Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a basic noble migration check script #7334

Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

Add a basic noble migration check script #7334

wants to merge 3 commits into from

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Nov 8, 2024

Status

Ready for review

Description of Changes

Perform a number of checks to ensure the system is ready for the noble migration. The results are written to a JSON file in /etc/ that other things like the JI and the upgrade script itself can read from.

The script is run hourly on a systemd timer but can also be run interactively for administrators who want slightly more details.

Refs #7322.

Testing

How should the reviewer test this PR?

  • staging CI passes
  • visual review

Deployment

Any special considerations for deployment? n/a

Checklist

@legoktm legoktm added the noble Ubuntu Noble related work label Nov 8, 2024
@legoktm legoktm requested a review from a team as a code owner November 8, 2024 21:30
@legoktm legoktm added this to the SecureDrop 2.11.0 milestone Nov 8, 2024
@legoktm
Copy link
Member Author

legoktm commented Nov 8, 2024

I'm still thinking of a few more checks to add, but I think this is ready for review + merge and other checks can be added incrementally.

@legoktm
Copy link
Member Author

legoktm commented Nov 13, 2024

I plan to port this to Rust based on #7332 (comment).

@legoktm legoktm marked this pull request as draft November 13, 2024 22:19
@legoktm
Copy link
Member Author

legoktm commented Nov 14, 2024

Now that this is in Rust, need to do a few more cargo vet reviews:

recommended audits for safe-to-deploy:
    Command                                     Publisher      Used By                            Audit Size
    cargo vet diff zerofrom-derive 0.1.3 0.1.4  robertbastian  zerofrom                           5 files changed, 49 insertions(+), 43 deletions(-)
    cargo vet diff idna 1.0.2 1.0.3             valenting      url and sequoia-openpgp            7 files changed, 207 insertions(+), 208 deletions(-)
    cargo vet diff url 2.5.1 2.5.3              valenting      noble-migration                    12 files changed, 386 insertions(+), 92 deletions(-)
    cargo vet inspect stable_deref_trait 1.2.0  Storyyeller    yoke and icu_provider              484 lines
    cargo vet inspect idna_adapter 1.2.0        hsivonen       idna                               612 lines
    cargo vet inspect smallvec 1.8.0            mbrubeck       idna, icu_normalizer, and 1 other  3879 lines
      NOTE: mozilla trusts Matt Brubeck (mbrubeck) - consider cargo vet trust smallvec mbrubeck

estimated audit backlog: 5960 lines

The main new dependency triggering reviews is url, which pulls in idna.

@legoktm
Install xz-utils in diffoscope job
64c7d78 
So it can look inside compressed debs.
@legoktm
Bootstrap Rust project for noble-migration scripts
95aef64 
Establish a folder where we can build Rust binaries that will
be shipped in the securedrop-config deb. That package is now
architecture-dependent and only built for amd64.

We are using Rust because a statically compiled binary is going
to be the most robust option during a system upgrade when Python
itself is being removed and installed (not to mention all the other
Rust benefits).
@legoktm
Add a basic noble migration check script
ffbfd35 
Perform a number of checks to ensure the system is ready for the noble
migration. The results are written to a JSON file in /etc/ that other
things like the JI and the upgrade script itself can read from.

The script is run hourly on a systemd timer but can also be run
interactively for administrators who want slightly more details.

Refs #7322.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
noble Ubuntu Noble related work
Projects
SecureDrop dev cycle
Status: Ready For Review
Milestone
SecureDrop 2.11.0
Development

Successfully merging this pull request may close these issues.
1 participant
@legoktm