Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release SecureDrop 0.8.0 #3512

Closed
12 tasks done
eloquence opened this issue Jun 12, 2018 · 13 comments
Closed
12 tasks done

Release SecureDrop 0.8.0 #3512

eloquence opened this issue Jun 12, 2018 · 13 comments
Milestone
0.8

Comments

@eloquence
Copy link
Member

eloquence commented Jun 12, 2018
edited
Loading

This is a tracking issue for the upcoming release of SecureDrop 0.8.0 - tasks may get added or modified.

Feature freeze: June 12, 2018
String freeze: June 19, 2018
Pre-release announcement: June 19, 2018
Release date: June 26, 2018

SecureDrop maintainers and testers: As you QA 0.8.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the 0.8 milestone for tracking.

Test debian packages will be posted on https://apt-test.freedom.press signed with the test key. An Ansible playbook testing the upgrade path is here.

Prepare release candidate (0.8.0~rc1)

QA Matrix for SecureDrop 0.8.0

After each test, please update the QA matrix and post details for Basic Server Testing, Application Acceptance Testing and 0.8.0-specific testing below.

Final release

  • Merge final translations
  • Push signed tag
  • Build final Debian packages for 0.8.0
  • Upload Debian packages (including linux-image, linux-firmware, and tor)
  • Pre-Flight: Test install (not upgrade) of 0.8.0 works w/ prod repo debs
  • Publish blog post about 0.8.0 Debian package release and instructions for admins
@eloquence eloquence added this to the 0.8 milestone Jun 12, 2018
This was referenced Jun 12, 2018
Closed
Closed
@emkll
Copy link
Contributor

emkll commented Jun 13, 2018
edited by redshiftzero
Loading

Please update the table in the issue with an additional ✔️ or ❌ once testing is complete, and log issues as required.

Checklist

For both upgrades and fresh installs, here is a list of functionality that requires testing. You can use this for copy/pasting into your QA report.

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

Application Acceptance Testing

Source Interface

Landing page base cases
  • JS warning bar does not appear when using Security Slider high
  • JS warning bar does appear when using Security Slider Low
First submission base cases
  • On generate page, refreshing codename produces a new 7-word codename
  • On submit page, empty submissions produce flashed message
  • On submit page, short message submitted successfully
  • On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
  • On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • Nonexistent codename cannot log in
  • Empty codename cannot log in
  • Legitimate codename can log in
  • Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • Can log in with 2FA tokens
  • incorrect password cannot log in
  • invalid 2fa token cannot log in
  • 2fa immediate reuse cannot log in
Index base cases
  • Filter by codename works
  • Starring and unstarring works
  • Click select all selects all submissions
  • Selecting all and clicking "Download all" works
Individual source page
  • You can submit a reply and a flashed message and new row appears
  • You cannot submit an empty reply
  • Clicking "Delete collection" and the source and docs are deleted
  • You can click on a document and successfully decrypt using application private key

0.8.0 specific testing

When reporting the results, please specify:
Hardware
Whether or not HTTPS is used for the Source interface.

4.4.135 Kernel Testing (#3494)

Alembic testing

If you are doing an upgrade test
If you are doing a clean install test

Other 0.8.0 functionality

@emkll
Copy link
Contributor

emkll commented Jun 14, 2018
edited
Loading

0.7.0 w/ 3.14.79 -> 0.8.0 upgrade, Mac mini with HTTPS on source interface (In progress)

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

Application Acceptance Testing

Source Interface

Landing page base cases
  • JS warning bar does not appear when using Security Slider high
  • JS warning bar does appear when using Security Slider Low
First submission base cases
  • On generate page, refreshing codename produces a new 7-word codename
  • On submit page, empty submissions produce flashed message
  • On submit page, short message submitted successfully
  • On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
  • On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • Nonexistent codename cannot log in
  • Empty codename cannot log in
  • Legitimate codename can log in
  • Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • Can log in with 2FA tokens
  • incorrect password cannot log in
  • invalid 2fa token cannot log in
  • 2fa immediate reuse cannot log in
Index base cases
  • Filter by codename works
  • Starring and unstarring works
  • Click select all selects all submissions
  • Selecting all and clicking "Download all" works
Individual source page
  • You can submit a reply and a flashed message and new row appears
  • You cannot submit an empty reply
  • Clicking "Delete collection" and the source and docs are deleted
  • You can click on a document and successfully decrypt using application private key

0.8.0 specific testing

When reporting the results, please specify:
Hardware
Whether or not HTTPS is used for the Source interface.

4.4.135 Kernel Testing (#3494)

Alembic testing

If you are doing an upgrade test
If you are doing a clean install test

Other 0.8.0 functionality

@redshiftzero
Copy link
Contributor

0.8.0~rc1 fresh install in VMs

Hardware: VMs
Whether or not HTTPS is used for the Source interface: No HTTPS

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded on both servers
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

0.8.0 specific testing

4.4.135 Kernel Testing (#3494)

  • uname -r returns 4.4.135-grsec
  • All three kernels are installed.sudo apt list --installed | grep linux-image returns 3.14.79, 4.4.115, 4.4.135.
  • Follow the new troubleshooting docs (https://docs.securedrop.org/en/latest/kernel_troubleshooting.html) to downgrade the kernel to 3.14.79 - did not test
  • If using prod vms, apt-test.freedom.press is not in /etc/apt/sources.list.d/apt_test_freedom_press.list - I manually overrode this due to force of habit

Alembic testing

Other 0.8.0 functionality

@conorsch
Copy link
Contributor

0.8.0~rc1 fresh install on Gigabyte Brix

Credit goes to @edenemmanuel for the meticulous setup here, I'm just stepping in to run through the checklist. Skipping the application acceptance testing, since the focus was to validate hardware support, particularly with the kernel version bump.

Hardware: Gigabyte Brix
Whether or not HTTPS is used for the Source interface: No HTTPS

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded on both servers
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

  • did not test, will make sure to do so on next hardware install, for rolled-back instances

0.8.0 specific testing

4.4.135 Kernel Testing (#3494)

  • uname -r returns 4.4.135-grsec
  • All three kernels are installed.sudo apt list --installed | grep linux-image returns 3.14.79, 4.4.115, 4.4.135.
  • Follow the new troubleshooting docs (https://docs.securedrop.org/en/latest/kernel_troubleshooting.html) to downgrade the kernel to 3.14.79
    • did not test, will do so on other hardware as part of rollback kernel testing
  • If using prod vms, apt-test.freedom.press is not in /etc/apt/sources.list.d/apt_test_freedom_press.list
    • N/A, since this was a pre-release QA testing, so installed 0.8.0~rc1 from apt-test

Alembic testing

Other 0.8.0 functionality

@kushaldas
Copy link
Contributor

kushaldas commented Jun 22, 2018
edited
Loading

0.8.0~rc2 fresh install in VMs

Hardware: VMs
Whether or not HTTPS is used for the Source interface: No HTTPS

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded on both servers
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

Application Acceptance Testing

Source Interface

Landing page base cases
  • JS warning bar does not appear when using Security Slider high
  • JS warning bar does appear when using Security Slider Low
First submission base cases
  • On generate page, refreshing codename produces a new 7-word codename
  • On submit page, empty submissions produce flashed message
  • On submit page, short message submitted successfully
  • On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
  • On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • Nonexistent codename cannot log in
  • Empty codename cannot log in
  • Legitimate codename can log in
  • Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • Can log in with 2FA tokens
  • incorrect password cannot log in
  • invalid 2fa token cannot log in
  • 2fa immediate reuse cannot log in
Index base cases
  • Filter by codename works
  • Starring and unstarring works
  • Click select all selects all submissions
  • Selecting all and clicking "Download all" works
Individual source page
  • You can submit a reply and a flashed message and new row appears
  • You cannot submit an empty reply
  • Clicking "Delete collection" and the source and docs are deleted
  • You can click on a document and successfully decrypt using application private key

0.8.0 specific testing

4.4.135 Kernel Testing (#3494)

  • uname -r returns 4.4.135-grsec
  • All three kernels are installed.sudo apt list --installed | grep linux-image returns 3.14.79, 4.4.115, 4.4.135.
  • Follow the new troubleshooting docs (https://docs.securedrop.org/en/latest/kernel_troubleshooting.html) to downgrade the kernel to 3.14.79 - did not test
  • If using prod vms, apt-test.freedom.press is not in /etc/apt/sources.list.d/apt_test_freedom_press.list

Alembic testing

Other 0.8.0 functionality

@msheiny
Copy link
Contributor

msheiny commented Jun 22, 2018
edited
Loading

0.8.0~rc2 upgrade testing with 3.14 kernel hold-back on HW

Hardware: NUCs
Whether or not HTTPS is used for the Source interface: No HTTPS

4.4.135 Kernel Testing (#3494)

Alembic testing

If you are doing an upgrade test

Other 0.8.0 functionality

@conorsch
Copy link
Contributor

conorsch commented Jun 22, 2018
edited
Loading

0.8.0~rc2 rolled back upgrade test on 1U servers

Hardware: HP Proliant DL385 G7 & PowerEdge R620
Whether or not HTTPS is used for the Source interface: No HTTPS

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded on both servers
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

0.8.0 specific testing

4.4.135 Kernel Testing (#3494)

  • uname -r returns 4.4.135-grsec
  • All three kernels are installed.sudo apt list --installed | grep linux-image returns 3.14.79, 4.4.115, 4.4.135.
  • Follow the new troubleshooting docs (https://docs.securedrop.org/en/latest/kernel_troubleshooting.html) to downgrade the kernel to 3.14.79
  • If using prod vms, apt-test.freedom.press is not in /etc/apt/sources.list.d/apt_test_freedom_press.list
    • N/A, since this was a pre-release QA testing, so installed 0.8.0~rc2 from apt-test

Alembic testing

Other 0.8.0 functionality

@redshiftzero
Copy link
Contributor

redshiftzero commented Jun 22, 2018
edited
Loading

0.7.0 w/ 4.4.115 kernel-> 0.8.0~rc2 upgrade

Hardware: Mac minis
HTTPS is used for the Source interface: Yes, self-signed cert (and verified successful submission of document)

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

0.8.0 specific testing

4.4.135 Kernel Testing (#3494)

  • uname -r returns 4.4.135-grsec
  • All three kernels are installed.sudo apt list --installed | grep linux-image returns 3.14.79, 4.4.115, 4.4.135.

Alembic testing

Other 0.8.0 functionality

@conorsch conorsch mentioned this issue Jun 22, 2018
Closed
3 tasks
@conorsch
Copy link
Contributor

See notes in the testing matrix, related to the rolled back upgrade test above. Notably the PowerEdge was still showing Spectre problems. I assume that a BIOS update would resolve, but have not tried this to confirm. The new kernel was stable, so I don't view this as a release blocker, but something we should keep an eye on.

@emkll
Copy link
Contributor

emkll commented Jun 25, 2018

@conorsch the current 4.4.135 rc kernel should be not vulnerable to the following:

  • CVE-2017-5373 (Spectre v1):
  • CVE-2017-5715 (Spectre v2)
  • CVE-2017-5754 (Meltdown/Spectre v3)

Mitigations for the following should not yet be present:

  • CVE 2018-3640 (Spectre v3a)
  • CVE 2018-3639 (Spectre v4)

Given incomplete upstream mitigations and lack of QA time, I suggest we wait until the next release to address these (noting that an attacker would need code execution on the machine to exploit these)

  • Spectre v3a requires firmware update or setting the spec_store_bypass_disable option.
  • Spectre v4 requires firmware update and Kernel SSBD support has not yet been backported to 4.4. However, our kernel hardening configuration (GRKERNSEC_BPF_HARDEN=y) should provide mitigations against this attack.

@b-meson b-meson mentioned this issue Jun 25, 2018
Closed
@b-meson
Copy link
Contributor

b-meson commented Jun 25, 2018

U2 Servers Test (fresh install using rc2 debs)

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over LAN
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

0.8.0 specific testing

4.4.135 Kernel Testing (#3494)

  • uname -r returns 4.4.135-grsec
  • All three kernels are installed. sudo apt list --installed | grep linux-image returns 3.14.79, 4.4.115, 4.4.135.

If you are doing a clean install test

Other 0.8.0 functionality

@kushaldas
Copy link
Contributor

0.8.0~rc3 update in VMs

Hardware: VMs
Whether or not HTTPS is used for the Source interface: No HTTPS

Basic Server Testing

  • I can access both the source and journalist interfaces
  • I can SSH into both machines over Tor
  • AppArmor is loaded on app
  • AppArmor is loaded on mon
  • Both servers are running grsec kernels
  • iptables rules loaded on both servers
  • OSSEC emails begin to flow after install
  • OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • Can successfully add admin user and login

Administration

Application Acceptance Testing

Source Interface

Landing page base cases
  • JS warning bar does not appear when using Security Slider high
  • JS warning bar does appear when using Security Slider Low
First submission base cases
  • On generate page, refreshing codename produces a new 7-word codename
  • On submit page, empty submissions produce flashed message
  • On submit page, short message submitted successfully
  • On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
  • On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • Nonexistent codename cannot log in
  • Empty codename cannot log in
  • Legitimate codename can log in
  • Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • Can log in with 2FA tokens
  • incorrect password cannot log in
  • invalid 2fa token cannot log in
  • 2fa immediate reuse cannot log in
Index base cases
  • Filter by codename works
  • Starring and unstarring works
  • Click select all selects all submissions
  • Selecting all and clicking "Download all" works
Individual source page
  • You can submit a reply and a flashed message and new row appears
  • You cannot submit an empty reply
  • Clicking "Delete collection" and the source and docs are deleted
  • You can click on a document and successfully decrypt using application private key

0.8.0 specific testing

4.4.135 Kernel Testing (#3494)

  • uname -r returns 4.4.135-grsec
  • All three kernels are installed.sudo apt list --installed | grep linux-image returns 3.14.79, 4.4.115, 4.4.135.
  • Follow the new troubleshooting docs (https://docs.securedrop.org/en/latest/kernel_troubleshooting.html) to downgrade the kernel to 3.14.79 - did not test
  • If using prod vms, apt-test.freedom.press is not in /etc/apt/sources.list.d/apt_test_freedom_press.list

Alembic testing

Other 0.8.0 functionality

@eloquence
Copy link
Member Author

Done: https://securedrop.org/news/securedrop-080-released/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.8
Development

No branches or pull requests
7 participants
@eloquence @kushaldas @conorsch @msheiny @b-meson @redshiftzero @emkll