Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not create local copy of backup file before extracting Tor config #5919

Merged
merged 1 commit into from May 7, 2021
Merged

Do not create local copy of backup file before extracting Tor config #5919

merged 1 commit into from May 7, 2021

Conversation

eloquence
Copy link
Member

@eloquence eloquence commented May 1, 2021
edited

Status

Ready for review

Description of Changes

Fixes #5918

Testing

Estimated testing time: ~30-60 minutes (depending on any errors encountered)

Using a VM or production server environment, from your Admin Workstation:

  1. Observe that you can reproduce Backup script copies entire backup file into memory #5918 on 1.8.1 by following the steps to reproduce
  2. Observe that you can no longer reproduce Backup script copies entire backup file into memory #5918 with the changes in this branch in place (you will have to specify --force to run securedrop-admin commands directly from this branch)

(I suggest cancelling the large file transfer to the server, assuming it successfully proceeds to that stage.)

Checklist

  • Linting (make lint) and tests (make test) pass in the development container

@eloquence eloquence requested a review from a team as a code owner May 1, 2021 00:34
eloquence
eloquence commented May 1, 2021
View reviewed changes
install_files/ansible-base/roles/restore/tasks/perform_restore.yml
dest: "{{ torrc_check_dir.path }}/backup/"
src: "{{ restore_file }}"
src: "{{playbook_dir}}/{{ restore_file }}"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For .tar.gz files, the unarchive module appears to expect full paths and will fail (misleadingly) with "Failed to find handler" on relative paths; see ansible/ansible#35645. The "Failed to find handler" issue arises only if we enable the remote_src setting, which suggests to me that otherwise, Ansible may pass along the full path to the copy it has created.

@eloquence eloquence added this to Ready for Review in SecureDrop Team Board May 1, 2021
@eloquence eloquence mentioned this pull request May 1, 2021
Closed
@eloquence
Copy link
Member Author

eloquence commented May 1, 2021
edited

app-tests CI failure is due to Xenial's end-of-life (#5920); Focal app tests are passing and app code has not been modified anyway. I could rebase onto cancel_xenial and convert to draft, but cancel_xenial is currently running behind develop and missing the v2 removal changes, so I'll just wait for now.

@eloquence
Copy link
Member Author

(Rebased to pick up #5911.)

@eloquence eloquence added this to the 1.8.2 milestone May 3, 2021
@codecov-commenter
Copy link

Codecov Report

Merging #5919 (e040fed) into develop (0f6ae64) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff            @@
##           develop    #5919   +/-   ##
========================================
  Coverage    85.37%   85.37%           
========================================
  Files           53       53           
  Lines         3876     3876           
  Branches       480      480           
========================================
  Hits          3309     3309           
  Misses         455      455           
  Partials       112      112

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0f6ae64...e040fed. Read the comment docs.

@zenmonkeykstop zenmonkeykstop self-assigned this May 7, 2021
rmol
rmol approved these changes May 7, 2021
View reviewed changes
Copy link
Contributor

@rmol rmol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Works great.

@rmol rmol merged commit 7b75db3 into develop May 7, 2021
SecureDrop Team Board automation moved this from Ready for Review to Done May 7, 2021
@rmol rmol deleted the 5918-you-shall-not-copy branch May 7, 2021 14:25
@zenmonkeykstop zenmonkeykstop mentioned this pull request May 13, 2021
Closed
32 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmol rmol rmol approved these changes

Assignees

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
1.8.2
Development

Successfully merging this pull request may close these issues.

Backup script copies entire backup file into memory
4 participants
@eloquence @codecov-commenter @rmol @zenmonkeykstop