search

freedomofpress / securedrop-workstation

Qubes-based SecureDrop Journalist Workstation environment for submission handling
GNU Affero General Public License v3.0
132 stars 39 forks source link

Use Qubes GUI Updater for Better Troubleshooting #1076

Open deeplow opened 3 weeks ago

deeplow commented 3 weeks ago

Description

Currently updates are done through the SecureDrop launcher started on-boot. However, if something goes wrong in the update process, the user has to dig through logs to find what failed and try again.

How will this impact SecureDrop/SecureDrop Workstation users?

How would this affect the SecureDrop Workstation threat model?

It shouldn't affect it.

User Stories

As a journalist, I want to have a visual understand of update failures so that I know how to act. For example, if it's a whonix failure, I know that I should just try again. If something non-whonix failed even after a retry, I should contact the workstation admin.

deeplow commented 3 weeks ago

All outstanding issues which blocked us from using the Qubes GUI updater in the 1.0.0 version of the workstation will be unblocked by https://github.com/QubesOS/qubes-desktop-linux-manager/pull/199. That PR implements a non-interactive mode, where we can fully control the updater properties we desire.

In particular we'd want something like this:

`qubes-updater-gui`:
  --target <SD_WORKSTATION_TEMPLATES> 
  --non-interactive  # don't require interaction from the user
  --apply-to-all  # force restarts of app qubes
rocodes commented 4 days ago

That's... really great news @deeplow :) :) Thank you for nudging this along. I think this should be one of the things we look into as soon as 4.2 compat is released.