Merge pull request #7334 from freedomofpress/stg-upgrade-check

Add a basic noble migration check script
freedomofpress · Dec 2, 2024 · b40b0da · b40b0da
2 parents cc9bea3 + 7f8479a
commit b40b0da
Show file tree

Hide file tree

Showing 15 changed files with 1,838 additions and 181 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,7 @@
 [workspace]
 
 members = [
+    "noble-migration",
     "redwood",
 ]
 

diff --git a/builder/build-debs-securedrop.sh b/builder/build-debs-securedrop.sh
@@ -11,8 +11,10 @@ set -euxo pipefail
 
 # Make a copy of the source tree since we do destructive operations on it
 cp -R /src/securedrop /srv/securedrop
-cp -R /src/redwood /srv/redwood
-cp /src/Cargo.lock /srv/redwood/
+mkdir /srv/rust
+cp -R /src/noble-migration /srv/rust/noble-migration
+cp -R /src/redwood /srv/rust/redwood
+cp /src/Cargo.{toml,lock} /srv/rust/
 cd /srv/securedrop/
 
 # Control the version of setuptools used in the default construction of virtual environments

diff --git a/install_files/ansible-base/group_vars/securedrop_application_server.yml b/install_files/ansible-base/group_vars/securedrop_application_server.yml
@@ -7,7 +7,7 @@ ip_info:
 ### Used by the install_local_deb_pkgs role ###
 local_deb_packages:
   - "securedrop-keyring_0.2.2+{{ securedrop_version }}+{{ securedrop_target_distribution }}_all.deb"
-  - "securedrop-config_{{ securedrop_version }}+{{ securedrop_target_distribution }}_all.deb"
+  - "securedrop-config_{{ securedrop_version }}+{{ securedrop_target_distribution }}_amd64.deb"
   - "securedrop-ossec-agent_3.6.0+{{ securedrop_version }}+{{ securedrop_target_distribution }}_all.deb"
   - "{{ securedrop_app_code_deb }}.deb"
   - "ossec-agent_3.6.0+{{ securedrop_target_distribution }}_amd64.deb"

diff --git a/install_files/ansible-base/group_vars/securedrop_monitor_server.yml b/install_files/ansible-base/group_vars/securedrop_monitor_server.yml
@@ -7,7 +7,7 @@ ip_info:
 ### Used by the install_local_deb_pkgs role ###
 local_deb_packages:
   - "securedrop-keyring_0.2.2+{{ securedrop_version }}+{{ securedrop_target_distribution }}_all.deb"
-  - "securedrop-config_{{ securedrop_version }}+{{ securedrop_target_distribution }}_all.deb"
+  - "securedrop-config_{{ securedrop_version }}+{{ securedrop_target_distribution }}_amd64.deb"
   - "securedrop-ossec-server_3.6.0+{{ securedrop_version }}+{{ securedrop_target_distribution }}_all.deb"
   - ossec-server_3.6.0+{{ securedrop_target_distribution }}_amd64.deb
 

diff --git a/molecule/testinfra/common/test_release_upgrades.py b/molecule/testinfra/common/test_release_upgrades.py
@@ -1,3 +1,7 @@
+import json
+import time
+
+import pytest
 import testutils
 
 test_vars = testutils.securedrop_test_vars
@@ -27,3 +31,40 @@ def test_release_manager_upgrade_channel(host):
     _, channel = raw_output.split("=")
 
     assert channel == "never"
+
+
+def test_migration_check(host):
+    """Verify our migration check script works"""
+    if host.system_info.codename != "focal":
+        pytest.skip("only applicable/testable on focal")
+
+    with host.sudo():
+        # remove state file so we can see if it works
+        if host.file("/etc/securedrop-noble-migration.json").exists:
+            host.run("rm /etc/securedrop-noble-migration.json")
+        cmd = host.run("systemctl start securedrop-noble-migration-check")
+        assert cmd.rc == 0
+        while host.service("securedrop-noble-migration-check").is_running:
+            time.sleep(1)
+
+        # JSON state file was created
+        assert host.file("/etc/securedrop-noble-migration.json").exists
+
+        cmd = host.run("cat /etc/securedrop-noble-migration.json")
+        assert cmd.rc == 0
+
+        contents = json.loads(cmd.stdout)
+        print(contents)
+        # The script did not error out
+        if "error" in contents:
+            # Run the script manually to get the error message
+            cmd = host.run("securedrop-noble-migration-check")
+            print(cmd.stdout)
+            # We'll fail in the next line after this
+        assert "error" not in contents
+        # staging CI jobs don't have enough free space, so just check
+        # that it returned a value for it
+        assert "free_space" in contents
+        del contents["free_space"]
+        # All the values should be True
+        assert all(contents.values())
diff --git a/noble-migration/Cargo.toml b/noble-migration/Cargo.toml
@@ -0,0 +1,12 @@
+[package]
+name = "noble-migration"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+anyhow = "1.0.93"
+rustix = { version = "0.38.40", features = ["process"] }
+serde = { version = "1.0.215", features = ["derive"] }
+serde_json = "1.0.132"
+url = "2.5.3"
+walkdir = "2.5.0"