Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Display a banner in the JI regarding the noble migration #7348

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Display a banner in the JI regarding the noble migration #7348

wants to merge 2 commits into from

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Nov 22, 2024
edited
Loading

Status

Ready for review

Description of Changes

Display a banner in the JI regarding the noble migration

This is largely copied from the same functionality that was implemented during the focal migration (ecfecea).

There are two banners that can be seen:

OS_PAST_EOL is in effect after April 2, 2025 if the system is still
running on focal. The Source Interface automatically disables itself and
the Journalist Interface will display a banner informing journalists to
contact their administrator.

OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist
Interface if the check script has run and found issues that need
resolution. It doesn't affect the Source Interface.

The banners point at https://securedrop.org/focal-eol, which will be
set up as a redirect to the relevant documentation.

Both checks are done during startup, which means if the state changes
(e.g. disk space is freed up or a systemd unit fails), the banner state
will only change after the nightly reboot.

Disable "protocol" check from html_lint.py

This actively dissuades from using HTTPS URLs, favoring
protocol-relative ones. Even ignoring HTTPS-only URLs as a best
practice, given most onion services are hosted as HTTP sites,
they'd become HTTP links instead of HTTPS.

So let's just suppress this rule and link to the correct protocol.

Refs #7322

Testing

How should the reviewer test this PR?

  • visual review
  • CI passes
  • if you create /etc/securedrop-noble-migration.json in the dev container with a false value, the migration banner will be triggered
  • if you change the FOCAL_ENDOFLIFE date in server_os.py to 2024 or some other past date, the EOL banner will be triggered.

Deployment

Any special considerations for deployment? n/a

Checklist

  • Linting (make lint) and tests (make test) pass in the development container
  • I have updated AppArmor rules to include the change
  • I have written a test plan and validated it for this PR
  • I have opened a PR in the docs repo for these changes, or will do so later

@legoktm legoktm added the noble Ubuntu Noble related work label Nov 22, 2024
@legoktm legoktm added this to the SecureDrop 2.11.0 milestone Nov 22, 2024
@legoktm
Disable "protocol" check from html_lint.py
037055d 
This actively dissuades from using HTTPS URLs, favoring
protocol-relative ones. Even ignoring HTTPS-only URLs as a best
practice, given most onion services are hosted as HTTP sites,
they'd become HTTP links instead of HTTPS.

So let's just suppress this rule and link to the correct protocol.
@legoktm legoktm force-pushed the noble-ji-warnings branch 2 times, most recently from 81421e3 to 0b287e7 Compare November 22, 2024 03:40
@legoktm legoktm mentioned this pull request Nov 23, 2024
Open
4 tasks
@legoktm @soleilera
Display a banner in the JI regarding the noble migration
5b50aad 
This is largely copied from the same functionality that was implemented
during the focal migration (ecfecea).

There are two banners that can be seen:

OS_PAST_EOL is in effect after April 2, 2025 if the system is still
running on focal. The Source Interface automatically disables itself and
the Journalist Interface will display a banner informing journalists to
contact their administrator.

OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist
Interface if the check script has run and found issues that need
resolution. It doesn't affect the Source Interface.

The banners point at <https://securedrop.org/focal-eol>, which will be
set up as a redirect to the relevant documentation.

Both checks are done during startup, which means if the state changes
(e.g. disk space is freed up or a systemd unit fails), the banner state
will only change after the nightly reboot.

Refs #7322

Co-authored-by: soleilera <[email protected]>
@legoktm legoktm marked this pull request as ready for review November 25, 2024 22:41
@legoktm legoktm requested a review from a team as a code owner November 25, 2024 22:41
@legoktm
Copy link
Member Author

legoktm commented Nov 25, 2024

Marking this as ready for review now.

@zenmonkeykstop
Copy link
Contributor

I think that I need to get the checker script merged first - it's not clear to me from the test plan what the JSON file should contain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop Awaiting requested review from zenmonkeykstop

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
noble Ubuntu Noble related work
Projects
SecureDrop dev cycle
Status: Ready For Review
Milestone
SecureDrop 2.11.0
Development

Successfully merging this pull request may close these issues.
2 participants
@legoktm @zenmonkeykstop