Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Noble migration script does not handle use of Ubuntu Mirrors #7430

Closed
nathandyer opened this issue Jan 30, 2025 · 3 comments
Closed

Noble migration script does not handle use of Ubuntu Mirrors #7430

nathandyer opened this issue Jan 30, 2025 · 3 comments
Assignees
@legoktm
Labels
noble Ubuntu Noble related work
Milestone
SecureDrop 2.12.0

Comments

@nathandyer
Copy link
Contributor

Description

When a SecureDrop user (most likely ones outside of the U.S.) have configured their servers for the local apt mirrors (such as ex. de.archive.ubuntu.com), the noble migration check script fails.

Steps to Reproduce

  1. Enable an apt mirror on app or mon
  2. Re-run sudo securedrop-noble-migration-check

Expected Behavior

The script reports no errors

Actual Behavior

The script reports an unexpected software source, with output similar to:

app securedrop-noble-migration-check[######]: apt ERROR: unexpected source: de.archive.ubuntu.com

Comments

We'll either need to add supported mirrors to the expected list here: https://github.com/freedomofpress/securedrop/blob/e33a910f3e60caf538dcc0202b0a088acc4e47be/noble-migration/src/bin/check.rs#L210C1-L214C3

Or, ideally, set up a system that allows for wildcards (i.e, *.ubuntu.com).
@legoktm legoktm self-assigned this Jan 30, 2025
@legoktm legoktm added the noble Ubuntu Noble related work label Jan 30, 2025
@legoktm legoktm added this to the SecureDrop 2.12.0 milestone Jan 30, 2025
@legoktm legoktm moved this to In Progress in SecureDrop dev cycle Jan 30, 2025
@legoktm
Copy link
Member

legoktm commented Jan 30, 2025

This behavior is intentional, as we should be overriding the mirror used during installation. We're discussing whether there's a good reason to support manually selected mirrors.

Technically supporting *.archive.ubuntu.com in the check script should be straightforward.

@zenmonkeykstop
Copy link
Contributor

Given time constraints, and the fact that this is technically a misconfiguration, I'd suggest WONTFIX (or at least WILLMITIGATEWITHDOCS) for this issue. The upgrade script itself overwrites the apt sources config, so customizations would be removed there anyway. Having admins get alerted and then update the focal sources.list as part of upgrade prep seems fine.

@legoktm
Copy link
Member

legoktm commented Feb 20, 2025

Agreed.

@legoktm legoktm closed this as not planned Won't fix, can't repro, duplicate, stale Feb 20, 2025
@github-project-automation github-project-automation bot moved this from In Progress to Done in SecureDrop dev cycle Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@legoktm legoktm

Labels
noble Ubuntu Noble related work
Projects
SecureDrop dev cycle
Status: Done
Milestone
SecureDrop 2.12.0
Development

No branches or pull requests
3 participants
@legoktm @zenmonkeykstop @nathandyer