Installs securedrop-proxy package in sd-journalist #170
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
October 19, 2018 11:54
Using a separate SLS file, since we need the apt-test repo configured in more than just the `sd-workstation-template` VM: we need it at least in `sd-journalist-template`, shortly to become the `sd-proxy-template`, for installing the `securedrop-proxy` package. Appends another task to the SLS file, ensuring that `python-apt` is installed, because evidently Salt requires that package in order to handle the repo configuration. Wasn't a problem against Debian 9, but the Whonix-derived VMs such as `sd-journalist` errored out until the package was installed.
Installing the `securedrop-proxy` package so that it's available for integrating with the other Workstation tooling currently being packaged. We'll soon rename `sd-journalist` to `sd-proxy`, but not yet. Includes config tests updates to ensure the package is indeed installed.
These files must reside in dom0 in order for the inter-VM communication to work for the securedrop-proxy service. Currently copying via Salt, we can move those into the forthcoming dom0 config RPM package when that work is ready.
The YAML config file contains site-specific information such as the Onion URL, and is required for the `securedrop-proxy` package to function. Would be ideal to write the YAML intelligently, rather than as line substitutions, this "just worked". In the future perhaps we can port the Salt to Python and `import yaml`. Includes tests. We know the Onion URL we want to connect to (for the sd-whonix config), so let's read that from the JSON file on disk and make sure the configuration landed on the target VM as intended.
During development, re-ran `make sd-journalist` several times, and the appmenu task failed simply because the VM was already running. Let's pass a flag to continue in such a scenario, rather than erroring out.
emkll
force-pushed
the
161-install-proxy-package-in-sd-journalist
branch
from
099f7bd
to
2ebe3b7
Compare
|
Rebased on master after merging #169 |
emkll
approved these changes
Oct 19, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Review and merge #169 first.
Summary of changes:
securedrop-proxypackage via https://apt-test-qubes.freedom.press into thesd-journalistVM (which is still calledsd-journalist; once the client code lands insd-svs, we can rename).config.jsonand stores that in/etc/sd-proxy.yamlinsidesd-journalist.Closes #161.
Testing
make allindom0and confirm no errors.make testindom0and confirm no errors.geditin a DisposableVM.Have not verified proxy functionality; waiting on client integration to make the bits flow.