Updated v3 service filenames

admin/tests/test_securedrop-admin.py

@@ -664,7 +664,7 @@ def test_only_v3_onion_services(self, tmpdir):
                                   ansible_path='.',
                                   app_path=dirname(__file__))
         site_config = securedrop_admin.SiteConfig(args)
-        with open("app-source-v3ths", "w") as fobj:
+        with open("app-sourcev3-ths", "w") as fobj:
             fobj.write("a" * 56 + ".onion\n")
         site_config.update_onion_version_config()
         site_config.save()
@@ -675,7 +675,7 @@ def test_only_v3_onion_services(self, tmpdir):
         v2_onion_services: false
         v3_onion_services: true
         """)
-        os.remove("app-source-v3ths")
+        os.remove("app-sourcev3-ths")
         assert expected == data
 
     def test_validate_gpg_key(self, caplog):

install_files/ansible-base/roles/tails-config/files/securedrop_init.py

@@ -30,11 +30,11 @@
 
 paths_v3_authfiles = {
         "app-journalist": os.path.join(path_securedrop_root,
-                                       'install_files/ansible-base/app-journalist-v3aths'),
+                                       'install_files/ansible-base/app-journalist.auth_private'),
         "app-ssh": os.path.join(path_securedrop_root,
-                                'install_files/ansible-base/app-ssh-v3aths'),
+                                'install_files/ansible-base/app-ssh.auth_private'),
         "mon-ssh": os.path.join(path_securedrop_root,
-                                'install_files/ansible-base/mon-ssh-v3aths')
+                                'install_files/ansible-base/mon-ssh.auth_private')
 }
 path_onion_auth_dir = '/var/lib/tor/onion_auth'
 
@@ -83,7 +83,7 @@
 for key, f in paths_v3_authfiles.items():
     if os.path.isfile(f):
         filename = os.path.basename(f)
-        new_f = os.path.join(path_onion_auth_dir, key + ".auth_private")
+        new_f = os.path.join(path_onion_auth_dir, filename)
         copyfile(f, new_f)
         os.chmod(new_f, 0o400)
         os.chown(new_f, debian_tor_uid, debian_tor_gid)

install_files/ansible-base/roles/tails-config/tasks/configure_torrc_additions.yml

@@ -14,24 +14,24 @@
     paths:
       - "{{ tails_config_ansible_base }}"
     patterns:
-      # Collect all files that end in `-v3aths` - if there are any present
+      # Collect all files that end in `.auth_private` - if there are any present
       # then `torrc` will need a directive added
-      - '*-v3aths'
+      - '*.auth_private'
   register: find_v3_aths_info_result
 
 # We need at least one v2 or v3 ATHS value, for the Journalist Interface.
 # If v2 is enabled, there will be 3 v2 `-aths` files on the Admin Interface.
-# If v3 is enabled, there will be 3 v3 `-v3aths` files on the Admin Interface.
+# If v3 is enabled, there will be 3 v3 `.auth_private` files on the Admin Interface.
 # If both are enabled, the Admin Interface will have 6 files in total.
 # This task simply validates that at least one suitable file was found;
 # if not, then the playbooks haven't been run, so fail with instructions.
 - name: Confirm ATHS info was found.
   assert:
     that:
-      - find_aths_info_result.matched >= 1
+      - find_aths_info_result.matched + find_v3_aths_info_result.matched >= 1
     msg: >-
       Failed to find ATHS info locally. Make sure you've installed SecureDrop
-      on the servers, and that the `-aths` and/or `-v3aths` files are located in:
+      on the servers, and that the `-aths` and/or `.auth_private` files are located in:
       `{{ tails_config_ansible_base }}/`.
 
 - name: Assemble ATHS info into torrc additions.

install_files/ansible-base/roles/tails-config/tasks/create_desktop_shortcuts.yml

@@ -9,12 +9,12 @@
 
 - name: Check for v3 Source Interface file
   stat:
-    path: app-source-v3ths
+    path: app-sourcev3-ths
   register: v3_source_file
 
 - name: Check for v3 Journalist Interface file
   stat:
-    path: app-journalist-v3aths
+    path: app-journalist.auth_private
   register: v3_journalist_file
 
 - name: Look up v2 Source Interface URL.
@@ -24,7 +24,7 @@
   when: v3_source_file.stat.exists == False
 
 - name: Look up v3 Source Interface URL.
-  command: grep -Po '.{56}\.onion' app-source-v3ths
+  command: grep -Po '.{56}\.onion' app-sourcev3-ths
   changed_when: false
   register: source_interface_lookup_result
   when: v3_source_file.stat.exists == True
@@ -36,7 +36,7 @@
   when: v3_source_file.stat.exists == False
 
 - name: Look up v3 Journalist Interface URL.
-  command: awk -F ':' '{print $1 ".onion"}' app-journalist-v3aths
+  command: awk -F ':' '{print $1 ".onion"}' app-journalist.auth_private
   changed_when: false
   register: journalist_interface_lookup_result
   when: v3_source_file.stat.exists == True

install_files/ansible-base/roles/tails-config/tasks/create_ssh_aliases.yml

@@ -12,7 +12,7 @@
 
 - name: Lookup v3 onion ssh files
   stat:
-    path: "{{ item }}-ssh-v3aths"
+    path: "{{ item }}-ssh.auth_private"
   register: "ssh_v3_onion_lookup"
   with_items:
     - app

install_files/ansible-base/roles/tails-config/templates/ssh_config.j2

@@ -1,5 +1,5 @@
 {% set svc_grep = "grep -Po '.{16}\.onion' svc-ssh-aths" %}
-{% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' svc-ssh-v3aths" %}
+{% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' svc-ssh.auth_private" %}
 
 {% if v2_onion_services and not v3_onion_services -%}
 {% for svc in ssh_onion_lookup.results %}
@@ -20,7 +20,7 @@ Host {{ svc.item }}
 {% if v3_onion_services -%}
 {% for svc in ssh_v3_onion_lookup.results %}
 Host {{ svc.item }}
-  {% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' "+svc.item+"-ssh-v3aths" -%}
+  {% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' "+svc.item+"-ssh.auth_private" -%}
   {% set direct_ip = hostvars[inventory_hostname][svc.item+'_ip'] -%}
   User {{ ssh_users }}
   Hostname {{ lookup('pipe', svc_awk) if (svc.stat.exists and enable_ssh_over_tor) else direct_ip }}