Enable the securedrop-whonix-config Qubes service on sd-whonix.
Restart sd-whonix.
[ ] On sd-whonix, /var/lib/keys/tor/app-journalist.auth_private has been created with the expected contents, ownership (debian-tor:debian-tor) and permissions (0600).
Restart sys-whonix.
[ ] On sys-whonix, no /var/lib/tor/keys/tor/app-journalist.auth_private exists.
Checklist
If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:
[x] I have tested these changes in the appropriate Qubes environment
I do not have an appropriate Qubes OS workstation set up (the reviewer will need to test these changes)
These changes should not need testing in Qubes
If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable:
Status
Ready for review
Description
Towards freedomofpress/securedrop-workstation#1039:
template-from-qubesdb
insecuredrop-qubesdb
; andsecuredrop-whonix-config
to configure Whonix at the VM level, obviating Salt from the dom0 level.Test Plan
make build-debs
. While it runs...sd-app
, eyeball your/var/lib/keys/tor/app-journalist.auth_private
and then delete it.securedrop-qubesdb
andsecuredrop-whonix-config
towhonix-gateway-17
and install them.whonix-gateway-17
.securedrop-whonix-config
Qubes service onsd-whonix
.sd-whonix
.sd-whonix
,/var/lib/keys/tor/app-journalist.auth_private
has been created with the expected contents, ownership (debian-tor:debian-tor
) and permissions (0600
).sys-whonix
.sys-whonix
, no/var/lib/tor/keys/tor/app-journalist.auth_private
exists.Checklist
If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:
If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable: