-
Notifications
You must be signed in to change notification settings - Fork 46
QA Testing
The following instructions are for Release QA processes only and should not be used on production hardware or in production contexts.
Three scenarios are supported through the environment
key in config.json
:
- prod: prod RPM server, prod APT server
- staging: dev RPM server, dev APT server
- dev: local salt provisioning logic, dev APT server.
In order to test latest release candidate and dom0 changes, we should use the staging
environment
key and install as per the install docs.
In order to test the upgrade in place scenario, the best way would be to install a workstation using the production
, and then switching over the configuration to staging
.
All commands to be typed in dom0
:
# edit /srv/salt/sd/config.json and change `environment` key from `prod` to `staging`
# update dom0 configuration (RPM sources)
sudo qubesctl --show-output --targets dom0 state.highstate
# update sys-firewall configuration
sudo qubesctl --show-output --targets sys-firewall state.highstate
# update TemplateVMs to use test apt repo(call fpf-apt-test-repo to make minimal changes)
sudo qubesctl --show-output --max-concurrency 2 --skip-dom0 --targets sd-log-buster-template,securedrop-workstation-buster,sd-proxy-buster-template,sd-app-buster-template,sd-devices-buster-template,sd-viewer-buster-template,whonix-gw-15 state.sls fpf-apt-test-repo
# run the GUI updater, if necessary, remove the update status:
rm ~/.securedrop_launcher/sdw-update-status
The next time the preflight updater is run, it will apply all updates, in dom0 and TemplateVMs, using apt-test.freedom.press and yum-test.securedrop.org.
- Download the rc package you want to test from https://apt-test.freedom.press
- Install it in the appropriate TemplateVM
- Power down the TemplateVM. Wait for this operation to finish.
- Reboot the AppVM
- Now you can start running tests against the component rc
Tip: If you are unsure about the available or installed packages, you can run the command apt-cache policy <package>
in a TemplateVM or AppVM, e.g., apt-cache policy securedrop-client
. It will tell you the exact version of the package that is available, as well as the package that will be installed next time the VM is updated.
The goal of preflight testing is ensure that the release has been properly deployed, and is ready for final deployment to production instances. For preflight testing, we host the new packages at https://apt-qa.freedom.press/, rather than https://apt.freedom.press/. The exact same packages, Release file, and corresponding detached signature, generated with the prod key, are used. We deploy those artifacts to apt-qa to provide final verification that the release will function well for real-world prod instances.
The following is using securedrop-client
as an example.
- Update
config.json
toprod
if it isn't already - Run
sdw-admin --apply
- Edit the apt sources list in
sd-small-buster-template
to point toapt-qa
- Run
sudo apt update && sudo apt install securedrop-client
- Restart the template and
sd-app
if it's running - Double click on the
securedrop-client
Desktop icon - Confirm the correct version the the client appears on the login window
- Login and make sure your changes work
- If not already on
prod
, updateconfig.json
toprod
and provision VMs by runningsdw-admin --apply
- Force a run of the updater in dom0:
/opt/securedrop/launcher/sdw-launcher.py --skip-delta 0