New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade boxes for SecureDrop 1.0.0 #4857
Conversation
The in securedrop-staging.yml, the grsec role is bring run before the common role. [1] : https://github.com/freedomofpress/securedrop/blob/9f32d46136861546af556d3f54d92e31cebe2eb0/install_files/ansible-base/securedrop-staging.yml
During 1.0, we did not test the v3 keypair generation in the upgrade scenario. Makes sense: we only run that scenario *after* a release is final. The git-repo-root logic assumed we were in Tails or running against normal staging VMs. In the vagrant-package logic (which builds "upgrade" boxes for testing), the proper path structure requires that filepaths be relative to the secondary git repo, cloned in order to prepare an old version from the known-good tag. This var override ensures that the v3 keys are stored inside the secondary git repo. We could instead update the rev-parse logic to be relative to the role, but that'd require additional testing in Tails, and this works just as well.
Use v2 and v3 onion services
Codecov Report
@@ Coverage Diff @@
## develop #4857 +/- ##
========================================
Coverage 81.74% 81.74%
========================================
Files 49 49
Lines 3418 3418
Branches 392 392
========================================
Hits 2794 2794
Misses 533 533
Partials 91 91 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- ran
make build-debs
- ran
make upgrade-start
- v2 and v3 THS source urls are accessible
- ran make upgrade-test-local
- v2 and v3 THS source urls are accessible
- Upgrade VMs are successfully updated to 1.1.0~rc1
Status
Ready for review
Description of Changes
Fixes #4854, #4724
Test plan
Deployment
Dev env only
Checklist
If you made non-trivial code changes: