Skip to content

Remove v2 onion service support; fix Whonix repo list filename#694

Merged
conorsch merged 1 commit into
mainfrom
692-v2-is-no-more
May 7, 2021
Merged

Remove v2 onion service support; fix Whonix repo list filename#694
conorsch merged 1 commit into
mainfrom
692-v2-is-no-more

Conversation

@eloquence
Copy link
Copy Markdown
Contributor

@eloquence eloquence commented May 6, 2021
edited
Loading

Status

Ready for review

Description of Changes

Fixes #692
Fixes #693

  • Removes support for v2 onion services (we don't even recognize the format anymore - cue Phil Collins "No Son of Mine")
  • Updates Whonix repo list filename to ensure tests pass

Testing

Estimated testing time: 30-60 minutes

  1. make clone this branch into dom0 and sudo dnf reinstall (or make staging if you don't have a previously provisioned environment) the freshly built RPM from rpm-build/RPMS/noarch.
  2. Attempt to update your /usr/share/securedrop-workstation-dom0-config/config.json with a v2 config (contents of config.json.example in current main should do) and run sdw-admin --apply
    • Observe moderately helpful error message & script exiting
  4. Now put in something that looks nothing like a v2 or v3 config for the hostname and key options (e.g., random characters), and re-run sdw-admin --apply
    • Observe same error message
  6. Put in a v3 config and run sdw-admin --validate (or --apply if you are patient)
    • Observe success
  8. Make sure your currently provisioned config.json and sd-journalist.sec are present in your securedrop-workstation checkout directory in dom0, then run make test
    • Observe tests passing (or at least that test failures are unrelated to this PR - dom0 tests can be a bit finicky)

If you have made changes to the provisioning logic

  • All tests (make test) pass in dom0 of a Qubes install

eloquence
eloquence commented May 6, 2021
View reviewed changes
Comment thread config.json.example
"hidserv": {
"hostname": "avgfxawdn6c3coe3.onion",
"key": "Il8Xas7uf6rjtc0LxYwhrx"
"hostname": "sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion",
Copy link
Copy Markdown
Contributor Author

@eloquence eloquence May 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

securedrop.org website onion service

eloquence
eloquence commented May 6, 2021
View reviewed changes
Comment thread config.json.example
"hostname": "avgfxawdn6c3coe3.onion",
"key": "Il8Xas7uf6rjtc0LxYwhrx"
"hostname": "sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion",
"key": "5U4JPYSZ34N2ZDSOUAL2YLEX2NPI5BLL2Y66QJW24KLSH7R3FEPQ"
Copy link
Copy Markdown
Contributor Author

@eloquence eloquence May 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

randomly generated key in base32

eloquence
eloquence commented May 6, 2021
View reviewed changes
Comment thread scripts/validate_config.py
"ERROR: Onion service configuration missing or does not match expected format.\n"
"Please note that only v3 onion services are supported.\n"
)
raise
Copy link
Copy Markdown
Contributor Author

@eloquence eloquence May 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO this script shouldn't display tracebacks during expected validation errors, but that's the current pattern. See #683 as well for suggested refactoring of this whole logic.

eloquence
eloquence commented May 6, 2021
View reviewed changes
Comment thread tests/test_sd_whonix.py
def setUp(self):
self.vm_name = "sd-whonix"
self.whonix_apt_list = "/etc/apt/sources.list.d/whonix.list"
self.whonix_apt_list = "/etc/apt/sources.list.d/derivative.list"
Copy link
Copy Markdown
Contributor Author

@eloquence eloquence May 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's what fixes #693

@eloquence eloquence mentioned this pull request May 6, 2021
Closed
@conorsch conorsch self-requested a review May 7, 2021 19:41
@conorsch
Copy link
Copy Markdown
Contributor

conorsch commented May 7, 2021

Looks great. I found one more place in the tests where updating the repo filepath makes sense:

diff --git a/tests/test_proxy_vm.py b/tests/test_proxy_vm.py
index 37e84c8..989c620 100644
--- a/tests/test_proxy_vm.py
+++ b/tests/test_proxy_vm.py
@@ -63,7 +63,9 @@ class SD_Proxy_Tests(SD_VM_Local_Test):
         Guard against regressions by ensuring the old Whonix apt list
         is missing.
         """
+        # Whonix project changed the repo filename ~2021-05, so check both.
         assert not self._fileExists("/etc/apt/sources.list.d/whonix.list")
+        assert not self._fileExists("/etc/apt/sources.list.d/derivative.list")
 
     def test_logging_configured(self):
         self.logging_configured()

Will amend as part of review.

@conorsch conorsch force-pushed the 692-v2-is-no-more branch from 420213f to bc87a69 Compare May 7, 2021 19:51
@conorsch conorsch merged commit 8cdfaf5 into main May 7, 2021
@eloquence eloquence mentioned this pull request Nov 5, 2021
Closed
@legoktm legoktm deleted the 692-v2-is-no-more branch May 28, 2024 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@conorsch conorsch conorsch approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Whonix apt repo source list filename has changed Remove v2 support

2 participants

@eloquence @conorsch