Skip to content

Add property-set:template handler, refactor to reduce redundancy#2

Merged
marmarek merged 1 commit intoQubesOS:mainfrom
ArrayBolt3:arraybolt3/property-set-template
Apr 17, 2026
Merged

Add property-set:template handler, refactor to reduce redundancy#2
marmarek merged 1 commit intoQubesOS:mainfrom
ArrayBolt3:arraybolt3/property-set-template

Conversation

@ArrayBolt3
Copy link
Copy Markdown
Contributor

@ArrayBolt3 ArrayBolt3 commented Feb 25, 2026

Now when a user sets an AppVM to be based on a Kicksecure template, it will automatically be tagged appropriately.

Fixes the other half of QubesOS/qubes-issues#10645 (should go with QubesOS/qubes-core-admin-addon-whonix#30).

marmarek added a commit that referenced this pull request Feb 26, 2026
@marmarek
tests: add stub of LocalVM class to make pylint happy
7a62789 
For #2
@marmarek
Copy link
Copy Markdown
Member

marmarek commented Feb 26, 2026

I wonder, should it also remove tag when changing to non-kicksecure template? At least if the old one was kicksecure (to at least partially try to not remove tag added by the user manually). But then, interaction with the whonix addon will be tricky (like changing template from kicksecure to whonix-workstation for example)...

@marmarek
Copy link
Copy Markdown
Member

marmarek commented Feb 26, 2026

PipelineRetry

@ArrayBolt3
Copy link
Copy Markdown
Contributor Author

ArrayBolt3 commented Feb 26, 2026
edited
Loading

I wonder, should it also remove tag when changing to non-kicksecure template?

I guess it could, and the existing mechanism can (and in practice likely will) result in useless tags being left around on VMs that don't need them anymore. The issue with switching between Kicksecure and Whonix templates can be prevented easily enough with some special-casing, although switching a VM between Kicksecure and Whonix isn't something I think we support since a switch either direction could result in an anonymity compromise.

I'd be happy to augment this and the addon-whonix PR to remove the tags when reasonable.

@marmarek
Copy link
Copy Markdown
Member

marmarek commented Apr 6, 2026

Thinking about it, I think it should remove the tag (here and in the other PR). This should for example cover the situation when user momentarily switches to kicksecure/whonix template by mistake, and fixing it should not leave extra tags behind.
And as you said, there will need to be a special handling of switching between whonix and kicksecure, so the extensions don't fight each other.

@marmarek marmarek added the openqa-pending Include PR in the next openQA run label Apr 6, 2026
@qubesos-bot
Copy link
Copy Markdown

qubesos-bot commented Apr 7, 2026
edited
Loading

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2026041101-4.3&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2026032404-devel&flavor=update

  • system_tests_audio@hw1

  • system_tests_qwt_win10_seamless@hw13

    • windows_clipboard_and_filecopy: unnamed test (unknown)
    • windows_clipboard_and_filecopy: Failed (test died)
      # Test died: no candidate needle with tag(s) 'windows-Edge-address-...

  • system_tests_guivm_gpu_gui_interactive@hw13

    • shutdown: unnamed test (unknown)
    • shutdown: Failed (test died)
      # Test died: no candidate needle with tag(s) 'text-logged-in-root' ...

  • system_tests_whonix@hw1

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: Failed (test died)
      # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...

  • system_tests_audio

  • system_tests_extra

  • system_tests_usbproxy

    • TC_20_USBProxy_core3_debian-13-xfce: test_090_attach_stubdom (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

    • TC_20_USBProxy_core3_fedora-43-xfce: test_090_attach_stubdom (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

Failed tests

18 failures

  • system_tests_audio@hw1

  • system_tests_qwt_win10_seamless@hw13

    • windows_clipboard_and_filecopy: unnamed test (unknown)
    • windows_clipboard_and_filecopy: Failed (test died)
      # Test died: no candidate needle with tag(s) 'windows-Edge-address-...

  • system_tests_qwt_win11@hw13

    • windows_install: Failed (test died)
      # Test died: Install failed with code 1 at qubesos/tests/windows_in...

  • system_tests_guivm_gpu_gui_interactive@hw13

    • shutdown: unnamed test (unknown)
    • shutdown: Failed (test died)
      # Test died: no candidate needle with tag(s) 'text-logged-in-root' ...

  • system_tests_whonix@hw1

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: Failed (test died)
      # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...

  • system_tests_whonix

    • whonixcheck: fail (unknown)
      Whonixcheck for whonix-gateway-18 failed...

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: fail (unknown)
      Whonixcheck for whonix-workstation-18 failed...

    • whonixcheck: Failed (test died)
      # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...

  • system_tests_audio

  • system_tests_extra

  • system_tests_usbproxy

    • TC_20_USBProxy_core3_debian-13-xfce: test_090_attach_stubdom (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

    • TC_20_USBProxy_core3_fedora-43-xfce: test_090_attach_stubdom (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/170766#dependencies

31 fixed

  • system_tests_qwt_win10@hw13

    • windows_install: Failed (test died)
      # Test died: Install failed with code 1 at qubesos/tests/windows_in...

  • system_tests_qwt_win10_seamless@hw13

    • windows_install: Failed (test died)
      # Test died: Install failed with code 1 at qubesos/tests/windows_in...

  • system_tests_network

    • system_tests: Fail (unknown)
      Tests qubes.tests.integ.network failed (exit code 1), details repor...

    • system_tests: Failed (test died)
      # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...

    • VmNetworking_debian-13-xfce: test_203_fake_ip_inter_vm_allow (failure)
      ^... AssertionError: 1 != 0

  • system_tests_pvgrub_salt_storage

    • system_tests: Fail (unknown)
      Tests qubes.tests.integ.grub failed (exit code 1), details reported...

    • system_tests: Failed (test died)
      # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...

    • TC_41_HVMGrub_debian-13-xfce: test_010_template_based_vm (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

    • TC_41_HVMGrub_debian-13-xfce: test_011_template_based_vm_dracut (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

    • TC_41_HVMGrub_fedora-42-xfce: test_000_standalone_vm (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

    • TC_41_HVMGrub_fedora-42-xfce: test_010_template_based_vm (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

  • system_tests_gui_interactive

    • collect_logs: wait_serial (wait serial expected)
      # wait_serial expected: qr/Dhelp-\d+-/...

    • collect_logs: Failed (test died + timed out)
      # Test died: command 'curl --form upload=@journalctl.log --form upn...

  • system_tests_network_ipv6

    • system_tests: Fail (unknown)
      Tests qubes.tests.integ.network_ipv6 failed (exit code 1), details ...

    • system_tests: Failed (test died)
      # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...

    • VmIPv6Networking_fedora-42-xfce: test_113_reattach_after_provider_kill (failure)
      ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 1 != 0

  • system_tests_network_updates

    • system_tests: Fail (unknown)
      Tests qubes.tests.integ.dom0_update failed (exit code 1), details r...

    • system_tests: Failed (test died)
      # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...

    • TC_00_Dom0Upgrade_whonix-gateway-18: test_020_install_wrong_sign (error)
      subprocess.CalledProcessError: Command 'timeout=120; while ! tor-ci...

    • TC_11_QvmTemplateMgmtVM_debian-13-xfce: test_000_template_list (failure)
      qvm-template: error: No matching templates to list

    • TC_11_QvmTemplateMgmtVM_debian-13-xfce: test_010_template_install (failure)
      qvm-template: error: Template 'debian-12-minimal' not found.

    • TC_11_QvmTemplateMgmtVM_fedora-42-xfce: test_000_template_list (failure)
      qvm-template: error: No matching templates to list

    • TC_11_QvmTemplateMgmtVM_fedora-42-xfce: test_010_template_install (failure)
      qvm-template: error: Template 'debian-12-minimal' not found.

    • TC_11_QvmTemplateMgmtVM_whonix-gateway-18: test_000_template_list (failure)
      qvm-template: error: No matching templates to list

    • TC_11_QvmTemplateMgmtVM_whonix-gateway-18: test_010_template_install (failure)
      qvm-template: error: Template 'debian-12-minimal' not found.

  • system_tests_guivm_vnc_gui_interactive

    • collect_logs: wait_serial (wait serial expected)
      # wait_serial expected: qr/C_fDy-\d+-/...

    • collect_logs: Failed (test died + timed out)
      # Test died: command 'curl --form upload=@journalctl.log --form upn...

  • system_tests_audio

  • system_tests_extra

    • TC_01_InputProxyExclude_debian-13-xfce: test_000_qemu_tablet (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

  • system_tests_kde_gui_interactive

    • collect_logs: wait_serial (wait serial expected)
      # wait_serial expected: qr/bMse8-\d+-/...

    • collect_logs: Failed (test died + timed out)
      # Test died: command 'curl --form upload=@journalctl.log --form upn...

Unstable tests

Details

  • system_tests_guivm_gui_interactive

    collect_logs/Failed (1/5 times with errors)
    • job 172256 # Test died: command 'curl --form upload=@journalctl.log --form upn...
    collect_logs/wait_serial (1/5 times with errors)
    • job 172256 # wait_serial expected: qr/v3Six-\d+-/...
    collect_logs/wait_serial (1/5 times with errors)
    • job 172256 # wait_serial expected: qr/6OJPL-\d+-/...

  • system_tests_guivm_vnc_gui_interactive

    collect_logs/Failed (1/5 times with errors)
    • job 172242 # Test died: command 'curl --form upload=@journalctl.log --form upn...
    collect_logs/wait_serial (1/5 times with errors)
    • job 172242 # wait_serial expected: qr/73DgV-\d+-/...
    collect_logs/wait_serial (1/5 times with errors)
    • job 172242 # wait_serial expected: qr/uOleL-\d+-/...

Performance Tests

Performance degradation:

9 performance degradations
  • debian-13-xfce_exec: 8.42 🔻 ( previous job: 7.30, degradation: 115.27%)
  • whonix-workstation-18_exec-data-duplex: 68.19 🔻 ( previous job: 59.45, degradation: 114.69%)
  • dom0_root_seq1m_q8t1_read 3:read_bandwidth_kb: 387786.00 🔻 ( previous job: 485002.00, degradation: 79.96%)
  • dom0_root_seq1m_q8t1_write 3:write_bandwidth_kb: 141521.00 🔻 ( previous job: 217546.00, degradation: 65.05%)
  • dom0_varlibqubes_rnd4k_q32t1_write 3:write_bandwidth_kb: 6866.00 🔻 ( previous job: 8434.00, degradation: 81.41%)
  • fedora-42-xfce_root_seq1m_q8t1_read 3:read_bandwidth_kb: 334901.00 🔻 ( previous job: 429744.00, degradation: 77.93%)
  • fedora-42-xfce_volatile_rnd4k_q32t1_read 3:read_bandwidth_kb: 63128.00 🔻 ( previous job: 95629.00, degradation: 66.01%)
  • fedora-42-xfce_volatile_rnd4k_q32t1_write 3:write_bandwidth_kb: 3350.00 🔻 ( previous job: 4272.00, degradation: 78.42%)
  • whonix-workstation-18_dom0-vm-api (mean:0.056): 0.68 🔻 ( previous job: 0.58, degradation: 117.36%)

Remaining performance tests:

102 tests
  • debian-13-xfce_exec-root: 25.81 🟢 ( previous job: 26.58, improvement: 97.11%)
  • debian-13-xfce_socket: 8.68 🔻 ( previous job: 8.02, degradation: 108.23%)
  • debian-13-xfce_socket-root: 8.73 🔻 ( previous job: 8.38, degradation: 104.15%)
  • debian-13-xfce_exec-data-simplex: 58.89 🟢 ( previous job: 66.06, improvement: 89.14%)
  • debian-13-xfce_exec-data-duplex: 64.59 🔻 ( previous job: 61.22, degradation: 105.50%)
  • debian-13-xfce_exec-data-duplex-root: 75.57 🔻 ( previous job: 72.95, degradation: 103.59%)
  • debian-13-xfce_socket-data-duplex: 83.48 🟢 ( previous job: 86.03, improvement: 97.03%)
  • fedora-42-xfce_exec: 8.98 🟢 ( previous job: 9.09, improvement: 98.73%)
  • fedora-42-xfce_exec-root: 58.94 🔻 ( previous job: 58.88, degradation: 100.10%)
  • fedora-42-xfce_socket: 8.83 🔻 ( previous job: 8.48, degradation: 104.10%)
  • fedora-42-xfce_socket-root: 8.20 🟢 ( previous job: 8.67, improvement: 94.60%)
  • fedora-42-xfce_exec-data-simplex: 61.89 🔻 ( previous job: 61.42, degradation: 100.76%)
  • fedora-42-xfce_exec-data-duplex: 58.12 🟢 ( previous job: 65.12, improvement: 89.26%)
  • fedora-42-xfce_exec-data-duplex-root: 84.34 🟢 ( previous job: 85.37, improvement: 98.80%)
  • fedora-42-xfce_socket-data-duplex: 82.09 🟢 ( previous job: 84.37, improvement: 97.30%)
  • whonix-gateway-18_exec: 7.88 🔻 ( previous job: 7.69, degradation: 102.46%)
  • whonix-gateway-18_exec-root: 126.37 🟢 ( previous job: 132.16, improvement: 95.62%)
  • whonix-gateway-18_socket: 7.52 🟢 ( previous job: 8.05, improvement: 93.42%)
  • whonix-gateway-18_socket-root: 7.73 🔻 ( previous job: 7.16, degradation: 108.03%)
  • whonix-gateway-18_exec-data-simplex: 69.26 🔻 ( previous job: 64.40, degradation: 107.53%)
  • whonix-gateway-18_exec-data-duplex: 63.16 🟢 ( previous job: 63.65, improvement: 99.25%)
  • whonix-gateway-18_exec-data-duplex-root: 127.07 🔻 ( previous job: 123.30, degradation: 103.05%)
  • whonix-gateway-18_socket-data-duplex: 101.98 🟢 ( previous job: 113.72, improvement: 89.68%)
  • whonix-workstation-18_exec: 8.67 🔻 ( previous job: 8.20, degradation: 105.77%)
  • whonix-workstation-18_exec-root: 138.34 🟢 ( previous job: 138.84, improvement: 99.64%)
  • whonix-workstation-18_socket: 7.82 🟢 ( previous job: 8.19, improvement: 95.40%)
  • whonix-workstation-18_socket-root: 8.45 🟢 ( previous job: 8.92, improvement: 94.76%)
  • whonix-workstation-18_exec-data-simplex: 66.09 🔻 ( previous job: 63.54, degradation: 104.02%)
  • whonix-workstation-18_exec-data-duplex-root: 128.52 🟢 ( previous job: 139.63, improvement: 92.05%)
  • whonix-workstation-18_socket-data-duplex: 81.78 🔻 ( previous job: 80.77, degradation: 101.25%)
  • dom0_root_seq1m_q1t1_read 3:read_bandwidth_kb: 378547.00 🟢 ( previous job: 70705.00, improvement: 535.39%)
  • dom0_root_seq1m_q1t1_write 3:write_bandwidth_kb: 188357.00 🟢 ( previous job: 42537.00, improvement: 442.81%)
  • dom0_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 17658.00 🟢 ( previous job: 12342.00, improvement: 143.07%)
  • dom0_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 7191.00 🟢 ( previous job: 3011.00, improvement: 238.82%)
  • dom0_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 4778.00 🟢 ( previous job: 1182.00, improvement: 404.23%)
  • dom0_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 1043.00 🟢 ( previous job: 793.00, improvement: 131.53%)
  • dom0_varlibqubes_seq1m_q8t1_read 3:read_bandwidth_kb: 406267.00 🟢 ( previous job: 233483.00, improvement: 174.00%)
  • dom0_varlibqubes_seq1m_q8t1_write 3:write_bandwidth_kb: 266136.00 🟢 ( previous job: 34913.00, improvement: 762.28%)
  • dom0_varlibqubes_seq1m_q1t1_read 3:read_bandwidth_kb: 443372.00 🟢 ( previous job: 370521.00, improvement: 119.66%)
  • dom0_varlibqubes_seq1m_q1t1_write 3:write_bandwidth_kb: 153886.00 🔻 ( previous job: 154458.00, degradation: 99.63%)
  • dom0_varlibqubes_rnd4k_q32t1_read 3:read_bandwidth_kb: 102172.00 🟢 ( previous job: 27602.00, improvement: 370.16%)
  • dom0_varlibqubes_rnd4k_q1t1_read 3:read_bandwidth_kb: 7438.00 🟢 ( previous job: 7112.00, improvement: 104.58%)
  • dom0_varlibqubes_rnd4k_q1t1_write 3:write_bandwidth_kb: 4823.00 🟢 ( previous job: 4565.00, improvement: 105.65%)
  • fedora-42-xfce_root_seq1m_q8t1_write 3:write_bandwidth_kb: 117657.00 🟢 ( previous job: 82944.00, improvement: 141.85%)
  • fedora-42-xfce_root_seq1m_q1t1_read 3:read_bandwidth_kb: 330364.00 🔻 ( previous job: 337488.00, degradation: 97.89%)
  • fedora-42-xfce_root_seq1m_q1t1_write 3:write_bandwidth_kb: 74033.00 🟢 ( previous job: 28744.00, improvement: 257.56%)
  • fedora-42-xfce_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 92838.00 🟢 ( previous job: 82654.00, improvement: 112.32%)
  • fedora-42-xfce_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 3238.00 🟢 ( previous job: 1799.00, improvement: 179.99%)
  • fedora-42-xfce_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 8223.00 🔻 ( previous job: 8983.00, degradation: 91.54%)
  • fedora-42-xfce_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 791.00 🔻 ( previous job: 808.00, degradation: 97.90%)
  • fedora-42-xfce_private_seq1m_q8t1_read 3:read_bandwidth_kb: 386500.00 🔻 ( previous job: 386785.00, degradation: 99.93%)
  • fedora-42-xfce_private_seq1m_q8t1_write 3:write_bandwidth_kb: 121474.00 🟢 ( previous job: 120146.00, improvement: 101.11%)
  • fedora-42-xfce_private_seq1m_q1t1_read 3:read_bandwidth_kb: 368568.00 🟢 ( previous job: 344699.00, improvement: 106.92%)
  • fedora-42-xfce_private_seq1m_q1t1_write 3:write_bandwidth_kb: 86610.00 🟢 ( previous job: 73186.00, improvement: 118.34%)
  • fedora-42-xfce_private_rnd4k_q32t1_read 3:read_bandwidth_kb: 87213.00 🟢 ( previous job: 85237.00, improvement: 102.32%)
  • fedora-42-xfce_private_rnd4k_q32t1_write 3:write_bandwidth_kb: 3145.00 🟢 ( previous job: 2529.00, improvement: 124.36%)
  • fedora-42-xfce_private_rnd4k_q1t1_read 3:read_bandwidth_kb: 9314.00 🟢 ( previous job: 8072.00, improvement: 115.39%)
  • fedora-42-xfce_private_rnd4k_q1t1_write 3:write_bandwidth_kb: 1087.00 🔻 ( previous job: 1142.00, degradation: 95.18%)
  • fedora-42-xfce_volatile_seq1m_q8t1_read 3:read_bandwidth_kb: 368697.00 🔻 ( previous job: 378820.00, degradation: 97.33%)
  • fedora-42-xfce_volatile_seq1m_q8t1_write 3:write_bandwidth_kb: 106392.00 🟢 ( previous job: 98064.00, improvement: 108.49%)
  • fedora-42-xfce_volatile_seq1m_q1t1_read 3:read_bandwidth_kb: 320567.00 🔻 ( previous job: 339454.00, degradation: 94.44%)
  • fedora-42-xfce_volatile_seq1m_q1t1_write 3:write_bandwidth_kb: 28824.00 🟢 ( previous job: 28807.00, improvement: 100.06%)
  • fedora-42-xfce_volatile_rnd4k_q1t1_read 3:read_bandwidth_kb: 8687.00 🟢 ( previous job: 8294.00, improvement: 104.74%)
  • fedora-42-xfce_volatile_rnd4k_q1t1_write 3:write_bandwidth_kb: 1827.00 🟢 ( previous job: 1434.00, improvement: 127.41%)
  • debian-13-xfce_dom0-dispvm-api (mean:6.081): 72.97 🟢 ( previous job: 81.47, improvement: 89.57%)
  • debian-13-xfce_dom0-dispvm-gui-api (mean:7.694): 92.33 🟢 ( previous job: 92.38, improvement: 99.94%)
  • debian-13-xfce_dom0-dispvm-preload-2-api (mean:3.158): 37.89 🟢 ( previous job: 48.28, improvement: 78.49%)
  • debian-13-xfce_dom0-dispvm-preload-2-delay-0-api (mean:2.845): 34.13 🟢 ( previous job: 44.34, improvement: 76.98%)
  • debian-13-xfce_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:3.242): 38.90 🟢 ( previous job: 54.23, improvement: 71.73%)
  • debian-13-xfce_dom0-dispvm-preload-4-api (mean:2.17): 26.04 🟢 ( previous job: 40.37, improvement: 64.49%)
  • debian-13-xfce_dom0-dispvm-preload-4-delay-0-api (mean:2.578): 30.94 🟢 ( previous job: 44.04, improvement: 70.26%)
  • debian-13-xfce_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:2.333): 27.99 🟢 ( previous job: 45.36, improvement: 61.71%)
  • debian-13-xfce_dom0-dispvm-preload-2-gui-api (mean:4.287): 51.45 🟢 ( previous job: 58.18, improvement: 88.43%)
  • debian-13-xfce_dom0-dispvm-preload-4-gui-api (mean:3.761): 45.13 🔻 ( previous job: 43.54, degradation: 103.66%)
  • debian-13-xfce_dom0-dispvm-preload-6-gui-api (mean:3.522): 42.26 🟢 ( previous job: 47.37, improvement: 89.20%)
  • debian-13-xfce_dom0-vm-api (mean:0.039): 0.47 🔻 ( previous job: 0.46, degradation: 102.40%)
  • debian-13-xfce_dom0-vm-gui-api (mean:0.042): 0.50 🟢 ( previous job: 0.51, improvement: 98.81%)
  • fedora-42-xfce_dom0-dispvm-api (mean:6.404): 76.85 🟢 ( previous job: 86.95, improvement: 88.38%)
  • fedora-42-xfce_dom0-dispvm-gui-api (mean:8.383): 100.59 🟢 ( previous job: 101.79, improvement: 98.82%)
  • fedora-42-xfce_dom0-dispvm-preload-2-api (mean:3.431): 41.17 🟢 ( previous job: 51.93, improvement: 79.29%)
  • fedora-42-xfce_dom0-dispvm-preload-2-delay-0-api (mean:3.168): 38.02 🟢 ( previous job: 48.70, improvement: 78.06%)
  • fedora-42-xfce_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:3.518): 42.21 🟢 ( previous job: 57.38, improvement: 73.57%)
  • fedora-42-xfce_dom0-dispvm-preload-4-api (mean:2.499): 29.99 🟢 ( previous job: 43.56, improvement: 68.85%)
  • fedora-42-xfce_dom0-dispvm-preload-4-delay-0-api (mean:2.927): 35.13 🟢 ( previous job: 43.43, improvement: 80.89%)
  • fedora-42-xfce_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:2.77): 33.24 🟢 ( previous job: 47.15, improvement: 70.50%)
  • fedora-42-xfce_dom0-dispvm-preload-2-gui-api (mean:5.129): 61.55 🟢 ( previous job: 62.91, improvement: 97.85%)
  • fedora-42-xfce_dom0-dispvm-preload-4-gui-api (mean:3.996): 47.95 🟢 ( previous job: 51.39, improvement: 93.30%)
  • fedora-42-xfce_dom0-dispvm-preload-6-gui-api (mean:3.563): 42.76 🟢 ( previous job: 44.96, improvement: 95.10%)
  • fedora-42-xfce_dom0-vm-api (mean:0.036): 0.44 🔻 ( previous job: 0.43, degradation: 101.16%)
  • fedora-42-xfce_dom0-vm-gui-api (mean:0.034): 0.41 🟢 ( previous job: 0.46, improvement: 89.06%)
  • whonix-workstation-18_dom0-dispvm-api (mean:8.093): 97.11 🟢 ( previous job: 114.77, improvement: 84.61%)
  • whonix-workstation-18_dom0-dispvm-gui-api (mean:10.242): 122.91 🟢 ( previous job: 127.27, improvement: 96.57%)
  • whonix-workstation-18_dom0-dispvm-preload-2-api (mean:4.193): 50.31 🟢 ( previous job: 70.96, improvement: 70.90%)
  • whonix-workstation-18_dom0-dispvm-preload-2-delay-0-api (mean:3.951): 47.41 🟢 ( previous job: 65.29, improvement: 72.61%)
  • whonix-workstation-18_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:4.936): 59.23 🟢 ( previous job: 74.32, improvement: 79.69%)
  • whonix-workstation-18_dom0-dispvm-preload-4-api (mean:3.172): 38.07 🟢 ( previous job: 57.74, improvement: 65.92%)
  • whonix-workstation-18_dom0-dispvm-preload-4-delay-0-api (mean:3.458): 41.49 🟢 ( previous job: 65.76, improvement: 63.10%)
  • whonix-workstation-18_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:3.614): 43.37 🟢 ( previous job: 59.80, improvement: 72.53%)
  • whonix-workstation-18_dom0-dispvm-preload-2-gui-api (mean:5.651): 67.81 🟢 ( previous job: 78.19, improvement: 86.73%)
  • whonix-workstation-18_dom0-dispvm-preload-4-gui-api (mean:4.517): 54.20 🟢 ( previous job: 65.73, improvement: 82.46%)
  • whonix-workstation-18_dom0-dispvm-preload-6-gui-api (mean:4.003): 48.04 🟢 ( previous job: 61.35, improvement: 78.31%)
  • whonix-workstation-18_dom0-vm-gui-api (mean:0.041): 0.50 🟢 ( previous job: 0.62, improvement: 79.61%)

This was referenced Apr 7, 2026
Merged
Open
Merged
Draft
Merged
Merged
Merged
Draft
Merged
Open
Open
Closed
Open
Open
Merged
Merged
Merged
Merged
Merged
Merged
Open
Merged
Merged
@ArrayBolt3
Add property-set:template handler, refactor to reduce redundancy
b69a94d 
Now when a user sets an AppVM to be based on a Kicksecure
template, it will automatically be tagged appropriately.

Fixes: QubesOS/qubes-issues#10645
@ArrayBolt3 ArrayBolt3 force-pushed the arraybolt3/property-set-template branch from 94974e6 to b69a94d Compare April 8, 2026 21:56
@qubesos-bot qubesos-bot mentioned this pull request Apr 11, 2026
Open
@marmarek
Copy link
Copy Markdown
Member

marmarek commented Apr 12, 2026

At least if the old one was kicksecure (to at least partially try to not remove tag added by the user manually)

What do you think about this part? Do you think user should be allowed to add those tags to non-whonix-based qubes? Right now, if they do, and then change the template (for example switch from fedora-42 to fedora-43), the tags will be removed.

If you think tags shouldn't be removed in such situation, take a look at the oldvalue event argument - should give enough info to handle this case (but remember it's optional - for example it won't be there when initially creating the qube and setting its template).

@ArrayBolt3
Copy link
Copy Markdown
Contributor Author

ArrayBolt3 commented Apr 12, 2026

@marmarek That's a good question, I missed that bit when looking at this. I guess it's not impossible that someone would use sdwdate and sdwdate-gui on Fedora or another non-Kicksecure platform, but given that both of them depend on both helper-scripts and privleap, it's somewhat unlikely. I don't think there's any meaningful attack surface here though (the protocol is intentionally very simple), so it won't necessarily hurt anything to keep the tags around.

@adrelanos What do you think?

@adrelanos
Copy link
Copy Markdown
Member

adrelanos commented Apr 16, 2026

Best to keep things simple and non-Kicksecure / non-Whonix Templates unsupported.

@marmarek marmarek merged commit 3bb827c into QubesOS:main Apr 17, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marmarek marmarek marmarek approved these changes

Assignees

No one assigned

Labels

openqa-pending Include PR in the next openQA run

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ArrayBolt3 @marmarek @qubesos-bot @adrelanos