Release SecureDrop Client 0.10.0

[zenmonkeykstop]

This issue tracks the SecureDrop Client release [version]. It will be organized by:

• Release Manager: @legoktm
• Deputy Release Manager: @zenmonkeykstop

This release includes the following changes:

• Adds support in the client app and export system for Veracrypt-encrypted Export Devices.

SecureDrop maintainers and testers: As you QA this release, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the release milestone for tracking (or ask a maintainer to do so).

Testers: Setup Instructions

Environment: Qubes 4.1
Servers: Any (VMs OK, dev server OK) unless specified otherwise, as long as traffic is tor-ified

• Clean install scenario (staging packages) means:
  • a clean install of QubesOS 4.1
  • downloading the last released prod RPM or building prod rpm from the last prod RPM release tag (basically make sure you don't have newer code in dom0 than the users will have)
  • switching environment to "staging" in config.json (to pull in template packages that are on apt-test.freedom.press)
  • running apply
• Upgrade scenario (staging packages) means:
  • An existing 4.1 SDW install (any kind, but if you use dev you need to make sure you haven't run the updater that same day before switching to staging, as you don't want nightly apt packages to override staging packages). To count as an "upgrade," you have minimally used this setup (checked the system, sent messages from it etc) before upgrade.
  • ensuring environment is "staging", if it wasn't already
  • run the GUI updater, then verify the vm packages have been updated to those meant for testing
• Prod preflight - "clean" install:
  • We don't really have a setup for this, but perform a prod install. Then before using the system, follow https://developers.securedrop.org/en/latest/workstation_release_management.html#step-6-perform-the-apt-qa-preflight-check
• Prod prefight - upgrade scenario
  • From an existing prod system, follow https://developers.securedrop.org/en/latest/workstation_release_management.html#step-6-perform-the-apt-qa-preflight-check

Test plan (WIP)

[Make sure to include the version(s) of the server that need to be tested against. If the release is being coordinated with a server release, specify rc versions of the server that need to be tested and release order. Once completed, insert or link to a test plan here. It can be left out until then.]

• Pseudolocale (LANG=en_XA) QA per https://github.com/freedomofpress/securedrop-workstation/wiki/Workstation-Acceptance-Tests#internationalization-reference

Release tasks

• Check if there are any security bug fixes waiting to be pulled into the RC
• Check if there are any translations:
  • pending merge into main
  • pending inclusion as a supported language in MANIFEST.in
• Update changelog
• Create test plan
• Refresh nightlies
• Begin formal QA using nightlies; refresh nightlies as needed
• Build production package in standard build environment
• Sign production package
• Perform final pre-flight testing using apt-qa.freedom.press
  • Localization: In a dispVM, change your locale (e.g.: export LANG=es_ES.utf-8; dpkg-reconfigure locales), run the Client, and confirm that the application is translated.
• Publish production package
• Publicize release via support channels

[deeplow]

I have done some manual QA on the setup via the "Clean install scenario (staging packages)".

I couldn't get the veracrypt device to work. I created a veracrypt device but it wouldn't be opened even when I entered the passphrase in sd-devices. Are there docs available on how to provision a Veracrypt drive? The SVS ones I found didn't go into detail and the SDW ones don't yet document the Veracrypt changes.

I also have some enhancement suggestions, but they go beyond the scope of QA, so I'll mention them in another venue / issue.

Truncated sentence

The first time that I tried to export the transcript the last sentence was truncated. I wasn't able to reproduce this since all the following times the window had the appropriate size.

First time exporting transcript	following times

Formatting typo (?)

sd-devices is surrounded by ``. I think this could have be a leftover from coping from markdown formatting and left there unintentionally. Or maybe that's the intended marker.

"No device detected"

To reproduce

1. plug in USB stick
2. choose export transcript
3. (sd-devices starts in the background)
4. "no device detected"

Reason: I think this happens because sd-devices started after the device was plugged in.

Workaround: reattach USB drive

[rocodes]

Hey @deeplow, thank you for testing!

• VeraCrypt provisioning: Sorry. twas linked in the original ticket but not here. https://gist.github.com/rocodes/b2859584b7b3bd7c407e805575d4620c
• the backticks: It's not an error, I did write it like this on purpose, but maybe it's ugly/confusing. I don't love that I'm referring to a vm by name in the GUI and I wish I could avoid it. Any suggestions that would make it more legible to the average user? (single quotes, no quotes, ?)
• The truncated text: This is the UI issue I was mentioning to you (The buttons are too high and are taking up dialog space from the dialog body). I'm surprised to see it when you export just the transcript; the only time I could reproduce it was when a modal was most recently open in the background (eg: go to export all files -> "Some files were not downloaded, and won't be exported" modal appears -> launch Export Wizard). If it's occuring in more cases than that I will look again at fixing it. It's probably something basic about which qt widget gets weight/priority in claiming the available space.

[legoktm]

I agree with the point about the backticks looking not great. Could we do an inline style like <span style="font-family: monospace">sd-devices</span>? Or explicitly say "the sd-devices VM"?

[rocodes]

This is what I see when I run udisksctl info -b /dev/sda on a whole drive that's been encrypted with veracrypt and unlocked:

user@sd-dev:~$ udisksctl unlock -b /dev/sda
Passphrase: 
Unlocked /dev/sda as /dev/dm-0.
user@sd-dev:~$ udisksctl info -b /dev/sda
/org/freedesktop/UDisks2/block_devices/sda:
  org.freedesktop.UDisks2.Block:
    Configuration:              []
    CryptoBackingDevice:        '/'
    Device:                     /dev/sda
    DeviceNumber:               2048
    Drive:                      '/org/freedesktop/UDisks2/drives/USB_DISK_xxxxxxxxxxxxx'
    HintAuto:                   true
    HintIconName:               
    HintIgnore:                 false
    HintName:                   
    HintPartitionable:          true
    HintSymbolicIconName:       
    HintSystem:                 false
    Id:                         
    IdLabel:                    
    IdType:                     crypto_TCRYPT
    IdUUID:                     
    IdUsage:                    crypto
    IdVersion:                  
    MDRaid:                     '/'
    MDRaidMember:               '/'
    PreferredDevice:            /dev/sda
    ReadOnly:                   false
    Size:                       1008205824
    Symlinks:                   /dev/disk/by-id/usb-_USB_DISK_xxxxxxxxxxxxx-0:0
                                /dev/disk/by-path/platform-vhci_hcd.0-usb-0:1:1.0-scsi-0:0:0:0
    UserspaceMountOptions:      
  org.freedesktop.UDisks2.Encrypted:
    ChildConfiguration:         []
    CleartextDevice:            '/org/freedesktop/UDisks2/block_devices/dm_2d0'
    HintEncryptionType:         TCRYPT
    MetadataSize:               0
user@sd-dev:~$ 

The HintEncryptionType, IdType, and IdUsage are where my and @deeplow 's results differ (and are how we are checking the drive encryption type). In the past I have seen this when the tcrypt.conffile is not in place, but deeplow confirmed it is present.

As for the other UI changes I agree and will work on those. Then I'll come back to trying to reproduce the issue deeplow is seeing.
But basically, we require the USB to be configured in such a way that udisks recognizes it as a veracrypt container. If that doesn't happens we won't go above and beyond that.

[deeplow]

the backticks: It's not an error, I did write it like this on purpose, but maybe it's ugly/confusing. I don't love that I'm referring to a vm by name in the GUI and I wish I could avoid it. Any suggestions that would make it more legible to the average user? (single quotes, no quotes, ?)

Maybe preformatted text? Reading the docs it seems to be supported. In any case, this is pretty minor.

VeraCrypt provisioning: Sorry. twas linked in the original ticket but not here. https://gist.github.com/rocodes/b2859584b7b3bd7c407e805575d4620c

TY

The truncated text: This is the UI issue I was mentioning to you

Ah. OKOK. I failed to connect the docs!

[rocodes]

EOD update: will addresss the UI issues in a small PR tomorrow; Testers, if you run into device detection issues please:

• follow the steps above (unlock with udisks, post results of udisksctl info -b /path/to/block/device in this ticket)
• also post the results of sudo lsblk --json /path/to/block/device

thanks!

[rocodes]

Update: I can reproduce the issue @deeplow was seeing with exporting to a whole-block encrypted VeraCrypt device. That use-case can be supported, so I will push some changes since that usage should be supported. (No need to provide further status output).

However I can still export to a VeraCrypt drive with an encrypted partition as expected, so if anyone is having an issue with that, please do post your STR and the device info as above.

[rocodes]

Hey folks: have put up the above-linked #1908 . It fixes the backticks and the whole-device export issue, but does not address the known UI issue that deeplow highlighted above, which is this:

There is one specific case where the export nav button container takes up too much height. The case is: if user selects "export all" but there are undownloaded files/submissions, then a modal dialog appears to warn them that not all files will be exported. If user accepts, then the export wizard buttons take up too much space (as in deeplow's screenshot).

This was a known issue that Cory and I discussed during review of the original PR. I will look into fixing it in a followup PR, but in my opinion the above-linked PR is the one that's essential, and the button height thing is something we shouldn't necessarily delay on.

[rocodes]

Also, for anyone testing: this is what the wizard is supposed to look like (button box height, etc)

[legoktm]

We discussed today that the visual layout issue is a bug but not a release blocker. @rocodes did a timeboxed investigation, which is documented at #1913 and where we'll track the issue going forward, but not hold up the 0.10.0 release over it.

rc2 will be tagged and uploaded shortly for another round of QA.

[rocodes]

rc2 quick qa

Scenario: upgrade (qubes 4.1 staging 0.10.0-rcc1 -> rc2)

• LUKS export success (locked, unlocked)
• Veracrypt export success (unlocked, whole drive encrypted)
• Veracrypt export success (unlocked, one encrypted partition)
• Appropriate error states (too many USBs, no USBs, bad LUKS password, locked VC drive is not accepted, USB removed during export yields error)

I did find one issue:

• re [securedrop-export] Change umask on export device files to permit access from other computers with other uids #1726 : the enclosing folder has the appropriate permissions, but the individual files (transcript.txt, or the exported files) still have 600 permissions (we were looking for 644). :( I've put up a small PR that addresses this. Since it is something we were opportunistically pulling in to support the use-case mentioned in the linked issue above, but has not been a direct request of anyone in the pilot, I'll defer to the RM on whether you want to cut another RC and include this or not. I'm sorry, this really should have been caught sooner.

[rocodes]

rc3 quick qa

qubes 4.1 staging upgrade (rc2 -> rc3)

• gui updater run successful
• export to LUKS success
• export to VC success (whole device, single partition)
• basic error handling as expected (too many devices, no valid devices, etc)
• file permissions fixed on exported items on USB drive

[legoktm]

I spent a while fiddling with rc3, overall looks good functionality wise. I was able to confuse the export dialog by repeatedly going back/forth during an export operation, #1926, but I'm not really inclined to treat it as a blocker given I don't think it's normal/likely human behavior.

[rocodes]

0.10.0 preflight prod (apt-qa)

• Environment: qubes 4.1 staging -> prod, templates manually updated
• packages upgrade without issue
• Export to LUKS (locked/unlocked)
• Export to Veracrypt (unlocked)
• Different export actions (transcript, file, all files)
• Appropriate error messages (too many devices, no devices, locked VC is not detected)
• Basic client accceptance testing (log in, sync, send message, offline mode, delete files for a source, various actions)

[legoktm]

• Version: 0.10.0 (apt-qa)
• Environment: staging, manually tweaked sources.list and ran updater
• packages upgraded correctly
• export to veracrypt (file and transcript)
• download of 5MB file
• delete files/messages for source
• delete source

[legoktm]

SecureDrop Client 0.10.0 was released \o/ - see https://securedrop.org/news/securedrop-client-0_10_0-released/ for the formal announcement.