SecureDrop Workstation 0.2.3-rpm/0.2.3-deb QA

[eloquence]

This issue tracks QA reports for

• 0.2.3 release of Debian packages
• 0.2.3 release of RPM package

Following this test plan:
https://github.com/freedomofpress/securedrop-workstation/wiki/Workstation-Beta-Acceptance-Tests

Reports for the previous releases can be found here:
#484, #494

[eloquence]

I am starting with

Scenario: Client and Journalist Interface both in use

Since that's historically uncovered the most problems.

[eloquence]

FYI for anyone doing testing in the Journalist Interface, the test plan now has instructions for setting up a VM for that purpose (thanks to @conorsch for the one-liner).

[eloquence]

Scenario: Client and Journalist Interface both in use

Login

• when SecureDrop desktop icon is double-clicked, preflight updater is displayed
• After preflight updater runs, when user clicks Continue, login dialog is displayed
• after valid login to client:
  • the login dialog closes
  • source data is downloaded and source list is populated
  • user is prompted for GPG key access
  • submissions and replies are decrypted
  • the source list is displayed but no sources are selected by default ❌ see source selected by default on startup securedrop-client#962
  • the conversation view is not populated ❌ see source selected by default on startup securedrop-client#962
• when the JI address is visited in Tor Browser:
  • JI login page is displayed
• after valid login to JI using same account as for client:
  • sources page is displayed, containing the same sources as the client (order may differ)

[eloquence]

Scenario: Client and Journalist Interface both in use

Sources, replies, submissions

• when a source is starred in the client:
  • the source is also starred in the JI after a page reload
• when a starred source is unstarred in the JI:
  • the source is also unstarred in the client after next sync.
• when a reply is sent to a source via the client:
• the reply is visible in the JI and can be viewed by the source in the Source Interface
• when a reply is sent to a source via the JI:
  • the reply is visible in the source conversation view after next sync
• when an individual file submission is deleted in the JI:
  • the submission is no longer listed in the conversation view
  • the submission files are deleted from the client data directory
• when an individual message is deleted in the JI:
  • the message is no longer listed in the conversation view
  • the messages are deleted from the client database
• when a source is deleted in the JI:
  • the source is no longer listed in the client after next sync
  • files associated with the source are no longer present in the client data directory
• when a source is deleted in the client:
  • the source is no longer listed in the JI after a page reload

[eloquence]

Switching to other tasks for a bit, after that I'll take these two scenarios:

Scenario: Offline mode without existing data
Scenario: Offline mode with existing data (except print - don't have supported printer)

[eloquence]

Scenario: Offline mode without existing data

Offline to Online

• When SecureDrop desktop icon is double-clicked, preflight updater is displayed (correctly skipped due to recent update)
• After preflight updater runs, when user clicks Continue, login dialog is displayed (correctly skipped due to recent update)
• When user clicks Work Offline, login dialog closes and main window opens
• after startup:
  • there is no sync attempt with the server
  • the source list is empty
• When the user clicks the top-left user icon and chooses Sign in:
  • the login dialog is displayed over the main window
• When the user enters valid login details and clicks Log in:
  • the login dialog closes
  • The user icon is updated to reflect the user's details
  • the client is synced with the server and the source list is updated
• When the user selects a source with submissions from the source list:
  • the conversation view is populated with the source conversation
  • the reply panel is active
  • a reply can be sent to the source
  • a submission can be downloaded
  • a downloaded submission can be exported
• When the user clicks the main window close button:
  • the client exits.

[eloquence]

Scenario: Offline mode with existing data

Offline to Online

• When SecureDrop desktop icon is double-clicked, preflight updater is displayed (correctly skipped due to recent update)
• After preflight updater runs, when user clicks Continue, login dialog is displayed (correctly skipped due to recent update)
• When user clicks Work Offline, login dialog closes and main window opens
• after startup:
  • there is no sync attempt with the server
  • the source list is populated with contents of last server sync
• When the user selects a source with submissions from the source list:
  • the conversation view is populated with the source conversation
  • the reply panel is inactive, with a "Sign in" message
  • a previously downloaded submission can be exported (note: shutting down sd-devices, as suggested in the setup for this test, caused USB that was plugged in to no longer be attached/detected by the client; re-inserting the USB resolved)
  • a previously downloaded submission can be printed (not tested, no supported printer)
  • When the user clicks Download on an undownloaded submission, a message is displayed instructing the user to sign in to perform the download
• When the user clicks the top-left user icon and chooses Sign in:
  • the login dialog is displayed over the main window
• When the user enters valid login details and clicks Log in:
  • the login dialog closes
  • The user icon is updated to reflect the user's details
  • source data is synced with the server
• When the user selects a source with submissions from the source list:
  • the conversation view is populated with the source conversation
  • the reply panel is active
  • When the user replies to a source, the reply is added to the source conversation
  • When the user clicks Download on an undownloaded submission, the submission is downloaded and decrypted
  • When the user clicks Export on a submission, the export process can be completed
  • When the user clicks Print on a submission, the print process can be completed (not tested, no supported printer)
• When the user clicks the main window close button:
  • the client exits.

[emkll]

Tested the archive handling scenario as follows:

• Create an archive with plaintext files, executable scripts (shell script and desktop files)
• Opened the archive in DispVM, MIME types are being honored as expected, and files are opened rather than executed. Note that they will not open in a separate DispVM, as the sd-viewer MIME handlers will open. Given they come from the same source, this makes sense here.
  

[emkll]

Print testing (Brother HL-L2320D) - In progress

File type	Result
plaintext	✔️
csv	✔️
.djvu	prints blank page
.docx	✔️
.pdf	✔️
.doc	✔️
.odp (open office presentation)	✔️
.ods (open office spreadsheet)	✔️
image (gif)	sent to printer, job queued but nothing happens
image (jpg)	sent to printer, job queued but nothing happens
image (svg)	xpp error [1]
archive (zip)	prints blank page
archive (rar)	prints blank page
archive (.7z)	prints blank page
video (avi)	xpp error [1]
video (mov)	prints blank page
video (mp4)	prints blank page
audio (mp3)	prints blank page
-	-

xpp error (see [1] above):

[eloquence]

I'll attempt an uninstall and then a re-install following the install guide as closely as possible. If that goes well, I'll take the "Online mode" scenarios (except print) for completeness.

[zenmonkeykstop]

Client scenarios

Scenario: Online mode

Prerequisites:

• server is available and contains source test data
• access to sd-gpg keyring has not been previously granted
• client data directory is empty
• the sd-devices VM is not running (shut down manually if necessary)
• a supported printer is available, but not attached.
• all VMs are up-to-date

Login

• when SecureDrop desktop icon is double-clicked, preflight updater is displayed
• After preflight updater runs, when user clicks Continue, login dialog is displayed
• In login dialog:
  • show/hide password functionality works
  • incorrect password cannot log in
  • invalid 2FA token cannot log in
  • 2FA immediate reuse cannot log in
  • valid credentials and 2FA can log in

Sources

• after valid login:
  • the login dialog closes
  • source data is downloaded and source list is populated
  • user is prompted for GPG key access
  • submissions and replies are decrypted
  • the source list is displayed but no sources are selected by default FAIL, first source is selected after a small delay
  • the conversation view is not populated Fail - see above
• when a source is selected in source list:
  • conversation view is populated with source conversation
  • a source message containing HTML is displayed as unformatted text
  • source submissions have an active Download button
  • source submission compressed file size is displayed accurately
• when the upper right 3-dot button is clicked:
  • a menu is displayed with a delete source account option
  • when delete source account is selected:
    • the source is deleted from the source list and the converation view is blanked
    • the source is deleted from the server and not restored on next sync
    • source submissions and messages are removed from the client's data directory
• when a source is starred in source list, and the client is closed and reopened in Online mode:
  • the source is still starred in the source list

Replies

• when a source is selected in the source list:
  • the reply panel is available for use and there is no message asking the user to sign in
  • a reply can be added to the conversations
  • a reply containing HTML is displayed as unformatted text
  • two replies added immediately after each other are ordered correctly

NOTE: formatting on long single-line replies seems to be broken, adding some cases for this in test plan

Submissions

Preview

• when Download is clicked on a submission:
  • the submission is downloaded and decrypted
  • the Download button is replaced with Print and Export options
  • the submission filename is displayed.
• For a DOC submission:
  • when the submission filename is clicked, a disposable VM (dispVM) is started.
  • after the dispVM starts, the submission is displayed in LibreOffice
  • when LibreOffice is closed, the dispVM shuts down
• For a PDF submission:
  • when the submission filename is clicked, a dispVM is started.
  • after the dispVM starts, the submission is displayed in evince
  • when evince is closed, the dispVM shuts down
• For a JPEG submission:
  • when the submission filename is clicked, a dispVM is started.
  • after the dispVM starts, the submission is displayed in Image Viewer
  • when evince is closed, the dispVM shuts down

Export

• When Export is first clicked on a submission:
  • the "Preparing to export..." message is displayed
  • the sd-devices VM is started
  • the user is prompted to insert an Export USB
  • On clicking Cancel, the prompt closes and the file is not exported
• When Export is clicked on the submission again:
  • the "Preparing to export..." message is displayed
  • the user is prompted to insert an Export USB
  • When the user inserts an invalid Export USB, attaches it to the sd-devices VM and clicks OK:
    • a message is displayed indicating that the Export USB is invalid and
      the user is prompted to insert a valid device
• When Export is clicked on the submission again:
  • the "Preparing to export..." message is displayed
  • the user is prompted to insert an Export USB
  • When the user inserts a valid Export USB, attaches it to the sd-devices VM, and clicks OK:
    • the user is prompted for the Export USB's password
  • When the user enters an invalid Export USB password and clicks Submit:
    • a failure message is displayed and the user is prompted to enter the password again
  • When the user enters an valid Export USB password and clicks Submit:
    • the file is saved to the Export USB
• When the user detaches the Export USB and mounts it on another VM or computer:
  • the decrypted submission is available in on the Export USB, in a directory sd-export-<timestamp>/export_data

Print

• When the user clicks Print on a downloaded submission:
  • a "Preparing to print..." message is displayed
  • the sd-devicesVM is started
  • the user is prompted to connect a supported printer
• When the user connects a printer, attaches it to the sd-devices VM, and clicks Continue:
  • a "Printing..." message is displayed
  • the X Printer Panel dialog is displayed with the printer selected
• When the user clicks Print in the X Printer Panel:
  • the submission is printed successflly. Note: not always successful, based on file type. Images not printed.

Closing the client

• When the user clicks the main window close button:
  • the client exits.

[eloquence]

Attempted a completely fresh prod install, it failed at this step:

          ID: dom0-securedrop-launcher-directory
    Function: file.recurse
        Name: /opt/securedrop/launcher
      Result: False
     Comment: Recurse failed: none of the specified sources were found
     Started: 20:52:46.766870
    Duration: 2.371 ms
     Changes:   

Oddly, I do see all the required files being created.

[eloquence]

Getting this error even after re-runs. /srv/salt/launcher exists and contains the expected file. Not sure what's going on here.

[eloquence]

So, it looks like the RPM itself will install the files into /opt/securedrop/launcher (does it need to?), which is why I had them there after the install, but the Salt provisioning logic will fail. Still not sure why the Salt portion fails for me.

[eloquence]

Note that this was without the testing repo enabled, re-running now with testing enabled per #485 (comment)

[eloquence]

With the testing repo enabled I no longer see the "recurse" issue for /opt/securedrop. Now seeing "temporary failure resolving 'deb.qubes-os.org'". Will run all updates, reboot, and try again.

[eloquence]

After reboot seeing same "temporary failure resolving" but for deb.debian.org in install-python-apt-for-repo-config :/. Network is up and that host is reachable from work VM just fine.

[eloquence]

In spite of the error, the python-apt package was successfully installed everywhere. Restarting all VMs and re-running resolved that issue. Now seeing a new error:

sd-log:
      ----------
      _error:
          Failed to return clean data
      retcode:
          None
      stderr:
      stdout:
          deploy
sd-gpg:

This looks similar to #373. Re-running.

[eloquence]

And re-running resolved that last issue, so a bit of a roll-of-the-dice on this install. Now testing it.

[eloquence]

All core functionality working as expected after fresh install. Focusing remainder of testing today on git master to check for recent regressions.

[eloquence]

Closing for next round of QA, tracked in #518.