updates #1
Merged
updates #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Preserves the v2 Onion lookup logic, but prefers v3 Onions if those are found on the Admin Workstation. Ensures that Admins connecting to the servers after migrating to v3 Onion URLs are using them for SSH.
Redesign footer, index page and language selector.
securedrop-config: remove function setting HiddenServiceVersion
fixes #4703 update mkvirtualenv command to reflect update to python3
…re-session Invalidate Session When Admin Resets Journalist Password
Replace srm with shred, which is faster, reducing the chance that deletion of a submission will be interrupted. Update rq and redis requirements, to eliminate long-standing bugs. Add manage.py tasks for detecting and correcting submissions that have been disconnected from their files on disk, and vice versa. Update manage.py to explicitly run with the production virtualenv. Also specify the virtualenv in WSGI scripts and the run-test script. In the dev/test Docker container, install requirements in a virtualenv at the same path as production. Add a supervisor script for requeuing interrupted rq jobs. If the app server is rebooted while an rq job is running, that job has already been deleted from the queue and rq will not automatically resume it on reboot, but it does have a record of it in the queue's started job registry. This script checks that registry for jobs that aren't already queued or being run, and requeues them.
Adds support for v3 Onion urls to ./securedrop-admin tailsconfig`
Resolves #4700
Footer tweaks: final language, HR fix, class rename
Improve deletion of submissions
This is accomplished by an alembic migration that removes any orphaned submissions from the database.
if a source has been deleted, we no longer have its filesystem_id in the database. as such, we will need to find the file, being careful to guard against potential duplicates due to the journalist_designations not necessarily being unique (this is a very rare case)
two situations _could_ potentially arise trying to think of the edge cases here: - Admin has been deleting files manually by digging around for files that consume a lot of disk in the securedrop data directory - A very rare situation can occur where there is a colliding journalist_designation
invalid objects being those which do not have a matching source_id in the sources table
easiest to do with a custom exception, but for files that were manually deleted by a curious admin who e.g. removed large files that were not properly deleted due to this bug, we should also remove the corresponding row in the database.
bandit flags this because the table name is passed in as a variable. It's not user controlled so this does not introduce a security problem (function is in the migration only). I could suppress the alert by removing the function but in the spirit of not making this alembic migration even more repetitive I'm adding `# nosec`.
one of the quirks of SecureDrop is that config.py might not yet exist until the app Ansible role has ran this means for fresh installs, the database must be created via alembic upgrade head without any errors raising, else the securedrop-app-code package install will fail
Adjust tooltip sizing/weight to reduce likelihood of abbreviation
so it won't import on existing installs
Update Tor to 0.4.1.6
Certain combinations of language and viewport size could result in the two columns on the source start page not lining up with each other. This changes the columns' justify-content property to push the top and bottom containers apart, and controls the borders and content of the buttons to align them better.
…n-requirements Pin all dev and testing dependencies
Add Czech to list of supported languages
The page moved to a new URL without a redirect
Bump app tests timeout to 15 minutes
Fix link to Tails update guide
Fix column/button alignment problems on source start page
Under Python 3, running securedrop-admin with no positional argument results in an ugly error, due to https://bugs.python.org/issue16308. Under Python 3.7, we could simply add dest and required arguments to the add_subparsers call, but required isn't available in Python 3.5, so would break under Tails 3.
Fix securedrop-admin crash when no operation given under Python 3
Adds a "checkenv" argument to admin/bootstrap.py, used in securedrop-admin to ensure that the admin virtualenv is functional. Also make sure bootstrap.py runs under Python 3.
…in-tails4 Remove Tails 3 Python 3 venv in Tails 4
Fix pipenv docs URLs (HTTPS on redirect is broken)
…heckenv Restore dropped virtualenv activation in securedrop-admin
The final comparison failed to account for the fact that the subprocess module returns a byte literal. Incorrect Tails detection caused torify not to be used, which caused a network error during the creation of the virtualenv on Tails 3.x. Decoding the string first reduces the likelihood of such coding errors. Fixes #4925
Includes instructions to rebuild the venv after the Tails 4 upgrade, so securedrop-admin and the graphical updater continue to work with Python 3. Removed older upgrade guides along the way per standard procedure.
Fix Tails detection in Python 3 + Tails 3.x
Fixes #4929: If a virtualenv is created, but a transient network error prevents core dependencies to be installed in this virtualenv (for example, pip3), we should delete the virtualenv to prevent subsequent `./securedrop-admin setup` runs from failing.
…guide Add 1.0.0->1.1.0 upgrade guide
…tion-failed Delete virtualenv if creation failed on setup
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review / Work in progress
Description of Changes
Fixes #.
Changes proposed in this pull request:
Testing
How should the reviewer test this PR?
Write out any special testing steps here.
Deployment
Any special considerations for deployment? Consider both:
Checklist
If you made changes to the server application code:
make lint) and tests (make -C securedrop test) pass in the development containerIf you made changes to
securedrop-admin:make -C admin test) pass in the admin development containerIf you made changes to the system configuration:
If you made non-trivial code changes:
If you made changes to documentation:
make docs-lint) passed locally