replace `random` with `secrets` by tabs-are-better-than-spaces · Pull Request #800 · QubesOS/qubes-core-admin

tabs-are-better-than-spaces · 2026-04-09T20:34:12Z

This PR replaces the random module that uses an algorithm that is not a suitable CSPRNG (https://docs.python.org/3/library/random.html) with pythons secrets module.

The function random_string is called by the qubes admin api that generates a token

qubes-core-admin/qubes/api/admin.py

Line 470 in 2488f2b

token = qubes.utils.random_string(32)

where i am not sure if it is supposed to be secret.

The change in zfs.py does not seem to have any security impact, but to prevent calling it in the future to generate values that are supposed to be secret i changed it along.

codecov · 2026-04-09T20:46:54Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.12%. Comparing base (2488f2b) to head (32d585a).
⚠️ Report is 11 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #800   +/-   ##
=======================================
  Coverage   70.12%   70.12%           
=======================================
  Files          61       61           
  Lines       14001    14001           
=======================================
  Hits         9818     9818           
  Misses       4183     4183

Flag	Coverage Δ
unittests	`70.12% <100.00%> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

ben-grande · 2026-04-14T02:06:09Z

The usage in the example you showed is indeed not something that has to be secret, it is more intended to be matched later. Anyway, I don't think it would hurt to improve it a bit, since there is this warning on the "random" page you shared:

Warning

The pseudo-random generators of this module should not be used for security purposes. For security or cryptographic uses, see the secrets module.

And we don't know if future use wouldn't fall into using the random_string() for secrets.

qubesos-bot · 2026-04-23T01:58:40Z

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2026042316-4.3&flavor=pull-requests

Test run included the following:

Split monolithic module into several collection modules qubes-ansible#34 (QubesOS/qubes-ansible@6dee747)
Add Arch packaging qubes-core-admin-client#332 (QubesOS/qubes-core-admin-client@71b1e21)
version 4.3.999 qubes-core-admin-client#454 (QubesOS/qubes-core-admin-client@fa35e91)
tools/qvm-run: use prefix_data feature instead of copy_stdin subprocess qubes-core-admin-client#468 (QubesOS/qubes-core-admin-client@e1df23c)
vmupdate: wait for full VM shutdown before next queued update qubes-core-admin-linux#208 (QubesOS/qubes-core-admin-linux@4e03608)
tests: log more info on failure #736 (a3fc21c)
Wait for user session for preloaded disposables #757 (8376986)
DONOTMERGE - Enable qmemman debug log #783 (d986e13)
admin: validate feature name in vm_feature_remove #790 (c2201b7)
Close qmemman client with correct handler #796 (3930269)
replace random with secrets #800 (32d585a)
tests: Add an environment sync test to TC_20_NonAudio #804 (531cd25)
tests: use dom0's version for installing templates via mgmtvm #806 (63fd75c)
dom0-update: In download mode, only send specifically requested packages to dom0 qubes-core-agent-linux#638 (QubesOS/qubes-core-agent-linux@62bfccd)
Fix for #10797: qvm-open-in-vm should now work in KDE-based cubes qubes-core-agent-linux#642 (QubesOS/qubes-core-agent-linux@394e973)
Support --prefix-data in qrexec-client too qubes-core-qrexec#230 (QubesOS/qubes-core-qrexec@29911b9)
Add disk2 status and update volume retrieval method qubes-desktop-linux-i3-settings-qubes#23 (QubesOS/qubes-desktop-linux-i3-settings-qubes@8b3f6d3)
Sync environment variables from the user session into systemd and dbus qubes-gui-agent-linux#257 (QubesOS/qubes-gui-agent-linux@1c46abb)
Switch template for sys-gui/sys-audio to Fedora 43 qubes-mgmt-salt-dom0-virtual-machines#93 (QubesOS/qubes-mgmt-salt-dom0-virtual-machines@e0a858b)

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2026032404-devel&flavor=update

system_tests_whonix
- whonixcheck: wait_serial (wait serial expected)
  # wait_serial expected: qr/ki5k_-\d+-/...
system_tests_basic_vm_qrexec_gui
- TC_20_NonAudio_debian-13-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_pvgrub_salt_storage
- TC_41_HVMGrub_debian-13-xfce: test_001_standalone_vm_dracut (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_41_HVMGrub_fedora-43-xfce: test_000_standalone_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_41_HVMGrub_fedora-43-xfce: test_010_template_based_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_usbproxy
- TC_20_USBProxy_core3_debian-13-xfce: test_090_attach_stubdom (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_basic_vm_qrexec_gui_zfs
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_audio@hw1
- TC_20_AudioVM_PipeWire_debian-13-xfce: test_260_audio_mic_enabled_switch_audiovm (failure)
  AssertionError: Failed to get mic attach/detach status!
system_tests_qwt_win10@hw13
- windows_clipboard_and_filecopy: unnamed test (unknown)
- windows_clipboard_and_filecopy: Failed (test died)
  # Test died: no candidate needle with tag(s) 'personal-text-editor'...
system_tests_qwt_win11@hw13
- windows_clipboard_and_filecopy: unnamed test (unknown)
- windows_clipboard_and_filecopy: Failed (test died)
  # Test died: no candidate needle with tag(s) 'windows-Explorer-empt...
system_tests_guivm_gpu_gui_interactive@hw13
- shutdown: unnamed test (unknown)
- shutdown: Failed (test died)
  # Test died: no candidate needle with tag(s) 'text-logged-in-root' ...
system_tests_whonix@hw1
- whonixcheck: fail (unknown)
  Whonixcheck for sys-whonix failed...
- whonixcheck: Failed (test died)
  # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
system_tests_basic_vm_qrexec_gui_btrfs
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_basic_vm_qrexec_gui_ext4
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_basic_vm_qrexec_gui_xfs
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_basic_vm_qrexec_gui@hw7
- TC_20_NonAudio_debian-13-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...

Failed tests

43 failures

system_tests_whonix
- whonixcheck: fail (unknown)
  Whonixcheck for sys-whonix failed...
- whonixcheck: Failed (test died)
  # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
- whonixcheck: wait_serial (wait serial expected)
  # wait_serial expected: qr/ki5k_-\d+-/...
system_tests_basic_vm_qrexec_gui
- TC_20_NonAudio_debian-13-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_pvgrub_salt_storage
- TC_41_HVMGrub_debian-13-xfce: test_001_standalone_vm_dracut (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_41_HVMGrub_debian-13-xfce: test_010_template_based_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_41_HVMGrub_debian-13-xfce: test_011_template_based_vm_dracut (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_41_HVMGrub_fedora-43-xfce: test_000_standalone_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_41_HVMGrub_fedora-43-xfce: test_010_template_based_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_usbproxy
- TC_20_USBProxy_core3_debian-13-xfce: test_090_attach_stubdom (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_basic_vm_qrexec_gui_zfs
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_audio@hw1
- TC_20_AudioVM_PipeWire_debian-13-xfce: test_260_audio_mic_enabled_switch_audiovm (failure)
  AssertionError: Failed to get mic attach/detach status!
system_tests_qwt_win10@hw13
- windows_clipboard_and_filecopy: unnamed test (unknown)
- windows_clipboard_and_filecopy: Failed (test died)
  # Test died: no candidate needle with tag(s) 'personal-text-editor'...
system_tests_qwt_win10_seamless@hw13
- windows_install: Failed (test died)
  # Test died: Install failed with code 1 at qubesos/tests/windows_in...
system_tests_qwt_win11@hw13
- windows_clipboard_and_filecopy: unnamed test (unknown)
- windows_clipboard_and_filecopy: Failed (test died)
  # Test died: no candidate needle with tag(s) 'windows-Explorer-empt...
system_tests_guivm_gpu_gui_interactive@hw13
- shutdown: unnamed test (unknown)
- shutdown: Failed (test died)
  # Test died: no candidate needle with tag(s) 'text-logged-in-root' ...
system_tests_whonix@hw1
- whonixcheck: fail (unknown)
  Whonixcheck for sys-whonix failed...
- whonixcheck: Failed (test died)
  # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
system_tests_basic_vm_qrexec_gui_btrfs
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_basic_vm_qrexec_gui_ext4
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_basic_vm_qrexec_gui_xfs
- TC_20_NonAudio_debian-13-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18-pool: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
system_tests_basic_vm_qrexec_gui@hw7
- TC_20_NonAudio_debian-13-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_fedora-43-xfce: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-gateway-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...
- TC_20_NonAudio_whonix-workstation-18: test_500_gui_agent_env_sync (failure)
  AssertionError: unexpected QUBES_ENV_TEST value from session, got '...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/170766#dependencies

32 fixed

system_tests_network
- system_tests: Fail (unknown)
  Tests qubes.tests.integ.network failed (exit code 1), details repor...
- system_tests: Failed (test died)
  # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
- VmNetworking_debian-13-xfce: test_203_fake_ip_inter_vm_allow (failure)
  ^... AssertionError: 1 != 0
system_tests_pvgrub_salt_storage
- TC_41_HVMGrub_fedora-42-xfce: test_000_standalone_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
- TC_41_HVMGrub_fedora-42-xfce: test_010_template_based_vm (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_extra
- system_tests: Fail (unknown)
  Tests qubes.tests.extra failed (exit code 1), details reported sepa...
- system_tests: Failed (test died)
  # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
- TC_01_InputProxyExclude_debian-13-xfce: test_000_qemu_tablet (error)
  qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_gui_interactive
- collect_logs: wait_serial (wait serial expected)
  # wait_serial expected: qr/Dhelp-\d+-/...
- collect_logs: Failed (test died + timed out)
  # Test died: command 'curl --form upload=@journalctl.log --form upn...
system_tests_network_ipv6
- system_tests: Fail (unknown)
  Tests qubes.tests.integ.network_ipv6 failed (exit code 1), details ...
- system_tests: Failed (test died)
  # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
- VmIPv6Networking_fedora-42-xfce: test_113_reattach_after_provider_kill (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 1 != 0
system_tests_network_updates
- system_tests: Fail (unknown)
  Tests qubes.tests.integ.dom0_update failed (exit code 1), details r...
- system_tests: Failed (test died)
  # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
- TC_00_Dom0Upgrade_whonix-gateway-18: test_020_install_wrong_sign (error)
  subprocess.CalledProcessError: Command 'timeout=120; while ! tor-ci...
- TC_11_QvmTemplateMgmtVM_debian-13-xfce: test_000_template_list (failure)
  qvm-template: error: No matching templates to list
- TC_11_QvmTemplateMgmtVM_debian-13-xfce: test_010_template_install (failure)
  qvm-template: error: Template 'debian-12-minimal' not found.
- TC_11_QvmTemplateMgmtVM_fedora-42-xfce: test_000_template_list (failure)
  qvm-template: error: No matching templates to list
- TC_11_QvmTemplateMgmtVM_fedora-42-xfce: test_010_template_install (failure)
  qvm-template: error: Template 'debian-12-minimal' not found.
- TC_11_QvmTemplateMgmtVM_whonix-gateway-18: test_000_template_list (failure)
  qvm-template: error: No matching templates to list
- TC_11_QvmTemplateMgmtVM_whonix-gateway-18: test_010_template_install (failure)
  qvm-template: error: Template 'debian-12-minimal' not found.
system_tests_kde_gui_interactive
- collect_logs: wait_serial (wait serial expected)
  # wait_serial expected: qr/bMse8-\d+-/...
- collect_logs: Failed (test died + timed out)
  # Test died: command 'curl --form upload=@journalctl.log --form upn...
system_tests_guivm_vnc_gui_interactive
- collect_logs: wait_serial (wait serial expected)
  # wait_serial expected: qr/C_fDy-\d+-/...
- collect_logs: Failed (test died + timed out)
  # Test died: command 'curl --form upload=@journalctl.log --form upn...
system_tests_audio
- system_tests: Fail (unknown)
  Tests qubes.tests.integ.audio failed (exit code 1), details reporte...
- system_tests: Failed (test died)
  # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
- TC_20_AudioVM_Pulse_whonix-workstation-18: test_225_audio_rec_unmuted_hvm (failure)
  AssertionError: too short audio, expected 10s, got 7.59433106575963...
- TC_20_AudioVM_PipeWire_debian-13-xfce: test_251_audio_playback_audiovm_pipewire_late_start (failure)
  AssertionError: pacat for test-inst-vm1 (xid 48) running(False) in ...
system_tests_qwt_win10@hw13
- windows_install: Failed (test died)
  # Test died: Install failed with code 1 at qubesos/tests/windows_in...
system_tests_qwt_win11@hw13
- windows_install: Failed (test died)
  # Test died: Install failed with code 1 at qubesos/tests/windows_in...

Unstable tests

Details

system_tests_guivm_vnc_gui_interactive
collect_logs/Failed (1/5 times with errors)
- job 172242 # Test died: command 'curl --form upload=@journalctl.log --form upn...
collect_logs/wait_serial (1/5 times with errors)
- job 172242 # wait_serial expected: qr/73DgV-\d+-/...
collect_logs/wait_serial (1/5 times with errors)
- job 172242 # wait_serial expected: qr/uOleL-\d+-/...
system_tests_guivm_gui_interactive
collect_logs/Failed (1/5 times with errors)
- job 172256 # Test died: command 'curl --form upload=@journalctl.log --form upn...
collect_logs/wait_serial (1/5 times with errors)
- job 172256 # wait_serial expected: qr/v3Six-\d+-/...
collect_logs/wait_serial (1/5 times with errors)
- job 172256 # wait_serial expected: qr/6OJPL-\d+-/...

Performance Tests

Performance degradation:

11 performance degradations

debian-13-xfce_exec: 8.47 🔻 ( previous job: 7.30, degradation: 116.01%)
debian-13-xfce_socket: 8.86 🔻 ( previous job: 8.02, degradation: 110.39%)
whonix-workstation-18_exec-data-duplex: 66.09 🔻 ( previous job: 59.45, degradation: 111.16%)
whonix-workstation-18_socket-data-duplex: 98.97 🔻 ( previous job: 80.77, degradation: 122.53%)
dom0_root_seq1m_q8t1_read 3:read_bandwidth_kb: 199809.00 🔻 ( previous job: 485002.00, degradation: 41.20%)
dom0_root_seq1m_q8t1_write 3:write_bandwidth_kb: 142294.00 🔻 ( previous job: 217546.00, degradation: 65.41%)
dom0_root_seq1m_q1t1_read 3:read_bandwidth_kb: 60295.00 🔻 ( previous job: 70705.00, degradation: 85.28%)
dom0_root_seq1m_q1t1_write 3:write_bandwidth_kb: 21157.00 🔻 ( previous job: 42537.00, degradation: 49.74%)
dom0_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 804.00 🔻 ( previous job: 3011.00, degradation: 26.70%)
dom0_varlibqubes_seq1m_q8t1_read 3:read_bandwidth_kb: 47892.00 🔻 ( previous job: 233483.00, degradation: 20.51%)
dom0_varlibqubes_rnd4k_q32t1_write 3:write_bandwidth_kb: 7065.00 🔻 ( previous job: 8434.00, degradation: 83.77%)

Remaining performance tests:

100 tests

debian-13-xfce_exec-root: 26.82 🔻 ( previous job: 26.58, degradation: 100.92%)
debian-13-xfce_socket-root: 8.38 🟢 ( previous job: 8.38, improvement: 99.99%)
debian-13-xfce_exec-data-simplex: 64.97 🟢 ( previous job: 66.06, improvement: 98.35%)
debian-13-xfce_exec-data-duplex: 58.47 🟢 ( previous job: 61.22, improvement: 95.51%)
debian-13-xfce_exec-data-duplex-root: 73.46 🔻 ( previous job: 72.95, degradation: 100.69%)
debian-13-xfce_socket-data-duplex: 94.35 🔻 ( previous job: 86.03, degradation: 109.67%)
fedora-43-xfce_exec: 9.21
fedora-43-xfce_exec-root: 71.47
fedora-43-xfce_socket: 7.60
fedora-43-xfce_socket-root: 7.36
fedora-43-xfce_exec-data-simplex: 58.04
fedora-43-xfce_exec-data-duplex: 55.71
fedora-43-xfce_exec-data-duplex-root: 97.24
fedora-43-xfce_socket-data-duplex: 76.22
whonix-gateway-18_exec: 7.19 🟢 ( previous job: 7.69, improvement: 93.48%)
whonix-gateway-18_exec-root: 126.65 🟢 ( previous job: 132.16, improvement: 95.83%)
whonix-gateway-18_socket: 7.52 🟢 ( previous job: 8.05, improvement: 93.41%)
whonix-gateway-18_socket-root: 7.73 🔻 ( previous job: 7.16, degradation: 108.01%)
whonix-gateway-18_exec-data-simplex: 65.27 🔻 ( previous job: 64.40, degradation: 101.35%)
whonix-gateway-18_exec-data-duplex: 66.48 🔻 ( previous job: 63.65, degradation: 104.45%)
whonix-gateway-18_exec-data-duplex-root: 121.23 🟢 ( previous job: 123.30, improvement: 98.32%)
whonix-gateway-18_socket-data-duplex: 96.67 🟢 ( previous job: 113.72, improvement: 85.01%)
whonix-workstation-18_exec: 8.50 🔻 ( previous job: 8.20, degradation: 103.62%)
whonix-workstation-18_exec-root: 144.76 🔻 ( previous job: 138.84, degradation: 104.26%)
whonix-workstation-18_socket: 8.71 🔻 ( previous job: 8.19, degradation: 106.28%)
whonix-workstation-18_socket-root: 8.45 🟢 ( previous job: 8.92, improvement: 94.68%)
whonix-workstation-18_exec-data-simplex: 69.29 🔻 ( previous job: 63.54, degradation: 109.05%)
whonix-workstation-18_exec-data-duplex-root: 129.93 🟢 ( previous job: 139.63, improvement: 93.06%)
dom0_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 13813.00 🟢 ( previous job: 12342.00, improvement: 111.92%)
dom0_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 11996.00 🟢 ( previous job: 1182.00, improvement: 1014.89%)
dom0_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 1168.00 🟢 ( previous job: 793.00, improvement: 147.29%)
dom0_varlibqubes_seq1m_q8t1_write 3:write_bandwidth_kb: 68674.00 🟢 ( previous job: 34913.00, improvement: 196.70%)
dom0_varlibqubes_seq1m_q1t1_read 3:read_bandwidth_kb: 432224.00 🟢 ( previous job: 370521.00, improvement: 116.65%)
dom0_varlibqubes_seq1m_q1t1_write 3:write_bandwidth_kb: 177446.00 🟢 ( previous job: 154458.00, improvement: 114.88%)
dom0_varlibqubes_rnd4k_q32t1_read 3:read_bandwidth_kb: 101747.00 🟢 ( previous job: 27602.00, improvement: 368.62%)
dom0_varlibqubes_rnd4k_q1t1_read 3:read_bandwidth_kb: 7921.00 🟢 ( previous job: 7112.00, improvement: 111.38%)
dom0_varlibqubes_rnd4k_q1t1_write 3:write_bandwidth_kb: 4294.00 🔻 ( previous job: 4565.00, degradation: 94.06%)
fedora-43-xfce_root_seq1m_q8t1_read 3:read_bandwidth_kb: 303583.00
fedora-43-xfce_root_seq1m_q8t1_write 3:write_bandwidth_kb: 204312.00
fedora-43-xfce_root_seq1m_q1t1_read 3:read_bandwidth_kb: 327270.00
fedora-43-xfce_root_seq1m_q1t1_write 3:write_bandwidth_kb: 63260.00
fedora-43-xfce_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 88132.00
fedora-43-xfce_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 2164.00
fedora-43-xfce_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 8169.00
fedora-43-xfce_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 669.00
fedora-43-xfce_private_seq1m_q8t1_read 3:read_bandwidth_kb: 413639.00
fedora-43-xfce_private_seq1m_q8t1_write 3:write_bandwidth_kb: 143003.00
fedora-43-xfce_private_seq1m_q1t1_read 3:read_bandwidth_kb: 281496.00
fedora-43-xfce_private_seq1m_q1t1_write 3:write_bandwidth_kb: 111597.00
fedora-43-xfce_private_rnd4k_q32t1_read 3:read_bandwidth_kb: 71132.00
fedora-43-xfce_private_rnd4k_q32t1_write 3:write_bandwidth_kb: 1578.00
fedora-43-xfce_private_rnd4k_q1t1_read 3:read_bandwidth_kb: 8409.00
fedora-43-xfce_private_rnd4k_q1t1_write 3:write_bandwidth_kb: 518.00
fedora-43-xfce_volatile_seq1m_q8t1_read 3:read_bandwidth_kb: 381161.00
fedora-43-xfce_volatile_seq1m_q8t1_write 3:write_bandwidth_kb: 74443.00
fedora-43-xfce_volatile_seq1m_q1t1_read 3:read_bandwidth_kb: 349176.00
fedora-43-xfce_volatile_seq1m_q1t1_write 3:write_bandwidth_kb: 86304.00
fedora-43-xfce_volatile_rnd4k_q32t1_read 3:read_bandwidth_kb: 72969.00
fedora-43-xfce_volatile_rnd4k_q32t1_write 3:write_bandwidth_kb: 1584.00
fedora-43-xfce_volatile_rnd4k_q1t1_read 3:read_bandwidth_kb: 8272.00
fedora-43-xfce_volatile_rnd4k_q1t1_write 3:write_bandwidth_kb: 788.00
debian-13-xfce_dom0-dispvm-api (mean:6.39): 76.68 🟢 ( previous job: 81.47, improvement: 94.12%)
debian-13-xfce_dom0-dispvm-gui-api (mean:7.732): 92.79 🔻 ( previous job: 92.38, degradation: 100.44%)
debian-13-xfce_dom0-dispvm-preload-2-api (mean:3.222): 38.67 🟢 ( previous job: 48.28, improvement: 80.09%)
debian-13-xfce_dom0-dispvm-preload-2-delay-0-api (mean:2.809): 33.71 🟢 ( previous job: 44.34, improvement: 76.03%)
debian-13-xfce_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:3.204): 38.45 🟢 ( previous job: 54.23, improvement: 70.90%)
debian-13-xfce_dom0-dispvm-preload-4-api (mean:2.291): 27.49 🟢 ( previous job: 40.37, improvement: 68.09%)
debian-13-xfce_dom0-dispvm-preload-4-delay-0-api (mean:2.583): 30.99 🟢 ( previous job: 44.04, improvement: 70.38%)
debian-13-xfce_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:2.424): 29.09 🟢 ( previous job: 45.36, improvement: 64.14%)
debian-13-xfce_dom0-dispvm-preload-2-gui-api (mean:4.496): 53.95 🟢 ( previous job: 58.18, improvement: 92.73%)
debian-13-xfce_dom0-dispvm-preload-4-gui-api (mean:3.838): 46.06 🔻 ( previous job: 43.54, degradation: 105.79%)
debian-13-xfce_dom0-dispvm-preload-6-gui-api (mean:3.421): 41.05 🟢 ( previous job: 47.37, improvement: 86.66%)
debian-13-xfce_dom0-vm-api (mean:0.039): 0.47 🔻 ( previous job: 0.46, degradation: 102.40%)
debian-13-xfce_dom0-vm-gui-api (mean:0.042): 0.50 🟢 ( previous job: 0.51, improvement: 99.80%)
fedora-43-xfce_dom0-dispvm-api (mean:7.394): 88.73
fedora-43-xfce_dom0-dispvm-gui-api (mean:9.714): 116.57
fedora-43-xfce_dom0-dispvm-preload-2-api (mean:3.79): 45.49
fedora-43-xfce_dom0-dispvm-preload-2-delay-0-api (mean:3.587): 43.05
fedora-43-xfce_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:3.915): 46.98
fedora-43-xfce_dom0-dispvm-preload-4-api (mean:3.0): 36.00
fedora-43-xfce_dom0-dispvm-preload-4-delay-0-api (mean:2.741): 32.89
fedora-43-xfce_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:3.042): 36.51
fedora-43-xfce_dom0-dispvm-preload-2-gui-api (mean:5.331): 63.97
fedora-43-xfce_dom0-dispvm-preload-4-gui-api (mean:4.25): 51.01
fedora-43-xfce_dom0-dispvm-preload-6-gui-api (mean:3.688): 44.26
fedora-43-xfce_dom0-vm-api (mean:0.039): 0.47
fedora-43-xfce_dom0-vm-gui-api (mean:0.043): 0.52
whonix-workstation-18_dom0-dispvm-api (mean:8.259): 99.11 🟢 ( previous job: 114.77, improvement: 86.35%)
whonix-workstation-18_dom0-dispvm-gui-api (mean:10.245): 122.94 🟢 ( previous job: 127.27, improvement: 96.59%)
whonix-workstation-18_dom0-dispvm-preload-2-api (mean:4.193): 50.32 🟢 ( previous job: 70.96, improvement: 70.91%)
whonix-workstation-18_dom0-dispvm-preload-2-delay-0-api (mean:4.102): 49.23 🟢 ( previous job: 65.29, improvement: 75.40%)
whonix-workstation-18_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:5.013): 60.16 🟢 ( previous job: 74.32, improvement: 80.95%)
whonix-workstation-18_dom0-dispvm-preload-4-api (mean:3.171): 38.06 🟢 ( previous job: 57.74, improvement: 65.91%)
whonix-workstation-18_dom0-dispvm-preload-4-delay-0-api (mean:3.494): 41.93 🟢 ( previous job: 65.76, improvement: 63.76%)
whonix-workstation-18_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:3.573): 42.87 🟢 ( previous job: 59.80, improvement: 71.69%)
whonix-workstation-18_dom0-dispvm-preload-2-gui-api (mean:5.992): 71.91 🟢 ( previous job: 78.19, improvement: 91.97%)
whonix-workstation-18_dom0-dispvm-preload-4-gui-api (mean:4.869): 58.43 🟢 ( previous job: 65.73, improvement: 88.90%)
whonix-workstation-18_dom0-dispvm-preload-6-gui-api (mean:3.848): 46.17 🟢 ( previous job: 61.35, improvement: 75.26%)
whonix-workstation-18_dom0-vm-api (mean:0.031): 0.37 🟢 ( previous job: 0.58, improvement: 63.89%)
whonix-workstation-18_dom0-vm-gui-api (mean:0.046): 0.55 🟢 ( previous job: 0.62, improvement: 87.80%)

replace random with secrets

32d585a

marmarek added the openqa-pending label Apr 22, 2026

marmarek approved these changes Apr 23, 2026

View reviewed changes

marmarek merged commit b9d9354 into QubesOS:main Apr 23, 2026
5 of 6 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

replace `random` with `secrets`#800

replace `random` with `secrets`#800
marmarek merged 1 commit intoQubesOS:mainfrom
tabs-are-better-than-spaces:main

tabs-are-better-than-spaces commented Apr 9, 2026 •

edited

Loading

Uh oh!

codecov Bot commented Apr 9, 2026 •

edited

Loading

Uh oh!

ben-grande commented Apr 14, 2026

Uh oh!

qubesos-bot commented Apr 23, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

Conversation

tabs-are-better-than-spaces commented Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov Bot commented Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

ben-grande commented Apr 14, 2026

Uh oh!

qubesos-bot commented Apr 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

OpenQA test summary

New failures, excluding unstable

Failed tests

Fixed failures

Unstable tests

Performance Tests

Performance degradation:

Remaining performance tests:

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

tabs-are-better-than-spaces commented Apr 9, 2026 •

edited

Loading

codecov Bot commented Apr 9, 2026 •

edited

Loading

qubesos-bot commented Apr 23, 2026 •

edited

Loading