Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added Ansible parameter to use legacy password prompt text #5255

Merged
merged 1 commit into from
May 13, 2020
Merged

added Ansible parameter to use legacy password prompt text #5255

merged 1 commit into from
May 13, 2020

Conversation

zenmonkeykstop
Copy link
Contributor

Status

Ready for review

Description of Changes

Fixes #5254.

Sets agnostic_become_prompt to False in ansible.cfg. This sets the password prompt when ansible is called with --ask-become-pass to SUDO password:. When set to True, the prompt is set as BECOME password:.

The default value was switched in Ansible 2.8, but the GUI updater expects the False and SUDO password version, so it needs to be set explicitly.

Testing

In a prod instance (VMs or hardware):

  • check out this branch in an Admin Workstation
  • run ./securedrop-admin setup - it completes without error
  • follow the installation guide and verify that:
    • the password prompt for ./securedrop-admin install is SUDO password:
    • the password prompt for ./securedrop-admin tailsconfig is SUDO password:
    • both commands complete successfully.

Deployment

This will be deployed with the next production release after merge - as it preserves existing behaviour it should not have any impact on the GUI updater.

Checklist

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

@zenmonkeykstop zenmonkeykstop added this to the 1.3.0 milestone May 13, 2020
rmol
rmol approved these changes May 13, 2020
View reviewed changes
Copy link
Contributor

@rmol rmol left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worked for me:

  • run ./securedrop-admin setup - it completes without error
  • follow the installation guide and verify that:
    • the password prompt for ./securedrop-admin install is SUDO password:
    • the password prompt for ./securedrop-admin tailsconfig is SUDO password:
    • both commands complete successfully.

Think there should be a second review before merging this though.

@zenmonkeykstop
Copy link
Contributor Author

zenmonkeykstop commented May 13, 2020
edited
Loading

Agreed - I tested this via the GUI updater on Tails as follows:

  • checked out this branch, tagged it locally as 1.3.0
  • checked out 1.2.2, deleted the 1.2.2 tag (locally!)
  • disabled signature verification in admin/securedrop_admin/__init.py, committed, and tagged locally as 1.2.2
  • bumped network connection to trigger updater and followed regular flow

This worked, the tailsconfig phase completed successfully. This isn't a perfect test as it involves the surgery mentioned above, but it does increase my confidence in the fix .If someone else wants to run through a similar process, feel free.

@rmol
Copy link
Contributor

rmol commented May 13, 2020

I repeated that process and can confirm that the updater has no problem with the escalation prompt after (this pending version of) 1.3.0 is checked out.

@conorsch
Copy link
Contributor

Merging based on @rmol's two-pass test report.

@conorsch conorsch merged commit 696b47a into develop May 13, 2020
@zenmonkeykstop zenmonkeykstop mentioned this pull request May 13, 2020
Merged
3 tasks
@zenmonkeykstop zenmonkeykstop deleted the fix-ansible-password-prompt branch July 21, 2021 23:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmol rmol rmol approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@emkll emkll Awaiting requested review from emkll

@kushaldas kushaldas Awaiting requested review from kushaldas

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.3.0
Development

Successfully merging this pull request may close these issues.

Graphical updater fails repeatedly with "Administrator password incorrect"
3 participants
@zenmonkeykstop @rmol @conorsch