fix: exclude Whonix qubes by distribution feature

The feature is more reliable than the whonix-updatevm tag as the tag can be deleted for other Whonix tags to take effect to target different gateways, which is the case for the Bitcoin formula.
2024-10-01 02:35:49 -04:00 · 2024-07-25 20:35:53 +02:00 · 2024-07-25 20:35:53 +02:00 · 2b7f555494
commit 2b7f555494
parent f8aa555da8
1 changed files with 17 additions and 11 deletions
--- a/salt/sys-cacher/files/admin/tag.py
+++ b/salt/sys-cacher/files/admin/tag.py
@ -10,26 +10,34 @@ import argparse
 import qubesadmin  # pylint: disable=import-error
 import qubesadmin.vm  # pylint: disable=import-error

-def get_clients(qubes, wanted_dist, extraneous=False):
+def get_clients(qubes, extraneous=False):  # pylint: disable=too-many-branches
    """Get qubes tagged for ACNG"""
+    wanted_dist = ["debian", "fedora", "arch", "ubuntu", "kicksecure"]
+    unwanted_dist = ["whonix"]
    domains = []
    for qube in qubes.domains:  # pylint: disable=invalid-name
-        if qube.klass == "TemplateVM" and "whonix-updatevm" not in qube.tags:
+        if qube.klass == "TemplateVM":
            os_dist = qube.features.get("os-distribution")
            os_dist_like = qube.features.get("os-distribution-like")
            if os_dist_like is not None:
                os_dist_like_list = os_dist_like.split()

            if extraneous and "updatevm-sys-cacher" in qube.tags:
-                if (os_dist not in wanted_dist \
-                    and os_dist_like is None) \
-                    or (os_dist_like is not None and
+                if os_dist in unwanted_dist:
+                    domains.append(qube.name)
+                elif "whonix-updatevm" in qube.tags:
+                    domains.append(qube.name)
+                elif os_dist not in wanted_dist and os_dist_like is None:
+                    domains.append(qube.name)
+                elif os_dist_like is not None and \
                    not any(domain in os_dist_like_list
-                            for domain in wanted_dist
-                    )
-                ):
+                            for domain in wanted_dist):
                    domains.append(qube.name)
            else:
+                if os_dist in unwanted_dist:
+                    continue
+                if "whonix-updatevm" in qube.tags:
+                    continue
                if os_dist in wanted_dist:
                    domains.append(qube.name)
                elif os_dist_like is not None:
@ -48,10 +56,8 @@ def main():  # pylint: disable=missing-function-docstring
    parser.add_argument("--extraneous", action="store_true",
                        help="List only extraneously tagged qubes")
    args = parser.parse_args()
-
-    wanted_dist = ["debian", "fedora", "arch", "ubuntu", "kicksecure"]
    qubes = qubesadmin.Qubes()
-    domains = get_clients(qubes, wanted_dist, extraneous=args.extraneous)
+    domains = get_clients(qubes, extraneous=args.extraneous)
    print("\n".join(domains))