-
Notifications
You must be signed in to change notification settings - Fork 687
1.4.1 Test Plan
We're only testing on VMs and NUCs.
For both upgrades and fresh installs, here is a list of functionality that requires testing. You can use this for copy/pasting into your QA report. Feel free to edit this message to update the plan as appropriate.
If you have submitted a QA report already for a 1.4.1 release candidate with successful Basic Server Testing and [[Application Acceptance Testing]], then you can skip these sections in subsequent reports, unless otherwise indicated by the Release Manager. This is to ensure that you focus your QA effort on the 1.4.1-specific changes as well as changes since the previous release candidate.
- Install target:
- Tails version:
- Test Scenario:
- SSH over Tor:
- Onion service version:
- Release candidate:
- General notes:
- I can access both the source and journalist interfaces
- I can SSH into both machines over Tor
- AppArmor is loaded on app
- 0 processes are running unconfined
- AppArmor is loaded on mon
- 0 processes are running unconfined
- Both servers are running grsec kernels
- iptables rules loaded
- OSSEC emails begin to flow after install
- OSSEC emails are decrypted to correct key and I am able to decrypt them
- QA Matrix checks pass
- Can successfully add admin user and login
- I have backed up and successfully restored the app server following the backup documentation
- If doing upgrade testing, make a backup on 1.4.0 and restore this backup on 1.4.1
- "Send Test OSSEC Alert" button in the journalist triggers an OSSEC alert and an email is sent
- Can successfully add journalist account with HOTP authentication
- JS warning bar does not appear when using Security Slider high
- JS warning bar does appear when using Security Slider Low
- On generate page, refreshing codename produces a new 7-word codename
- On submit page, empty submissions produce flashed message
- On submit page, short message submitted successfully
- On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
- On submit page, file less than 500 MB submitted successfully
- Nonexistent codename cannot log in
- Empty codename cannot log in
- Legitimate codename can log in
- Returning user can view journalist replies - need to log into journalist interface to test
- Can log in with 2FA tokens
- incorrect password cannot log in
- invalid 2fa token cannot log in
- 2fa immediate reuse cannot log in
- Journalist account with HOTP can log in
- Filter by codename works
- Starring and unstarring works
- Click select all selects all submissions
- Selecting all and clicking "Download" works
- You can submit a reply and a flashed message and new row appears
- You cannot submit an empty reply
- Clicking "Delete Source And Submissions" and the source and docs are deleted
- You can click on a document and successfully decrypt using application private key
After updating to this release candidate and running securedrop-admin tailsconfig
- The Updater GUI appears on boot
- Updating occurs without issue
- Verify that
securedrop-admin installcan be run successfully. We're primarily interested in the v2-only scenarios from the 1.4.1 QA matrix (clean install with v2, and cron-apt update with v2) but it should be tested in all scenarios after the admin workstation working copy has been updated to 1.4.1.
- Ensure the builder image is up-to-date on release day
These tests should be performed the day of release prior to live debian packages on apt.freedom.press.
- Install or upgrade occurs without error
- Source interface is available and version string indicates it is 1.4.1
- A message can be successfully submitted
- The updater GUI appears on boot
- The update successfully occurs to 1.4.1
- After reboot, updater GUI no longer appears