-
Notifications
You must be signed in to change notification settings - Fork 685
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Display a banner in the JI regarding the noble migration #7348
Conversation
This actively dissuades from using HTTPS URLs, favoring protocol-relative ones. Even ignoring HTTPS-only URLs as a best practice, given most onion services are hosted as HTTP sites, they'd become HTTP links instead of HTTPS. So let's just suppress this rule and link to the correct protocol.
81421e3
to
0b287e7
Compare
0b287e7
to
1b5815e
Compare
This is largely copied from the same functionality that was implemented during the focal migration (ecfecea). There are two banners that can be seen: OS_PAST_EOL is in effect after April 2, 2025 if the system is still running on focal. The Source Interface automatically disables itself and the Journalist Interface will display a banner informing journalists to contact their administrator. OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist Interface if the check script has run and found issues that need resolution. It doesn't affect the Source Interface. The banners point at <https://securedrop.org/focal-eol>, which will be set up as a redirect to the relevant documentation. Both checks are done during startup, which means if the state changes (e.g. disk space is freed up or a systemd unit fails), the banner state will only change after the nightly reboot. Refs #7322 Co-authored-by: soleilera <[email protected]>
1b5815e
to
5b50aad
Compare
Marking this as ready for review now. |
I think that I need to get the checker script merged first - it's not clear to me from the test plan what the JSON file should contain. |
Sorry for not making that clear, but also thanks for merging that other PR! The format is basically: {
"ssh": true,
"free_space": false,
} etc., where false means the check failed and the banner should be displayed. The main special case is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, test plan checks out.
Status
Ready for review
Description of Changes
Display a banner in the JI regarding the noble migration
This is largely copied from the same functionality that was implemented during the focal migration (ecfecea).
There are two banners that can be seen:
OS_PAST_EOL is in effect after April 2, 2025 if the system is still
running on focal. The Source Interface automatically disables itself and
the Journalist Interface will display a banner informing journalists to
contact their administrator.
OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist
Interface if the check script has run and found issues that need
resolution. It doesn't affect the Source Interface.
The banners point at https://securedrop.org/focal-eol, which will be
set up as a redirect to the relevant documentation.
Both checks are done during startup, which means if the state changes
(e.g. disk space is freed up or a systemd unit fails), the banner state
will only change after the nightly reboot.
Disable "protocol" check from html_lint.py
This actively dissuades from using HTTPS URLs, favoring
protocol-relative ones. Even ignoring HTTPS-only URLs as a best
practice, given most onion services are hosted as HTTP sites,
they'd become HTTP links instead of HTTPS.
So let's just suppress this rule and link to the correct protocol.
Refs #7322
Testing
How should the reviewer test this PR?
/etc/securedrop-noble-migration.json
in the dev container with a false value, the migration banner will be triggeredFOCAL_ENDOFLIFE
date in server_os.py to 2024 or some other past date, the EOL banner will be triggered.Deployment
Any special considerations for deployment? n/a
Checklist
make lint
) and tests (make test
) pass in the development container