Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove test version, add release key signed securedrop HTTPS everywhere ruleset channel #1

Merged
merged 9 commits into from
Apr 16, 2020
Merged

remove test version, add release key signed securedrop HTTPS everywhere ruleset channel #1

merged 9 commits into from
Apr 16, 2020

Conversation

redshiftzero
Copy link
Contributor

Towards freedomofpress/securedrop#3668

Few things to note:

  • I've used the official SecureDrop release key for signing these rules
  • First org onboarded is Lucy Parsons Labs
  • This is using option A from the design doc I shared last week (I can change this in review since now that I have the process down doing a ruleset release is fast, but now is the last chance to change without disruption to users, let's check in tomorrow on this)

Testing

For easy testing/review of this PR I deployed these changes to a personal page here (I was going to wait for merge into master here so we could use staging securedrop server but... I think it's useful to have a review/test step first).

To add the ruleset update channel:

  1. Open Tor Browser
  2. Type about:addons in the URL bar
  3. Click "HTTPS Everywhere"
  4. Click "Preferences"
  5. Click "Update Channels"
  6. Type "SecureDrop” and click "Add Update Channel"
  7. In JWK section, add the content of release-pubkey.jwk in this branch (this is just the JWK version of our existing RSA release public key)
  8. In path prefix, add https://redshiftzero.github.io/securedrop-httpse/
  9. Click update
  10. If all goes well, you should see "Stored rulesets version: 2020.4.14" appear
  11. Load lucyparsonslabs.com.securedrop.tor.onion
  12. Tor Browser should redirect you to http://qn4qfeeslglmwxgb.onion/

@redshiftzero redshiftzero requested review from kushaldas and emkll April 16, 2020 01:46
kushaldas
kushaldas approved these changes Apr 16, 2020
View reviewed changes
Copy link
Contributor

@kushaldas kushaldas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

9.Click update in this step I had to click update button twice, then it worked. Rest worked as expected.

@kushaldas kushaldas merged commit fa65288 into master Apr 16, 2020
@redshiftzero redshiftzero deleted the remove-test-version branch April 16, 2020 13:58
@eloquence
Copy link
Member

Works for me as well. I did not have to click "Update" twice, but the "Stored rulesets" information did not appear until I reloaded the about:plugins page (it was successfully applied before then, which I confirmed by loading LPL's SD in another tab).

@eloquence
Copy link
Member

Here's how the address bar and the site info looks in current alpha builds:

Screenshot from 2020-04-16 14-41-03

tormenu

@eloquence
Copy link
Member

(After installing the alpha, I had to remove and re-add the ruleset for TBB to pick it up.)

@eloquence
Copy link
Member

eloquence commented Apr 16, 2020
edited
Loading

GIF illustrating Tor Alpha behavior:

visiting LPL onion in Tor alpha

@ninavizz
Copy link
Member

ninavizz commented Apr 17, 2020
edited
Loading

gawd I love this...

Including in this ticket, a cross-link to the Tor UX team's ticket exploring how to do surface information to the user in this flow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kushaldas kushaldas kushaldas approved these changes

@emkll emkll Awaiting requested review from emkll

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@redshiftzero @eloquence @ninavizz @kushaldas