Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try harder to attach to an existing tmux session #4231

Merged
merged 3 commits into from
Mar 14, 2019
Merged

Try harder to attach to an existing tmux session #4231

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
79bc089
Try harder to attach to an existing tmux session
rmol Mar 5, 2019
1e77724
Better documentation and tests
rmol Mar 13, 2019
690f0e3
Add builder tests for securedrop-config
emkll Mar 13, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion install_files/ansible-base/group_vars/securedrop_application_server.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ ip_info:
### Used by the install_local_deb_pkgs role ###
local_deb_packages:
- "securedrop-keyring-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
- "securedrop-config-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
- "securedrop-config-0.1.3+{{ securedrop_app_code_version }}-amd64.deb"
- "securedrop-ossec-agent-3.0.0+{{ securedrop_app_code_version }}-amd64.deb"
- "{{ securedrop_app_code_deb }}.deb"
- "ossec-agent-3.0.0-amd64.deb"
Expand Down
2 changes: 1 addition & 1 deletion install_files/ansible-base/group_vars/securedrop_monitor_server.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ ip_info:
### Used by the install_local_deb_pkgs role ###
local_deb_packages:
- "securedrop-keyring-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
- "securedrop-config-0.1.2+{{ securedrop_app_code_version }}-amd64.deb"
- "securedrop-config-0.1.3+{{ securedrop_app_code_version }}-amd64.deb"
- "securedrop-ossec-server-3.0.0+{{ securedrop_app_code_version }}-amd64.deb"
- ossec-server-3.0.0-amd64.deb

Expand Down
9 changes: 0 additions & 9 deletions install_files/ansible-base/roles/common/files/bashrc_securedrop_additions
View file
Open in desktop

This file was deleted.

11 changes: 0 additions & 11 deletions install_files/ansible-base/roles/common/tasks/create_users.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,6 @@
- users
- sudoers

- name: Set SecureDrop bash profile additions.
copy:
src: bashrc_securedrop_additions
dest: /etc/profile.d/securedrop_additions.sh
owner: root
group: root
mode: "0644"
tags:
- users
- environment

# Backwards-compatibility. Previously, the SecureDrop bashrc additions
# for forcing a terminal multiplexer during interactive login sessions were
# added to ~/.bashrc for each admin user account. It's cleaner to add the
Expand Down
2 changes: 1 addition & 1 deletion install_files/securedrop-config/DEBIAN/control
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Priority: optional
Maintainer: SecureDrop Team <[email protected]>
Homepage: https://securedrop.org
Package: securedrop-config
Version: 0.1.2+0.13.0~rc1
Version: 0.1.3+0.13.0~rc1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version bump here is absolutely correct. It requires matching changes in other places, though:

  • group_vars for staging (already handled)
  • config tests vars (specifically, see molecule/builder-trusty/tests/vars.yml)

The rationale here is that we want to ensure we're installing exactly a certain version, and also running the package checks on exactly that same version. By default, multiple package versions can pile up in build/. We could automatically run rm -rf build/* to avoid the pile-up, but that seems a bit heavy-handed for the dev env.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed config_version in vars.yml.

Architecture: all
Description: Establishes baseline system state for running SecureDrop.
Configures apt repositories.
22 changes: 22 additions & 0 deletions install_files/securedrop-config/etc/profile.d/securedrop_additions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
[[ $- != *i* ]] && return

which tmux >/dev/null 2>&1 || return

tmux_attach_via_proc() {
# If the tmux package is upgraded during the lifetime of a
# session, attaching with the new binary can fail due to different
# protocol versions. This function attaches using the reference to
# the old executable found in the /proc tree of an existing
# session.
pid=$(pgrep --newest tmux)
if test -n "$pid"
then
/proc/$pid/exe attach
fi
return 1
}

if test -z "$TMUX"
then
(tmux attach || tmux_attach_via_proc || tmux new-session)
fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not requesting additional comments in this file because the logic is cleanly presented and the corresponding commit message is top-notch.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was a good not-request, though. No one should have to go find my top-notch commit message when trying to understand this. 😄

26 changes: 25 additions & 1 deletion molecule/builder-trusty/tests/test_securedrop_deb_package.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ def test_deb_package_contains_expected_conffiles(host, deb):
deb_package = host.file(deb.format(
securedrop_test_vars.securedrop_version))

# Only relevant for the securedrop-app-code package:
# For the securedrop-app-code package:
if "securedrop-app-code" in deb_package.path:
tmpdir = tempfile.mkdtemp()
# The `--raw-extract` flag includes `DEBIAN/` dir with control files
Expand All @@ -255,6 +255,12 @@ def test_deb_package_contains_expected_conffiles(host, deb):
conffiles = f.content_string.rstrip()
assert conffiles == "/var/www/securedrop/static/i/logo.png"

# For the securedrop-config package, we want to ensure there are no
# conffiles so securedrop_additions.sh is squashed every time
if "securedrop-config" in deb_package.path:
c = host.run("dpkg-deb -I {}".format(deb))
assert "conffiles" not in c.stdout


@pytest.mark.parametrize("deb", deb_packages)
def test_deb_package_contains_css(host, deb):
Expand Down Expand Up @@ -449,3 +455,21 @@ def test_ossec_binaries_are_present_server(host, deb):
c = host.run("dpkg-deb --contents {}".format(deb_package.path))
for wanted_file in wanted_files:
assert wanted_file in c.stdout


@pytest.mark.parametrize("deb", deb_packages)
def test_config_package_contains_expected_files(host, deb):
"""
Inspect the package contents to ensure all config files are included in
the package.
"""
deb_package = host.file(deb.format(
securedrop_test_vars.securedrop_version))
if "securedrop-config" in deb_package.path:
wanted_files = [
"/etc/cron-apt/action.d/9-remove",
"/etc/profile.d/securedrop_additions.sh",
]
c = host.run("dpkg-deb --contents {}".format(deb_package.path))
for wanted_file in wanted_files:
assert wanted_file in c.stdout
2 changes: 1 addition & 1 deletion molecule/builder-trusty/tests/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
securedrop_version: "0.13.0~rc1"
ossec_version: "3.0.0"
keyring_version: "0.1.2"
config_version: "0.1.2"
config_version: "0.1.3"
grsec_version: "4.4.167"

# These values will be interpolated with values populated above
Expand Down
34 changes: 26 additions & 8 deletions molecule/testinfra/staging/common/test_user_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import re
import textwrap


def test_sudoers_config(host):
Expand Down Expand Up @@ -38,16 +39,33 @@ def test_sudoers_tmux_env(host):
the corresponding settings there.
"""

f = host.file('/etc/profile.d/securedrop_additions.sh')
non_interactive_str = re.escape('[[ $- != *i* ]] && return')
tmux_check = re.escape('test -z "$TMUX" && (tmux attach ||'
' tmux new-session)')
host_file = host.file('/etc/profile.d/securedrop_additions.sh')
expected_content = textwrap.dedent(
"""\
[[ $- != *i* ]] && return

assert f.contains("^{}$".format(non_interactive_str))
assert f.contains("^if which tmux >\/dev\/null 2>&1; then$")
which tmux >/dev/null 2>&1 || return

assert 'test -z "$TMUX" && (tmux attach || tmux new-session)' in f.content
assert f.contains(tmux_check)
tmux_attach_via_proc() {
# If the tmux package is upgraded during the lifetime of a
# session, attaching with the new binary can fail due to different
# protocol versions. This function attaches using the reference to
# the old executable found in the /proc tree of an existing
# session.
pid=$(pgrep --newest tmux)
if test -n "$pid"
then
/proc/$pid/exe attach
fi
return 1
}

if test -z "$TMUX"
then
(tmux attach || tmux_attach_via_proc || tmux new-session)
fi"""
)
assert host_file.content_string == expected_content


def test_tmux_installed(host):
Expand Down