Script to upgrade from focal to noble

The script is split into various stages where progress is tracked on-disk. The script is able to resume where it was at any point, and needs to, given multiple reboots in the middle. The new noble-upgrade.json file shipped in the securedrop-config package is used to control the upgrade process. Further details of the script are explained inline and at <https://github.com/freedomofpress/securedrop/wiki/noble-upgrade-architecture>. Fixes #7332.
freedomofpress · Jan 29, 2025 · 36e9554 · 36e9554
1 parent 065aaf4
commit 36e9554
Show file tree

Hide file tree

Showing 15 changed files with 958 additions and 28 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/install_files/ansible-base/roles/app/tasks/install_and_harden_apache.yml b/install_files/ansible-base/roles/app/tasks/install_and_harden_apache.yml
@@ -80,18 +80,6 @@
     - apache
     - hardening
 
-  # The default html directory gets created during installation
-  # of the apache package, so this task must run after installing.
-- name: Remove default Apache site directory /var/www/html/.
-  file:
-    state: absent
-    dest: /var/www/html
-  notify:
-    - restart apache2
-  tags:
-    - apache
-    - hardening
-
   # because we no longer call the `journalist interface` the `document interface`
 - name: Remove old config files
   file:

diff --git a/noble-migration/Cargo.toml b/noble-migration/Cargo.toml
@@ -5,6 +5,9 @@ edition = "2021"
 
 [dependencies]
 anyhow = "1.0.93"
+env_logger = { version = "0.11.5", features = ["humantime"] , default-features = false }
+log = "0.4.22"
+rand = "0.8.5"
 rustix = { version = "0.38.40", features = ["process"] }
 serde = { version = "1.0.215", features = ["derive"] }
 serde_json = "1.0.132"

diff --git a/noble-migration/files/apt_freedom_press.list b/noble-migration/files/apt_freedom_press.list
@@ -0,0 +1 @@
+deb [arch=amd64] https://apt.freedom.press noble main
diff --git a/noble-migration/files/sources.list b/noble-migration/files/sources.list
@@ -0,0 +1,13 @@
+## newer versions of the distribution.
+deb http://archive.ubuntu.com/ubuntu/ noble main
+
+## newer versions of the distribution.
+deb http://archive.ubuntu.com/ubuntu/ noble universe
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb http://archive.ubuntu.com/ubuntu/ noble-updates main
+
+### Security fixes for distribution packages
+deb http://security.ubuntu.com/ubuntu noble-security main
+deb http://security.ubuntu.com/ubuntu noble-security universe
diff --git a/noble-migration/files/ubuntu.sources b/noble-migration/files/ubuntu.sources
@@ -0,0 +1,11 @@
+Types: deb
+URIs: http://archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates
+Components: main universe restricted multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+Types: deb
+URIs: http://security.ubuntu.com/ubuntu/
+Suites: noble-security
+Components: main universe restricted multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		deb [arch=amd64] https://apt.freedom.press noble main