[ooni-dev] Fwd: Ooni / M-Lab Deployment Automation Script
nathan at leastauthority.com
Wed Jul 16 21:44:55 UTC 2014
Hi ooni-dev. For your viewing pleasure, here is a forward about
tickets related to deploying M-Lab on Ooni (without integration into
mlab-ns). We'll send these announcements directly to ooni-dev
---------- Forwarded message ----------
From: Taylor Hornby <taylor at leastauthority.com>
Date: Wed, Jul 16, 2014 at 2:42 PM
Subject: Ooni / M-Lab Deployment Automation Script
To: Liz Pruszko Steininger <steiningerl at rfa.org>, Dan Meredith
<meredithd at rfa.org>, lynna at rfa.org, Roger Dingledine <arma at mit.edu>,
Arturo Filastò <art at torproject.org>, Meredith Whittaker
<meredithrachel at google.com>, Will Hawkins
<hawkinsw at opentechinstitute.org>, Jordan McCarthy
<mccarthy at opentechinstitute.org>, critzo at opentechinstitute.org
Cc: "consultancy at leastauthority.com" <consultancy at leastauthority.com>,
taylor at leastauthority.com, Zooko Wilcox-OHearn
<zooko at leastauthority.com>, Jessica Augustus
<jessica at leastauthority.com>, Nathan Wilcox
<nathan at leastauthority.com>
-----BEGIN PGP SIGNED MESSAGE-----
Dear OTF, Ooni, and M-Lab,
We've finished our work for Milestone C. This milestone is about writing
a script for automating the process of deploying Ooni to M-Lab slices.
Since such a script had already been written before we arrived, we
shifted our goals for this milestone as follows:
1. Usability and reliability testing of the existing deployment
2. Fix any issues that we identified during that process.
Also part of Milestone C is the credential rotation deliverable, which
is no longer relevant because the mechanism for distributing .ooni
addresses has changed since the contract was negotiated. This is
documented in the following ticket:
As part of the first (new) goal, we ran through a deployment several
times using the scripts, which is documented in this ticket:
The issues we encountered are summarized in this umbrella ticket:
Each issue was split out into separate tickets:
#23: Fix or document deployment gotcha of deleting $HOME
#24: Specify dependency on yum-cron for installation.
#25: Missing ``/etc/mlab/slice-functions``
#26: Add root uid documentation and check in initialize.sh ...
#27: Fix initialize.sh to create ``/var/spool/mlab_ooni``
#29: Ensure test_helpers can be reached from the public internet
#28: ``stop.sh`` failed to stop multiple processes.
#40: Make openssl an explicit dependency of the Ooni RPM
#12641: IStreamClientEndpointStringParser is Deprecated
#41: Install service_identity
#42: prepare.sh violates ooni-backend's README instructions
#44: Is dependency installation vulnerable to MITM attacks?
All of these tickets, with the exception of #40, #12641, #41, #42, and
#44 are now closed. Ticket #40 is a minor issue, but would involve
significant design decisions on M-Lab's part, so we left it open for
M-Lab to close. Ticket #12641 is about the use of a deprecated function
in Ooni, to be fixed by the Ooni team. Ticket #42 is about a missing
dependency in Ooni for the Ooni team to fix. Ticket #44 is about
a security vulnerability that requires Ooni collaboration to resolve
We also found a new security vulnerability in Ooni:
#12642: Can Network Attacker Downgrade Dependency Install Security?
Our fixes to the issues are contained in three pull requests:
#36: Improvements to the README.md.
#37: Improvements to the initialize.sh script.
#43: Install dependencies according to ooni-backend README
Note that pull request #36 contains work from Milestone B as well.
Please let us know if you have any suggestions, questions, or concerns.
Email: taylor at leastauthority.com
PGP: CE3 F8ED D999 F066 C2E2 9124 F6D4 D32C E31C 99FE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
email: nathan at leastauthority.com
PGP: 11169993 / AAAC 5675 E3F7 514C 67ED E9C9 3BFE 5263 1116 9993
More information about the ooni-dev