diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/defaults/main.yml b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/defaults/main.yml index 59cc312a3b1..8ac09ebd9a3 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/defaults/main.yml +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/defaults/main.yml @@ -51,11 +51,7 @@ securedrop_python_version: "{{ '3.8' if securedrop_build_focal_support else '3.5 securedrop_venv_site_packages: "{{ securedrop_venv }}/lib/python{{ securedrop_python_version }}/site-packages" securedrop_app_focal_files: - - src: control-focal - dest: "{{ securedrop_app_code_prep_dir }}/debian/control" - src: rules-focal dest: "{{ securedrop_app_code_prep_dir }}/debian/rules" - src: securedrop-app-code.triggers-focal dest: "{{ securedrop_app_code_prep_dir }}/debian/securedrop-app-code.triggers" - - src: usr.sbin.apache2-focal - dest: "{{ securedrop_app_code_prep_dir }}/etc/apparmor.d/usr.sbin.apache2" diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal index 93b46b5418e..7459a02977c 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal @@ -1,83 +1,5 @@ -securedrop-app-code (1.5.0~rc1+focal) focal; urgency=medium +securedrop-app-code (1.6.0~rc1+focal) focal; urgency=medium * -- SecureDrop Team Thu, 18 Jun 2020 21:58:23 +0000 - -securedrop-app-code (1.4.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 17 Jun 2020 21:35:57 +0000 - -securedrop-app-code (1.3.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Tue, 12 May 2020 18:37:42 +0000 - -securedrop-app-code (1.2.2+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Fri, 13 Mar 2020 19:43:29 +0000 - -securedrop-app-code (1.2.1+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 19 Feb 2020 14:40:43 +0000 - -securedrop-app-code (1.2.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 20 Nov 2019 16:48:41 +0000 - -securedrop-app-code (1.1.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Mon, 21 Oct 2019 18:09:35 +0000 - -securedrop-app-code (1.0.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Tue, 17 Sep 2019 23:22:22 +0530 - -securedrop-app-code (0.14.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 10 Jul 2019 15:11:49 +0000 - -securedrop-app-code (0.13.1+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Tue, 18 Jun 2019 13:48:12 +0000 - -securedrop-app-code (0.13.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 29 May 2019 20:45:21 +0000 - -securedrop-app-code (0.12.2+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 25 Apr 2019 17:54:15 +0000 - -securedrop-app-code (0.12.1+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 20 Mar 2019 20:20:40 +0000 - -securedrop-app-code (0.12.0+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 27 Feb 2019 00:37:02 +0000 diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/control-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/control-focal deleted file mode 100644 index 8f7a79e51fa..00000000000 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/control-focal +++ /dev/null @@ -1,15 +0,0 @@ -Source: securedrop-app-code -Section: web -Priority: optional -Maintainer: SecureDrop Team -Homepage: https://securedrop.org -Build-Depends: debhelper (>= 9), dh-python, python3-all, python3-setuptools, dh-systemd, dh-virtualenv -Standards-Version: 3.9.8 -X-Python3-Version: >= 3.8 - -Package: securedrop-app-code -Architecture: amd64 -Conflicts: libapache2-mod-wsgi,supervisor -Replaces: libapache2-mod-wsgi,supervisor -Depends: ${dist:Depends}, ${misc:Depends}, ${python3:Depends}, apache2, apparmor-utils, coreutils, gnupg2, haveged, libapache2-mod-xsendfile, libpython3.8, paxctld, python3, redis-server, securedrop-config, securedrop-keyring, sqlite3 -Description: SecureDrop application code, dependencies, Apache configuration, systemd services, and AppArmor profiles. This package will put the AppArmor profiles in enforce mode. diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 index 90a77965665..128d4e2dacc 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 @@ -70,6 +70,7 @@ /etc/magic r, /etc/mime.types r, /etc/python3.5/sitecustomize.py r, + /etc/python3.8/sitecustomize.py r, /etc/services r, /etc/timezone r, /lib/x86_64-linux-gnu/libbz2.so.* mr, @@ -87,6 +88,7 @@ /run/apache2/wsgi.*.sock rw, /run/lock/apache2/rewrite-map.* rw, /run/lock/apache2/ssl-cache.* rwk, + /run/systemd/userdb/io.systemd.DynamicUser r, /run/shm rw, /sbin/ldconfig rix, /sbin/ldconfig.real rix, @@ -107,6 +109,9 @@ /opt/venvs/securedrop-app-code/bin/python3 r, /opt/venvs/securedrop-app-code/lib/python3.5/ r, /opt/venvs/securedrop-app-code/lib/python3.5/** rm, + /opt/venvs/securedrop-app-code/lib/python3.8/ r, + /opt/venvs/securedrop-app-code/lib/python3.8/** rm, + /opt/venvs/securedrop-app-code/pyvenv.cfg r, /var/lib/securedrop/ r, /var/lib/securedrop/db.sqlite kw, /var/lib/securedrop/db.sqlite rwk, @@ -280,6 +285,8 @@ /var/www/securedrop/static/i/logo-footer.png r, /var/www/securedrop/static/i/no16-global.png r, /var/www/securedrop/static/i/no16.png r, + /var/www/securedrop/static/i/securedrop.png r, + /var/www/securedrop/static/i/securedrop_small.png r, /var/www/securedrop/static/i/server_upload.png r, /var/www/securedrop/static/i/star.png r, /var/www/securedrop/static/i/success_checkmark.png r, diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2-focal deleted file mode 100644 index 8f46e79759f..00000000000 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2-focal +++ /dev/null @@ -1,321 +0,0 @@ -# Last Modified: Wed Oct 29 08:16:32 2014 -#include - -/usr/sbin/apache2 { - #include - #include - - capability dac_override, - capability kill, - capability net_bind_service, - capability sys_ptrace, - - /bin/dash rix, - /bin/touch rix, - /bin/uname rix, - /dev/null w, - /dev/urandom r, - /etc/apache2/apache2.conf r, - /etc/apache2/conf-available/charset.conf r, - /etc/apache2/conf-available/localized-error-pages.conf r, - /etc/apache2/conf-available/other-vhosts-access-log.conf r, - /etc/apache2/conf-available/security.conf r, - /etc/apache2/conf-available/serve-cgi-bin.conf r, - /etc/apache2/conf-enabled/ r, - /etc/apache2/mods-available/access_compat.load r, - /etc/apache2/mods-available/alias.conf r, - /etc/apache2/mods-available/alias.load r, - /etc/apache2/mods-available/auth_basic.load r, - /etc/apache2/mods-available/authn_core.load r, - /etc/apache2/mods-available/authn_file.load r, - /etc/apache2/mods-available/authz_core.load r, - /etc/apache2/mods-available/authz_host.load r, - /etc/apache2/mods-available/authz_user.load r, - /etc/apache2/mods-available/autoindex.conf r, - /etc/apache2/mods-available/autoindex.load r, - /etc/apache2/mods-available/deflate.conf r, - /etc/apache2/mods-available/deflate.load r, - /etc/apache2/mods-available/dir.conf r, - /etc/apache2/mods-available/dir.load r, - /etc/apache2/mods-available/env.load r, - /etc/apache2/mods-available/filter.load r, - /etc/apache2/mods-available/headers.load r, - /etc/apache2/mods-available/mime.conf r, - /etc/apache2/mods-available/mime.load r, - /etc/apache2/mods-available/mpm_event.conf r, - /etc/apache2/mods-available/mpm_event.load r, - /etc/apache2/mods-available/negotiation.conf r, - /etc/apache2/mods-available/negotiation.load r, - /etc/apache2/mods-available/reqtimeout.conf r, - /etc/apache2/mods-available/reqtimeout.load r, - /etc/apache2/mods-available/rewrite.load r, - /etc/apache2/mods-available/setenvif.conf r, - /etc/apache2/mods-available/setenvif.load r, - /etc/apache2/mods-available/socache_shmcb.load r, - /etc/apache2/mods-available/ssl.conf r, - /etc/apache2/mods-available/ssl.load r, - /etc/apache2/mods-available/status.conf r, - /etc/apache2/mods-available/status.load r, - /etc/apache2/mods-available/wsgi.conf r, - /etc/apache2/mods-available/wsgi.load r, - /etc/apache2/mods-available/xsendfile.load r, - /etc/apache2/mods-enabled/ r, - /etc/apache2/ports.conf r, - /etc/apache2/sites-available/journalist.conf r, - /etc/apache2/sites-available/source.conf r, - /etc/apache2/sites-enabled/ r, - /etc/ld.so.cache r, - /etc/localtime r, - /etc/lsb-release r, - /etc/magic r, - /etc/mime.types r, - /etc/python3.8/sitecustomize.py r, - /etc/services r, - /etc/timezone r, - /lib/x86_64-linux-gnu/libbz2.so.* mr, - /lib/x86_64-linux-gnu/libc-*.so mr, - /lib/x86_64-linux-gnu/libz.so.* mr, - /proc/ r, - /proc/*/fd/ r, - /proc/*/fd/* r, - /proc/*/mounts r, - /proc/*/stat r, - /proc/*/status r, - /proc/sys/kernel/random/entropy_avail r, - /run/apache2/apache2.pid rw, - /run/apache2/wsgi.*.lock rwk, - /run/apache2/wsgi.*.sock rw, - /run/lock/apache2/rewrite-map.* rw, - /run/lock/apache2/ssl-cache.* rwk, - /run/systemd/userdb/io.systemd.DynamicUser rw, - /run/shm rw, - /sbin/ldconfig rix, - /sbin/ldconfig.real rix, - /tmp/** rwm, - /usr/bin/file rix, - /usr/bin/gpg rix, - /usr/bin/gpg-agent rix, - /usr/bin/gpg2 rix, - /usr/bin/pinentry-curses rix, - /usr/bin/pinentry-gtk-2 rix, - /usr/bin/shred rix, - /usr/bin/srm rix, - /usr/lib{,32,64}/** mr, - /usr/share/file/magic r, - /usr/share/file/magic.mgc r, - /opt/venvs/securedrop-app-code/**/__pycache__/ rw, - /opt/venvs/securedrop-app-code/**/__pycache__/* rw, - /opt/venvs/securedrop-app-code/bin/python3 r, - /opt/venvs/securedrop-app-code/lib/python3.8/ r, - /opt/venvs/securedrop-app-code/lib/python3.8/** rm, - /opt/venvs/securedrop-app-code/pyvenv.cfg rw, - /var/lib/securedrop/ r, - /var/lib/securedrop/db.sqlite kw, - /var/lib/securedrop/db.sqlite rwk, - /var/lib/securedrop/db.sqlite-journal rw, - /var/lib/securedrop/db.sqlite-journal w, - /var/lib/securedrop/keys/* rwl, - /var/lib/securedrop/keys/*.app-staging.* w, - /var/lib/securedrop/keys/gpg-agent.conf r, - /var/lib/securedrop/keys/openpgp-revocs.d/* rw, - /var/lib/securedrop/keys/private-keys-v1.d/* rw, - /var/lib/securedrop/keys/pubring.gpg r, - /var/lib/securedrop/keys/pubring.gpg rw, - /var/lib/securedrop/keys/pubring.gpg.lock l, - /var/lib/securedrop/keys/pubring.gpg.lock rwl, - /var/lib/securedrop/keys/pubring.gpg.tmp rw, - /var/lib/securedrop/keys/pubring.gpg.tmp w, - /var/lib/securedrop/keys/pubring.gpg~ w, - /var/lib/securedrop/keys/random_seed rwk, - /var/lib/securedrop/keys/secring.gpg r, - /var/lib/securedrop/keys/secring.gpg.lock l, - /var/lib/securedrop/keys/secring.gpg.lock rw, - /var/lib/securedrop/keys/secring.gpg.tmp rw, - /var/lib/securedrop/keys/trustdb.gpg rw, - /var/lib/securedrop/keys/trustdb.gpg.lock rwl, - /var/lib/securedrop/shredder/** rw, - /var/lib/securedrop/shredder/*/ w, - /var/lib/securedrop/store/** rw, - /var/lib/securedrop/store/*/ w, - /var/lib/securedrop/source_v2_url r, - /var/lib/securedrop/source_v3_url r, - /var/lib/securedrop/tmp/** rw, - /var/lib/ssl/* r, - /var/log/apache2/* w, - /var/log/apache2/other_vhosts_access.log rw, - /var/tmp/* rwm, - /var/www/* r, - /var/www/.gnupg/ rw, - /var/www/.gnupg/** rw, - /var/www/journalist.wsgi r, - /var/www/securedrop/ r, - /var/www/securedrop/**/__pycache__/ rw, - /var/www/securedrop/**/__pycache__/* rw, - /var/www/securedrop/.well-known/pki-validation/*.txt r, - /var/www/securedrop/__pycache__/ rw, - /var/www/securedrop/__pycache__/* rw, - /var/www/securedrop/config.py r, - /var/www/securedrop/crypto_util.py r, - /var/www/securedrop/db.py r, - /var/www/securedrop/dictionaries/adjectives.txt r, - /var/www/securedrop/dictionaries/nouns.txt r, - /var/www/securedrop/i18n.py r, - /var/www/securedrop/journalist.py r, - /var/www/securedrop/journalist_app/ r, - /var/www/securedrop/journalist_app/__init__.py r, - /var/www/securedrop/journalist_app/account.py r, - /var/www/securedrop/journalist_app/admin.py r, - /var/www/securedrop/journalist_app/api.py r, - /var/www/securedrop/journalist_app/col.py r, - /var/www/securedrop/journalist_app/decorators.py r, - /var/www/securedrop/journalist_app/forms.py r, - /var/www/securedrop/journalist_app/main.py r, - /var/www/securedrop/journalist_app/utils.py r, - /var/www/securedrop/journalist_templates/_confirmation_modal.html r, - /var/www/securedrop/journalist_templates/_source_row.html r, - /var/www/securedrop/journalist_templates/account_edit_hotp_secret.html r, - /var/www/securedrop/journalist_templates/account_new_two_factor.html r, - /var/www/securedrop/journalist_templates/admin.html r, - /var/www/securedrop/journalist_templates/admin_add_user.html r, - /var/www/securedrop/journalist_templates/admin_edit_hotp_secret.html r, - /var/www/securedrop/journalist_templates/admin_new_user_two_factor.html r, - /var/www/securedrop/journalist_templates/base.html r, - /var/www/securedrop/journalist_templates/col.html r, - /var/www/securedrop/journalist_templates/config.html r, - /var/www/securedrop/journalist_templates/delete.html r, - /var/www/securedrop/journalist_templates/edit_account.html r, - /var/www/securedrop/journalist_templates/error.html r, - /var/www/securedrop/journalist_templates/flag.html r, - /var/www/securedrop/journalist_templates/flashed.html r, - /var/www/securedrop/journalist_templates/index.html r, - /var/www/securedrop/journalist_templates/js-strings.html r, - /var/www/securedrop/journalist_templates/locales.html r, - /var/www/securedrop/journalist_templates/login.html r, - /var/www/securedrop/journalist_templates/logo_upload_flashed.html r, - /var/www/securedrop/journalist_templates/submission_preferences_saved_flash.html r, - /var/www/securedrop/models.py r, - /var/www/securedrop/request_that_secures_file_uploads.py r, - /var/www/securedrop/rm.py r, - /var/www/securedrop/sdconfig.py r, - /var/www/securedrop/secure_tempfile.py r, - /var/www/securedrop/source.py r, - /var/www/securedrop/source_app/ r, - /var/www/securedrop/source_app/__init__.py r, - /var/www/securedrop/source_app/api.py r, - /var/www/securedrop/source_app/decorators.py r, - /var/www/securedrop/source_app/forms.py r, - /var/www/securedrop/source_app/info.py r, - /var/www/securedrop/source_app/main.py r, - /var/www/securedrop/source_app/utils.py r, - /var/www/securedrop/source_templates/banner_warning_flashed.html r, - /var/www/securedrop/source_templates/base.html r, - /var/www/securedrop/source_templates/error.html r, - /var/www/securedrop/source_templates/first_submission_flashed_message.html r, - /var/www/securedrop/source_templates/flashed.html r, - /var/www/securedrop/source_templates/footer.html r, - /var/www/securedrop/source_templates/generate.html r, - /var/www/securedrop/source_templates/index.html r, - /var/www/securedrop/source_templates/locales.html r, - /var/www/securedrop/source_templates/login.html r, - /var/www/securedrop/source_templates/logout.html r, - /var/www/securedrop/source_templates/lookup.html r, - /var/www/securedrop/source_templates/next_submission_flashed_message.html r, - /var/www/securedrop/source_templates/notfound.html r, - /var/www/securedrop/source_templates/session_timeout.html r, - /var/www/securedrop/source_templates/tor2web-warning.html r, - /var/www/securedrop/source_templates/use-tor-browser.html r, - /var/www/securedrop/source_templates/why-journalist-key.html r, - /var/www/securedrop/static/.webassets-cache/** rw, - /var/www/securedrop/static/css/font-awesome.css r, - /var/www/securedrop/static/css/journalist.css r, - /var/www/securedrop/static/css/normalize.css r, - /var/www/securedrop/static/css/source.css r, - /var/www/securedrop/static/fonts/fa-brands-400.eot r, - /var/www/securedrop/static/fonts/fa-brands-400.svg r, - /var/www/securedrop/static/fonts/fa-brands-400.ttf r, - /var/www/securedrop/static/fonts/fa-brands-400.woff r, - /var/www/securedrop/static/fonts/fa-brands-400.woff2 r, - /var/www/securedrop/static/fonts/fa-regular-400.eot r, - /var/www/securedrop/static/fonts/fa-regular-400.svg r, - /var/www/securedrop/static/fonts/fa-regular-400.ttf r, - /var/www/securedrop/static/fonts/fa-regular-400.woff r, - /var/www/securedrop/static/fonts/fa-regular-400.woff2 r, - /var/www/securedrop/static/fonts/fa-solid-900.eot r, - /var/www/securedrop/static/fonts/fa-solid-900.svg r, - /var/www/securedrop/static/fonts/fa-solid-900.ttf r, - /var/www/securedrop/static/fonts/fa-solid-900.woff r, - /var/www/securedrop/static/fonts/fa-solid-900.woff2 r, - /var/www/securedrop/static/gen/journalist.css rw, - /var/www/securedrop/static/gen/journalist.js rw, - /var/www/securedrop/static/gen/source.css rw, - /var/www/securedrop/static/gen/source.js rw, - /var/www/securedrop/static/i/arrow-upload-blue.png r, - /var/www/securedrop/static/i/arrow-upload-large.png r, - /var/www/securedrop/static/i/arrow-upload-white.png r, - /var/www/securedrop/static/i/custom_logo.png rw, - /var/www/securedrop/static/i/delete_gray.png r, - /var/www/securedrop/static/i/delete_red.png r, - /var/www/securedrop/static/i/bang-stop.png r, - /var/www/securedrop/static/i/favicon.png r, - /var/www/securedrop/static/i/font-awesome/black/guard.svg r, - /var/www/securedrop/static/i/font-awesome/black/times.svg r, - /var/www/securedrop/static/i/font-awesome/cancel-blue.png r, - /var/www/securedrop/static/i/font-awesome/checkmark-blue.png r, - /var/www/securedrop/static/i/font-awesome/checkmark-white.png r, - /var/www/securedrop/static/i/font-awesome/comments-blue.png r, - /var/www/securedrop/static/i/font-awesome/comments-white.png r, - /var/www/securedrop/static/i/font-awesome/exclamation-triangle-black.png r, - /var/www/securedrop/static/i/font-awesome/fa-arrow-circle-o-right-blue.png r, - /var/www/securedrop/static/i/font-awesome/fa-arrow-circle-o-right-white.png r, - /var/www/securedrop/static/i/font-awesome/fa-globe-black.png r, - /var/www/securedrop/static/i/font-awesome/info-circle-black.png r, - /var/www/securedrop/static/i/font-awesome/lock-black.png r, - /var/www/securedrop/static/i/font-awesome/refresh-blue.png r, - /var/www/securedrop/static/i/font-awesome/refresh-white.png r, - /var/www/securedrop/static/i/font-awesome/times-white.png r, - /var/www/securedrop/static/i/font-awesome/white/exclamation-circle.svg r, - /var/www/securedrop/static/i/font-awesome/white/guard.svg r, - /var/www/securedrop/static/i/hand_with_fingerprint.png r, - /var/www/securedrop/static/i/languages_arrow.png r, - /var/www/securedrop/static/i/languages_globe.png r, - /var/www/securedrop/static/i/logo.png rw, - /var/www/securedrop/static/i/logo-footer.png r, - /var/www/securedrop/static/i/no16-global.png r, - /var/www/securedrop/static/i/no16.png r, - /var/www/securedrop/static/i/securedrop.png r, - /var/www/securedrop/static/i/securedrop_small.png r, - /var/www/securedrop/static/i/server_upload.png r, - /var/www/securedrop/static/i/star.png r, - /var/www/securedrop/static/i/success_checkmark.png r, - /var/www/securedrop/static/i/tipbox/tipbox-hed-j-all.png r, - /var/www/securedrop/static/i/tipbox/tipbox-hed-j-single.png r, - /var/www/securedrop/static/i/tipbox/tipbox-hed-submit1.png r, - /var/www/securedrop/static/i/tipbox/tipbox-hed-submit3.png r, - /var/www/securedrop/static/i/tipbox/tipbox-hed-user.png r, - /var/www/securedrop/static/i/tipbox/tipbox-logo.png r, - /var/www/securedrop/static/i/torbroom-black.png r, - /var/www/securedrop/static/i/torbroom-coral.png r, - /var/www/securedrop/static/i/trash-x-out.png r, - /var/www/securedrop/static/i/trash-x-solid.png r, - /var/www/securedrop/static/i/un-star.png r, - /var/www/securedrop/static/i/x_icon-button_blue.png r, - /var/www/securedrop/static/i/x_icon-grimace_blue.png r, - /var/www/securedrop/static/i/x_icon-sd_blue.png r, - /var/www/securedrop/static/js/journalist.js r, - /var/www/securedrop/static/js/source.js r, - /var/www/securedrop/store.py r, - /var/www/securedrop/template_filters.py r, - /var/www/securedrop/translations/ r, - /var/www/securedrop/translations/** r, - /var/www/securedrop/version.py r, - /var/www/securedrop/wordlist r, - /var/www/securedrop/wordlists/** r, - /var/www/securedrop/worker.py r, - /var/www/source.wsgi r, - - ^DEFAULT_URI { - } - - ^HANDLING_UNTRUSTED_INPUT { - } -} diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/main.yml b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/main.yml index 117fc91f6f1..7e17ed787da 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/main.yml +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/main.yml @@ -64,6 +64,11 @@ with_items: "{{ securedrop_app_focal_files }}" when: securedrop_build_focal_support +- name: Create the control file based on distribution + template: + src: "control.j2" + dest: "{{ securedrop_app_code_prep_dir }}/debian/control" + - name: Create lib/systemd/services directory in prep directory file: state: directory diff --git a/install_files/securedrop-app-code/debian/control b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/templates/control.j2 similarity index 74% rename from install_files/securedrop-app-code/debian/control rename to install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/templates/control.j2 index 07d1ea6274a..5c264cf9a94 100644 --- a/install_files/securedrop-app-code/debian/control +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/templates/control.j2 @@ -5,11 +5,14 @@ Maintainer: SecureDrop Team Homepage: https://securedrop.org Build-Depends: debhelper (>= 9), dh-python, python3-all, python3-setuptools, dh-systemd, dh-virtualenv Standards-Version: 3.9.8 -X-Python3-Version: >= 3.5 Package: securedrop-app-code Architecture: amd64 Conflicts: libapache2-mod-wsgi,supervisor Replaces: libapache2-mod-wsgi,supervisor +{% if securedrop_build_focal_support %} +Depends: ${dist:Depends}, ${misc:Depends}, ${python3:Depends}, apache2, apparmor-utils, coreutils, gnupg2, haveged, libapache2-mod-xsendfile, libpython3.8, paxctld, python3, redis-server, securedrop-config, securedrop-keyring, sqlite3 +{% else %} Depends: ${dist:Depends}, ${misc:Depends}, ${python3:Depends}, apache2, apparmor-utils, coreutils, gnupg2, haveged, libapache2-mod-xsendfile, libpython3.5, paxctld, python3 (>= 3.5), python3 (<< 3.6), redis-server, securedrop-config, securedrop-keyring, sqlite3 +{% endif %} Description: SecureDrop application code, dependencies, Apache configuration, systemd services, and AppArmor profiles. This package will put the AppArmor profiles in enforce mode. diff --git a/molecule/builder-focal/tests/vars.yml b/molecule/builder-focal/tests/vars.yml index 35f8932cbad..bfa40d3e525 100644 --- a/molecule/builder-focal/tests/vars.yml +++ b/molecule/builder-focal/tests/vars.yml @@ -1,9 +1,9 @@ --- -securedrop_version: "1.5.0~rc1" +securedrop_version: "1.6.0~rc1" ossec_version: "3.6.0" keyring_version: "0.1.4" config_version: "0.1.3" -grsec_version: "4.14.175" +grsec_version: "4.14.188" # These values will be interpolated with values populated above # via helper functions in the tests.