From 7fa0e996bdc0c94ff2dba5c0479720d2e7b97a1a Mon Sep 17 00:00:00 2001 From: heartsucker Date: Thu, 14 Feb 2019 16:31:20 +0100 Subject: [PATCH 1/2] fix restore logic to ensure recreation of onion services --- .../ansible-base/roles/restore/files/restore.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/install_files/ansible-base/roles/restore/files/restore.py b/install_files/ansible-base/roles/restore/files/restore.py index 7d51f7c677..7285132530 100755 --- a/install_files/ansible-base/roles/restore/files/restore.py +++ b/install_files/ansible-base/roles/restore/files/restore.py @@ -8,6 +8,7 @@ """ import os +import shutil import subprocess import sys import tarfile @@ -35,18 +36,29 @@ def verify_args(): def main(): verify_args() + # Remove the /var/lib/tor/services directories to purge values that may have been + # generated by running the ansible playbooks + for d in ['journalist', 'source']: + full_path = os.path.join('/var/lib/tor/services', d) + if os.path.exists(full_path): + shutil.rmtree(full_path) + with tarfile.open(sys.argv[1], 'r:*') as backup: # This assumes that both the old installation (source of the backup) # and the new installation (destination of the restore) used the # default paths for various locations. backup.extractall(path='/') + # Apply database migrations (if backed-up version < version to restore) + subprocess.check_call(['dpkg-reconfigure', 'securedrop-app-code']) + + # Update the configs + subprocess.check_call(['dpkg-reconfigure', 'securedrop-config']) + # Reload Tor and the web server so they pick up the new configuration # If the process exits with a non-zero return code, raises an exception. subprocess.check_call(['service', 'apache2', 'restart']) subprocess.check_call(['service', 'tor', 'reload']) - # Apply database migrations (if backed-up version < version to restore) - subprocess.check_call(['dpkg-reconfigure', 'securedrop-app-code']) if __name__ == "__main__": From d1fe88f2fd481c0749635d22866ccd0df4462e0d Mon Sep 17 00:00:00 2001 From: Mickael E Date: Thu, 14 Feb 2019 21:02:38 +0000 Subject: [PATCH 2/2] Docs: install command will fetch Onion URLs from restore --- docs/backup_and_restore.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/backup_and_restore.rst b/docs/backup_and_restore.rst index c3f50d4133..2e37e49d3a 100644 --- a/docs/backup_and_restore.rst +++ b/docs/backup_and_restore.rst @@ -156,6 +156,12 @@ to update the corresponding files on the *Admin Workstation*: * ``app-journalist-aths`` * ``app-ssh-aths`` +The Onion URLs above can be fetched using the installer: + +.. code:: sh + + ./securedrop-admin install + Then rerun ``./securedrop-admin tailsconfig`` to update the *Admin Workstation* to use the restored Onion URLs again. See :doc:`configure_admin_workstation_post_install` for detailed instructions.