Vendor pretty-bad-protocol and strip it down to what is needed #6807
Assignees
Comments
14 tasks
legoktm
changed the title
legoktm
added a commit
that referenced
this issue
Jun 12, 2023
pretty_bad_protocol is unmaintained upstream, not seeing any commits since the 3.1.1 release in August 2018. As part of our shift to Sequoia, we will just need a small part of this library during the migration, so let's fork/vendor it and remove the parts we don't need. This will also let us get rid of the monkey-patching that's accumulated over the years. This is a direct copy of the 3.1.1 source tree: $ wget https://files.pythonhosted.org/packages/84/0d/814c6c96f64f9cfc235fe102024b00ee77d107977e32996c59aed8f27ec0/pretty-bad-protocol-3.1.1.tar.gz $ tar xvf pretty-bad-protocol-3.1.1.tar.gz $ cp -Rv pretty-bad-protocol-3.1.1/pretty_bad_protocol freedomofpress/securedrop/securedrop/ Follow-up commits will reformat it per our coding standards and other necessary fixes. Refs #6807.
legoktm
added a commit
that referenced
this issue
Jun 12, 2023
And just implement them in the code directly now. We still set the `USERNAME` environment variable via encryption.py since there's not really a logical place for it in pretty_bad_protocol. Fixes #6807.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/isislovecruft/python-gnupg is unmaintained these days and we've monkeypatched it a bit. Part of migrating to Sequoia is to move away from this library. But we will need bits of it around for the online migration of secret keys (#6802), so we should simply vendor it and strip it down to only what we need.
We can also get rid of the monkeypatching at this time and treat it as SecureDrop-owned code instead of upstream.
The text was updated successfully, but these errors were encountered: