By contributing to this project, you agree to abide by our Code of Conduct.
An open-source library that ensures restrictive file permissions and safe paths when creating and working with files and directories.
The development of secure-fs
is primarily motivated by the creation of the SecureDrop Workstation based on Qubes OS. It is used by the SecureDrop Workstation components: SecureDrop Client and securedrop-export.
To run tests, semgrep, bandit, safety, mypy, and all other linters:
make venv
source .venv/bin/activate
make check
To use this library in your project's virtualenv
for testing purposes:
pip uninstall secure-fs
pip install git+https://github.com/freedomofpress/secure-fs@main#egg=secure-fs
To update dev dependencies:
make update-pip-dependencies
To make a release, you should:
- Create a branch named
release/$new_version_number
- Update
CHANGELOG.md
andsetup.py
- Commit the changes.
- Create a PR and get the PR reviewed and merged into
main
. git tag $new_version_number
and push the new tag.- Checkout the new tag locally.
- Delete the wheel from your
dist/
directory to make sure it's not uploaded in the next step. - Push the new release source tarball to the PSF's PyPI following this documentation.
- If you want to publish a new release to the FPF PyPI mirror, hop over to the the
securedrop-debian-packaging
repo and follow the build-a-package instructions to push the package up to our PyPI mirror: https://pypi.org/simple