From bc7703aad4bc06c6bfe12da8132a231e7387365d Mon Sep 17 00:00:00 2001
From: John Hensley <john@freedom.press>
Date: Wed, 11 Dec 2019 20:57:32 -0500
Subject: [PATCH 1/2] Improve dh-virtualenv for securedrop-client

Add extra pip options "--ignore-installed", "--no-deps", and
"--no-cache-dir" to the dh-virtualenv override in
securedrop-client/debian/rules. This prevents variation in the build
environment from changing the set of requirements included in the
virtualenv embedded in the package.
---
 securedrop-client/debian/rules | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/securedrop-client/debian/rules b/securedrop-client/debian/rules
index f37460c8..36a2f727 100755
--- a/securedrop-client/debian/rules
+++ b/securedrop-client/debian/rules
@@ -4,7 +4,15 @@
 	dh $@ --with python-virtualenv
 
 override_dh_virtualenv:
-	dh_virtualenv --python /usr/bin/python3 --setuptools -S --index-url https://dev-bin.ops.securedrop.org/simple --requirements build-requirements.txt
+	dh_virtualenv \
+		--python /usr/bin/python3 \
+		--setuptools \
+		--use-system-packages \
+		--index-url https://dev-bin.ops.securedrop.org/simple \
+		--extra-pip-arg "--ignore-installed" \
+		--extra-pip-arg "--no-deps" \
+		--extra-pip-arg "--no-cache-dir" \
+		--requirements build-requirements.txt
 
 override_dh_strip_nondeterminism:
 	find ./debian/ -type f -name '*.pyc' -delete

From a264a33986473b7394f0bbeda373b9382212a317 Mon Sep 17 00:00:00 2001
From: John Hensley <john@freedom.press>
Date: Thu, 9 Jan 2020 18:44:37 -0500
Subject: [PATCH 2/2] Add extra pip args in rules for
 securedrop-export/securedrop-proxy

---
 securedrop-export/debian/rules | 13 +++++++++++--
 securedrop-proxy/debian/rules  | 13 +++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/securedrop-export/debian/rules b/securedrop-export/debian/rules
index 1894e45a..aa7b2545 100755
--- a/securedrop-export/debian/rules
+++ b/securedrop-export/debian/rules
@@ -1,11 +1,20 @@
 #!/usr/bin/make -f
 
 %:
-	dh $@ --with python-virtualenv --python /usr/bin/python3 --setuptools --index-url https://dev-bin.ops.securedrop.org/simple --requirements build-requirements.txt
+	dh $@ --with python-virtualenv
+
+override_dh_virtualenv:
+	dh_virtualenv \
+		--python /usr/bin/python3 \
+		--setuptools \
+		--index-url https://dev-bin.ops.securedrop.org/simple \
+		--extra-pip-arg "--ignore-installed" \
+		--extra-pip-arg "--no-deps" \
+		--extra-pip-arg "--no-cache-dir" \
+		--requirements build-requirements.txt
 
 override_dh_strip_nondeterminism:
 	find ./debian/ -type f -name '*.pyc' -delete
 	find ./debian/ -type f -name 'pip-selfcheck.json' -delete
 	find -type f -name RECORD -exec sed -i -e '/.*\.pyc.*/d' {} +
 	dh_strip_nondeterminism $@
-
diff --git a/securedrop-proxy/debian/rules b/securedrop-proxy/debian/rules
index 1894e45a..aa7b2545 100755
--- a/securedrop-proxy/debian/rules
+++ b/securedrop-proxy/debian/rules
@@ -1,11 +1,20 @@
 #!/usr/bin/make -f
 
 %:
-	dh $@ --with python-virtualenv --python /usr/bin/python3 --setuptools --index-url https://dev-bin.ops.securedrop.org/simple --requirements build-requirements.txt
+	dh $@ --with python-virtualenv
+
+override_dh_virtualenv:
+	dh_virtualenv \
+		--python /usr/bin/python3 \
+		--setuptools \
+		--index-url https://dev-bin.ops.securedrop.org/simple \
+		--extra-pip-arg "--ignore-installed" \
+		--extra-pip-arg "--no-deps" \
+		--extra-pip-arg "--no-cache-dir" \
+		--requirements build-requirements.txt
 
 override_dh_strip_nondeterminism:
 	find ./debian/ -type f -name '*.pyc' -delete
 	find ./debian/ -type f -name 'pip-selfcheck.json' -delete
 	find -type f -name RECORD -exec sed -i -e '/.*\.pyc.*/d' {} +
 	dh_strip_nondeterminism $@
-