Merge pull request freedomofpress#291 from freedomofpress/475-client-…

…reply-fix Provision submission key fingerprint in config.json to sd-svs
rmol · Jul 18, 2019 · 43dc174 · 43dc174
2 parents dff840b + 8fff04c
commit 43dc174
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -39,6 +39,7 @@ sd-gpg: prep-salt ## Provisions SD GPG keystore VM
 sd-svs: prep-salt ## Provisions SD SVS VM
 	sudo qubesctl top.enable sd-svs
 	sudo qubesctl top.enable sd-svs-files
+	sudo qubesctl top.enable sd-svs-config
 	sudo qubesctl --show-output --targets sd-svs-template state.highstate
 	sudo qubesctl --show-output --targets sd-svs state.highstate
 

diff --git a/config.json.example b/config.json.example
@@ -1,4 +1,5 @@
 {
+  "submission_key_fpr": "65A1B5FF195B56353CC63DFFCC40EF1228271441",
   "hidserv": {
     "hostname": "avgfxawdn6c3coe3.onion",
     "key": "Il8Xas7uf6rjtc0LxYwhrx"

diff --git a/dom0/sd-svs-config.sls b/dom0/sd-svs-config.sls
@@ -0,0 +1,24 @@
+##
+# sd-svs-config
+# ========
+#
+# Moves files into place on sd-svs
+#
+#
+
+# populate config.json for sd-svs. This contains the journalist_key_fingerprint
+# used to encrypt replies
+
+{% import_json "sd/config.json" as d %}
+
+install-securedrop-proxy-yaml-config:
+  file.managed:
+    - name: /home/user/.securedrop_client/config.json
+    - source: salt://sd/sd-svs/config.json.j2
+    - template: jinja
+    - context:
+        submission_fpr: {{ d.submission_key_fpr}}
+    - user: user
+    - group: user
+    - mode: 0600
+    - makedirs: True
diff --git a/dom0/sd-svs-config.top b/dom0/sd-svs-config.top
@@ -0,0 +1,3 @@
+base:
+  sd-svs:
+    - sd-svs-config
diff --git a/dom0/sd-svs-files.sls b/dom0/sd-svs-files.sls
@@ -5,7 +5,7 @@
 # sd-svs-files
 # ========
 #
-# Moves files into place on sd-svs
+# Moves files into place on sd-svs-template
 #
 ##
 include:

diff --git a/sd-svs/config.json.j2 b/sd-svs/config.json.j2
@@ -0,0 +1 @@
+{"journalist_key_fingerprint": "{{ submission_fpr }}"}
diff --git a/tests/test_svs.py b/tests/test_svs.py
@@ -1,3 +1,4 @@
+import json
 import unittest
 
 from base import SD_VM_Local_Test
@@ -26,6 +27,14 @@ def test_mimeapps(self):
     def test_sd_client_package_installed(self):
         self.assertTrue(self._package_is_installed("securedrop-client"))
 
+    def test_sd_client_config(self):
+        with open("config.json") as c:
+            config = json.load(c)
+            submission_fpr = config['submission_key_fpr']
+
+        line = '{{"journalist_key_fingerprint": "{}"}}'.format(submission_fpr)
+        self.assertFileHasLine("/home/user/.securedrop_client/config.json", line)
+
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_SVS_Tests)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"journalist_key_fingerprint": "{{ submission_fpr }}"}