Skip to content

Commit

Permalink
Edit installation instructions
Browse files Browse the repository at this point in the history 
- Add note in README on the risks of copying data to dom0
- Add suggestion for seeting up a dev VM
  • Loading branch information
@pierwill
pierwill committed Aug 23, 2019
1 parent d8e1a84 commit e58245d
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,18 @@ Select all VMs marked as **updates available**, then click **Next**. Once all up

#### Download, Configure, Copy to `dom0`

Decide on a VM to use for development. Clone this repo to your preferred location on that VM.
Decide on a VM to use for development. We suggest creating a standalone VM called `sd-dev`. Clone this repo to your preferred location on that VM.

Next we need to do some SecureDrop-specific configuration:

- create a `config.json` based on `config.json.example` and include your values for the Journalist hidden service `.onion` hostname and PSK.
- create an `sd-journalist.sec` file in the root directory with the ASCII-armored GPG private key used to encrypt submissions in your test SecureDrop instance. The included key `sd-journalist.sec` is the one used by default in the SecureDrop staging instance.

Qubes provisioning is handled by Salt on `dom0`, so this project must be copied there from your development VM. That process is a little tricky, but here's one way to do it: assuming this code is checked out in your `work` VM at `/home/user/projects/securedrop-workstation`, run the following in `dom0`:
Qubes provisioning is handled by Salt on `dom0`, so this project must be copied there from your development VM.

*Understand that [copying data to dom0](https://www.qubes-os.org/doc/copy-from-dom0/#copying-to-dom0) goes against the grain of the Qubes security philosophy, and should only done with trusted code and for very specific purposes, such as Qubes-related development tasks. Still, be aware of the risks, especially if you rely on your Qubes installation for other sensitive work.*

That process is a little tricky, but here's one way to do it: assuming this code is checked out in your `work` VM at `/home/user/projects/securedrop-workstation`, run the following in `dom0`:

qvm-run --pass-io work 'tar -c -C /home/user/projects securedrop-workstation' | tar xvf -

Expand Down

0 comments on commit e58245d

Please sign in to comment.