Conor Schaefer
Conor Schaefer
And another one! Same resolution. We should definitely set 15G by default as part of the dom0 state—similar to what we already do for the sd-app private volume. Anecdotally, @creviera...
> At least in anecdotal observations, most of the autoremove diskspace cleanup has been due to old kernel packages that are no longer needed still hanging around. See also #442
Examples for each linting strategy can be found in the SecureDrop repository: * yamllint https://github.com/freedomofpress/securedrop/blob/58ab66e76f6a5fb23d8bf3d9c969f4e4d89d37d9/Makefile#L64-L70 * shellcheck https://github.com/freedomofpress/securedrop/blob/58ab66e76f6a5fb23d8bf3d9c969f4e4d89d37d9/Makefile#L72-L86 * flake8 https://github.com/freedomofpress/securedrop/blob/58ab66e76f6a5fb23d8bf3d9c969f4e4d89d37d9/Makefile#L45-L51
Essentially the same problem as reported in #477, although the screenshot is great to have. I believe the proper resolution here, for both "uninstall" and "make clean" cases, would be...
> update the securedrop.Log RPC file in-place to deny submissions By way of example, see here: https://github.com/QubesOS/qubes-mgmt-salt/blob/3a8b5b6b87519dbbd054d4df27e3f5e455a6b561/qubessalt/__init__.py#L287-L306 That'd allow us finegrained control of when it's permissible for `sd-log` to receive...
> Currently in our salt config we'd have to write that in twice, once for the dev logic, and once for the prod/staging logic. That's not worth the duplication, so...
Still seeing this occasionally. The log event is coming from sys-whonix, which is still using the securedrop-log code, because our clean action removes the package and config from the TemplateVM,...
To my eye, yes, it is. However, there are still a few scripts in dom0 that really should be bundled up in the RPM, to my eye, although perhaps that's...
Summarizing discussion in standup today, @emkll & @kushaldas discussed this out of band. The root cause appears to be lingering management VMs, likely from a cancelled or otherwise interrupted provisioning...
We discussed this in a tech meeting today. Let's also consider getting the `securedrop-workstation-dom0-config` RPM package into the Qubes Contrib repositories. If we go that route, then first-time installs would...