-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #171 from freedomofpress/438-securedrop-keyring
Add securedrop-keyring package
- Loading branch information
Showing
14 changed files
with
164 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| securedrop-keyring (0.1.4+buster) unstable; urgency=medium | ||
|
|
||
| * Initial release for securedrop workstation | ||
|
|
||
| -- SecureDrop Team <[email protected]> Fri, 22 May 2020 11:18:05 -0400 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 9 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| Source: securedrop-keyring | ||
| Section: web | ||
| Priority: optional | ||
| Maintainer: SecureDrop Team <[email protected]> | ||
| Build-Depends: debhelper (>= 9), | ||
| Standards-Version: 3.9.8 | ||
| Homepage: https://github.com/freedomofpress/securedrop-debian-packaging | ||
|
|
||
| Package: securedrop-keyring | ||
| Architecture: all | ||
| Depends: gnupg | ||
| Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ | ||
| Upstream-Name: securedrop-keyring | ||
| Source: https://github.com/freedomofpress/securedrop-debian-packaging | ||
|
|
||
| Files: * | ||
| Copyright: 2020 Freedom of the Press Foundation <[email protected]> | ||
| License: GPLv3+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| #!/bin/sh | ||
| # postinst script for securedrop-workstation-grsec | ||
| # | ||
| # see: dh_installdeb(1) | ||
|
|
||
| set -e | ||
|
|
||
| # summary of how this script can be called: | ||
| # * <postinst> `configure' <most-recently-configured-version> | ||
| # * <old-postinst> `abort-upgrade' <new version> | ||
| # * <conflictor's-postinst> `abort-remove' `in-favour' <package> | ||
| # <new-version> | ||
| # * <postinst> `abort-remove' | ||
| # * <deconfigured's-postinst> `abort-deconfigure' `in-favour' | ||
| # <failed-install-package> <version> `removing' | ||
| # <conflicting-package> <version> | ||
| # for details, see https://www.debian.org/doc/debian-policy/ or | ||
| # the debian-policy package | ||
|
|
||
| case "$1" in | ||
| configure) | ||
| chown -R root:root /etc/apt/trusted.gpg.d/ | ||
| ;; | ||
|
|
||
| abort-upgrade|abort-remove|abort-deconfigure) | ||
| ;; | ||
|
|
||
| *) | ||
| echo "postinst called with unknown argument \`$1'" >&2 | ||
| exit 1 | ||
| ;; | ||
| esac | ||
|
|
||
| # dh_installdeb will replace this with shell code automatically | ||
| # generated by other debhelper scripts. | ||
|
|
||
| #DEBHELPER# | ||
|
|
||
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -e | ||
|
|
||
| # Solution adapted from DKG's work on `deb.torproject.org-keyring` and | ||
| # the securedrop core keyring package. | ||
| # In SecureDrop Workstation versions before 0.3.0, the salt provisioning | ||
| # logic uses pkgrepo.managed, which writes the key to `/etc/apt/trusted.gpg`. | ||
| # It's cleaner to use the trusted.gpg.d subdirectory, since we can | ||
| # update that trivially in future versions of the keyring package. | ||
| # | ||
| # Therefore let's clean up prior versions of the key installed | ||
| # to the general apt keyring, to ensure we only have one signing key | ||
| # installed for authenticating securedrop-related packages. | ||
|
|
||
| if [ -e /etc/apt/trusted.gpg ] && which gpg >/dev/null; then | ||
| ( | ||
| h="$(mktemp -d)" | ||
| trap "rm -rf '$h'" EXIT | ||
|
|
||
| if gpg --homedir="$h" \ | ||
| --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg \ | ||
| --list-key 0x22245C81E3BAEB4138B36061310F561200F4AD77 > /dev/null 2>&1 ; then | ||
| gpg --homedir="$h" \ | ||
| --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg \ | ||
| --no-auto-check-trustdb \ | ||
| --delete-key 0x22245C81E3BAEB4138B36061310F561200F4AD77 || true | ||
| fi | ||
| ) | ||
| fi | ||
|
|
||
| #DEBHELPER# | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| #!/usr/bin/make -f | ||
|
|
||
| %: | ||
| dh $@ | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| securedrop-keyring.gpg etc/apt/trusted.gpg.d/ |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,9 @@ | ||
| securedrop-workstation-config (0.1.3+buster) unstable; urgency=medium | ||
|
|
||
| * Adds securedrop-keyring to list of dependencies | ||
|
|
||
| -- SecureDrop Team <[email protected]> Fri, 22 May 2020 12:02:57 -0400 | ||
|
|
||
| securedrop-workstation-config (0.1.2+buster) unstable; urgency=medium | ||
|
|
||
| * Bump securedrop-workstation-config to 0.1.2 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters