Closed zenmonkeykstop closed 2 years ago
./securedrop-admin verify
are passing: FAIL: one NTP test flake
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] #6306 Add basic message filtering in the SI
minimum message length
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from sending initial messages shorter than..." checkbox but do not set a length. Click Update Submission Preferences
Create a new source account on the SI, navigating through to the /lookup page
codename messages
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from submitting their codename as an initial message" checkbox. Click Update Submission Preferences
[x] #6290 Improve Tor2Web detection and handling
<meta name="robots" content="noindex,nofollow">
is in the head./robots.txt
. Verify that all indexing is disallowed.[ ] #6336 Prevent viewport jumps when there's flashed messages
html
element with the Web Developer Tools. Using the layout tab, make sure that the content size of the html element is 1000x540 (when no scrollbar is visible)#6320 Bring Tor Browser security level instructions up to date
#6237 Add "skip to main content" link to all pages
main
content.main
content.#6302 Add honeypot to Source Interface to stop very basic spambots
text
), and submit. You should get a 403 error screen.#6301 Fix text overflow in Source Interface replies
#6240 Add aria- annotations for WTForms validation errors
aria-invalid
and has an aria-describedby
annotation pointing to its validation errors../securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] #6306 Add basic message filtering in the SI
minimum message length
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from sending initial messages shorter than..." checkbox but do not set a length. Click Update Submission Preferences
Create a new source account on the SI, navigating through to the /lookup page
codename messages
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from submitting their codename as an initial message" checkbox. Click Update Submission Preferences
[ ] #6290 Improve Tor2Web detection and handling
<meta name="robots" content="noindex,nofollow">
is in the head./robots.txt
. Verify that all indexing is disallowed.[x] #6336 Prevent viewport jumps when there's flashed messages
html
element with the Web Developer Tools. Using the layout tab, make sure that the content size of the html element is 1000x540 (when no scrollbar is visible)#6320 Bring Tor Browser security level instructions up to date
#6237 Add "skip to main content" link to all pages
main
content.main
content.#6302 Add honeypot to Source Interface to stop very basic spambots
text
), and submit. You should get a 403 error screen.#6301 Fix text overflow in Source Interface replies
#6240 Add aria- annotations for WTForms validation errors
aria-invalid
and has an aria-describedby
annotation pointing to its validation errors../securedrop-admin verify
are passing: Some expected failures
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
[ ] #6306 Add basic message filtering in the SI
minimum message length
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from sending initial messages shorter than..." checkbox but do not set a length. Click Update Submission Preferences
Create a new source account on the SI, navigating through to the /lookup page
codename messages
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from submitting their codename as an initial message" checkbox. Click Update Submission Preferences
[ ] #6290 Improve Tor2Web detection and handling
<meta name="robots" content="noindex,nofollow">
is in the head./robots.txt
. Verify that all indexing is disallowed.[ ] #6336 Prevent viewport jumps when there's flashed messages
html
element with the Web Developer Tools. Using the layout tab, make sure that the content size of the html element is 1000x540 (when no scrollbar is visible)#6320 Bring Tor Browser security level instructions up to date
#6237 Add "skip to main content" link to all pages
main
content.main
content.#6302 Add honeypot to Source Interface to stop very basic spambots
text
), and submit. You should get a 403 error screen.#6301 Fix text overflow in Source Interface replies
#6240 Add aria- annotations for WTForms validation errors
aria-invalid
and has an aria-describedby
annotation pointing to its validation errors../securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
securedrop-qa.yml
playbooksecuredrop-admin install
:
Mar 22 19:09:15 app kernel: [ 4130.056710] grsec: denied attempt to access restricted sysfs entry /sys/module/apparmor/parameters/enabled by /usr/lib/systemd/systemd[(ystemctl):137796] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/systemd/systemd[systemd:137791] uid/euid:33/33 gid/egid:33/33
After updating to this release candidate and running securedrop-admin tailsconfig
[x] #6306 Add basic message filtering in the SI
minimum message length
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from sending initial messages shorter than..." checkbox but do not set a length. Click Update Submission Preferences
Create a new source account on the SI, navigating through to the /lookup page
codename messages
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from submitting their codename as an initial message" checkbox. Click Update Submission Preferences
[x] #6290 Improve Tor2Web detection and handling
<meta name="robots" content="noindex,nofollow">
is in the head./robots.txt
. Verify that all indexing is disallowed.[x] #6336 Prevent viewport jumps when there's flashed messages
html
element with the Web Developer Tools. Using the layout tab, make sure that the content size of the html element is 1000x540 (when no scrollbar is visible)#6320 Bring Tor Browser security level instructions up to date
#6237 Add "skip to main content" link to all pages
main
content.main
content.#6302 Add honeypot to Source Interface to stop very basic spambots
text
), and submit. You should get a 403 error screen.#6301 Fix text overflow in Source Interface replies
#6240 Add aria- annotations for WTForms validation errors
aria-invalid
and has an aria-describedby
annotation pointing to its validation errors../securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] #6306 Add basic message filtering in the SI
minimum message length
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from sending initial messages shorter than..." checkbox but do not set a length. Click Update Submission Preferences
Create a new source account on the SI, navigating through to the /lookup page
codename messages
in the JI, navigate to the Instance Config page via the Admin page
check the "Prevent sources from submitting their codename as an initial message" checkbox. Click Update Submission Preferences
[x] #6290 Improve Tor2Web detection and handling
<meta name="robots" content="noindex,nofollow">
is in the head./robots.txt
. Verify that all indexing is disallowed.[x] #6336 Prevent viewport jumps when there's flashed messages
html
element with the Web Developer Tools. Using the layout tab, make sure that the content size of the html element is 1000x540 (when no scrollbar is visible)#6320 Bring Tor Browser security level instructions up to date
#6237 Add "skip to main content" link to all pages
main
content.main
content.#6302 Add honeypot to Source Interface to stop very basic spambots
text
), and submit. You should get a 403 error screen.#6301 Fix text overflow in Source Interface replies
#6240 Add aria- annotations for WTForms validation errors
aria-invalid
and has an aria-describedby
annotation pointing to its validation errors.
- grsec denial during
securedrop-admin install
:Mar 22 19:09:15 app kernel: [ 4130.056710] grsec: denied attempt to access restricted sysfs entry /sys/module/apparmor/parameters/enabled by /usr/lib/systemd/systemd[(ystemctl):137796] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/systemd/systemd[systemd:137791] uid/euid:33/33 gid/egid:33/33
Given that this is a transitory error during the installation, I think it's OK? Tested systemctl service targets for apparmor on a running system, no grsec errors were logged - and none were logged after installation was complete in general (excluding paxtest ones).
(Ran SecureDrop updater on Admin Workstation with Tails 4.27 without errors. Now taking Tails 4.28 for a quick spin as well.)
This is a tracking issue for the release of SecureDrop 2.3.0
Scheduled as follows:
Feature / string freeze: 2022-03-10 Pre-release announcement: 2022-03-21 Release date: 2022-03-28 Release manager: @zenmonkeykstop Deputy release manager: @legoktm Communications manager: @creviera Deputy CM: @eloquence Localization manager: @cfm Deputy LM: @zenmonkeykstop
QA team: TBD
SecureDrop maintainers and testers: As you QA 2.3.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the 2.3.0 milestone for tracking (or ask a maintainer to do so).
Test debian packages will be posted on https://apt-test.freedom.press signed with the test key
QA Matrix for 2.3.0
Test Plan for 2.3.0
Localization management
High-level summary of these steps can be found here: https://docs.securedrop.org/en/stable/development/i18n.html#two-weeks-before-the-release-string-freeze Duplicating that content as checkboxes below, for visibility:
Release management
Prepare release candidate (2.3.0~rc1)
2.3.0~rc1
on test apt serverPrepare release candidate (2.3.0~rc2)
2.3.0~rc2
on test apt serverFinal release
release
branch in the LFS repo)release
branch in the LFS repo for the debs)main
in the LFS repo)main
and verify new docs build in securedrop-docs repoPost release
securedrop-docs
(version information in Wagtail is updated automatically)develop