From b0709cf83b59707d7ce9b0821c0535551f6906e0 Mon Sep 17 00:00:00 2001 From: Kevin O Gorman Date: Fri, 16 Aug 2019 22:23:41 -0400 Subject: [PATCH] Updated v3 service filenames --- admin/tests/test_securedrop-admin.py | 4 ++-- .../roles/tails-config/files/securedrop_init.py | 8 ++++---- .../tails-config/tasks/configure_torrc_additions.yml | 10 +++++----- .../tails-config/tasks/create_desktop_shortcuts.yml | 8 ++++---- .../roles/tails-config/tasks/create_ssh_aliases.yml | 2 +- .../roles/tails-config/templates/ssh_config.j2 | 4 ++-- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/admin/tests/test_securedrop-admin.py b/admin/tests/test_securedrop-admin.py index e2d4220f83f..2c90097bfd4 100644 --- a/admin/tests/test_securedrop-admin.py +++ b/admin/tests/test_securedrop-admin.py @@ -664,7 +664,7 @@ def test_only_v3_onion_services(self, tmpdir): ansible_path='.', app_path=dirname(__file__)) site_config = securedrop_admin.SiteConfig(args) - with open("app-source-v3ths", "w") as fobj: + with open("app-sourcev3-ths", "w") as fobj: fobj.write("a" * 56 + ".onion\n") site_config.update_onion_version_config() site_config.save() @@ -675,7 +675,7 @@ def test_only_v3_onion_services(self, tmpdir): v2_onion_services: false v3_onion_services: true """) - os.remove("app-source-v3ths") + os.remove("app-sourcev3-ths") assert expected == data def test_validate_gpg_key(self, caplog): diff --git a/install_files/ansible-base/roles/tails-config/files/securedrop_init.py b/install_files/ansible-base/roles/tails-config/files/securedrop_init.py index 6d9c730ced5..7bd6f197104 100644 --- a/install_files/ansible-base/roles/tails-config/files/securedrop_init.py +++ b/install_files/ansible-base/roles/tails-config/files/securedrop_init.py @@ -30,11 +30,11 @@ paths_v3_authfiles = { "app-journalist": os.path.join(path_securedrop_root, - 'install_files/ansible-base/app-journalist-v3aths'), + 'install_files/ansible-base/app-journalist.auth_private'), "app-ssh": os.path.join(path_securedrop_root, - 'install_files/ansible-base/app-ssh-v3aths'), + 'install_files/ansible-base/app-ssh.auth_private'), "mon-ssh": os.path.join(path_securedrop_root, - 'install_files/ansible-base/mon-ssh-v3aths') + 'install_files/ansible-base/mon-ssh.auth_private') } path_onion_auth_dir = '/var/lib/tor/onion_auth' @@ -83,7 +83,7 @@ for key, f in paths_v3_authfiles.items(): if os.path.isfile(f): filename = os.path.basename(f) - new_f = os.path.join(path_onion_auth_dir, key + ".auth_private") + new_f = os.path.join(path_onion_auth_dir, filename) copyfile(f, new_f) os.chmod(new_f, 0o400) os.chown(new_f, debian_tor_uid, debian_tor_gid) diff --git a/install_files/ansible-base/roles/tails-config/tasks/configure_torrc_additions.yml b/install_files/ansible-base/roles/tails-config/tasks/configure_torrc_additions.yml index 8f4e7df7d6c..69d9d3ce885 100644 --- a/install_files/ansible-base/roles/tails-config/tasks/configure_torrc_additions.yml +++ b/install_files/ansible-base/roles/tails-config/tasks/configure_torrc_additions.yml @@ -14,24 +14,24 @@ paths: - "{{ tails_config_ansible_base }}" patterns: - # Collect all files that end in `-v3aths` - if there are any present + # Collect all files that end in `.auth_private` - if there are any present # then `torrc` will need a directive added - - '*-v3aths' + - '*.auth_private' register: find_v3_aths_info_result # We need at least one v2 or v3 ATHS value, for the Journalist Interface. # If v2 is enabled, there will be 3 v2 `-aths` files on the Admin Interface. -# If v3 is enabled, there will be 3 v3 `-v3aths` files on the Admin Interface. +# If v3 is enabled, there will be 3 v3 `.auth_private` files on the Admin Interface. # If both are enabled, the Admin Interface will have 6 files in total. # This task simply validates that at least one suitable file was found; # if not, then the playbooks haven't been run, so fail with instructions. - name: Confirm ATHS info was found. assert: that: - - find_aths_info_result.matched >= 1 + - find_aths_info_result.matched + find_v3_aths_info_result.matched >= 1 msg: >- Failed to find ATHS info locally. Make sure you've installed SecureDrop - on the servers, and that the `-aths` and/or `-v3aths` files are located in: + on the servers, and that the `-aths` and/or `.auth_private` files are located in: `{{ tails_config_ansible_base }}/`. - name: Assemble ATHS info into torrc additions. diff --git a/install_files/ansible-base/roles/tails-config/tasks/create_desktop_shortcuts.yml b/install_files/ansible-base/roles/tails-config/tasks/create_desktop_shortcuts.yml index 029711e2bde..b5e7b197e1d 100644 --- a/install_files/ansible-base/roles/tails-config/tasks/create_desktop_shortcuts.yml +++ b/install_files/ansible-base/roles/tails-config/tasks/create_desktop_shortcuts.yml @@ -9,12 +9,12 @@ - name: Check for v3 Source Interface file stat: - path: app-source-v3ths + path: app-sourcev3-ths register: v3_source_file - name: Check for v3 Journalist Interface file stat: - path: app-journalist-v3aths + path: app-journalist.auth_private register: v3_journalist_file - name: Look up v2 Source Interface URL. @@ -24,7 +24,7 @@ when: v3_source_file.stat.exists == False - name: Look up v3 Source Interface URL. - command: grep -Po '.{56}\.onion' app-source-v3ths + command: grep -Po '.{56}\.onion' app-sourcev3-ths changed_when: false register: source_interface_lookup_result when: v3_source_file.stat.exists == True @@ -36,7 +36,7 @@ when: v3_source_file.stat.exists == False - name: Look up v3 Journalist Interface URL. - command: awk -F ':' '{print $1 ".onion"}' app-journalist-v3aths + command: awk -F ':' '{print $1 ".onion"}' app-journalist.auth_private changed_when: false register: journalist_interface_lookup_result when: v3_source_file.stat.exists == True diff --git a/install_files/ansible-base/roles/tails-config/tasks/create_ssh_aliases.yml b/install_files/ansible-base/roles/tails-config/tasks/create_ssh_aliases.yml index 4ddd875b662..c47aecce3d1 100644 --- a/install_files/ansible-base/roles/tails-config/tasks/create_ssh_aliases.yml +++ b/install_files/ansible-base/roles/tails-config/tasks/create_ssh_aliases.yml @@ -12,7 +12,7 @@ - name: Lookup v3 onion ssh files stat: - path: "{{ item }}-ssh-v3aths" + path: "{{ item }}-ssh.auth_private" register: "ssh_v3_onion_lookup" with_items: - app diff --git a/install_files/ansible-base/roles/tails-config/templates/ssh_config.j2 b/install_files/ansible-base/roles/tails-config/templates/ssh_config.j2 index dbd59ecf017..6bba3212dbf 100644 --- a/install_files/ansible-base/roles/tails-config/templates/ssh_config.j2 +++ b/install_files/ansible-base/roles/tails-config/templates/ssh_config.j2 @@ -1,5 +1,5 @@ {% set svc_grep = "grep -Po '.{16}\.onion' svc-ssh-aths" %} -{% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' svc-ssh-v3aths" %} +{% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' svc-ssh.auth_private" %} {% if v2_onion_services and not v3_onion_services -%} {% for svc in ssh_onion_lookup.results %} @@ -20,7 +20,7 @@ Host {{ svc.item }} {% if v3_onion_services -%} {% for svc in ssh_v3_onion_lookup.results %} Host {{ svc.item }} - {% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' "+svc.item+"-ssh-v3aths" -%} + {% set svc_awk = "awk -F ':' '{print $1 \".onion\"}' "+svc.item+"-ssh.auth_private" -%} {% set direct_ip = hostvars[inventory_hostname][svc.item+'_ip'] -%} User {{ ssh_users }} Hostname {{ lookup('pipe', svc_awk) if (svc.stat.exists and enable_ssh_over_tor) else direct_ip }}