Moves securedrop-admin into Python 3

[kushaldas]

Status

Work in progress

Description of Changes

Fixes #3489

This now needs an update of prompt_toolkit so that we can use it in Python3.5.

Testing

In both Tails3, and Tails4, execute the following scenarios with prod vms/hardware:

• ./securedrop-admin sdconfig
• ./securedrop-admin install
• ./securedrop-admin tailsconfig
• ./securedrop-admin backup
• ./securedrop-admin restore
• ./securedrop-admin update
• ./securedrop-admin logs
• ./securedrop-admin reset_admin_access

Deployment

Any special considerations for deployment? Consider both:

1. Upgrading existing production instances.
2. New installs.

Checklist

If you made changes to the server application code:

• Linting (make lint) and tests (make test) pass in the development container

If you made changes to securedrop-admin:

• Linting and tests (make -C admin test) pass in the admin development container

If you made changes to the system configuration:

• Configuration tests pass

If you made non-trivial code changes:

• I have written a test plan and validated it for this PR

If you made changes to documentation:

• Doc linting (make docs-lint) passed locally

[redshiftzero]

rebase issue?

[kushaldas]

There can be two different ways to migrate the virtualenv for the admins.

• After checking out 1.1.0, if the admins run ./securedrop-admin install, it will fail and ask to rerun securedrop-admin setup first. This is the (current implementation) and seems to be simpler. We can decide what kind of message to tell the admins about why should they run the setup command again.

• The other option is when ./securedrop-admin install will see that there is a Python2 venv exists, and it will automatically do the setup work for Python3 venv.

I am going to test the first item in a vm now.

[kushaldas]

_./securedrop-admin install fails with following:

TASK [validate : Confirm host OS is Tails.] ************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'ansible_lsb.major_release >= 9' failed. The error was: Unexpected templating type error occurred on ({% if ansible_lsb.major_release >= 9 %} True {% else %} False {% endif %}): unorderable types: AnsibleUnsafeText() >= int()"}

NO MORE HOSTS LEFT *************************************************************

NO MORE HOSTS LEFT *************************************************************
	to retry, use: --limit @/home/amnesia/Persistent/securedrop/install_files/ansible-base/securedrop-prod.retry

PLAY RECAP *********************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=1  

Probable reason: Old version of Ansible using Python3 in the controller (Tails)

[conorsch]

@kushaldas I've appended a commit that resolves a few of the Ansible-related Python 3 issues. Tried most (but not all) of the test scenarios you outlined, and they've all been successful with the changes in place in Tails. For the record, I tested on Tails 3.16, with Python 3.5. Noticed some "weakref" stderr output in a few places, which is a significant cosmetic issue, but should not be a factor on Tails 4 / Python 3.7.

Not approving, but I believe you should be unblocked for more vigorous testing now. Take another lap through it and see if you can identify any lingering Python 2 references that we haven't caught yet. When you're happy with it, I'd suggest we have @rmol and/or @zenmonkeykstop dig in for comprehensive review.

[kushaldas]

@rmol @zenmonkeykstop please go ahead with full scale review. This worked in my local testing.

[conorsch]

#4865 was just merged, introducing conflicts here. We choose to merge #4865 first to minimize the manual conflict resolution. @rmol / @zenmonkeykstop please give a rebase here, holler in gitter with any blockers!

[zenmonkeykstop]

On Tails 4.0~beta2 VM, checked out this branch and verified:

• ./securedrop-admin setup
• ./securedrop-admin sdconfig
• ./securedrop-admin install _(all good except for unmerged fixes in Enables Source and Journalist desktop icons in Tails 4 #4872)
• ./securedrop-admin tailsconfig
• ./securedrop-admin backup
• ./securedrop-admin restore
• ./securedrop-admin update
• ./securedrop-admin logs
• ./securedrop-admin reset_admin_access

[rmol]

Tested on Tails 3.16 and prod VMs:

• ./securedrop-admin sdconfig
• ./securedrop-admin install
• ./securedrop-admin tailsconfig
• ./securedrop-admin backup
• ./securedrop-admin restore
• ./securedrop-admin update
• ./securedrop-admin logs
• ./securedrop-admin reset_admin_access

[conorsch]

Rebased to resolve conflicts introduced via merge of #4865. The sole conflict was:

diff --cc admin/requirements.in
index 3e7fda7e0,2eebee385..000000000
--- a/admin/requirements.in
+++ b/admin/requirements.in
@@@ -1,2 -1,2 +1,7 @@@
++<<<<<<< HEAD
 +prompt_toolkit
 +pyyaml>=5.1.2
++=======
+ prompt_toolkit==2.0.9
+ pyyaml
++>>>>>>> 3a15f0e13... Moves securedrop-admin to Python3

which was manually solved as:

$ cat admin/requirements.in
prompt_toolkit==2.0.9
pyyaml>=5.1.2

[zenmonkeykstop]

On Tails 3.15 VM, checked out the rebased branch and verified:

• ./securedrop-admin setup
• ./securedrop-admin sdconfig
• ./securedrop-admin install
• ./securedrop-admin tailsconfig
• ./securedrop-admin backup
• ./securedrop-admin restore
• ./securedrop-admin update
• ./securedrop-admin logs
• ./securedrop-admin reset_admin_access

LGTM!

[zenmonkeykstop]

LGTM based on test plan.

[emkll]

While testing #4877 ran into an issue that may be worth flagging: we should ensure the 1.0.0 -> 1.1.0 docs have admins run ./securedrop-admin setup as part of the upgrade process to 1.1.0, as the SecureDrop GUI updater will not run if the checked out branch is python3 . This will affect the version after SecureDrop 1.1.0, if a user manually checks out a 1.1.0 + branch and does not run ./securedrop-admin setup

[redshiftzero]

was diff review performed here?

[redshiftzero]

Diff review has been performed (timeboxed to ~4 hr): https://github.com/freedomofpress/securedrop-debian-packaging/wiki/prompt_toolkit-1.0.15--2.0.9