Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Script to upgrade from focal to noble
Browse files Browse the repository at this point in the history
The script is split into various stages where progress is tracked
on-disk. The script is able to resume where it was at any point, and
needs to, given multiple reboots in the middle.

The new noble-upgrade.json file shipped in the securedrop-config package
is used to control the upgrade process.

Further details of the script are explained inline and at
<https://github.com/freedomofpress/securedrop/wiki/noble-upgrade-architecture>.

Fixes #7332.
legoktm committed Jan 24, 2025
1 parent 065aaf4 commit 87d6e1a
Showing 13 changed files with 964 additions and 15 deletions.
99 changes: 97 additions & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions noble-migration/Cargo.toml
Original file line number Diff line number Diff line change
@@ -5,6 +5,9 @@ edition = "2021"

[dependencies]
anyhow = "1.0.93"
env_logger = { version = "0.11.5", features = ["humantime"] , default-features = false }
log = "0.4.22"
rand = "0.8.5"
rustix = { version = "0.38.40", features = ["process"] }
serde = { version = "1.0.215", features = ["derive"] }
serde_json = "1.0.132"
1 change: 1 addition & 0 deletions noble-migration/files/apt_freedom_press.list
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
deb [arch=amd64] https://apt.freedom.press noble main
13 changes: 13 additions & 0 deletions noble-migration/files/sources.list
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
## newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu/ noble main

## newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu/ noble universe

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu/ noble-updates main

### Security fixes for distribution packages
deb http://security.ubuntu.com/ubuntu noble-security main
deb http://security.ubuntu.com/ubuntu noble-security universe
11 changes: 11 additions & 0 deletions noble-migration/files/ubuntu.sources
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Types: deb
URIs: http://archive.ubuntu.com/ubuntu/
Suites: noble noble-updates
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
670 changes: 670 additions & 0 deletions noble-migration/src/bin/upgrade.rs

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[Unit]
Description=Run noble migration

RefuseManualStop=true

[Service]
Type=exec
Environment=RUST_LOG=debug
Environment=LAUNCHED_BY_SYSTEMD=1
ExecStart=/usr/bin/securedrop-noble-migration-upgrade
User=root
KillMode=process
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[Unit]
Description=Run noble migration

[Timer]
OnBootSec=3m
OnUnitInactiveSec=3m
Persistent=true

[Install]
WantedBy=timers.target
10 changes: 10 additions & 0 deletions securedrop/debian/config/usr/share/securedrop/noble-upgrade.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"app": {
"enabled": false,
"bucket": 0
},
"mon": {
"enabled": false,
"bucket": 0
}
}
6 changes: 5 additions & 1 deletion securedrop/debian/rules
Original file line number Diff line number Diff line change
@@ -22,7 +22,8 @@ override_dh_auto_install:
cd /srv/rust/noble-migration && cargo build --release --locked && \
cd /srv/securedrop && \
mkdir -p ./debian/securedrop-config/usr/bin && \
mv /srv/rust/target/release/check ./debian/securedrop-config/usr/bin/securedrop-noble-migration-check
mv /srv/rust/target/release/check ./debian/securedrop-config/usr/bin/securedrop-noble-migration-check && \
mv /srv/rust/target/release/upgrade ./debian/securedrop-config/usr/bin/securedrop-noble-migration-upgrade
# Build redwood wheel
python3 /srv/rust/redwood/build-wheel.py --release --redwood /srv/rust/redwood --target /srv/rust/target
# Set up virtualenv and install dependencies
@@ -92,6 +93,7 @@ override_dh_systemd_enable:
dh_systemd_enable --no-enable securedrop-cleanup-ossec.service
dh_systemd_enable --no-enable securedrop-reboot-required.service
dh_systemd_enable --no-enable securedrop-noble-migration-check.service
dh_systemd_enable --no-enable securedrop-noble-migration-upgrade.service
dh_systemd_enable

# This is basically the same as the enable stanza above, just whether the
@@ -104,4 +106,6 @@ override_dh_systemd_start:
dh_systemd_start --no-start securedrop-cleanup-ossec.service
dh_systemd_start --no-start securedrop-reboot-required.service
dh_systemd_start --no-start securedrop-noble-migration-check.service
dh_systemd_start --no-start --no-restart-after-upgrade \
securedrop-noble-migration-upgrade.service
dh_systemd_start
10 changes: 8 additions & 2 deletions securedrop/debian/securedrop-app-code.postinst
Original file line number Diff line number Diff line change
@@ -311,8 +311,14 @@ case "$1" in
database_migration

# Restart apache now that we've updated everything, setup AppArmor
# and applied all migrations
service apache2 restart
# and applied all migrations. Only restart if it is not masked, which
# it is during the noble migration.
apache2_status=$(systemctl is-enabled apache2 2>/dev/null ||:)
if [ "$apache2_status" != "masked" ]; then
systemctl restart apache2
else
echo "apache2 is masked, skipping restart"
fi

;;

14 changes: 14 additions & 0 deletions supply-chain/audits.toml
Original file line number Diff line number Diff line change
@@ -300,6 +300,20 @@ start = "2019-03-19"
end = "2024-05-02"
notes = "Rust Project member"

[[trusted.env_filter]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)
start = "2024-01-19"
end = "2025-06-02"
notes = "Rust Project member"

[[trusted.env_logger]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)
start = "2022-11-24"
end = "2025-06-02"
notes = "Rust Project member"

[[trusted.equivalent]]
criteria = "safe-to-deploy"
user-id = 539 # Josh Stone (cuviper)
120 changes: 110 additions & 10 deletions supply-chain/imports.lock
Original file line number Diff line number Diff line change
@@ -64,6 +64,20 @@ user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"

[[publisher.env_filter]]
version = "0.1.2"
when = "2024-07-25"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.env_logger]]
version = "0.11.5"
when = "2024-07-25"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.equivalent]]
version = "1.0.1"
when = "2023-07-10"
@@ -448,6 +462,13 @@ criteria = "safe-to-run"
delta = "2.3.2 -> 2.4.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.byteorder]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
version = "1.5.0"
notes = "Unsafe review in https://crrev.com/c/5838022"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.cc]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
@@ -520,6 +541,12 @@ crypto implementations. Hence, this crate does not implement crypto.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.humantime]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "2.1.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.itertools]]
who = "ChromeOS"
criteria = "safe-to-run"
@@ -562,16 +589,16 @@ version = "1.4.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.log]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.4.17"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
version = "0.4.22"
notes = """
Unsafe review in https://docs.google.com/document/d/1IXQbD1GhTRqNHIGxq6yy7qHqxeO4CwN5noMFXnqyDIM/edit?usp=sharing

[[audits.google.audits.log]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
delta = "0.4.17 -> 0.4.20"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
Unsafety is generally very well-documented, with one exception, which we
describe in the review doc.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.memoffset]]
who = "Dennis Kempin <denniskempin@google.com>"
@@ -609,6 +636,24 @@ criteria = "safe-to-run"
version = "0.3.26"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.ppv-lite86]]
who = "danakj@chromium.org"
criteria = "safe-to-run"
version = "0.2.17"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.ppv-lite86]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-run"
delta = "0.2.17 -> 0.2.20"
notes = "Using zerocopy to reduce unsafe usage."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.proc-macro2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
@@ -704,6 +749,29 @@ The delta just 1) inlines/expands `impl ToTokens` that used to be handled via
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rand]]
who = "danakj@chromium.org"
criteria = "safe-to-run"
version = "0.8.5"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rand_chacha]]
who = "Android Legacy"
criteria = "safe-to-run"
version = "0.3.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.rand_core]]
who = "Android Legacy"
criteria = "safe-to-run"
version = "0.6.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.same-file]]
who = "Android Legacy"
criteria = "safe-to-run"
@@ -1421,7 +1489,7 @@ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-ch
[[audits.mozilla.audits.url]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.5.1 -> 2.5.3"
delta = "2.5.1 -> 2.5.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.utf16_iter]]
@@ -1488,6 +1556,26 @@ criteria = "safe-to-deploy"
delta = "0.7.3 -> 0.7.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zerocopy]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.7.32"
notes = """
This crate is `no_std` so doesn't use any side-effectful std functions. It
contains quite a lot of `unsafe` code, however. I verified portions of this. It
also has a large, thorough test suite. The project claims to run tests with
Miri to have stronger soundness checks, and also claims to use formal
verification tools to prove correctness.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zerocopy-derive]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.7.32"
notes = "Clean, safe macros for zerocopy."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zerofrom]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
@@ -1580,3 +1668,15 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.16.0 -> 1.17.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.zerocopy]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.32 -> 0.7.34"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.zerocopy-derive]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.32 -> 0.7.34"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

0 comments on commit 87d6e1a

Please sign in to comment.