Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix onion service version validation in securedrop-admin install #5335

Merged
merged 5 commits into from
Jun 24, 2020
Merged

Fix onion service version validation in securedrop-admin install #5335

merged 5 commits into from
Jun 24, 2020

Conversation

rmol
Copy link
Contributor

@rmol rmol commented Jun 23, 2020
edited
Loading

Status

Ready for review

Description of Changes

Fixes #5334.

This was fallout from introducing non-interactive configuration validation during the install operation.

The SiteConfig._config_in_progress attribute was only being populated in user_prompt_config, so the v3 validator would never see v2 enabled during the install validation step, causing a spurious validation complaint if only v2 were enabled. This change copies the loaded config to _config_in_progress before calling clean_config changes clean_config to add each validated value to _config_in_progress (thanks @zenmonkeykstop), so validators can check the values of other configuration values.

Testing

  • Check out develop.
  • Run securedrop-admin sdconfig to enable only v2 onion services.
  • Run securedrop-admin install. It should abort with this error:
ERROR: Since you disabled v2 onion services, you must enable v3 onion services.
ERROR: Error loading configuration. Please run "securedrop-admin sdconfig" again.
ERROR (run with -v for more): Since you disabled v2 onion services, you must enable v3 onion services.
  • Checkout the fix-5334 branch.
  • Rerun securedrop-admin install. You should not get the error, but be prompted for the sudo password.

Checklist

If you made changes to securedrop-admin:

  • Linting and tests (make -C admin test) pass in the admin development container

If you made changes to the system configuration:

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

@rmol
Fix onion service version validation in securedrop-admin install
b7ba8b4 
This was fallout from introducing non-interactive configuration
validation during the install operation.

The SiteConfig._config_in_progress attribute was only being populated
in user_prompt_config, so the v3 validator would never see v2 enabled
during the install validation step, causing a spurious validation
complaint if only v2 were enabled. This change copies the loaded
config to _config_in_progress before calling clean_config, so
validators can check the values of other configuration values.
@zenmonkeykstop zenmonkeykstop self-assigned this Jun 23, 2020
zenmonkeykstop
zenmonkeykstop previously approved these changes Jun 23, 2020
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix for #5334 lgtm. There is an unrelated issue as mentioned below but that could be fixed on a more relaxed timescale.

@rmol
Move onion service validation fix
14b414c 
@zenmonkeykstop had a better idea; populating
SiteConfig._config_in_progress as we go though clean_config means each
validator can trust that other configuration items have been
validated.
rmol added 2 commits June 24, 2020 01:34
@rmol
Add config checks to admin tests
81e7d9d
@rmol
Update admin Docker configuration
79d2e98 
Build and run the Docker image the same way in local development and
CI. Set up admin/Dockerfile with a full copy of the repo to enable
more thorough testing of securedrop-admin.
conorsch
conorsch approved these changes Jun 24, 2020
View reviewed changes
Copy link
Contributor

@conorsch conorsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Performed manual testing in Tails VM, changes LGTM.

Really appreciate the attention to the test/CI logic for the admin functionality, it's a lot more straightforward to maintain a single testing workflow that prefers copying and eschews volume mounts.

@zenmonkeykstop zenmonkeykstop merged commit b5f8eb0 into develop Jun 24, 2020
@emkll emkll mentioned this pull request Jun 25, 2020
Closed
18 tasks
@legoktm legoktm deleted the fix-5334 branch January 9, 2025 22:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorsch conorsch conorsch approved these changes

@zenmonkeykstop zenmonkeykstop zenmonkeykstop left review comments

@emkll emkll Awaiting requested review from emkll

@kushaldas kushaldas Awaiting requested review from kushaldas

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees

@zenmonkeykstop zenmonkeykstop

Labels
priority/high
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Install command fails on admin workstation if v2 services enabled, v3 services disabled.
4 participants
@rmol @conorsch @zenmonkeykstop @eloquence