Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove v3 onion secrets when transitioning to ssh over local #4794

Merged
merged 1 commit into from Sep 11, 2019
Merged

Remove v3 onion secrets when transitioning to ssh over local #4794

merged 1 commit into from Sep 11, 2019

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Sep 11, 2019
edited

Status

Ready for review

Description of Changes

Fixes #4780 and fixes #4779.

Testing

Using a Tails prod setup (either VMs or hardware)

Deployment

This will be provided via the Ansible scripts delivered by git.

Checklist

If you made changes to the server application code:

  • Linting (make lint) and tests (make -C securedrop test) pass in the development container

If you made changes to securedrop-admin:

  • Linting and tests (make -C admin test) pass in the admin development container

If you made changes to the system configuration:

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

If you made changes to documentation:

  • Doc linting (make docs-lint) passed locally

@emkll
Remove v3 onion secrets when transitioning to ssh over local
2dc29cd 
- v2 aths secret file pattern does not match the one for v3
- Use async task for reboot for more immediate feedback
- Instruct admin to run tailsconfig to update the ssh config on tails workstation
@emkll emkll added this to the 1.0.0 milestone Sep 11, 2019
@eloquence eloquence added this to Ready for review in SecureDrop Team Board Sep 11, 2019
@codecov-io
Copy link

codecov-io commented Sep 11, 2019
edited

Codecov Report

Merging #4794 into develop will increase coverage by 0.05%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #4794      +/-   ##
===========================================
+ Coverage    81.68%   81.74%   +0.05%     
===========================================
  Files           49       49              
  Lines         3418     3418              
  Branches       392      392              
===========================================
+ Hits          2792     2794       +2     
+ Misses         535      533       -2     
  Partials        91       91
Impacted Files Coverage Δ
securedrop/securedrop/source_app/utils.py 89.47% <0%> (+3.5%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c32040e...2dc29cd. Read the comment docs.

@emkll emkll mentioned this pull request Sep 11, 2019
Closed
@zenmonkeykstop
Copy link
Contributor

Reviewed in prod VMs:

  • Install with default settings (ssh over tor, using v3 onion services)
  • set enable_ssh_over_tor to false, run ./securedrop-admin install
  • v3 onion secrets (app-ssh.auth_private and mon-ssh.auth_private) are no longer in install_files/ansible-base
  • I can ssh to both app and mon servers after transitioning to ssh over local
  • set enable_ssh_over_tor to true, run ./securedrop-admin install
  • run ./securedrop-admin tailsconfig
  • I can ssh to app and mon servers over tor
  • This pr also closes Playbook stalls when switching from SSH-over-Tor to SSH-over-LAN. #4779 - true! I did not see the stall while switching

LGTM, will merge after a diff review

@zenmonkeykstop zenmonkeykstop merged commit ed53840 into develop Sep 11, 2019
SecureDrop Team Board automation moved this from Ready for review to Done Sep 11, 2019
@emkll emkll mentioned this pull request Sep 11, 2019
Merged
@emkll emkll deleted the 4780-delete-auth-private-local branch October 8, 2019 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@kushaldas kushaldas Awaiting requested review from kushaldas

Assignees
No one assigned
Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
1.0.0
3 participants
@emkll @codecov-io @zenmonkeykstop