Feature #10558

Distribute a copy of UUI over a website with HSTS preload

Added by sajolida 2015-11-17 03:08:03 . Updated 2017-09-23 10:15:11 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Installation
Target version:
Start date:
2015-11-17
Due date:
% Done:

30%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Installation Assistant
Deliverable for:

Description

This would make sense if we have stronger than HTTPS mechanisms on our website.


Subtasks


Related issues

Blocked by Tails - Feature #9893: Have a Git repo for UUI under our control Resolved 2015-08-04
Blocked by Tails - Feature #8191: Get tails.boum.org on major browsers' HSTS preload list Resolved 2014-10-31

History

#1 Updated by sajolida 2015-11-17 03:09:08

  • blocked by Feature #9893: Have a Git repo for UUI under our control added

#2 Updated by intrigeri 2016-08-27 10:13:34

  • Target version deleted (2016)

#3 Updated by intrigeri 2016-08-27 10:13:55

  • blocked by Feature #8191: Get tails.boum.org on major browsers' HSTS preload list added

#4 Updated by intrigeri 2017-03-16 11:14:21

What’s the purpose of this ticket, while its parent is closed? Is it to get an HSTS-enabled download? (According to https://hstspreload.org/?domain=immerda.ch, the current UUI download location we advertise is not HSTS-enabled.) If so: cool: maybe unparent this ticket then?

#5 Updated by sajolida 2017-04-13 10:09:47

  • Subject changed from Serve UUI through an ikiwiki underlay on our website to Distribute a copy of UUI over a website with HSTS preload
  • Parent task deleted (Feature #8828)

Done, thanks for the triage!

#6 Updated by Anonymous 2017-06-29 13:42:14

tails.boum.org being HSTS enabled, we could distribute the file there.

#7 Updated by sajolida 2017-07-10 19:23:55

Wrote to root@boum.org to ask them what it would take to host this file on our website directly.

#8 Updated by sajolida 2017-08-01 15:41:46

  • Assignee set to sajolida

They’ll have to create another ikiwiki underlay.

I suggested they could add https://git-tails.immerda.ch/uui-binary as-is which would serve UUI on https://tails.boum.org/Universal-USB-Installer.exe. This URL would anyway be invisible to the user.

#9 Updated by intrigeri 2017-08-01 19:10:26

> I suggested they could add https://git-tails.immerda.ch/uui-binary as-is which would serve UUI on https://tails.boum.org/Universal-USB-Installer.exe. This URL would anyway be invisible to the user.

FWIW I don’t like this idea much: I prefer having a dedicated “namespace” (i.e. directory) for each underlay (even though we don’t enforce the namespace boundaries via technical means). Otherwise, I’m concerned that one day or the other someone will add another file at the root of one such non-namespaced underlay, potentially breaking stuff in a way they will have a hard time noticing, let alone debugging (since we don’t use these underlays anywhere but on our production website).

So my proposal would be to add our UUI repo as an underlay but move the files it contains to a subdirectory. They could be copied initially if that avoids the need for problematic synchronization points.

#10 Updated by sajolida 2017-08-02 11:18:08

Ok, so I did that in f048fe280d. Sorry for the “cow-boy style” but it felt safe enough.

#11 Updated by intrigeri 2017-09-22 09:30:18

The underlay is up, time to use it.

#12 Updated by intrigeri 2017-09-22 09:32:47

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 30

#13 Updated by sajolida 2017-09-23 10:15:11

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)

Done in 2cadd2d486 and tested on the production website.