal#1414
Conversation
c1fa7f8 to
0c13d4b
Compare
2597b62 to
0be1678
Compare
|
Just fixed a small typo in the test, everything should pass now except |
Companion PR for client change [1] with the aim of deprecating whonix,
in favor of delegating the tor connectivity aspect to sd-proxy running
arti.
Changes introduced:
1. sd-proxy connects to 'sys-firewall' directly:
since sd-proxy is now handling tor connections, it must connect
directly to the internet.
It keeps the original goal of preventing the client from being able
to connect to arbitrary domains. This is also something that
sd-whonix did not guarantee (it could connect to arbitrary domains,
albeit via Tor).
2. sd-proxy has access to onion service auth key
Access done via qubes feature vm-config.SD_PROXY_ORIGIN_KEY
[1]: freedomofpress/securedrop-client#2561
Test in ci: openqa
(run in: openqa)
0be1678 to
9e39d67
Compare
|
I renamed the service to just |
There was a problem hiding this comment.
Installed via make clone && make dev; passes tests per #1414 (comment). I'll defer to you to merge, @legoktm, both in conjunction with freedomofpress/securedrop-client#2561 and given the following two unrelated tests failing in securedrop_test_dom0:
The actual failure is reported in the very next screenshot, https://openqa.qubes-os.org/tests/150723#step/test_dom0/20, which reveals that it's that the |
It's merged now, so I have re-triggered the test run. Btw, the unrelated failure is #1411. |
|
It's running into a couple of openQA issues. I'm testing some fixes against this branch here. |
After all xvfb is necessary because we're now running the tests in the root console as a fix for [1]. Instead of adding yet another dependency directly in OpenQA, this now just installs whichever dependencies are specified in the workstation repo via the "test-deps" make target. [1]: freedomofpress/securedrop-workstation#1414
After all xvfb is necessary because we're now running the tests in the root console as a fix for [1]. Instead of adding yet another dependency directly in OpenQA, this now just installs whichever dependencies are specified in the workstation repo via the "test-deps" make target. [1]: freedomofpress/securedrop-workstation#1414
After all xvfb is necessary because we're now running the tests in the root console as a fix for [1]. Instead of adding yet another dependency directly in OpenQA, this now just installs whichever dependencies are specified in the workstation repo via the "test-deps" make target. [1]: freedomofpress/securedrop-workstation#1414
After all xvfb is necessary because we're now running the tests in the root console as a fix for [1]. Instead of adding yet another dependency directly in OpenQA, this now just installs whichever dependencies are specified in the workstation repo via the "test-deps" make target. [1]: freedomofpress/securedrop-workstation#1414
After all xvfb is necessary because we're now running the tests in the root console as a fix for [1]. Instead of adding yet another dependency directly in OpenQA, this now just installs whichever dependencies are specified in the workstation repo via the "test-deps" make target. [1]: freedomofpress/securedrop-workstation#1414
|
There was a transient issue with the above-linked openQA test, which I haven't investigated. But I restarted and it then ran the install well but failed in |
|
@deeplow is going to re-verify that |
| sd-base-template-install-securedrop-packages: | ||
| pkg.installed: | ||
| - pkgs: | ||
| - securedrop-qubesdb-tools |
There was a problem hiding this comment.
We should leave this line until the next release, per split between 1.4.0 and 1.5.0. The former's goal is to simply do the switch and 1.5.0 to fully remove whonix-related components. The end-goal is to have a rollback path.
There was a problem hiding this comment.
Also, we may want to have this forcefully removed as we did with other xpp in the past.
9e39d67 to
0c13d4b
Compare
|
I have now |
|
I may have messed up the branch with that force-push.. :/ I had forgotten other things were pushed onto it and therefore I cut the head from the version I had. And now I can't restore it since my local git doesn't have the proper remote reflog. In case @legoktm you still have the original branch locally, would you mind force-pushing? Or any other git-fu you're aware of 🙂 I did replicate the pushed out code and ran |
9e39d67 to
0944de1
Compare
Thanks. Just double-checking this was |
Yes correct, my bad. |
After all xvfb is necessary because we're now running the tests in the root console as a fix for [1]. Instead of adding yet another dependency directly in OpenQA, this now just installs whichever dependencies are specified in the workstation repo via the "test-deps" make target. [1]: freedomofpress/securedrop-workstation#1414
Towards #456. Adds minimal dependencies to test its client counterpart freedomofpress/securedrop-client#2561. Whonix removal will be in a separate PR.
Test plan
Apply with
sdw-admin --applyafter installing RPM and then see #456.Checklist
This change accounts for:
MANIFEST.inandrpm-build/SPECS/securedrop-workstation-dom0-config.spec)