Adds initial packaging for securedrop-log

.circleci/config.yml

@@ -63,6 +63,17 @@ common-steps:
         echo $PKG_NAME > ~/packaging/sd_package_name
         echo 'export PKG_NAME=$(cat ~/packaging/sd_package_name)' >> $BASH_ENV
 
+  - &clonesecuredroplog
+    run:
+      name: Clone the repository to be packaged
+      command: |
+        mkdir ~/packaging && cd ~/packaging
+        git clone https://github.com/freedomofpress/securedrop-log.git
+        export PKG_NAME="securedrop-log"
+        # Enable access to this env car in subsequent run steps
+        echo $PKG_NAME > ~/packaging/sd_package_name
+        echo 'export PKG_NAME=$(cat ~/packaging/sd_package_name)' >> $BASH_ENV
+
   - &clonesecuredropexport
     run:
       name: Clone the repository to be packaged
@@ -163,6 +174,18 @@ jobs:
             pip install -r test-requirements.txt
             make test
 
+  build-buster-securedrop-log:
+    docker:
+      - image: circleci/python:3.7-buster
+    steps:
+      - checkout
+      - *installdeps
+      - *fetchwheels
+      - *clonesecuredroplog
+      - *getlatestreleasedversion
+      - *makesourcetarball
+      - *builddebianpackage
+
   build-stretch-securedrop-client:
     docker:
       - image: circleci/python:3.5-stretch
@@ -365,6 +388,7 @@ workflows:
       - build-buster-securedrop-workstation-svs-disp
       - build-stretch-securedrop-export
       - build-buster-securedrop-export
+      - build-buster-securedrop-log
 
 # Nightly jobs for each package are run in series to ensure there are no
 # conflicts or race conditions when committing deb packages to git-lfs.

Makefile

@@ -30,6 +30,10 @@ securedrop-workstation-svs-disp: ## Builds Debian metapackage for Disposable VM
 securedrop-export: ## Builds Debian package for Qubes Workstation export scripts
 	PKG_NAME="securedrop-export" ./scripts/build-debianpackage
 
+.PHONY: securedrop-log
+securedrop-log: ## Builds Debian package for Qubes Workstation securedrop-log scripts
+	PKG_NAME="securedrop-log" ./scripts/build-debianpackage
+
 .PHONY: install-deps
 install-deps: ## Install initial Debian packaging dependencies
 	./scripts/install-deps

scripts/build-debianpackage

@@ -44,7 +44,7 @@ cp -r "$CUR_DIR/$PKG_NAME/" "$TOP_BUILDDIR/"
 
 # If the package is contained in the list, it should be a python package. In
 # that case, we should extract tarball, and validate wheel hashes.
-if [[ "${PKG_NAME}" =~ ^(securedrop-client|securedrop-proxy|securedrop-export)$ ]]; then
+if [[ "${PKG_NAME}" =~ ^(securedrop-client|securedrop-proxy|securedrop-export|securedrop-log)$ ]]; then
     echo "${PKG_NAME} is a Python package"
 
     if [[ -z "${PKG_PATH:-}" ]]; then

securedrop-log/debian/changelog-buster

@@ -0,0 +1,5 @@
+securedrop-log (0.0.1+buster) unstable; urgency=medium
+
+  * Initial release on Debian buster
+
+ -- Kushal Das <[email protected]>  Fri, 06 Dec 2019 11:05:38 +0530

securedrop-log/debian/compat

@@ -0,0 +1 @@
+9

securedrop-log/debian/control

@@ -0,0 +1,16 @@
+Source: securedrop-log
+Section: utils
+Priority: optional
+Maintainer: SecureDrop Team <[email protected]>
+Build-Depends: debhelper (>= 9), dh-python, python3-all, python3-setuptools, dh-virtualenv
+Standards-Version: 3.9.8
+Homepage: https://github.com/freedomofpress/securedrop-log
+Vcs-Git: https://github.com/freedomofpress/securedrop-log.git
+X-Python-3-Version: >= 3.7
+
+Package: securedrop-log
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends}
+Description: Python module and qrexec service to store logs for SecureDrop Workstation
+ This package provides Python module and qrexec service files to create a logging VM in
+ SecureDrop Workstation project in Qubes.

securedrop-log/debian/copyright

@@ -0,0 +1,27 @@
+Upstream-Name: securedrop-log
+Source: https://github.com/freedomofpress/securedrop-log
+
+Files: *
+Copyright: 2019 Freedom of the Press Foundation
+License: GPL-3.0+
+
+Files: debian/*
+Copyright: 2019 Freedom of the Press Foundation <[email protected]>
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".

securedrop-log/debian/rules

@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@ --with python-virtualenv --python /usr/bin/python3 --setuptools --index-url https://dev-bin.ops.securedrop.org/simple --requirements build-requirements.txt
+
+override_dh_strip_nondeterminism:
+	find ./debian/ -type f -name '*.pyc' -delete
+	find ./debian/ -type f -name 'pip-selfcheck.json' -delete
+	find -type f -name RECORD -exec sed -i -e '/.*\.pyc.*/d' {} +
+	dh_strip_nondeterminism $@
+

securedrop-log/debian/securedrop-log.install

@@ -0,0 +1 @@
+securedrop.Log etc/qubes-rpc/

securedrop-log/debian/securedrop-log.links

@@ -0,0 +1 @@
+opt/venvs/securedrop-log/sbin/securedrop-log usr/sbin/securedrop-log

securedrop-log/debian/securedrop-log.triggers

@@ -0,0 +1,7 @@
+# Register interest in Python interpreter changes; and
+# don't make the Python package dependent on the virtualenv package
+# processing (noawait)
+interest-noawait /usr/bin/python3
+
+# Also provide a symbolic trigger for all dh-virtualenv packages
+interest dh-virtualenv-interpreter-update