Try harder to attach to an existing tmux session

If in the course of an ssh/tmux session the tmux package is upgraded and the ssh connection broken, the next ssh attempt will encounter an error because of the tmux protocol version mismatch. The old tmux can be used to reattach by searching for the tmux process under /proc and using its reference to the old tmux executable. This change attempts to do that automatically if a first "tmux attach" attempt fails, but we can see that a previous session still exists.
freedomofpress · Mar 8, 2019 · 773d197 · 773d197
1 parent 21fcf15
commit 773d197
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 32 deletions.
diff --git a/install_files/ansible-base/group_vars/securedrop_application_server.yml b/install_files/ansible-base/group_vars/securedrop_application_server.yml
@@ -7,7 +7,7 @@ ip_info:
 ### Used by the install_local_deb_pkgs role ###
 local_deb_packages:
   - "securedrop-keyring-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
-  - "securedrop-config-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
+  - "securedrop-config-0.1.3+{{ securedrop_app_code_version }}-amd64.deb"
   - "securedrop-ossec-agent-3.0.0+{{ securedrop_app_code_version }}-amd64.deb"
   - "{{ securedrop_app_code_deb }}.deb"
   - "ossec-agent-3.0.0-amd64.deb"

diff --git a/install_files/ansible-base/group_vars/securedrop_monitor_server.yml b/install_files/ansible-base/group_vars/securedrop_monitor_server.yml
@@ -7,7 +7,7 @@ ip_info:
 ### Used by the install_local_deb_pkgs role ###
 local_deb_packages:
   - "securedrop-keyring-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
-  - "securedrop-config-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
+  - "securedrop-config-0.1.3+{{ securedrop_app_code_version }}-amd64.deb"
   - "securedrop-ossec-server-3.0.0+{{ securedrop_app_code_version }}-amd64.deb"
   - ossec-server-3.0.0-amd64.deb
 

diff --git a/install_files/ansible-base/roles/common/files/bashrc_securedrop_additions b/install_files/ansible-base/roles/common/files/bashrc_securedrop_additions
diff --git a/install_files/ansible-base/roles/common/tasks/create_users.yml b/install_files/ansible-base/roles/common/tasks/create_users.yml
@@ -23,17 +23,6 @@
     - users
     - sudoers
 
-- name: Set SecureDrop bash profile additions.
-  copy:
-    src: bashrc_securedrop_additions
-    dest: /etc/profile.d/securedrop_additions.sh
-    owner: root
-    group: root
-    mode: "0644"
-  tags:
-    - users
-    - environment
-
 # Backwards-compatibility. Previously, the SecureDrop bashrc additions
 # for forcing a terminal multiplexer during interactive login sessions were
 # added to ~/.bashrc for each admin user account. It's cleaner to add the

diff --git a/install_files/securedrop-config/DEBIAN/control b/install_files/securedrop-config/DEBIAN/control
@@ -4,7 +4,7 @@ Priority: optional
 Maintainer: SecureDrop Team <[email protected]>
 Homepage: https://securedrop.org
 Package: securedrop-config
-Version: 0.1.2+0.13.0~rc1
+Version: 0.1.3+0.13.0~rc1
 Architecture: all
 Description: Establishes baseline system state for running SecureDrop.
  Configures apt repositories.
diff --git a/install_files/securedrop-config/etc/profile.d/securedrop_additions.sh b/install_files/securedrop-config/etc/profile.d/securedrop_additions.sh
@@ -0,0 +1,17 @@
+[[ $- != *i* ]] && return
+
+which tmux >/dev/null 2>&1 || return
+
+function tmux_attach_via_proc() {
+    pid=$(pgrep --newest tmux)
+    if test -n "$pid"
+    then
+        /proc/$pid/exe attach
+    fi
+    return 1
+}
+
+if test -z "$TMUX"
+then
+    (tmux attach || tmux_attach_via_proc || tmux new-session)
+fi
diff --git a/molecule/testinfra/staging/common/test_user_config.py b/molecule/testinfra/staging/common/test_user_config.py
@@ -1,3 +1,5 @@
+import hashlib
+import os
 import re
 
 
@@ -38,16 +40,19 @@ def test_sudoers_tmux_env(host):
     the corresponding settings there.
     """
 
-    f = host.file('/etc/profile.d/securedrop_additions.sh')
-    non_interactive_str = re.escape('[[ $- != *i* ]] && return')
-    tmux_check = re.escape('test -z "$TMUX" && (tmux attach ||'
-                           ' tmux new-session)')
+    host_file = host.file('/etc/profile.d/securedrop_additions.sh')
+    source_file = os.path.abspath(
+        os.path.join(
+            os.path.dirname(__file__),
+            '../../../../install_files/securedrop-config/etc/profile.d',
+            'securedrop_additions.sh'
+        )
+    )
+    expected_content = open(source_file).read()
+    h = hashlib.sha256()
+    h.update(expected_content)
 
-    assert f.contains("^{}$".format(non_interactive_str))
-    assert f.contains("^if which tmux >\/dev\/null 2>&1; then$")
-
-    assert 'test -z "$TMUX" && (tmux attach || tmux new-session)' in f.content
-    assert f.contains(tmux_check)
+    assert host_file.sha256sum == h.hexdigest()
 
 
 def test_tmux_installed(host):