Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.8.0] https://github.com/freedomofpress/securedrop/pull/5855 and 1.8.0-rc4 #5856

Merged
merged 8 commits into from
Mar 10, 2021
Merged

[1.8.0] https://github.com/freedomofpress/securedrop/pull/5855 and 1.8.0-rc4 #5856

merged 8 commits into from
Mar 10, 2021

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Mar 10, 2021

Status

Ready for review

Description of Changes

Backports #5855 to the release/1.8.0 branch

Testing

rmol and others added 8 commits March 9, 2021 18:54
@rmol @emkll
Adjust timing of daily apt tasks
2d1960a 
(cherry picked from commit a98e91c)
@emkll
Configures apt timers via Ansible
20996b5 
Builds on the work by @rmol in #5853. Slots in overrides
to the apt-daily{,-upgrade} timers, shipped with the 'apt' package, to
provide fine-grained control over the update and reboot times.
Ensures that the apt lists are updated approximately 1h prior to the
package upgrade. Lowered the time-fuzzing to 20m on each action, so that
even at the extremes, there's still a 20m window for an apt update to
complete. Uses a modulus to determine the sooner update time.

(cherry picked from commit 34fdc7a)
@emkll
Sets unattended-upgrades reboot time to "now"
009506b 
"Now" was the default value, we previously set it to the
'daily_reboot_time' to provide some predictability around reboots, but
that came at the cost of separating the package updates from the reboot
logic. Ideally, we'll have as narrow gap as possible between:

  * apt update
  * apt upgrade
  * reboot

and these changes implement that.

(cherry picked from commit bddeb5e)
@emkll
Fixes confold, confdef in unattended-upgrades
c788e7b 
Follow-up to #5852. The options parsing for apt configs requires that
list options be carefully specified, otherwise the last declared value
wins, clobbering all preceding values.

(cherry picked from commit a083a52)
@emkll
Updates testinfra tests for unattended-upgrades
5dc3b33 
Uses apt-config directly, rather than naively checking the config files.
That gives us a more accurate picture of what the system state is.

(cherry picked from commit 1bc7452)
@zenmonkeykstop @emkll
Add explicit enable for periodic apt updates.
a05e35c 
(cherry picked from commit b349d71)
@emkll
Sets unattended-upgrades reboot time to daily_reboot_time
84c01b4 
Revision, based on discussion. It turns out that setting reboot time to
"now" causes reboots even during download-only stages, which isn't the
behavior we want. Let's stagger the actions:

 * apt-get update
 * apt-get upgrade
 * reboot

 all approximately 1h apart (with 20m random delay on the apt-get
actions).

This reverts commit bddeb5e.

(cherry picked from commit 74fadb8)
@emkll
SecureDrop 1.8.0-rc4
586d51e
@emkll emkll requested a review from conorsch March 10, 2021 00:13
conorsch
conorsch approved these changes Mar 10, 2021
View reviewed changes
Copy link
Contributor

@conorsch conorsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Visually reviewed the diff. Once CI passes, I'll merge and proceed with building rc4.

@conorsch
Copy link
Contributor

CI is passing, merging!

@conorsch conorsch merged commit 2943c6c into release/1.8.0 Mar 10, 2021
@rmol rmol deleted the backport-5855-and-rc4 branch June 23, 2021 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorsch conorsch conorsch approved these changes

@kushaldas kushaldas Awaiting requested review from kushaldas

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emkll @conorsch @rmol @zenmonkeykstop