Release SecureDrop Workstation 1.1.0 #1230
Comments
|
We may want to do this one in coordination with https://github.com/freedomofpress/securedrop-client/milestone/14, since diverless printing support will require adding the |
|
Are there any concerns/issues if we enable the avahi service ahead of time? |
|
It's just just that the way we go about setting Qubes services is via salt. So we need to do a workstaiton release. We can do an individual one just for that. But I was thinking that since this one is pretty small, they could be combined to avoid having the users run two "migrations". |
zenmonkeykstop
changed the title
|
@deeplow is the driverless printing workflow finalized, even if the code is not? If the services we need to enable are known/finalized, I see no issue with merging a PR that adds that functionality and including it in this release, particularly if we have a timeline for the corresponding client release. If there is any question about which services will be needed (just avahi? cups-browsed? avahi-utils?), or if the corresponding client release timeline is still a ways off, we may want to wait and release the printing specific changes all together, since it's pretty painless to build and release an rpm now, especially one that won't need much manual QA. What do you think? |
I think the workflow is pretty much the same as we have now. So I would be inclined to say yes.
From my testing we just need to add the
The main thing I was thinking about was the need to run a salt "migration" - i.e. extra time for users the updater w/ salt twice where we could bundle it in one. But what we could do is already add the |
|
Hey, thanks for the followup :)
Ah, perhaps "workflow" was a bad choice of words on my part, but what I mean is there are differences: which services need to be enabled, which additional packages need to be installed, etc. (To know this, we need rudimentary working driverless print instructions for a deb-minimal vm with a grsec kernel, even if they are just a series of manual commandline instructions in a gist that explain which services were enabled, which packages were installed, and which commands were used to set up the printer).
istm this part should be the first thing that's solid, even if it's a series of manual steps/instructions, and we should have some certainty around the manual steps before we move on to implementing/automating? I don't want to get into a rabbithole, but if that's not the case I think we should make sure that's a known quantity before we ship any changes in dom0, and maybe follow up on that in freedomofpress/securedrop-client#2088 or wherever is the right place. |
|
(I agree that if we are already doing a full salt run to update VM templates, it's a good time to make other small changes like enabling services we know we'll need, etc, so I would say as long as we have clarity around that, there's no issue with including additional small configuration changes at the same time, if they've been tested/confirmed to be the implementation path we plan to take.) |
|
Sounds good. I think it's just a matter of adding the |
|
To update: I checked in with @deeplow about the status of client/print stuff. Based on that check-in, my understanding is that the changes to VMs/templates that are required to support driverless printing are already decided. If that's the case, I think a workstation PR can be merged whenever the time is right, especially if it's just enabling the avahi service in sd-devices plus a couple extra vm tests. |
This is a planning ticket designed to lay out what will be required to release SecureDrop Workstation 1.1.0, with support for a new securedrop-workstation-keyring package.
Pre-release tasks
Requires?)requires infra support; requires version number decision)securedrop-handle-upgradefor sys-whonix #1227Release tasks
Post-release tasks
Test Plan
Fresh install
TK
Upgrade testing
TK
The text was updated successfully, but these errors were encountered: