Adding v3 desktop shortcut support

admin/tests/test_securedrop-admin.py

@@ -664,7 +664,7 @@ def test_only_v3_onion_services(self, tmpdir):
                                   ansible_path='.',
                                   app_path=dirname(__file__))
         site_config = securedrop_admin.SiteConfig(args)
-        with open("app-source-ths", "w") as fobj:
+        with open("app-source-v3ths", "w") as fobj:
             fobj.write("a" * 56 + ".onion\n")
         site_config.update_onion_version_config()
         site_config.save()
@@ -675,7 +675,7 @@ def test_only_v3_onion_services(self, tmpdir):
         v2_onion_services: false
         v3_onion_services: true
         """)
-        os.remove("app-source-ths")
+        os.remove("app-source-v3ths")
         assert expected == data
 
     def test_validate_gpg_key(self, caplog):

install_files/ansible-base/roles/tails-config/files/securedrop_init.py

@@ -6,8 +6,6 @@
 import pwd
 import sys
 import subprocess
-import stat
-import fileinput
 
 from shutil import copyfile
 
@@ -32,11 +30,11 @@
 
 paths_v3_authfiles = {
         "app-journalist": os.path.join(path_securedrop_root,
-            'install_files/ansible-base/app-journalist-v3aths'),
+                                       'install_files/ansible-base/app-journalist-v3aths'),
         "app-ssh": os.path.join(path_securedrop_root,
-            'install_files/ansible-base/app-ssh-v3aths'),
+                                'install_files/ansible-base/app-ssh-v3aths'),
         "mon-ssh": os.path.join(path_securedrop_root,
-            'install_files/ansible-base/mon-ssh-v3aths')
+                                'install_files/ansible-base/mon-ssh-v3aths')
 }
 path_onion_auth_dir = '/var/lib/tor/onion_auth'
 
@@ -90,7 +88,7 @@
         os.chmod(new_f, 0o400)
         os.chown(new_f, debian_tor_uid, debian_tor_gid)
 
-# reload tor
+# restart tor
 try:
     subprocess.check_call(['systemctl', 'restart', '[email protected]'])
 except subprocess.CalledProcessError:

install_files/ansible-base/roles/tails-config/tasks/configure_torrc_additions.yml

@@ -17,7 +17,7 @@
       # Collect all files that end in `-v3aths` - if there are any present
       # then `torrc` will need a directive added
       - '*-v3aths'
-  register: find_v3_aths_info_result      
+  register: find_v3_aths_info_result
 
 # We need at least one v2 or v3 ATHS value, for the Journalist Interface.
 # If v2 is enabled, there will be 3 v2 `-aths` files on the Admin Interface.
@@ -52,4 +52,4 @@
     owner: root
     group: root
     mode: "0400"
-  when: find_v3_aths_info_result.matched >= 1  
+  when: find_v3_aths_info_result.matched >= 1

install_files/ansible-base/roles/tails-config/tasks/create_desktop_shortcuts.yml

@@ -3,15 +3,43 @@
 # installation. On the Admin Workstation, these files will be present
 # after running the playbooks, but on the Journalist Workstation, they must
 # be copied manually by the Admin.
-- name: Look up Source Interface URL.
+# Desktop shortcuts default to v3 URLs when available - as `site-specific`
+# is not copied to Journalist Workstations, the {v2,v3}_onion_service
+# booleans can't be used to choose a preference.
+
+- name: Check for v3 Source Interface file
+  stat:
+    path: app-source-v3ths
+  register: v3_source_file
+
+- name: Check for v3 Journalist Interface file
+  stat:
+    path: app-journalist-v3aths
+  register: v3_journalist_file
+
+- name: Look up v2 Source Interface URL.
   command: grep -Po '.{16}\.onion' app-source-ths
   changed_when: false
   register: source_interface_lookup_result
+  when: v3_source_file.stat.exists == False
 
-- name: Look up Journalist Interface URL.
+- name: Look up v3 Source Interface URL.
+  command: grep -Po '.{56}\.onion' app-source-v3ths
+  changed_when: false
+  register: source_interface_lookup_result
+  when: v3_source_file.stat.exists == True
+
+- name: Look up v2 Journalist Interface URL.
   command: grep -Po '.{16}\.onion' app-journalist-aths
   changed_when: false
   register: journalist_interface_lookup_result
+  when: v3_source_file.stat.exists == False
+
+- name: Look up v3 Journalist Interface URL.
+  command: awk -F ':' '{print $1 ".onion"}' app-journalist-v3aths
+  changed_when: false
+  register: journalist_interface_lookup_result
+  when: v3_source_file.stat.exists == True
 
 - name: Create desktop shortcut parent directories.
   file: