Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v3 onion migration] securedrop-admin sdconfig should set v2_onion_services and v3_onion_services variables #4627

Closed
redshiftzero opened this issue Jul 19, 2019 · 0 comments · Fixed by #4648
Closed

[v3 onion migration] securedrop-admin sdconfig should set v2_onion_services and v3_onion_services variables #4627

redshiftzero opened this issue Jul 19, 2019 · 0 comments · Fixed by #4648
Milestone
1.0.0

Comments

@redshiftzero
Copy link
Contributor

redshiftzero commented Jul 19, 2019
edited
Loading

Description

We should enable the setting of two new boolean configuration variables in site-specific by securedrop-admin sdconfig: v2_onion_services and v3_onion_services.

The expected behavior here is:

  • The default value of the v2_onion_services variable is set to:
    • True if there is a ths file (app-ths-source) files with a 16 char onion address in install_files/ansible-base/ - this is to prevent admins from accidentally disabling v2 onion services
    • False otherwise - we don't want new installs to be using v2 services beginning in SecureDrop 1.0.0
  • The default value of the v3_onion_services variable is set to True:
    • we want new SecureDrop instances to only use v3 services beginning in SecureDrop 1.0.0 and we want existing installs to enable v3 alongside v2 so they can begin transitioning users to v3.

Note that we may need to do another iteration to improve the messaging to admins / point to some overview docs (to be written) in docs.securedrop.org explaining the migration process. This ticket is primarily just for the functionality of setting the proper defaults (the docs and messaging in sdconfig should also communicate that users using HTTPS on the source interface will need to get a new certificate including the v3 interface before advertising source users to use the v3 onion service).

Subticket of #2951
@redshiftzero redshiftzero added this to the 1.0.0 milestone Jul 19, 2019
This was referenced Jul 19, 2019
Closed
Closed
kushaldas added a commit that referenced this issue Jul 26, 2019
@kushaldas
Fixes #4627 Adds v2 and v3 onion service variables
f795092 
Also adds 3 test cases for the same.
@kushaldas kushaldas mentioned this issue Jul 26, 2019
Merged
5 tasks
emkll added a commit that referenced this issue Jul 30, 2019
@emkll
Merge pull request #4648 from freedomofpress/the_future_is_v3
5eaad3b 
Fixes #4627 Adds v2 and v3 onion service variables
lev-csouffrant pushed a commit to lev-csouffrant/securedrop that referenced this issue Aug 25, 2019
@kushaldas @lev-csouffrant
Fixes freedomofpress#4627 Adds v2 and v3 onion service variables
f019b9a 
Also adds 3 test cases for the same.
kushaldas added a commit that referenced this issue Sep 25, 2019
@kushaldas
Fixes #4627 Adds v2 and v3 onion service variables
0c55d17 
Also adds 3 test cases for the same.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0.0
Development

Successfully merging a pull request may close this issue.

Fixes #4627 Adds v2 and v3 onion service variables freedomofpress/securedrop
1 participant
@redshiftzero