diff --git a/install_files/securedrop-config/DEBIAN/postinst b/install_files/securedrop-config/DEBIAN/postinst index eba25fa536..a2634a9f40 100755 --- a/install_files/securedrop-config/DEBIAN/postinst +++ b/install_files/securedrop-config/DEBIAN/postinst @@ -4,10 +4,51 @@ set -e set -x -disable_upgrade_prompt() { - # Disable do-release-upgrade notification - sed -i 's/Prompt=.*/Prompt=never/' /etc/update-manager/release-upgrades || true +update_release_available_script() { + # The script /etc/cron.weekly/update-notifier-common runs the command + # /usr/lib/ubuntu-release-upgrader/release-upgrade-motd which runs the command + # /usr/lib/ubuntu-release-upgrader/check-new-release whose output is written to the "stamp" file + # /var/lib/ubuntu-release-upgrader/release-upgrade-available which is picked up by OSSEC. + # + # To prevent the OSSEC alerts from from telling the user to run 'do-release-upgrade' which + # may break their system, we update both the script and the existing "stamp" file. + + for file in /usr/lib/ubuntu-release-upgrader/check-new-release /var/lib/ubuntu-release-upgrader/release-upgrade-available; do + if [ -f $file ]; then + sed -i "s|Run 'do-release-upgrade' to upgrade to it\\.|Visit https://securedrop.org/xenial-upgrade for more information|" "$file" + fi + done + + # remove the file in case it's empty + rm -f /var/lib/ubuntu-release-upgrader/release-upgrade-available + # force re-run the update script to trigger an OSSEC alert + /usr/lib/ubuntu-release-upgrader/check-new-release -q > /var/lib/ubuntu-release-upgrader/release-upgrade-available & +} + +revert_update_release_available_script() { + for file in /usr/lib/ubuntu-release-upgrader/check-new-release /var/lib/ubuntu-release-upgrader/release-upgrade-available; do + if [ -f $file ]; then + sed -i "s|Visit https://securedrop\\.org/xenial-upgrade for more information|Run 'do-release-upgrade' to upgrade to it.|" "$file" + fi + done } + +# Issue #4104 +# Set Prompt=never on Xenial +# Set Prompt=lts on Trusty +update_release_prompt() { + set -e + upgrade_config='/etc/update-manager/release-upgrades' + + if [ "$(lsb_release -sc)" = trusty ]; then + sed -i 's/Prompt=.*/Prompt=lts/' "$upgrade_config" + update_release_available_script + else + sed -i 's/Prompt=.*/Prompt=never/' "$upgrade_config" + revert_update_release_available_script + fi +} + remove_2fa_tty_req() { # The goal here is to remove legacy 2FA req on TTY logins # Lets prevent this from bombing out the install though if it fails @@ -70,7 +111,7 @@ case "$1" in manage_tor_repo_config remove_2fa_tty_req - disable_upgrade_prompt + update_release_prompt # Remove cron-apt action should occur after security upgrades to avoid breaking # automatic upgrades (see issue #4003) diff --git a/molecule/testinfra/staging/common/test_release_upgrades.py b/molecule/testinfra/staging/common/test_release_upgrades.py new file mode 100644 index 0000000000..164c01f1bd --- /dev/null +++ b/molecule/testinfra/staging/common/test_release_upgrades.py @@ -0,0 +1,27 @@ +def test_release_manager_upgrade_channel(host): + """ + Ensures that the `do-release-upgrade` command will honor + upgrades from Trusty to Xenial, but not suggest upgrades + from Xenial to Bionic (which is untested and unsupported.) + """ + expected_channels = { + "trusty": "lts", + "xenial": "never", + } + + config_path = "/etc/update-manager/release-upgrades" + assert host.file(config_path).is_file + + raw_output = host.check_output("grep '^Prompt' {}".format(config_path)) + _, channel = raw_output.split("=") + + expected_channel = expected_channels[host.system_info.codename] + assert channel == expected_channel + + +def test_do_release_upgrade_is_installed(host): + """ + Ensure the `do-release-upgrade` command is present on target systems, + so that instance Admins can upgrade from Trusty to Xenial. + """ + assert host.exists("do-release-upgrade")