Do Not Assume Named Disposable Inheirance of Services / Features

[deeplow]

Description

Some workstation development has been made with the assumption that named disposables inherit features / services from their disposable template. This meant that some services are only set in the disposable template (example).

The implications of this is that on new deployments everything will works as expected (because the named disposable is created, thus inheriting things as they are). But critically, existing deployments will not get the new features / services set in the disposable template.

Impact

Given that Qubes 4.2 was installed fresh and a SecureDrop deployment done on top. No instance should have been impacted since there was in practice ever one workstation deployment.

Steps to Reproduce

It can't really be tested, since by definition testing it will already lead to a new deployment. But you can deploy the workstation (make dev) then add a qubes service to sd-devices-dvm in sd-devices.sls (name it whatever you want), and deploy again. What you'll see is that sd-devices-dvm will have the service but sd-devices will not.

Expected Behavior

Deploying the version A and updating to version B leads to the same system state.

Actual Behavior

Deploying version B straightaway leads to a different sate than starting with version A

Comments

• The only thing needing fixing is sd-devices which needs the services from sd-devices-dvm
• Additional mitigations include adding a CI run which compares the properties of all qubes in an "update" scenario versus a fresh install.