Display a banner in the JI regarding the noble migration #7348
Conversation
This actively dissuades from using HTTPS URLs, favoring protocol-relative ones. Even ignoring HTTPS-only URLs as a best practice, given most onion services are hosted as HTTP sites, they'd become HTTP links instead of HTTPS. So let's just suppress this rule and link to the correct protocol.
legoktm
force-pushed
the
noble-ji-warnings
branch
2 times, most recently
from
81421e3
to
0b287e7
Compare
legoktm
force-pushed
the
noble-ji-warnings
branch
from
0b287e7
to
1b5815e
Compare
This is largely copied from the same functionality that was implemented during the focal migration (ecfecea). There are two banners that can be seen: OS_PAST_EOL is in effect after April 2, 2025 if the system is still running on focal. The Source Interface automatically disables itself and the Journalist Interface will display a banner informing journalists to contact their administrator. OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist Interface if the check script has run and found issues that need resolution. It doesn't affect the Source Interface. The banners point at <https://securedrop.org/focal-eol>, which will be set up as a redirect to the relevant documentation. Both checks are done during startup, which means if the state changes (e.g. disk space is freed up or a systemd unit fails), the banner state will only change after the nightly reboot. Refs #7322 Co-authored-by: soleilera <[email protected]>
legoktm
force-pushed
the
noble-ji-warnings
branch
from
1b5815e
to
5b50aad
Compare
|
Marking this as ready for review now. |
|
I think that I need to get the checker script merged first - it's not clear to me from the test plan what the JSON file should contain. |
Sorry for not making that clear, but also thanks for merging that other PR! The format is basically: {
"ssh": true,
"free_space": false,
}etc., where false means the check failed and the banner should be displayed. The main special case is |
Status
Ready for review
Description of Changes
Display a banner in the JI regarding the noble migration
This is largely copied from the same functionality that was implemented during the focal migration (ecfecea).
There are two banners that can be seen:
OS_PAST_EOL is in effect after April 2, 2025 if the system is still
running on focal. The Source Interface automatically disables itself and
the Journalist Interface will display a banner informing journalists to
contact their administrator.
OS_NEEDS_MIGRATION_FIXES will display a notice in the Journalist
Interface if the check script has run and found issues that need
resolution. It doesn't affect the Source Interface.
The banners point at https://securedrop.org/focal-eol, which will be
set up as a redirect to the relevant documentation.
Both checks are done during startup, which means if the state changes
(e.g. disk space is freed up or a systemd unit fails), the banner state
will only change after the nightly reboot.
Disable "protocol" check from html_lint.py
This actively dissuades from using HTTPS URLs, favoring
protocol-relative ones. Even ignoring HTTPS-only URLs as a best
practice, given most onion services are hosted as HTTP sites,
they'd become HTTP links instead of HTTPS.
So let's just suppress this rule and link to the correct protocol.
Refs #7322
Testing
How should the reviewer test this PR?
/etc/securedrop-noble-migration.jsonin the dev container with a false value, the migration banner will be triggeredFOCAL_ENDOFLIFEdate in server_os.py to 2024 or some other past date, the EOL banner will be triggered.Deployment
Any special considerations for deployment? n/a
Checklist
make lint) and tests (make test) pass in the development container