Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provision submission key fingerprint in config.json to sd-svs #291

Merged
merged 1 commit into from
Jul 18, 2019
Merged

Provision submission key fingerprint in config.json to sd-svs #291

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ sd-gpg: prep-salt ## Provisions SD GPG keystore VM
sd-svs: prep-salt ## Provisions SD SVS VM
sudo qubesctl top.enable sd-svs
sudo qubesctl top.enable sd-svs-files
sudo qubesctl top.enable sd-svs-config
sudo qubesctl --show-output --targets sd-svs-template state.highstate
sudo qubesctl --show-output --targets sd-svs state.highstate

Expand Down
1 change: 1 addition & 0 deletions config.json.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{
"submission_key_fpr": "65A1B5FF195B56353CC63DFFCC40EF1228271441",
"hidserv": {
"hostname": "avgfxawdn6c3coe3.onion",
"key": "Il8Xas7uf6rjtc0LxYwhrx"
Expand Down
24 changes: 24 additions & 0 deletions dom0/sd-svs-config.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
##
# sd-svs-config
# ========
#
# Moves files into place on sd-svs
#
#

# populate config.json for sd-svs. This contains the journalist_key_fingerprint
# used to encrypt replies

{% import_json "sd/config.json" as d %}

install-securedrop-proxy-yaml-config:
file.managed:
- name: /home/user/.securedrop_client/config.json
- source: salt://sd/sd-svs/config.json.j2
- template: jinja
- context:
submission_fpr: {{ d.submission_key_fpr}}
- user: user
- group: user
- mode: 0600
- makedirs: True
3 changes: 3 additions & 0 deletions dom0/sd-svs-config.top
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
base:
sd-svs:
- sd-svs-config
2 changes: 1 addition & 1 deletion dom0/sd-svs-files.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# sd-svs-files
# ========
#
# Moves files into place on sd-svs
# Moves files into place on sd-svs-template
#
##
include:
Expand Down
1 change: 1 addition & 0 deletions sd-svs/config.json.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"journalist_key_fingerprint": "{{ submission_fpr }}"}
9 changes: 9 additions & 0 deletions tests/test_svs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import json
import unittest

from base import SD_VM_Local_Test
Expand Down Expand Up @@ -26,6 +27,14 @@ def test_mimeapps(self):
def test_sd_client_package_installed(self):
self.assertTrue(self._package_is_installed("securedrop-client"))

def test_sd_client_config(self):
with open("config.json") as c:
config = json.load(c)
submission_fpr = config['submission_key_fpr']

line = '{{"journalist_key_fingerprint": "{}"}}'.format(submission_fpr)
self.assertFileHasLine("/home/user/.securedrop_client/config.json", line)


def load_tests(loader, tests, pattern):
suite = unittest.TestLoader().loadTestsFromTestCase(SD_SVS_Tests)
Expand Down