Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Display a banner in the JI regarding the noble migration #7348

Merged
merged 2 commits into from
Dec 2, 2024

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Nov 22, 2024

Status

Ready for review

Description of Changes

Display a banner in the JI regarding the noble migration

This is largely copied from the same functionality that was implemented during the focal migration (ecfecea).

There are two banners that can be seen:

OS_PAST_EOL is in effect after April 2, 2025 if the system is still
running on focal. The Source Interface automatically disables itself and
the Journalist Interface will display a banner informing journalists to
contact their administrator.

OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist
Interface if the check script has run and found issues that need
resolution. It doesn't affect the Source Interface.

The banners point at https://securedrop.org/focal-eol, which will be
set up as a redirect to the relevant documentation.

Both checks are done during startup, which means if the state changes
(e.g. disk space is freed up or a systemd unit fails), the banner state
will only change after the nightly reboot.

Disable "protocol" check from html_lint.py

This actively dissuades from using HTTPS URLs, favoring
protocol-relative ones. Even ignoring HTTPS-only URLs as a best
practice, given most onion services are hosted as HTTP sites,
they'd become HTTP links instead of HTTPS.

So let's just suppress this rule and link to the correct protocol.

Refs #7322

Testing

How should the reviewer test this PR?

  • visual review
  • CI passes
  • if you create /etc/securedrop-noble-migration.json in the dev container with a false value, the migration banner will be triggered
  • if you change the FOCAL_ENDOFLIFE date in server_os.py to 2024 or some other past date, the EOL banner will be triggered.

Deployment

Any special considerations for deployment? n/a

Checklist

  • Linting (make lint) and tests (make test) pass in the development container
  • I have updated AppArmor rules to include the change
  • I have written a test plan and validated it for this PR
  • I have opened a PR in the docs repo for these changes, or will do so later

@legoktm legoktm added the noble Ubuntu Noble related work label Nov 22, 2024
@legoktm legoktm added this to the SecureDrop 2.11.0 milestone Nov 22, 2024
This actively dissuades from using HTTPS URLs, favoring
protocol-relative ones. Even ignoring HTTPS-only URLs as a best
practice, given most onion services are hosted as HTTP sites,
they'd become HTTP links instead of HTTPS.

So let's just suppress this rule and link to the correct protocol.
This is largely copied from the same functionality that was implemented
during the focal migration (ecfecea).

There are two banners that can be seen:

OS_PAST_EOL is in effect after April 2, 2025 if the system is still
running on focal. The Source Interface automatically disables itself and
the Journalist Interface will display a banner informing journalists to
contact their administrator.

OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist
Interface if the check script has run and found issues that need
resolution. It doesn't affect the Source Interface.

The banners point at <https://securedrop.org/focal-eol>, which will be
set up as a redirect to the relevant documentation.

Both checks are done during startup, which means if the state changes
(e.g. disk space is freed up or a systemd unit fails), the banner state
will only change after the nightly reboot.

Refs #7322

Co-authored-by: soleilera <[email protected]>
@legoktm legoktm marked this pull request as ready for review November 25, 2024 22:41
@legoktm legoktm requested a review from a team as a code owner November 25, 2024 22:41
@legoktm
Copy link
Member Author

legoktm commented Nov 25, 2024

Marking this as ready for review now.

@zenmonkeykstop zenmonkeykstop self-requested a review November 28, 2024 20:13
@zenmonkeykstop
Copy link
Contributor

I think that I need to get the checker script merged first - it's not clear to me from the test plan what the JSON file should contain.

@legoktm
Copy link
Member Author

legoktm commented Dec 2, 2024

I think that I need to get the checker script merged first - it's not clear to me from the test plan what the JSON file should contain.

Sorry for not making that clear, but also thanks for merging that other PR!

The format is basically:

{
    "ssh": true,
    "free_space": false,
}

etc., where false means the check failed and the banner should be displayed. The main special case is {"error": True}, which also means the banner should be displayed. The JI intentionally doesn't care about the key names (aside from error) so if needed, we can trivially add more checks to the checker script and the JI won't need modifications.

Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, test plan checks out.

@zenmonkeykstop zenmonkeykstop added this pull request to the merge queue Dec 2, 2024
Merged via the queue into develop with commit 6ad1fa9 Dec 2, 2024
44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
noble Ubuntu Noble related work
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants