Standup Notes 2020 10 21
Participants (alphabetical): Allie, Conor, Erik, John, Kevin, Kushal, Mickael, Ro
(Conor) To hit the audit deadline, proposing we fall back to manual CLI action. We're at an impasse to enable full update via GUI updater -- the GUI updater that will be running is the old version.
On release date, we would instruct users to run a CLI command before running updater.
Once we ship this change, we will be able to enforce Salt state across VMs with future updates.
(Kev) How does that work for future updates? Don't we have the same chicken/egg problem?
(Conor) Old updater code has run order: 1) update all packages, 2) apply dom0 state. With current updater, 2) would break things, because only dom0 state would run. In branch #619, we have updated run order for GUI updater logic: 1) update dom0 RPM, 2) apply dom0 state, 3) update VM packages [OR] do a full state run (which includes full package update). Possible that we're still overlooking something, of course, but this could cover us for Whonix migration and similar future ones.
Technically speaking, we could do a point release with just these updater changes, which would allow us to ship template consolidation via graphical updater.
(Kev) How about splitting updater vs. Salt provisioning logic?
(Conor) Great suggestion. Do we want a second RPM in dom0? Would need to discuss further. I think we could get what you're describing by shelling out to apply updates.
(Kev) We could use Salt environments for this change to have branched logic in provisioning.
(Conor) Interesting. Difficult to research/implement/test.
Recommend using cli action to expedite:
1. Release all packages en masse
2. Instruct prod users not to run GUI updater that day
3. Instead, open dom0 terminal and run sudo qubes-dom0-update -y && sdw-admin --apply
4. Then double-click SD icon to re-run (new) GUI updater
New logic for GUI Updater: https://github.com/freedomofpress/securedrop-workstation/pull/619/commits/205e6bad550714089a15a028b7ac96aae7b98737
(Erik) We'd want to make sure that running the GUI updater (missing step 2) does not result in a state that's not recoverable -> add to test plan.
Yesterday:
- Opened a PR to add data migration test code and migration to fix journalist association in replies table: https://github.com/freedomofpress/securedrop-client/pull/1162
- Opened a PR to add migration for adding seen/unseen tables: https://github.com/freedomofpress/securedrop-client/pull/1164
- Worked on source widget styling for Seen/Unseen
Today:
- Seen/Unseen in the client: focusing on making sure new conversation items in the current conversation are marked as seen automatically and test
- SDK release
Blockers or Asks:
- None
Yesterday:
- Template consolidation upgrade-in-place behavior. Recommend using cli action to expedite:
- Release all packages en masse
- Instruct prod users not to run GUI updater that day
- Instead, open dom0 terminal and run
sudo qubes-dom0-update -y && sdw-admin --apply - Then double-click SD icon to re-run (new) GUI updater
Today:
- Based on group discussion, writing test plan for consolidation release
- Re-review of latest consolidation threat model docs1
Blockers or Asks: More rubberducking with Kev & Mickael for the PR
Yesterday:
- Reviewed old docs issues and migrated over to docs repo
- Started reviewing commit histories across repos to build prioritized test plan for SecureDrop Workstation release: https://docs.google.com/document/d/1kQwI1ktbr_oO0wkF2BgTpJZNuZuC7lhcfwt_txgxCvU/edit#
- Reviewed UX of DrG's icon replacement, added a couple of comments (since addressed)
Today:
- Continue on ^^
Blockers or Asks: None
Yesterday:
Today:
Blockers or Asks:
Yesterday:
- pairing with Allie on client db migration
- type annotation reviews
- fontawesome/PNG review
- that exposed some breakage in the dev server, preventing code reloading, so fixed that
Today:
- finishing fontawesome/PNG review
- one last type anno review, I think
- focal reviews
Blockers or Asks:
- None
Yesterday:
- Support
- Test plan for template consolidation
Today:
- ^^
Blockers or Asks: None, continuing discussion re: ^^
Today:
-
Started reviewing https://github.com/freedomofpress/securedrop-client/pull/1162
- commented the errors I got, maybe I missed something
-
Updated dev_focal branch for #5544 (now marked as ready for review)
-
Tried to install Debian Buster 10.6 in T14 (Intel)
- no graphics without pulling 5.8.x kernel from buster-backports
- still no microphone
- Debian installer for encrypting particitions is insane
Tomorrow:
- PTO (I am on Tuesday, 27th) Blockers or Asks:
- None
Yesterday:
- reviewed/merged https://github.com/freedomofpress/securedrop/pull/5595
- Threat modeling with conor, updated the read/unread document
- Review of https://github.com/freedomofpress/securedrop/pull/5585
- Template consolidation review/qa Today:
- more template consolidation review/qa w/ kev/conor
- help with sdk release as needed Blockers or Asks:
- Qubes-staging testing of https://github.com/freedomofpress/securedrop/pull/5585 -> Kev will test that portion
- Safe deletion discussion tomorrow ?
Yesterday:
- EBU conference and followup
- Support comms, client call, followup comms from Monday meetings
- DST intake call
- v3 onion services docs update 1: https://github.com/freedomofpress/securedrop-docs/pull/71; this PR much more heavily emphasizes the concurrent v2+v3 ugprade path
- Librem order details
- Tails upgrade announcement
Today:
- DST intake
- Tails upgrade + v3 docs upgrade 2 (v3 backup/restore docs): https://github.com/freedomofpress/securedrop-docs/issues/36
- Support tickets + meeting followup from yesterday
- Finish a small sprint task (https://github.com/freedomofpress/securedrop/issues/5265)
- Followup with new SD instance
Blockers or Asks:
- fyi: possible lieu day Friday due to long hours yesterday and Mon
- fyi: I'll miss the tech meeting tomorrow due to support call