Evaluating new deb package behavior
Conor Schaefer edited this page Mar 11, 2020
·
2 revisions
The SDW config logic installs deb packages from FPF-controlled apt repos, for various other components of the SDW architecture, such as:
- https://github.com/freedomofpress/securedrop-client
- https://github.com/freedomofpress/securedrop-export
- https://github.com/freedomofpress/securedrop-proxy
- https://github.com/freedomofpress/securedrop-log
Installing candidate deb packages, before they've been uploaded to an apt repo, requires some local modifications. In these cases, you'll want to:
- Modify the component code on a feature branch in the component repo
- Build a new source tarball from the component feature branch
- Update the version in the debian-packaging repo, build deb pkg
- Copy deb package to
./sd-workstation/in this repo - Then use a temporary patch to prefer the locally built deb to the apt repo version:
diff --git a/dom0/sd-logging-setup.sls b/dom0/sd-logging-setup.sls
index 64db8ae..4331540 100644
--- a/dom0/sd-logging-setup.sls
+++ b/dom0/sd-logging-setup.sls
@@ -6,12 +6,15 @@ include:
{% if "template" in grains['id'] or grains['id'] in ["securedrop-workstation-buster", "whonix-gw-15"] %}
# Install securedrop-log package in TemplateVMs only
+# TEMPORARY: use local custom deb, to test new package
+# without vmname hardcoded in config
install-securedrop-log-package:
- pkg.installed:
- - pkgs:
- - securedrop-log
- - require:
- - sls: fpf-apt-test-repo
+ file.managed:
+ - name: /opt/securedrop-log.deb
+ - source: salt://sd/sd-workstation/securedrop-log_0.1.1+buster_all.deb
+ - mode: 644
+ cmd.run:
+ - name: apt install -y /opt/securedrop-log.deb
{% endif %}
{% if grains['id'] == "sd-log-buster-template" %}
Make sure to commit a temporary patch as part of your PR, but state in the test plan that it should be dropped/reverted prior to merge.