Vendor pretty-bad-protocol and strip it down to what is needed #6807
Assignees
Comments
14 tasks
legoktm
changed the title
legoktm
added a commit
that referenced
this issue
Jun 12, 2023
pretty_bad_protocol is unmaintained upstream, not seeing any commits since the 3.1.1 release in August 2018. As part of our shift to Sequoia, we will just need a small part of this library during the migration, so let's fork/vendor it and remove the parts we don't need. This will also let us get rid of the monkey-patching that's accumulated over the years. This is a direct copy of the 3.1.1 source tree: $ wget https://files.pythonhosted.org/packages/84/0d/814c6c96f64f9cfc235fe102024b00ee77d107977e32996c59aed8f27ec0/pretty-bad-protocol-3.1.1.tar.gz $ tar xvf pretty-bad-protocol-3.1.1.tar.gz $ cp -Rv pretty-bad-protocol-3.1.1/pretty_bad_protocol freedomofpress/securedrop/securedrop/ Follow-up commits will reformat it per our coding standards and other necessary fixes. Refs #6807.
legoktm
added a commit
that referenced
this issue
Jun 12, 2023
And just implement them in the code directly now. We still set the `USERNAME` environment variable via encryption.py since there's not really a logical place for it in pretty_bad_protocol. Fixes #6807.
github-project-automation
bot
moved this from Ready For Review
to Done
in SecureDrop dev cycle
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/isislovecruft/python-gnupg is unmaintained these days and we've monkeypatched it a bit. Part of migrating to Sequoia is to move away from this library. But we will need bits of it around for the online migration of secret keys (#6802), so we should simply vendor it and strip it down to only what we need.
We can also get rid of the monkeypatching at this time and treat it as SecureDrop-owned code instead of upstream.
The text was updated successfully, but these errors were encountered: