Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade boxes for SecureDrop 1.0.0 #4857

Merged
merged 4 commits into from Sep 23, 2019
Merged

Upgrade boxes for SecureDrop 1.0.0 #4857

merged 4 commits into from Sep 23, 2019

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Sep 23, 2019

Status

Ready for review

Description of Changes

Fixes #4854, #4724

  • Adds SecureDrop 1.0.0 upgrade boxes
  • Updates upgrade playbook to display both v2 and v3 source interface onion URLs

Test plan

  • Upgrade boxes should use v2 and v3 onion URLs (instead of only v3)
  • checkout this branch
  • make build-debs
  • make upgrade-start
  • v2 and v3 THS source urls are accessible
  • make upgrade-test-local
  • v2 and v3 THS source urls are accessible
  • Upgrade VMs are successfully updated to 1.1.0~rc1

Deployment

Dev env only

Checklist

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

emkll and others added 4 commits September 20, 2019 13:43
@emkll
Move grsec role before common role
b5e7f9a 
The in securedrop-staging.yml, the grsec role is bring run before the common role.

[1] : https://github.com/freedomofpress/securedrop/blob/9f32d46136861546af556d3f54d92e31cebe2eb0/install_files/ansible-base/securedrop-staging.yml
Fixes v3 keypair generation in upgrade box prep
9fcfa04 
During 1.0, we did not test the v3 keypair generation in the upgrade
scenario. Makes sense: we only run that scenario *after* a release is
final. The git-repo-root logic assumed we were in Tails or running
against normal staging VMs. In the vagrant-package logic (which builds
"upgrade" boxes for testing), the proper path structure requires that
filepaths be relative to the secondary git repo, cloned in order to
prepare an old version from the known-good tag.

This var override ensures that the v3 keys are stored inside the
secondary git repo. We could instead update the rev-parse logic to be
relative to the role, but that'd require additional testing in Tails,
and this works just as well.
@emkll
Add upgrade boxes for SecureDrop 1.0.0
fd26ab0
@emkll
Update upgrade playbook for v3 onion services
55e02f3 
Use v2 and v3 onion services
@redshiftzero redshiftzero mentioned this pull request Sep 23, 2019
Closed
23 tasks
@codecov-io
Copy link

codecov-io commented Sep 23, 2019
edited

Codecov Report

Merging #4857 into develop will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff            @@
##           develop    #4857   +/-   ##
========================================
  Coverage    81.74%   81.74%           
========================================
  Files           49       49           
  Lines         3418     3418           
  Branches       392      392           
========================================
  Hits          2794     2794           
  Misses         533      533           
  Partials        91       91

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9f32d46...55e02f3. Read the comment docs.

@conorsch conorsch added this to Ready for review in SecureDrop Team Board Sep 23, 2019
@conorsch conorsch moved this from Ready for review to Under Review in SecureDrop Team Board Sep 23, 2019
@zenmonkeykstop zenmonkeykstop self-assigned this Sep 23, 2019
zenmonkeykstop
zenmonkeykstop approved these changes Sep 23, 2019
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • ran make build-debs
  • ran make upgrade-start
  • v2 and v3 THS source urls are accessible
  • ran make upgrade-test-local
  • v2 and v3 THS source urls are accessible
  • Upgrade VMs are successfully updated to 1.1.0~rc1

@zenmonkeykstop zenmonkeykstop merged commit ea1e18e into develop Sep 23, 2019
SecureDrop Team Board automation moved this from Under Review to Done Sep 23, 2019
@emkll emkll deleted the upgrade-boxes-1.0.0 branch October 8, 2019 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@kushaldas kushaldas Awaiting requested review from kushaldas

Assignees

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

make-vagrant package fails to build upgrade boxes
3 participants
@emkll @codecov-io @zenmonkeykstop