Fixes #5449 changes to build securedrop-app-code in focal

This is dependent on #5458
freedomofpress · Aug 24, 2020 · 2acb92a · 2acb92a
1 parent 193d352
commit 2acb92a
Show file tree

Hide file tree

Showing 7 changed files with 503 additions and 6 deletions.
diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/defaults/main.yml b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/defaults/main.yml
@@ -8,11 +8,6 @@ securedrop_code_filtered: "{{ securedrop_app_code_prep_dir }}/var/www/securedrop
 
 securedrop_pip_requirements: "{{ securedrop_code_filtered }}/requirements/python3/securedrop-app-code-requirements.txt"
 
-# SecureDrop virtualenv location
-securedrop_venv: "/opt/venvs/securedrop-app-code"
-securedrop_venv_bin: "{{ securedrop_venv }}/bin"
-securedrop_venv_site_packages: "{{ securedrop_venv }}/lib/python3.5/site-packages"
-
 # SecureDrop code installation directory
 securedrop_code: /var/www/securedrop
 
@@ -45,4 +40,22 @@ securedrop_app_rsync_opts:
 
 securedrop_local_build: "../../build"
 
-securedrop_package_dist: xenial
+# Default is xenial.
+securedrop_build_focal_support: False
+securedrop_package_dist: "{{ 'focal' if securedrop_build_focal_support else 'xenial' }}"
+
+# SecureDrop virtualenv location
+securedrop_venv: "/opt/venvs/securedrop-app-code"
+securedrop_venv_bin: "{{ securedrop_venv }}/bin"
+securedrop_python_version: "{{ '3.8' if securedrop_build_focal_support else '3.5' }}"
+securedrop_venv_site_packages: "{{ securedrop_venv }}/lib/python{{ securedrop_python_version }}/site-packages"
+
+securedrop_app_focal_files:
+  - src: control-focal
+    dest: "{{ securedrop_app_code_prep_dir }}/debian/control"
+  - src: rules-focal
+    dest: "{{ securedrop_app_code_prep_dir }}/debian/rules"
+  - src: securedrop-app-code.triggers-focal
+    dest: "{{ securedrop_app_code_prep_dir }}/debian/securedrop-app-code.triggers"
+  - src: usr.sbin.apache2-focal
+    dest: "{{ securedrop_app_code_prep_dir }}/etc/apparmor.d/usr.sbin.apache2"
diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal
@@ -0,0 +1,83 @@
+securedrop-app-code (1.5.0~rc1+focal) focal; urgency=medium
+
+  * 
+
+ -- SecureDrop Team <[email protected]>  Thu, 18 Jun 2020 21:58:23 +0000
+
+securedrop-app-code (1.4.0+xenial) xenial; urgency=medium
+
+  * See changelog.md 
+
+ -- SecureDrop Team <[email protected]>  Wed, 17 Jun 2020 21:35:57 +0000
+
+securedrop-app-code (1.3.0+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Tue, 12 May 2020 18:37:42 +0000
+
+securedrop-app-code (1.2.2+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Fri, 13 Mar 2020 19:43:29 +0000
+
+securedrop-app-code (1.2.1+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 19 Feb 2020 14:40:43 +0000
+
+securedrop-app-code (1.2.0+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 20 Nov 2019 16:48:41 +0000
+
+securedrop-app-code (1.1.0+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Mon, 21 Oct 2019 18:09:35 +0000
+
+securedrop-app-code (1.0.0+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Tue, 17 Sep 2019 23:22:22 +0530
+
+securedrop-app-code (0.14.0+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 10 Jul 2019 15:11:49 +0000
+
+securedrop-app-code (0.13.1+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Tue, 18 Jun 2019 13:48:12 +0000
+
+securedrop-app-code (0.13.0+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 29 May 2019 20:45:21 +0000
+
+securedrop-app-code (0.12.2+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Thu, 25 Apr 2019 17:54:15 +0000
+
+securedrop-app-code (0.12.1+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 20 Mar 2019 20:20:40 +0000
+
+securedrop-app-code (0.12.0+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 27 Feb 2019 00:37:02 +0000
diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/control-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/control-focal
@@ -0,0 +1,15 @@
+Source: securedrop-app-code
+Section: web
+Priority: optional
+Maintainer: SecureDrop Team <[email protected]>
+Homepage: https://securedrop.org
+Build-Depends: debhelper (>= 9), dh-python, python3-all, python3-setuptools, dh-systemd, dh-virtualenv
+Standards-Version: 3.9.8
+X-Python3-Version: >= 3.8
+
+Package: securedrop-app-code
+Architecture: amd64
+Conflicts: libapache2-mod-wsgi,supervisor
+Replaces: libapache2-mod-wsgi,supervisor
+Depends: ${dist:Depends}, ${misc:Depends}, ${python3:Depends}, apache2, apparmor-utils, coreutils, gnupg2, haveged, libapache2-mod-xsendfile, libpython3.8, paxctld, python3, redis-server, securedrop-config, securedrop-keyring, sqlite3
+Description: SecureDrop application code, dependencies, Apache configuration, systemd services, and AppArmor profiles. This package will put the AppArmor profiles in enforce mode.
diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/rules-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/rules-focal
@@ -0,0 +1,51 @@
+#!/usr/bin/make -f
+
+DEB_DH_INSTALL_ARGS=-X .git
+
+SECUREDROP_BUILD_PLATFORM=$(shell lsb_release -sc)
+
+%:
+	dh $@ --with python-virtualenv --with systemd
+
+override_dh_gencontrol:
+	dh_gencontrol -- $(SUBSTVARS)
+
+# Move the conffile in version control to squash the autogenerated one
+# by debhelper, as files in /etc/ are automatically marked as
+# conffiles.  We are shipping AppArmor profiles via this package, and
+# want them to be correctly updated with each update.
+override_dh_installdeb:
+	dh_installdeb
+	cp ${CURDIR}/debian/conffiles ${CURDIR}/debian/securedrop-app-code/DEBIAN/
+
+override_dh_strip_nondeterminism:
+	find ./debian/ -type f -name '*.pyc' -delete
+	find ./debian/ -type f -name 'pip-selfcheck.json' -delete
+	find -type f -name RECORD -exec sed -i -e '/.*\.pyc.*/d' {} +
+	dh_strip_nondeterminism $@
+
+override_dh_virtualenv:
+	dh_virtualenv \
+		--python=/usr/bin/python3.8 \
+		--extra-pip-arg "--verbose" \
+		--extra-pip-arg "--ignore-installed" \
+		--extra-pip-arg "--no-deps" \
+		--extra-pip-arg "--no-binary=:all:" \
+		--extra-pip-arg "--no-cache-dir"
+
+#
+# Have to override the automatic service handling since we have more
+# than one.
+#
+override_dh_installinit:
+	dh_installinit --noscripts
+
+override_dh_systemd_enable:
+	dh_systemd_enable --name=securedrop_rqrequeue
+	dh_systemd_enable --name=securedrop_rqworker
+	dh_systemd_enable --name=securedrop_shredder
+
+override_dh_systemd_start:
+	dh_systemd_start --name=securedrop_rqrequeue
+	dh_systemd_start --name=securedrop_rqworker
+	dh_systemd_start --name=securedrop_shredder
diff --git a/...ble-base/roles/build-securedrop-app-code-deb-pkg/files/securedrop-app-code.triggers-focal b/...ble-base/roles/build-securedrop-app-code-deb-pkg/files/securedrop-app-code.triggers-focal
@@ -0,0 +1,7 @@
+# Register interest in Python interpreter changes; and
+# don't make the Python package dependent on the virtualenv package
+# processing (noawait)
+interest-noawait /usr/bin/python3.8
+
+# Also provide a symbolic trigger for all dh-virtualenv packages
+interest dh-virtualenv-interpreter-update