Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[xenial] Add base OS info to metadata endpoint #4059

Closed
eloquence opened this issue Jan 23, 2019 · 7 comments
Closed

[xenial] Add base OS info to metadata endpoint #4059

eloquence opened this issue Jan 23, 2019 · 7 comments
Milestone
0.12.0

Comments

@eloquence
Copy link
Member

eloquence commented Jan 23, 2019
edited by redshiftzero
Loading

Description

Part of #3204. In order to have better visibility into which SecureDrop instances are actively updating to from Ubuntu Trusty to Ubuntu Xenial (and actively engage with admins as needed), it makes sense to expose this info via the existing metadata endpoint.

To avoid breaking existing uses, this should be done in a new server_os variable.

From a security perspective, this does not give an attacker key information -- for now, both releases receive security updates; once 14.04 has reached EOL, it will also no longer receive SecureDrop package updates, which will be reflected in its already exposed SecureDrop version.

User Stories

As a SecureDrop administrator, I'd like to be actively alerted by the support team when I have to perform critical security updates, so that I can act on them with appropriate priority.

As a SecureDrop support team member, I'd like to know whether an instance is following recommended upgrade procedures, so I can increase the urgency of outreach efforts if required.
@eloquence eloquence added this to the 0.12.0 milestone Jan 23, 2019
@eloquence
Copy link
Member Author

eloquence commented Jan 24, 2019
edited
Loading

@nightwarrior-xxx By all means! We're in a crunch over the next couple of weeks to get all the must-do functionality in #3204 in; if you have time to help with this issue over the next few days, it would be much appreciated. :)

@heartsucker
Copy link
Contributor

@nightwarrior-xxx you commented on this last night but have since deleted your comment. Are you going to work on this or should someone else?

@nightwarriorftw
Copy link
Contributor

@heartsucker Yes,I would love to work.I thought to ask you on gitter first before taking up this issue

@heartsucker
Copy link
Contributor

Yeah then it's all yours

@zenmonkeykstop
Copy link
Contributor

@nightwarrior-xxx see the changes added in #4055 for a pretty basic way to check OS versions.

This would be a really useful addition from a support perspective. Thanks for grabbing it!

@nightwarriorftw
Copy link
Contributor

nightwarriorftw commented Jan 27, 2019
edited
Loading

@zenmonkeykstop [Just to clear confusion] I have to import platform and store linux_distribution in a variable called server_os in the file securedrop/admin/securedrop_admin/init.py

Or in securedrop/admin/tests/test_securedrop-admin-setup.py

@heartsucker
Copy link
Contributor

You don't have to add a variable to that file. You can just add it under the route in source_app/api.py.

This was referenced Jan 28, 2019
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.12.0
Development

No branches or pull requests
4 participants
@eloquence @zenmonkeykstop @heartsucker @nightwarriorftw