diff --git a/MANIFEST.in b/MANIFEST.in index 2294c44e..9fd79a0c 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -7,6 +7,6 @@ include LICENSE include VERSION include Makefile include sd-proxy/* -include sd-svs/* +include sd-app/* include sd-workstation/* include scripts/* diff --git a/Makefile b/Makefile index 14931377..e5f22e8e 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ dom0-rpm: ## Builds rpm package to be installed on dom0 clone: assert-dom0 ## Pulls the latest repo from work VM to dom0 @./scripts/clone-to-dom0 -qubes-rpc: prep-salt ## Places default deny qubes-rpc policies for sd-svs and sd-gpg +qubes-rpc: prep-salt ## Places default deny qubes-rpc policies for sd-app and sd-gpg sudo qubesctl --show-output --targets sd-dom0-qvm-rpc state.highstate sd-workstation-template: prep-salt ## Provisions base template for SDW AppVMs @@ -31,21 +31,21 @@ sd-gpg: prep-salt ## Provisions SD GPG keystore VM sudo qubesctl --show-output state.sls sd-gpg sudo qubesctl --show-output --skip-dom0 --targets sd-workstation-buster-template,sd-gpg state.highstate -sd-svs: prep-salt ## Provisions SD SVS VM - sudo qubesctl --show-output state.sls sd-svs - sudo qubesctl --show-output --skip-dom0 --targets sd-svs-buster-template,sd-svs state.highstate +sd-app: prep-salt ## Provisions SD APP VM + sudo qubesctl --show-output state.sls sd-app + sudo qubesctl --show-output --skip-dom0 --targets sd-app-buster-template,sd-app state.highstate sd-whonix: prep-salt ## Provisions SD Whonix VM sudo qubesctl --show-output state.sls sd-whonix sudo qubesctl --show-output --skip-dom0 --targets sd-whonix-buster-template,sd-whonix state.highstate -sd-svs-disp: prep-salt ## Provisions SD Submission Viewing VM - sudo qubesctl --show-output state.sls sd-svs-disp - sudo qubesctl --show-output --skip-dom0 --targets sd-svs-disp-buster-template,sd-svs-disp state.highstate +sd-viewer: prep-salt ## Provisions SD Submission Viewing VM + sudo qubesctl --show-output state.sls sd-viewer + sudo qubesctl --show-output --skip-dom0 --targets sd-viewer-buster-template,sd-viewer state.highstate -sd-export: prep-salt ## Provisions SD Export VM - sudo qubesctl --show-output state.sls sd-export - sudo qubesctl --show-output --skip-dom0 --targets sd-export-buster-template,sd-export-usb,sd-export-usb-dvm state.highstate +sd-devices: prep-salt ## Provisions SD Export VM + sudo qubesctl --show-output state.sls sd-devices + sudo qubesctl --show-output --skip-dom0 --targets sd-devices-buster-template,sd-devices,sd-devices-dvm state.highstate sd-log: prep-salt ## Provisions SD logging VM sudo qubesctl --show-output state.sls sd-log @@ -65,21 +65,21 @@ prep-salt: assert-dom0 ## Configures Salt layout for SD workstation VMs remove-sd-whonix: assert-dom0 ## Destroys SD Whonix VM @./scripts/destroy-vm sd-whonix -remove-sd-svs-disp: assert-dom0 ## Destroys SD Submission reading VM - @./scripts/destroy-vm sd-svs-disp +remove-sd-viewer: assert-dom0 ## Destroys SD Submission reading VM + @./scripts/destroy-vm sd-viewer remove-sd-proxy: assert-dom0 ## Destroys SD Proxy VM @./scripts/destroy-vm sd-proxy -remove-sd-svs: assert-dom0 ## Destroys SD SVS VM - @./scripts/destroy-vm sd-svs +remove-sd-app: assert-dom0 ## Destroys SD APP VM + @./scripts/destroy-vm sd-app remove-sd-gpg: assert-dom0 ## Destroys SD GPG keystore VM @./scripts/destroy-vm sd-gpg -remove-sd-export: assert-dom0 ## Destroys SD EXPORT VMs - @./scripts/destroy-vm sd-export-usb - @./scripts/destroy-vm sd-export-usb-dvm +remove-sd-devices: assert-dom0 ## Destroys SD EXPORT VMs + @./scripts/destroy-vm sd-devices + @./scripts/destroy-vm sd-devices-dvm remove-sd-log: assert-dom0 ## Destroys SD logging VM @./scripts/destroy-vm sd-log @@ -96,8 +96,8 @@ test: assert-dom0 ## Runs all application tests (no integration tests yet) test-base: assert-dom0 ## Runs tests for VMs layout python3 -m unittest -v tests.test_vms_exist.SD_VM_Tests -test-svs: assert-dom0 ## Runs tests for SD SVS VM config - python3 -m unittest -v tests.test_svs.SD_SVS_Tests +test-app: assert-dom0 ## Runs tests for SD APP VM config + python3 -m unittest -v tests.test_app.SD_App_Tests test-proxy: assert-dom0 ## Runs tests for SD Proxy VM python3 -m unittest -v tests.test_proxy_vm diff --git a/README.md b/README.md index 0e4016d3..df310aae 100644 --- a/README.md +++ b/README.md @@ -67,8 +67,8 @@ The current architecture replaces the *Journalist Workstation* and *Secure Viewi Currently, the following VMs are provisioned: -- `sd-proxy` is where the SecureDrop proxy resides, which allows the non-networked `sd-svs` vm to communicate with the *Journalist Interface* over Tor. -- `sd-svs` is a non-networked VM in which the *SecureDrop Client* runs used to store and explore submissions after they're unarchived and decrypted. Any files opened in this VM are opened in a disposable VM. +- `sd-proxy` is where the SecureDrop proxy resides, which allows the non-networked `sd-app` vm to communicate with the *Journalist Interface* over Tor. +- `sd-app` is a non-networked VM in which the *SecureDrop Client* runs used to store and explore submissions after they're unarchived and decrypted. Any files opened in this VM are opened in a disposable VM. - `sd-whonix` is the Tor gateway used to contact the journalist Tor hidden service. It's configured with the auth key for the hidden service. The default Qubes Whonix workstation uses the non-SecureDrop Whonix gateway, and thus won't be able to access the *Journalist Interface*. - `sd-gpg` is a Qubes split-gpg AppVM, used to hold submission decryption keys and do the actual submission crypto. - `sd-dispvm` is an AppVM used as the template for the disposable VMs used for processing and opening files. @@ -79,7 +79,7 @@ Submissions are processed in the following steps: 1. Journalist uses the *SecureDrop Client* to access the *Journalist Interface* via the Journalist API. After logging in, the journalist clicks on any submission of interest. 2. The *SecureDrop Client* will use `sd-gpg` to decrypt the submission using Qubes' split-GPG functionality (decryption is done in a trusted, isolated VM, keeping GPG keys off of the system-wide DispVM). -5. The decrypted submission is stored on the `sd-svs` *Secure Viewing Station VM*, where it's placed in a local database. +5. The decrypted submission is stored on the `sd-app` *Secure Viewing Station VM*, where it's placed in a local database. 6. Any file opened by the *SecureDrop Client* in the *Secure Viewing Station VM* is opened in a Disposable VM, largely mitigating attacks from malicious content. See below for a closer examination of this process, and see `docs/images` for screenshots related to the steps above. @@ -90,9 +90,9 @@ This project can be broken neatly into two parts: 1) a set of salt states and `t Qubes uses SaltStack internally for VM provisionining and configuration management (see https://www.qubes-os.org/doc/salt/), so it's natural for us to use it as well. The `dom0` directory contains salt `.top` and `.sls` files used to provision the VMs noted above. - `Makefile` is used with the `make` command on `dom0` to build the Qubes/SecureDrop installation, and also contains some development and testing features. -- The [SecureDrop Client](https://github.com/freedomofpress/securedrop-client) is installed in `sd-svs` and will be used to access the SecureDrop server *Journalist Interface* via the SecureDrop proxy. +- The [SecureDrop Client](https://github.com/freedomofpress/securedrop-client) is installed in `sd-app` and will be used to access the SecureDrop server *Journalist Interface* via the SecureDrop proxy. - The [SecureDrop Proxy](https://github.com/freedomofpress/securedrop-proxy) is installed in `sd-proxy` to communicate to the SecureDrop server *Journalist Interface* via `sd-whonix`. -- Within `sd-svs`, the *SecureDrop Client* will open all submissions in the `sd-svs-disp` disposable VM. +- Within `sd-app`, the *SecureDrop Client* will open all submissions in the `sd-viewer` disposable VM. - `config.json.example` is an example config file for the provisioning process. Before use, you should copy it to `config.json`, and adjust to reflect your environment. - `sd-journalist.sec.example` is an example GPG private key for use in decrypting submissions. It must match the public key set on a SecureDrop server used for testing. Before use, you should copy it to `sd-journalist.sec`, or store the submission key used with your SecureDrop server as `sd-journalist.sec`. @@ -150,7 +150,7 @@ If you plan to work on the [SecureDrop Client](https://github.com/freedomofpress qvm-tags sd-dev add sd-client ``` -Doing so will permit the `sd-dev` AppVM to make RPC calls with the same privileges as the `sd-svs` AppVM. +Doing so will permit the `sd-dev` AppVM to make RPC calls with the same privileges as the `sd-app` AppVM. **NOTE:** The destination directory on `dom0` is not customizable; it must be `securedrop-workstation` in your home directory. @@ -183,7 +183,7 @@ For developing submission processing scripts, work is done directly in the virtu ### Testing -Tests should cover two broad domains. First, we should assert that all the expected VMs exist and are configured as we expect (with the correct NetVM, with the expected files in the correct place). Second, we should end-to-end test the document handling scripts, asserting that files present in the `sd-proxy` VM correctly make their way to the `sd-svs` AppVM, and are opened correctly in disposable VMs. +Tests should cover two broad domains. First, we should assert that all the expected VMs exist and are configured as we expect (with the correct NetVM, with the expected files in the correct place). Second, we should end-to-end test the document handling scripts, asserting that files present in the `sd-proxy` VM correctly make their way to the `sd-app` AppVM, and are opened correctly in disposable VMs. #### Configuration Tests @@ -193,7 +193,7 @@ These tests assert that expected scripts and configuration files are in the corr Note that since tests confirm the states of provisioned VMs, they should be run _after_ all the VMs have been built with `make all`. -Individual tests can be run with `make `, where `test-name` is one of `test-svs`, `test-journalist`, `test-whonix`, or `test-disp`. +Individual tests can be run with `make `, where `test-name` is one of `test-app`, `test-journalist`, `test-whonix`, or `test-disp`. Be aware that running tests *will* power down running SecureDrop VMs, and may result in *data loss*. Only run tests in a development / testing environment. @@ -260,7 +260,7 @@ Once your workstation environment is set up, you will be able to manage messages First, power on the workstation. When prompted, enter the *Disk Password* and press Enter to unlock the workstation. Then, when the login dialog box appears, enter the *Login Password* and click **Log in**. -To launch the *SecureDrop Client*, temporarily until [this issue](https://github.com/freedomofpress/securedrop-workstation/issues/198) is resolved, you should from a `dom0` terminal `qvm-run sd-svs securedrop-client`. This will start the *SecureDrop Client* in the `sd-svs` AppVM. +To launch the *SecureDrop Client*, temporarily until [this issue](https://github.com/freedomofpress/securedrop-workstation/issues/198) is resolved, you should from a `dom0` terminal `qvm-run sd-app securedrop-client`. This will start the *SecureDrop Client* in the `sd-app` AppVM. ### Signing in @@ -274,7 +274,7 @@ If the sign-in fails, make sure to wait for another Two-Factor Code before tryin ### Viewing messages and documents -After the sign-in or the next time you attempt to view encrypted content, you will be prompted by a dialog asking “Do you allow VM ‘sd-svs’ to access your GPG keys (now and for the following 28800 seconds)?”. Click **Yes**. +After the sign-in or the next time you attempt to view encrypted content, you will be prompted by a dialog asking “Do you allow VM ‘sd-app’ to access your GPG keys (now and for the following 28800 seconds)?”. Click **Yes**. Once you are successfully signed in, you should see a screen similar to the following: @@ -306,114 +306,39 @@ Closing the client application will sign you out of the server. If you manually After you have completed your session, we strongly recommend shutting down the workstation (as opposed to sleeping the system) and storing it in a secure location. -Replies and Source Deletion will be added in the next major release of the *SecureDrop Workstation*. +### Print and export -### Exporting documents +You can print or export documents directly from the graphical client in `sd-app`, which sends print or export jobs to the `sd-devices` disposable VM. This is done using a `qvm-open-in-vm` command for opening a file in the gzipped tar archive following the specification [here](https://github.com/freedomofpress/securedrop-export). -**WARNING:** Opening files from an unknown origin presents certain risks (malware, fingerprinting). While the workstation helps reduce these risks by offering VM-level isolation, transferring documents to another host without the same level of isolation may expose you to these risks. Using tools to sanitize submitted documents, such as right-clicking a .pdf and selecting "Convert to trusted PDF" in Qubes OS, may help mitigate some of these risks. Further mitigating these risks will be a focus of future development. - -### Manual export flow - -Exporting documents directly from within the *SecureDrop Client* is not currently supported, but you can export documents manually via USB by following these steps: - -1. Start the `sd-export-usb` VM. Again from the Qubes menu: - 1. Select "Domain: sd-export" - 2. Click "export: Files". This will launch the file manager in the export VM. - 3. Insert your USB drive into the workstation. A notification will pop up indicating the name of your USB device, e.g. "Innostor_PenDrive". - 4. In the upper right hand side of your screen, there is a small icon in the system tray with a USB drive. Click that icon. - 5. Select the name of your USB drive. - 6. Click the **+** icon next to the `sd-export-usb` VM. -3. You can use the command line in `sd-svs` to manually move selected files: - -``` -qvm-copy-to-vm sd-export-usb ~/.securedrop_client/data/name-of-file -``` - -4. You may now use the File manager that you opened in `sd-export-usb` to move files from `~/QubesIncoming/sd-svs` to the USB drive. Delete the original file from `~/QubesIncoming/sd-svs` once it has been moved. Note that the drive and files are not encrypted, so ensure that the key is properly erased and/or destroyed after use. - -The development plan is to provide functionality in the *SecureDrop Client* that automates step 3, and assists the user in taking these steps via GUI prompts. Eventually we plan to provide other methods for export, such as [OnionShare](https://onionshare.org/) (this will require the attachment of a NetVM), using a dedicated export VM template with tools such as OnionShare and Veracrypt. The next section includes instructions to approximate the OnionShare sharing flow. - -### Automated export flows - -The `sd-export-usb` disposable VM handles exports to USB devices through `qvm-open-in-vm`. - -#### Automated encrypted USB export flow (Work in progress, client integration TBD) - -The SecureDrop Workstation can automatically export to a luks-encrypted USB device provided the correct format. The file extension of the tar archive must be `.sd-export`, containing the following structure: - -``` -. -├── metadata.json -└── export_data - ├── file-to-export-1.txt - ├── file-to-export-2.pdf - ├── file-to-export-3.doc - [...] -``` - -The folder `export_data` contains all the files that will be exported to the disk, and the file `metadata.json` contains the encryption passphrase and method for the USB Transfer Device (only LUKS is supported at the moment). The file should be formatted as follows: - -``` -{ - "device": "disk", - "encryption_method": "luks", - "encryption_key": "Your encryption passhrase goes here" -} -``` +Currently, the following operations are supported from the client: +- print to a supported printer (e.g., Brother HL-L2320D) +- export to a LUKS-encrypted USB device. -#### Automated printing flow (Work in progress, client integration TBD) +### Preparing a USB export device -The SecureDrop Workstation can automatically print files to a USB-connected printer provided the correct format. The file extension of the tar archive must be `.sd-export`, containing the following structure: +You can find instructions to create a LUKS-encrypted export device in the [SecureDrop docs](https://docs.securedrop.org/en/latest/set_up_transfer_and_export_device.html). -Note that only Brother printers are supported now (tested with HL-L2320D) - -``` -. -├── metadata.json -└── export_data - ├── file-to-export-1.txt - ├── file-to-export-2.pdf - ├── file-to-export-3.doc - [...] -``` - -The folder `export_data` contains all the files that will be printed, and the file `metadata.json` contains an instruction indicating that the archive will be printed: - -``` -{ - "device": "printer" -} -``` - -Optionally you can use the `printer-test` device to send a printer test page and ensure the printer is functional - -``` -{ - "device": "printer-test" -} -``` - -#### Create the transfer device - -You can find instructions to create a luks-encrypted transfer device in the [SecureDrop docs](https://docs.securedrop.org/en/latest/set_up_transfer_and_export_device.html). +Your export devices should be labeled, and used for nothing else. -#### Exporting +#### Printing and exporting from the client -Your export devices should be labeled, and used for nothing else. +**WARNING:** Opening files from an unknown origin presents certain risks (malware, fingerprinting). While the workstation helps reduce these risks by offering VM-level isolation, transferring documents to another host without the same level of isolation may expose you to these risks. Using tools to sanitize submitted documents, such as right-clicking a .pdf and selecting "Convert to trusted PDF" in Qubes OS, may help mitigate some of these risks. Further mitigating these risks will be a focus of future development. 1. Attach the USB device to your workstation. -2. Use the Qube Manager to start the `sd-export-usb` VM. -3. Use the Qubes Devices tool to attach the device to the `sd-export-usb` VM. -4. In `sd-svs`, run the following command: - -``` -qvm-open-in-vm sd-export-usb -``` +2. Use the Qube Manager to start the `sd-devices` VM. +3. Use the Qubes Devices tool to attach the device to the `sd-devices` VM. +4. In `sd-app`, launch the SecureDrop Client. +5. Select the source in the source list. +6. Download the document you wish to print or export. +7. Click "Export" or "Print" next to the file name once the document has been + downloaded. #### Troubleshooting -- Verify your export device is attached to `sd-export-usb`, either +- Verify your export device is attached to `sd-devices`, either with Qubes Devices or by running `qvm-usb` in dom0. +- Ensure you are using a LUKS-encrypted USB storage device, or a supported + printer. ### Transferring files via OnionShare @@ -436,19 +361,16 @@ qvm-open-in-vm sd-export-usb 3. Start the `sd-onionshare` VM and open OnionShare 1. In the Qubes menu on the top-left, select "Domain: sd-onionshare" and click on "OnionShare" 2. Click the settings gear on the bottom right of the OnionShare window and de-select "Stop sharing after first download" (this due to a [known bug in OnionShare](https://github.com/micahflee/onionshare/issues/812)) -4. You can use the command line in `sd-svs` to manually move selected files (this part will be replaced by functionality in the `sd-svs` client): +4. You can use the command line in `sd-app` to manually move selected files (this part will be replaced by functionality in the `sd-app` client): ``` qvm-copy-to-vm sd-onionshare ~/.securedrop_client/data/name-of-file ``` -5. You may now return to the OnionShare window, click on add and select the file you transferred from `sd-svs` by browsing to `~/QubesIncoming/sd-svs`. +5. You may now return to the OnionShare window, click on add and select the file you transferred from `sd-app` by browsing to `~/QubesIncoming/sd-app`. 6. On the target machine, navigate to the Tor onion service URL provided by OnionShare using the Tor Browser to retrieve the file. -7. Close OnionShare and delete the decrypted submission on `sd-onionshare` from `~/QubesIncoming/sd-svs` - -### Printing +7. Close OnionShare and delete the decrypted submission on `sd-onionshare` from `~/QubesIncoming/sd-app` -Printing directly from the `sd-svs` AppVM or the disposable VMs will not be supported. The development plan is to instruct admins to install printer drivers in a template associated with a new printing VM. This template will not be shared with any other VMs. ## Distributing and Releasing @@ -559,9 +481,9 @@ This section outlines the threat model for the *SecureDrop Workstation*, and sho As the *SecureDrop Workstation* is not Internet-reachable, an attacker must first obtain code execution on a virtual machine. This can be achieved through a malicious SecureDrop submission, websites visited by a journalist or a vulnerability in the provisioning code and its dependencies. The Virtual Machine in which the adversary obtains code execution will dictate what information is potentially compromised, as well as the attack surface exposed for lateral movement or escalation of privilege. -#### What Compromise of the *Display VM* (`sd-svs-disp`) Can Achieve +#### What Compromise of the *Display VM* (`sd-viewer`) Can Achieve -The *Display VM* (sd-svs-disp) is disposable, does not have network access, and is used to display only one submission before being destroyed. +The *Display VM* (sd-viewer) is disposable, does not have network access, and is used to display only one submission before being destroyed. * An adversary can read the decrypted submission. * An adversary can attempt to elevate their privileges and escape the VM. @@ -588,8 +510,8 @@ The *Display VM* (sd-svs-disp) is disposable, does not have network access, and * Access plaintext journalist passwords to the *Journalist Interface*. * An adversary can attempt to elevate their privileges and escape the VM. -#### What compromise of the *SVS VM* (`sd-svs`) can achieve -The *SVS VM* is where securedrop-client resides. It does not have network access, and the Qubes split-gpg mechanism permits access to GPG keys from this VM. +#### What compromise of the *App VM* (`sd-app`) can achieve +The *App VM* is where securedrop-client resides. It does not have network access, and the Qubes split-gpg mechanism permits access to GPG keys from this VM. * An adversary can view all decrypted submissions. * An adversary can decrypt arbitrary encrypted submissions. * An adversary can interact with the SecureDrop *Journalist Interface* or modify SecureDrop client code. diff --git a/dom0/sd-svs-config.sls b/dom0/sd-app-config.sls similarity index 73% rename from dom0/sd-svs-config.sls rename to dom0/sd-app-config.sls index 2c5689ea..acd11815 100644 --- a/dom0/sd-svs-config.sls +++ b/dom0/sd-app-config.sls @@ -1,14 +1,14 @@ # -*- coding: utf-8 -*- # vim: set syntax=yaml ts=2 sw=2 sts=2 et : ## -# sd-svs-config +# sd-app-config # ======== # -# Moves files into place on sd-svs +# Moves files into place on sd-app # # -# populate config.json for sd-svs. This contains the journalist_key_fingerprint +# populate config.json for sd-app. This contains the journalist_key_fingerprint # used to encrypt replies {% import_json "sd/config.json" as d %} @@ -16,7 +16,7 @@ install-securedrop-proxy-yaml-config: file.managed: - name: /home/user/.securedrop_client/config.json - - source: salt://sd/sd-svs/config.json.j2 + - source: salt://sd/sd-app/config.json.j2 - template: jinja - context: submission_fpr: {{ d.submission_key_fpr}} diff --git a/dom0/sd-svs-files.sls b/dom0/sd-app-files.sls similarity index 84% rename from dom0/sd-svs-files.sls rename to dom0/sd-app-files.sls index 8e7c65d1..b4befcd3 100644 --- a/dom0/sd-svs-files.sls +++ b/dom0/sd-app-files.sls @@ -2,10 +2,10 @@ # vim: set syntax=yaml ts=2 sw=2 sts=2 et : ## -# sd-svs-files +# sd-app-files # ======== # -# Moves files into place on sd-svs-template +# Moves files into place on sd-app-template # ## include: diff --git a/dom0/sd-svs.sls b/dom0/sd-app.sls similarity index 67% rename from dom0/sd-svs.sls rename to dom0/sd-app.sls index 2d7557f9..49e9cc5a 100644 --- a/dom0/sd-svs.sls +++ b/dom0/sd-app.sls @@ -5,16 +5,16 @@ # qvm.work # ======== # -# Installs 'sd-svs' AppVM, to persistently store SD data +# Installs 'sd-app' AppVM, to persistently store SD data # This VM has no network configured. ## include: - sd-workstation-template - sd-upgrade-templates -sd-svs-template: +sd-app-template: qvm.vm: - - name: sd-svs-buster-template + - name: sd-app-buster-template - clone: - source: securedrop-workstation-buster - label: yellow @@ -27,13 +27,13 @@ sd-svs-template: - sls: sd-workstation-template - sls: sd-upgrade-templates -sd-svs: +sd-app: qvm.vm: - - name: sd-svs + - name: sd-app - present: - label: yellow - prefs: - - template: sd-svs-buster-template + - template: sd-app-buster-template - netvm: "" - tags: - add: @@ -43,16 +43,16 @@ sd-svs: - enable: - service.paxctld - require: - - qvm: sd-svs-buster-template + - qvm: sd-app-buster-template # Ensure the Qubes menu is populated with relevant app entries, # so that Nautilus/Files can be started via GUI interactions. -sd-svs-template-sync-appmenus: +sd-app-template-sync-appmenus: cmd.run: - name: > - qvm-start --skip-if-running sd-svs-buster-template && - qvm-sync-appmenus sd-svs-buster-template + qvm-start --skip-if-running sd-app-buster-template && + qvm-sync-appmenus sd-app-buster-template - require: - - qvm: sd-svs-buster-template + - qvm: sd-app-buster-template - onchanges: - - qvm: sd-svs-buster-template + - qvm: sd-app-buster-template diff --git a/dom0/sd-export-files.sls b/dom0/sd-devices-files.sls similarity index 79% rename from dom0/sd-export-files.sls rename to dom0/sd-devices-files.sls index f03a9018..2813b280 100644 --- a/dom0/sd-export-files.sls +++ b/dom0/sd-devices-files.sls @@ -2,17 +2,17 @@ # vim: set syntax=yaml ts=2 sw=2 sts=2 et : ## -# sd-export-files +# sd-devices-files # ======== # -# Moves files into place on sd-export +# Moves files into place on sd-devices # ## include: - fpf-apt-test-repo # Libreoffice needs to be installed here to convert to pdf to allow printing -sd-export-install-libreoffice: +sd-devices-install-libreoffice: pkg.installed: - name: libreoffice - retry: @@ -21,6 +21,6 @@ sd-export-install-libreoffice: - install_recommends: False # Install securedrop-export package https://github.com/freedomofpress/securedrop-export -sd-export-install-package: +sd-devices-install-package: pkg.installed: - name: securedrop-export diff --git a/dom0/sd-export.sls b/dom0/sd-devices.sls similarity index 60% rename from dom0/sd-export.sls rename to dom0/sd-devices.sls index 98e49b3d..ade91803 100644 --- a/dom0/sd-export.sls +++ b/dom0/sd-devices.sls @@ -2,16 +2,16 @@ # vim: set syntax=yaml ts=2 sw=2 sts=2 et : # -# Installs 'sd-export' AppVM, to persistently store SD data +# Installs 'sd-devices' AppVM, to persistently store SD data # This VM has no network configured. ## include: - sd-workstation-template - sd-upgrade-templates -sd-export-template: +sd-devices-template: qvm.vm: - - name: sd-export-buster-template + - name: sd-devices-buster-template - clone: - source: securedrop-workstation-buster - label: red @@ -23,14 +23,14 @@ sd-export-template: - sls: sd-workstation-template - sls: sd-upgrade-templates -sd-export-usb-dvm: +sd-devices-dvm: qvm.vm: - - name: sd-export-usb-dvm + - name: sd-devices-dvm - present: - - template: sd-export-buster-template + - template: sd-devices-buster-template - label: red - prefs: - - template: sd-export-buster-template + - template: sd-devices-buster-template - netvm: "" - template_for_dispvms: True - tags: @@ -41,29 +41,29 @@ sd-export-usb-dvm: - enable: - service.paxctld - require: - - qvm: sd-export-buster-template + - qvm: sd-devices-buster-template # Ensure the Qubes menu is populated with relevant app entries, # so that Nautilus/Files can be started via GUI interactions. -sd-export-template-sync-appmenus: +sd-devices-template-sync-appmenus: cmd.run: - name: > - qvm-start --skip-if-running sd-export-buster-template && - qvm-sync-appmenus sd-export-buster-template + qvm-start --skip-if-running sd-devices-buster-template && + qvm-sync-appmenus sd-devices-buster-template - require: - - qvm: sd-export-buster-template + - qvm: sd-devices-buster-template - onchanges: - - qvm: sd-export-buster-template + - qvm: sd-devices-buster-template -sd-export-create-named-dispvm: +sd-devices-create-named-dispvm: qvm.vm: - - name: sd-export-usb + - name: sd-devices - present: - - template: sd-export-usb-dvm + - template: sd-devices-dvm - class: DispVM - label: red - tags: - add: - sd-workstation - require: - - qvm: sd-export-usb-dvm + - qvm: sd-devices-dvm diff --git a/dom0/sd-dom0-qvm-rpc.sls b/dom0/sd-dom0-qvm-rpc.sls index 054900d0..c3d76b35 100644 --- a/dom0/sd-dom0-qvm-rpc.sls +++ b/dom0/sd-dom0-qvm-rpc.sls @@ -45,8 +45,8 @@ dom0-rpc-qubes.OpenInVM: - marker_start: "### BEGIN securedrop-workstation ###" - marker_end: "### END securedrop-workstation ###" - content: | - @tag:sd-client @dispvm:sd-svs-disp allow - @tag:sd-client sd-export-usb allow + @tag:sd-client @dispvm:sd-viewer allow + @tag:sd-client sd-devices allow @anyvm @tag:sd-workstation deny @tag:sd-workstation @anyvm deny dom0-rpc-qubes.OpenURL: diff --git a/dom0/sd-proxy.sls b/dom0/sd-proxy.sls index 654b1f20..90ddd104 100644 --- a/dom0/sd-proxy.sls +++ b/dom0/sd-proxy.sls @@ -48,5 +48,5 @@ sd-proxy-dom0-securedrop.Proxy: file.prepend: - name: /etc/qubes-rpc/policy/securedrop.Proxy - text: | - sd-svs sd-proxy allow + sd-app sd-proxy allow @anyvm @anyvm deny diff --git a/dom0/sd-svs-disp-files.sls b/dom0/sd-viewer-files.sls similarity index 71% rename from dom0/sd-svs-disp-files.sls rename to dom0/sd-viewer-files.sls index 17897ec7..44299dfc 100644 --- a/dom0/sd-svs-disp-files.sls +++ b/dom0/sd-viewer-files.sls @@ -2,10 +2,10 @@ # vim: set syntax=yaml ts=2 sw=2 sts=2 et : ## -# sd-svs-disp-files +# sd-viewer-files # ======== # -# Installs configuration packages specific to the SVS DispVM, +# Installs configuration packages specific to the Viewer DispVM, # used for opening submissions. # ## @@ -13,7 +13,7 @@ include: - fpf-apt-test-repo -sd-svs-disp-install-mimetype-handler-package: +sd-viewer-install-mimetype-handler-package: pkg.installed: - pkgs: - securedrop-workstation-svs-disp @@ -21,7 +21,7 @@ sd-svs-disp-install-mimetype-handler-package: - require: - sls: fpf-apt-test-repo -sd-svs-disp-install-libreoffice: +sd-viewer-install-libreoffice: pkg.installed: - name: libreoffice - retry: diff --git a/dom0/sd-svs-disp.sls b/dom0/sd-viewer.sls similarity index 64% rename from dom0/sd-svs-disp.sls rename to dom0/sd-viewer.sls index 1e38b4d6..608dcfde 100644 --- a/dom0/sd-svs-disp.sls +++ b/dom0/sd-viewer.sls @@ -2,10 +2,10 @@ # vim: set syntax=yaml ts=2 sw=2 sts=2 et : ## -# sd-svs-disp +# sd-viewer # ======== # -# Configures the 'sd-svs-disp' template VM, which will be used as the +# Configures the 'sd-viewer' template VM, which will be used as the # base dispvm for the SVS vm (will be used to open all submissions # after processing). # This VM has no network configured. @@ -15,9 +15,9 @@ include: - sd-workstation-template - sd-upgrade-templates -sd-svs-disp-template: +sd-viewer-template: qvm.vm: - - name: sd-svs-disp-buster-template + - name: sd-viewer-buster-template - clone: - source: securedrop-workstation-buster - label: green @@ -29,29 +29,29 @@ sd-svs-disp-template: - sls: sd-workstation-template - sls: sd-upgrade-templates -sd-svs-disp: +sd-viewer: qvm.vm: - - name: sd-svs-disp + - name: sd-viewer - present: - - template: sd-svs-disp-buster-template + - template: sd-viewer-buster-template - label: green - prefs: - - template: sd-svs-disp-buster-template + - template: sd-viewer-buster-template - netvm: "" - template_for_dispvms: True - tags: - add: - sd-workstation - - sd-svs-disp-vm + - sd-viewer-vm - sd-buster - features: - enable: - service.paxctld - require: - - qvm: sd-svs-disp-buster-template + - qvm: sd-viewer-buster-template -sd-svs-disp-default-dispvm: +sd-viewer-default-dispvm: cmd.run: - - name: qubes-prefs default_dispvm sd-svs-disp + - name: qubes-prefs default_dispvm sd-viewer - require: - - qvm: sd-svs-disp + - qvm: sd-viewer diff --git a/dom0/sd-workstation.top b/dom0/sd-workstation.top index d4a179a5..a9642cfb 100644 --- a/dom0/sd-workstation.top +++ b/dom0/sd-workstation.top @@ -9,26 +9,26 @@ base: - sd-upgrade-templates - sd-dom0-qvm-rpc - sd-sys-whonix-vms - - sd-export + - sd-devices - sd-gpg - sd-proxy - - sd-svs-disp - - sd-svs + - sd-viewer + - sd-app - sd-whonix - sd-remove-unused-templates - sd-log - sd-export-buster-template: - - sd-export-files + sd-devices-buster-template: + - sd-devices-files sd-gpg: - sd-gpg-files sd-proxy-buster-template: - sd-proxy-template-files - sd-svs: - - sd-svs-config - sd-svs-disp-buster-template: - - sd-svs-disp-files - sd-svs-buster-template: - - sd-svs-files + sd-app: + - sd-app-config + sd-viewer-buster-template: + - sd-viewer-files + sd-app-buster-template: + - sd-app-files sys-firewall: - sd-sys-firewall-files sd-whonix: diff --git a/dom0/securedrop-handle-upgrade b/dom0/securedrop-handle-upgrade index d3b10334..3c3ec8e9 100755 --- a/dom0/securedrop-handle-upgrade +++ b/dom0/securedrop-handle-upgrade @@ -12,38 +12,38 @@ TASK=${1:-default} # 2. The AppVM must not be a DispVM template that used as the default DispVM # for an AppVM, nor the system default DispVM. if [[ $TASK == "prepare" ]]; then - # sd-svs, we simply shutdown the machine as we want to preserve the data - if qvm-check sd-svs --quiet; then - BASE_TEMPLATE=$(qvm-prefs sd-svs template) + # sd-app, we simply shutdown the machine as we want to preserve the data + if qvm-check sd-app --quiet; then + BASE_TEMPLATE=$(qvm-prefs sd-app template) if [[ ! $BASE_TEMPLATE =~ "buster" ]]; then - if qvm-check --running sd-svs; then - qvm-shutdown --wait sd-svs + if qvm-check --running sd-app; then + qvm-shutdown --wait sd-app fi fi fi - # For sd-svs-disp and sd-export-usb-dvm, DispVM templates. We can delete both + # For sd-viewer and sd-devices-dvm, DispVM templates. We can delete both # VMs since they contain no persistent data. The installer will re-create them # as part of the provisioning process. # We set the default DispVM to empty string to ensure nothing is opened in an # insecure (unmanaged or not yet updated) or networked vm, until the - # provisioning process runs again and sets that value to sd-svs-disp - if qvm-check --quiet sd-svs-disp; then - BASE_TEMPLATE=$(qvm-prefs sd-svs-disp template) + # provisioning process runs again and sets that value to sd-viewer + if qvm-check --quiet sd-viewer; then + BASE_TEMPLATE=$(qvm-prefs sd-viewer template) if [[ ! $BASE_TEMPLATE =~ "buster" ]]; then qubes-prefs default_dispvm '' - qvm-shutdown --wait sd-svs-disp - qvm-remove -f sd-svs-disp + qvm-shutdown --wait sd-viewer + qvm-remove -f sd-viewer fi fi - if qvm-check --quiet sd-export-usb; then - BASE_TEMPLATE=$(qvm-prefs sd-export-usb-dvm template) + if qvm-check --quiet sd-devices; then + BASE_TEMPLATE=$(qvm-prefs sd-devices-dvm template) if [[ ! $BASE_TEMPLATE =~ "buster" ]]; then - qvm-shutdown --wait sd-export-usb - qvm-shutdown --wait sd-export-usb-dvm - qvm-remove -f sd-export-usb - qvm-remove -f sd-export-usb-dvm + qvm-shutdown --wait sd-devices + qvm-shutdown --wait sd-devices-dvm + qvm-remove -f sd-devices + qvm-remove -f sd-devices-dvm fi fi @@ -90,7 +90,7 @@ if [[ $TASK == "prepare" ]]; then elif [[ $TASK == "remove" ]]; then # For each template, ensure the TemplateVM exists, that it is shut down # before deleting it. - for template in sd-svs-template sd-svs-disp-template sd-export-template sd-proxy-template + for template in sd-app-template sd-viewer-template sd-devices-template sd-proxy-template do if qvm-check "${template}" --quiet; then if qvm-check --running "${template}"; then diff --git a/dom0/securedrop-login b/dom0/securedrop-login index 8e0927cd..271aef67 100644 --- a/dom0/securedrop-login +++ b/dom0/securedrop-login @@ -19,7 +19,7 @@ logger = logging.getLogger(SCRIPT_NAME) logging.basicConfig(level=logging.INFO) -SDW_DISPVM_TEMPLATE = "sd-svs-disp-template" +SDW_DISPVM_TEMPLATE = "sd-viewer-template" if __name__ == "__main__": diff --git a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec index 2821c70b..257d0cf6 100644 --- a/rpm-build/SPECS/securedrop-workstation-dom0-config.spec +++ b/rpm-build/SPECS/securedrop-workstation-dom0-config.spec @@ -33,7 +33,7 @@ configuration over time. %{__python3} setup.py install --skip-build --root %{buildroot} install -m 755 -d %{buildroot}/srv install -m 755 -d %{buildroot}/srv/salt/sd -install -m 755 -d %{buildroot}/srv/salt/sd/sd-svs +install -m 755 -d %{buildroot}/srv/salt/sd/sd-app install -m 755 -d %{buildroot}/srv/salt/sd/sd-journalist install -m 755 -d %{buildroot}/srv/salt/sd/sd-workstation install -m 755 -d %{buildroot}/usr/share/securedrop-workstation-dom0-config/scripts @@ -42,7 +42,7 @@ install -m 644 dom0/*.sls %{buildroot}/srv/salt/ install -m 644 dom0/*.top %{buildroot}/srv/salt/ # The next file should get installed via RPM not via salt install -m 755 dom0/securedrop-update %{buildroot}/srv/salt/securedrop-update -install sd-svs/* %{buildroot}/srv/salt/sd/sd-svs/ +install sd-app/* %{buildroot}/srv/salt/sd/sd-app/ install sd-workstation/* %{buildroot}/srv/salt/sd/sd-workstation/ install -m 644 sd-proxy/logo-small.png %{buildroot}/usr/share/securedrop/icons/sd-logo.png install -m 644 Makefile %{buildroot}/usr/share/%{name}/Makefile diff --git a/scripts/prep-salt b/scripts/prep-salt index 2971dd07..b5b430d8 100755 --- a/scripts/prep-salt +++ b/scripts/prep-salt @@ -18,7 +18,7 @@ echo "Deploying Salt config..." if [[ ! -d "$SDW_SALT_DIR" ]]; then sudo mkdir -p /srv/salt/sd sudo cp -r sd-proxy /srv/salt/sd - sudo cp -r sd-svs /srv/salt/sd + sudo cp -r sd-app /srv/salt/sd sudo cp -r sd-whonix /srv/salt/sd sudo cp -r sd-workstation /srv/salt/sd sudo cp -r sys-firewall /srv/salt/sd diff --git a/sd-svs/config.json.j2 b/sd-app/config.json.j2 similarity index 100% rename from sd-svs/config.json.j2 rename to sd-app/config.json.j2 diff --git a/sd-proxy/sd-proxy.yaml b/sd-proxy/sd-proxy.yaml index 134ff3e6..812563a6 100644 --- a/sd-proxy/sd-proxy.yaml +++ b/sd-proxy/sd-proxy.yaml @@ -1,5 +1,5 @@ host: {{ hostname }} scheme: http port: 80 -target_vm: sd-svs +target_vm: sd-app dev: False diff --git a/tests/base.py b/tests/base.py index 2db2f550..1d7915ab 100644 --- a/tests/base.py +++ b/tests/base.py @@ -10,10 +10,10 @@ "sd-gpg", "sd-log", "sd-proxy", - "sd-svs", - "sd-svs-disp", + "sd-app", + "sd-viewer", "sd-whonix", - "sd-export-usb" + "sd-devices" ] diff --git a/tests/test_svs.py b/tests/test_app.py similarity index 88% rename from tests/test_svs.py rename to tests/test_app.py index 3c3b6412..591e8467 100644 --- a/tests/test_svs.py +++ b/tests/test_app.py @@ -4,14 +4,14 @@ from base import SD_VM_Local_Test -class SD_SVS_Tests(SD_VM_Local_Test): +class SD_App_Tests(SD_VM_Local_Test): def setUp(self): - self.vm_name = "sd-svs" - super(SD_SVS_Tests, self).setUp() + self.vm_name = "sd-app" + super(SD_App_Tests, self).setUp() def test_decrypt_sd_user_profile(self): contents = self._get_file_contents( - "/etc/profile.d/sd-svs-qubes-gpg-domain.sh" + "/etc/profile.d/sd-app-qubes-gpg-domain.sh" ) expected_content = 'export QUBES_GPG_DOMAIN="sd-gpg"\n' self.assertEqual(contents, expected_content) @@ -51,5 +51,5 @@ def test_sd_client_apparmor(self): def load_tests(loader, tests, pattern): - suite = unittest.TestLoader().loadTestsFromTestCase(SD_SVS_Tests) + suite = unittest.TestLoader().loadTestsFromTestCase(SD_App_Tests) return suite diff --git a/tests/test_dom0_config.py b/tests/test_dom0_config.py index aad3da83..b1b8750c 100644 --- a/tests/test_dom0_config.py +++ b/tests/test_dom0_config.py @@ -1,19 +1,22 @@ import subprocess import unittest -STRETCH_TEMPLATES = [ +DEPRECATED_TEMPLATES = [ "sd-svs-template", "sd-svs-disp-template", "sd-export-template", "sd-proxy-template", - "securedrop-workstation" + "securedrop-workstation", + "sd-svs-buster-template", + "sd-export-buster-template", + "sd-svs-disp-buster-template" ] VMS_TO_UPDATE = [ - "sd-svs-buster-template", - "sd-svs-disp-buster-template", + "sd-app-buster-template", + "sd-viewer-buster-template", "sd-proxy-buster-template", - "sd-export-buster-template", + "sd-devices-buster-template", "whonix-ws-15", "whonix-gw-15", "securedrop-workstation-buster" @@ -31,7 +34,7 @@ def tearDown(self): def test_Templates_cleaned_up(self): cmd = ["qvm-ls", "--raw-list"] contents = subprocess.check_output(cmd).decode("utf-8").split() - for template in STRETCH_TEMPLATES: + for template in DEPRECATED_TEMPLATES: for line in contents: self.assertFalse(template == line) diff --git a/tests/test_proxy_vm.py b/tests/test_proxy_vm.py index b09b7e6c..f79b6955 100644 --- a/tests/test_proxy_vm.py +++ b/tests/test_proxy_vm.py @@ -26,7 +26,7 @@ def test_sd_proxy_yaml_config(self): "host: {}".format(hostname), "scheme: http", "port: 80", - "target_vm: sd-svs", + "target_vm: sd-app", "dev: False", ] for line in wanted_lines: diff --git a/tests/test_sd_export.py b/tests/test_sd_devices.py similarity index 77% rename from tests/test_sd_export.py rename to tests/test_sd_devices.py index 31955788..3d7d3dfa 100644 --- a/tests/test_sd_export.py +++ b/tests/test_sd_devices.py @@ -3,11 +3,11 @@ from base import SD_VM_Local_Test -class SD_Export_Tests(SD_VM_Local_Test): +class SD_Devices_Tests(SD_VM_Local_Test): def setUp(self): - self.vm_name = "sd-export-usb-dvm" - super(SD_Export_Tests, self).setUp() + self.vm_name = "sd-devices-dvm" + super(SD_Devices_Tests, self).setUp() def test_files_are_properly_copied(self): self.assertTrue(self._fileExists("/usr/bin/send-to-usb")) @@ -21,5 +21,5 @@ def test_sd_export_package_installed(self): def load_tests(loader, tests, pattern): - suite = unittest.TestLoader().loadTestsFromTestCase(SD_Export_Tests) + suite = unittest.TestLoader().loadTestsFromTestCase(SD_Devices_Tests) return suite diff --git a/tests/test_svs_disp.py b/tests/test_viewer.py similarity index 59% rename from tests/test_svs_disp.py rename to tests/test_viewer.py index a57b27b0..16acccce 100644 --- a/tests/test_svs_disp.py +++ b/tests/test_viewer.py @@ -3,23 +3,23 @@ from base import SD_VM_Local_Test -class SD_SVS_Disp_Tests(SD_VM_Local_Test): +class SD_Viewer_Tests(SD_VM_Local_Test): def setUp(self): - self.vm_name = "sd-svs-disp" - super(SD_SVS_Disp_Tests, self).setUp() + self.vm_name = "sd-viewer" + super(SD_Viewer_Tests, self).setUp() def test_sd_svs_disp_config_package_installed(self): pkg = "securedrop-workstation-svs-disp" self.assertTrue(self._package_is_installed(pkg)) - def test_sd_svs_disp_evince_installed(self): + def test_sd_viewer_evince_installed(self): pkg = "evince" self.assertTrue(self._package_is_installed(pkg)) - def test_sd_svs_disp_libreoffice_installed(self): + def test_sd_viewer_libreoffice_installed(self): self.assertTrue(self._package_is_installed("libreoffice")) def load_tests(loader, tests, pattern): - suite = unittest.TestLoader().loadTestsFromTestCase(SD_SVS_Disp_Tests) + suite = unittest.TestLoader().loadTestsFromTestCase(SD_Viewer_Tests) return suite diff --git a/tests/test_vms_exist.py b/tests/test_vms_exist.py index f5644e90..b7ebaf29 100644 --- a/tests/test_vms_exist.py +++ b/tests/test_vms_exist.py @@ -67,11 +67,11 @@ def test_sd_proxy_config(self): self.assertFalse(vm.template_for_dispvms) self.assertTrue('sd-workstation' in vm.tags) - def test_sd_svs_config(self): - vm = self.app.domains["sd-svs"] + def test_sd_app_config(self): + vm = self.app.domains["sd-app"] nvm = vm.netvm self.assertTrue(nvm is None) - self.assertTrue(vm.template == "sd-svs-buster-template") + self.assertTrue(vm.template == "sd-app-buster-template") self.assertFalse(vm.provides_network) self.assertFalse(vm.template_for_dispvms) self._check_kernel(vm) @@ -79,11 +79,11 @@ def test_sd_svs_config(self): self.assertTrue('sd-workstation' in vm.tags) self.assertTrue('sd-client' in vm.tags) - def test_sd_svs_disp_config(self): - vm = self.app.domains["sd-svs-disp"] + def test_sd_viewer_config(self): + vm = self.app.domains["sd-viewer"] nvm = vm.netvm self.assertTrue(nvm is None) - self.assertTrue(vm.template == "sd-svs-disp-buster-template") + self.assertTrue(vm.template == "sd-viewer-buster-template") self.assertFalse(vm.provides_network) self.assertTrue(vm.template_for_dispvms) self._check_kernel(vm) @@ -131,29 +131,29 @@ def test_sd_proxy_template(self): self.assertTrue(nvm is None) self.assertTrue('sd-workstation' in vm.tags) - def sd_svs_template(self): - vm = self.app.domains["sd-svs-buster-template"] + def sd_app_template(self): + vm = self.app.domains["sd-app-buster-template"] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue('sd-workstation' in vm.tags) self._check_kernel(vm) - def sd_svs_disp_template(self): - vm = self.app.domains["sd-svs-disp-buster-template"] + def sd_viewer_template(self): + vm = self.app.domains["sd-viewer-buster-template"] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue('sd-workstation' in vm.tags) self.assertTrue(vm.template_for_dispvms) def sd_export_template(self): - vm = self.app.domains["sd-export-buster-template"] + vm = self.app.domains["sd-devices-buster-template"] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue('sd-workstation' in vm.tags) self._check_kernel(vm) def sd_export_dvm(self): - vm = self.app.domains["sd-export-usb-dvm"] + vm = self.app.domains["sd-devices-dvm"] nvm = vm.netvm self.assertTrue(nvm is None) self.assertTrue('sd-workstation' in vm.tags) @@ -161,7 +161,7 @@ def sd_export_dvm(self): self._check_kernel(vm) def sd_export(self): - vm = self.app.domains["sd-export-usb"] + vm = self.app.domains["sd-devices"] nvm = vm.netvm self.assertTrue(nvm is None) vm_type = vm.klass diff --git a/tests/test_vms_platform.py b/tests/test_vms_platform.py index d7c9e2b2..79af93c0 100644 --- a/tests/test_vms_platform.py +++ b/tests/test_vms_platform.py @@ -164,7 +164,7 @@ def test_dispvm_default_platform(self): """ cmd = ["qubes-prefs", "default_dispvm"] result = subprocess.check_output(cmd).decode("utf-8").rstrip("\n") - self.assertEqual(result, "sd-svs-disp") + self.assertEqual(result, "sd-viewer") def test_sys_vms_use_supported_fedora(self): """ diff --git a/tests/vars/qubes-rpc.yml b/tests/vars/qubes-rpc.yml index fd56a358..590f5ff4 100644 --- a/tests/vars/qubes-rpc.yml +++ b/tests/vars/qubes-rpc.yml @@ -95,8 +95,8 @@ - policy: OpenInVM starts_with: |- ### BEGIN securedrop-workstation ### - @tag:sd-client @dispvm:sd-svs-disp allow - @tag:sd-client sd-export-usb allow + @tag:sd-client @dispvm:sd-viewer allow + @tag:sd-client sd-devices allow @anyvm @tag:sd-workstation deny @tag:sd-workstation @anyvm deny ### END securedrop-workstation ###