Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backports and changelog for 0.12.1 #4262

Merged
merged 11 commits into from
Mar 14, 2019
Merged

Backports and changelog for 0.12.1 #4262

merged 11 commits into from
Mar 14, 2019

Conversation

heartsucker
Copy link
Contributor

Status

Ready for review

Description of Changes

Backports the currently closed tickets of the 0.12.1 milestone into the 0.12.0 release branch. Updates the changelog.

@eloquence eloquence changed the title Backports and changelot for 0.12.1 Backports and changelog for 0.12.1 Mar 14, 2019
@heartsucker heartsucker force-pushed the backports-for-0.12.1 branch from b95da20 to c07059f Compare March 14, 2019 15:36
emkll
emkll reviewed Mar 14, 2019
View reviewed changes
changelog.md Outdated Show resolved Hide resolved
@heartsucker heartsucker force-pushed the backports-for-0.12.1 branch from c07059f to 9e373bf Compare March 14, 2019 15:54
emkll
emkll reviewed Mar 14, 2019
View reviewed changes
admin/securedrop_admin/__init__.py Outdated
@@ -642,7 +642,7 @@ def check_for_updates(args):


def get_release_key_from_keyserver(args, keyserver=None, timeout=45):
gpg_recv = ['timeout', str(timeout), 'gpg', '--recv-key']
gpg_recv = ['timeout', str(timeout), 'gpg', '--batch', '--no-tty', '--recv-key']
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems like the -x option was not used when cherry-picking this commit?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wasn't a cherry-pick. I had to add this to get the lint to pass.

@heartsucker heartsucker force-pushed the backports-for-0.12.1 branch from 9e373bf to 588db95 Compare March 14, 2019 16:51
@emkll emkll force-pushed the backports-for-0.12.1 branch 2 times, most recently from 8ef515d to 816c75c Compare March 14, 2019 17:53
redshiftzero
redshiftzero approved these changes Mar 14, 2019
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good now, thanks @emkll and @heartsucker

rmol and others added 5 commits March 14, 2019 14:15
@rmol @emkll
On NoScript XSS info page, add link back to submission page
784269e 
Fixes #4208

(cherry picked from commit babc2f5)
@emkll
Remove unused packages
8a27c9d 
Wireless-related packages are not required for SecureDrop App and Mon servers. `gcc` and dpkg-dev` however are required, as they are listed dependencies for `libgcc1`, a dependency for very large number of packages including `apt`. These packages are installed by default in Trusty, and will remain if an instance is upgraded to Xenial.

(cherry picked from commit 1517e28)
@emkll
Resolves #4100
39640a9 
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.

--no-tty
     Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
     GnuPG sometimes prints warnings to the TTY if if --batch is used.

--batch
Use batch mode.  Never ask, do not allow interactive commands.

The test, which uses a subshell, is looking for errors on the cli, this
should be changed.

(cherry picked from commit 6143a17)
@emkll
Feed flake8 on securedrop-admin keyserver cmd
c971581 
The commit from @KwadroNaut added a few options, and flake8 was
characteristically opinionated about whitespace surrounding the change.
Updated the whitespace, without changes to the logic as written by
@KwadroNaut.

(cherry picked from commit 1a3e22b)
@rmol @emkll
Try harder to attach to an existing tmux session
21ceb8e 
If in the course of an ssh/tmux session the tmux package is upgraded
and the ssh connection broken, the next ssh attempt will encounter an
error because of the tmux protocol version mismatch.

The old tmux can be used to reattach by searching for the tmux process
under /proc and using its reference to the old tmux executable. This
change attempts to do that automatically if a first "tmux attach"
attempt fails, but we can see that a previous session still exists.

(cherry picked from commit 79bc089)
@emkll emkll force-pushed the backports-for-0.12.1 branch 2 times, most recently from f6af5e2 to 3143cfa Compare March 14, 2019 18:21
rmol and others added 4 commits March 14, 2019 14:30
@rmol @emkll
Better documentation and tests
12ec43d 
Comment the tmux_attach_via_proc function in
securedrop_additions.sh.

Fix version check in builder-trusty/tests/vars.yml.

Fix test_sudoers_config so that it requires explicit content in
securedrop_additions.sh, instead of just checking that the installed
file exactly matches whatever's in the current revision.

(cherry picked from commit 1e77724)
@emkll
Add builder tests for securedrop-config
55607c2 
At build time, let's ensure:
- no conffiles are present so that files in /etc are properly squashed
- securedrop-config contains the expected files

(cherry picked from commit 690f0e3)
@rmol @emkll
Control locale during Ansible runs
31652b6 
To avoid non-English system locales from breaking tasks that parse
command output expecting English, set the environment variable
LC_ALL=C in each play of securedrop-prod.yml.

(cherry picked from commit f445d83)
@rmol @emkll
Control locale for securedrop-staging playbook as well
78da438 
Add configuration test to check locale is set for all plays there and
in securedrop-prod.

(cherry picked from commit 75d6965)
@emkll emkll force-pushed the backports-for-0.12.1 branch from 3143cfa to 6995d18 Compare March 14, 2019 18:33
Conor Schaefer and others added 2 commits March 14, 2019 14:34
@emkll
Enforces locale overrides on all playbooks
fcbd918 
Porting the locale override logic by @rmol to the usual medley of
SecureDrop prod playbooks. Correspondingly updates the config tests to
reuse the "all prod playbooks" lookup logic, so we're sure to retain
coverage into the future.

(cherry picked from commit c71bf16)
@heartsucker @emkll
SecureDrop 0.12.1~rc1
2346b62
@emkll emkll force-pushed the backports-for-0.12.1 branch from 6995d18 to 2346b62 Compare March 14, 2019 18:35
redshiftzero
redshiftzero approved these changes Mar 14, 2019
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good!

@redshiftzero redshiftzero merged commit 77db1e0 into release/0.12.1 Mar 14, 2019
@redshiftzero redshiftzero deleted the backports-for-0.12.1 branch March 14, 2019 19:56
@rmol rmol mentioned this pull request Apr 24, 2019
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emkll emkll emkll left review comments

@redshiftzero redshiftzero redshiftzero approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@kushaldas kushaldas Awaiting requested review from kushaldas

@msheiny msheiny Awaiting requested review from msheiny

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@heartsucker @redshiftzero @emkll @rmol