freedomofpress/securedrop-client

Release SecureDrop Client 0.12.0

Closed this issue · 6 comments

rocodes commented

This issue tracks the SecureDrop Client release 0.12.0. It will be organized by:

  • Release Manager: I guess me :)
  • Deputy Release Manager: @legoktm (?)
  • Comms: @rocodes

This release includes the following changes:

SecureDrop maintainers and testers: As you QA this release, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the release milestone for tracking (or ask a maintainer to do so).

Test plan

Fresh install testing

Setup

  • Qubes 4.2.2
  • Install prod RPM
  • Before running apply:
  • Make a copy of /srv/salt/securedrop_salt/apt_freedom_press.sources.j2, /srv/salt/securedrop_salt/apt_qa_freedom_press.sources.j2 in which you change the apt repo to https://apt-qa.freedom.press
  • Edit /srv/salt/securedrop_salt/sd-default-config.yml to point to the apt-qa sources file
  • Run apply

Testing

  • Provisioning completes successfully
  • See shared test path

Upgrade Testing

Setup

  • prod installation (Qubes 4.2.2, SDW prod)
  • Edit /etc/apt/sources.list/securedrop_workstation.list in both the small and the large templates so that they point to apt-qa.securedrop.org, then shut down the templates and vms.
  • Run the updater.

Upgrade Testing

  • Updater run completes successfully
  • See shared test path

Test plan

All install scenarios

  • All securedrop debian packages are on 0.12.0 (dpkg -l | grep securedrop in each template)
  • .heic, .avif viewing support: These images can be viewed in sd-viewer (#2110)
  • Can print documents of various supported types (.jpeg, .docx, .pdf, .rtf) (#2119)
  • ... and during the time between clicking Print and the xpp panel popping up (eg during conversion to PDF for non PDF types), the Continue button is grayed out and shows an animated spinner (#2125)
  • Printing dialog now shows hover and click colours (#2125)
  • Exporting to VM is successful, and repeatedly clicking the "Continue" button has no ill effects on the export flow (#1926)
  • General testing functionality: one tester to follow basic acceptance testing (sync, reply, download, delete source, etc). Please inspect error logs in sd-app and the journal in dom0 and note anything unexpected
  • Pseudolocale (LANG=en_XA) QA per https://github.com/freedomofpress/securedrop-workstation/wiki/Workstation-Acceptance-Tests#internationalization-reference

Release tasks

  • Check if there are any security bug fixes waiting to be pulled into the RC
  • Check if there are any translations:
    • pending merge into main
    • pending inclusion as a supported language in MANIFEST.in
  • Update changelog
  • Create test plan
  • Refresh nightlies
  • Begin formal QA using nightlies; refresh nightlies as needed
  • Build production package in standard build environment
  • Sign production package
  • Perform final pre-flight testing using apt-qa.freedom.press
    • Localization: In a dispVM, change your locale (e.g.: export LANG=es_ES.utf-8; dpkg-reconfigure locales), run the Client, and confirm that the application is translated.
  • Publish production package
  • Publicize release via support channels
rocodes commented

SecureDrop Client 0.12.0 packages are now available on apt-qa.freedom.press. Testers, please indicate whether you followed the upgrade or clean install plan :)

rocodes commented

Upgrade Testing

Setup

  • prod installation (Qubes 4.2.2, SDW prod)
  • Edit /etc/apt/sources.list/securedrop_workstation.list in both the small and the large templates so that they point to apt-qa.securedrop.org, then shut down the templates and vms.
  • Run the updater.

Upgrade Testing

  • Updater run completes successfully

Test plan

All install scenarios

  • All securedrop debian packages are on 0.12.0 (dpkg -l | grep securedrop in each template)
  • .heic, .avif viewing support: These images can be viewed in sd-viewer (#2110)
  • Can print documents of various supported types (.jpeg, .docx, .pdf, .rtf) (#2119)
  • ... and during the time between clicking Print and the xpp panel popping up (eg during conversion to PDF for non PDF types), the Continue button is grayed out and shows an animated spinner (#2125)
  • Printing dialog now shows hover and click colours (#2125)
  • Exporting to VM is successful, and repeatedly clicking the "Continue" button has no ill effects on the export flow (#1926)
  • General testing functionality: one tester to follow basic acceptance testing (sync, reply, download, delete source, etc). Please inspect error logs in sd-app and the journal in dom0 and note anything unexpected
  • Pseudolocale (LANG=en_XA) QA per https://github.com/freedomofpress/securedrop-workstation/wiki/Workstation-Acceptance-Tests#internationalization-reference
    (TK)
legoktm commented

Hardware: T490

Fresh install testing

Setup

  • Qubes 4.2.2
  • Install prod RPM
  • Before running apply:
  • Make a copy of /srv/salt/securedrop_salt/apt_freedom_press.sources.j2, /srv/salt/securedrop_salt/apt_qa_freedom_press.sources.j2 in which you change the apt repo to https://apt-qa.freedom.press
  • Edit /srv/salt/securedrop_salt/sd-default-config.yml to point to the apt-qa sources file
  • Clear salt cache with sudo rm -rf /var/salt/cache && sudo qubesctl saltutil.sync_all
  • Run apply

Testing

  • Provisioning completes successfully

Test plan

All install scenarios

  • All securedrop debian packages are on 0.12.0 (dpkg -l | grep securedrop in each template)
  • .heic, .avif viewing support: These images can be viewed in sd-viewer (#2110)
  • Can print documents of various supported types (.jpeg, .docx, .pdf, .rtf) (#2119)
    • I printed a jpg, docx and (first page of ) a pdf
  • ... and during the time between clicking Print and the xpp panel popping up (eg during conversion to PDF for non PDF types), the Continue button is grayed out and shows an animated spinner (#2125)
  • Printing dialog now shows hover and click colours (#2125)
  • Exporting to VM is successful, and repeatedly clicking the "Continue" button has no ill effects on the export flow (#1926)
  • General testing functionality: one tester to follow basic acceptance testing (sync, reply, download, delete source, etc). Please inspect error logs in sd-app and the journal in dom0 and note anything unexpected
  • Pseudolocale (LANG=en_XA) QA per https://github.com/freedomofpress/securedrop-workstation/wiki/Workstation-Acceptance-Tests#internationalization-reference
  • ❤️1
deeplow commented

Anything that diverges from the plan is marked with emojis so it can easily be seen.

Test plan

Fresh install testing

Setup

  • Qubes 4.2.2
  • Install prod RPM
    • ℹ️ I tested this on a dev machine, after uninstalling it with sdw-admin --uninstall
  • Before running apply:
  • Make a copy of /srv/salt/securedrop_salt/apt_freedom_press.sources.j2, /srv/salt/securedrop_salt/apt_qa_freedom_press.sources.j2 in which you change the apt repo to https://apt-qa.freedom.press
  • Edit /srv/salt/securedrop_salt/sd-default-config.yml to point to the apt-qa sources file
  • Run apply

Testing

  • Provisioning completes successfully
  • See shared test path
    • ⚠️ what's this? Is this referring to the "### Test plan"?

Upgrade Testing

⚠️ Not tested

Upgrade Testing

  • Updater run completes successfully
  • See shared test path

Test plan

All install scenarios

  • All securedrop debian packages are on 0.12.0 (dpkg -l | grep securedrop in each template)
  • .heic, .avif viewing support: These images can be viewed in sd-viewer (#2110)
  • Can print documents of various supported types (.jpeg, .docx, .pdf, .rtf) (#2119)
    • ⚠️ this was not on the list, but I was unable to print .heic files. Was that intended to be printable as well or should the printable types differ from viewable? In any case if we move forward on this, we may want to create a table breaking down what's printable and what's viewable
  • ... and during the time between clicking Print and the xpp panel popping up (eg during conversion to PDF for non PDF types), the Continue button is grayed out and shows an animated spinner (#2125)
    • ⚠️ The button took a few moments (~2 seconds perhaps) to start spinning but it did show the spinning thing a bit before XPP, so that was good. Not a blocker I think, but just FYI something may be blocking (although I guess UI code is async 🤔)
  • Printing dialog now shows hover and click colours (#2125)
  • Exporting to VM is successful, and repeatedly clicking the "Continue" button has no ill effects on the export flow (#1926)
  • General testing functionality: one tester to follow basic acceptance testing (sync, reply, download, delete source, etc). Please inspect error logs in sd-app and the journal in dom0 and note anything unexpected
    • ℹ️ nothing out of the ordinary. With the dom0 journal just the usual suspect "pam_sss"
  • Pseudolocale (LANG=en_XA) QA per https://github.com/freedomofpress/securedrop-workstation/wiki/Workstation-Acceptance-Tests#internationalization-reference
    • ⚠️ I didn't test this one since I don't understand exactly what steps I am supposed to take
rocodes commented

Hey @deeplow thank you for your thorough QA as always :)

Sadly, printing heic files is not supported : #918 is an open issue, but the good news is I have already been working on some changes that will a) stop trying to print unprintable files and show an error to the user and b) broaden the types of files we can print. I want to propose these changes for a soon milestone, either 0.13.0 or 0.14.0.

The delay you saw in the spinner is maybe a resource constraint on your app vm? The pyqt signal is sent as soon as the user clicks the Print button, and received... as soon as pyqtslots receive things. 🙃 I don't think there's much we can do about it, but I do think this is a stopgap to a better print workflow overall.

  • 👍1
deeplow commented

🙃 I don't think there's much we can do about it, but I do think this is a stopgap to a better print workflow overall.

Much better indeed. Thank you!