freedomofpress · kushaldas · Apr 16, 2021 · Apr 7, 2021 · Apr 9, 2021 · Apr 9, 2021
@@ -4,6 +4,18 @@
 
 *
 
+## 1.8.1
+
+### Operations
+
+* Install a fixed version of setuptools-scm before building packages (#5877)
+* Update pylint from 2.5.0 to 2.7.4, pyyaml from 5.3.1 to 5.4.1 (#5884)
+* Suppress OSSEC alert caused by fwupd not being active (#5882)
+* Exclude SSH onion service config from restores (#5886)
+* Add support for custom logos in backups (#5880)
+* Add check for SecureBoot status in installer (#5879)
+* Restore playbook validates Tor config after v2 service removal (#5894)
+
 ## 1.8.0
 
 ### Web applications

@@ -4,6 +4,12 @@ securedrop-app-code (1.9.0~rc1+focal) focal; urgency=medium
 
  -- SecureDrop Team <[email protected]>  Fri, 12 Mar 2021 10:19:54 -0500
 
+securedrop-app-code (1.8.1+focal) focal; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 14 Apr 2021 13:32:03 +0000
+
 securedrop-app-code (1.8.0+focal) focal; urgency=medium
 
   * see changelog.md

@@ -4,6 +4,12 @@ securedrop-app-code (1.9.0~rc1+xenial) xenial; urgency=medium
 
  -- SecureDrop Team <[email protected]>  Fri, 12 Mar 2021 10:18:41 -0500
 
+securedrop-app-code (1.8.1+xenial) xenial; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 14 Apr 2021 13:31:46 +0000
+
 securedrop-app-code (1.8.0+xenial) xenial; urgency=medium
 
   * See changelog.md 

@@ -1,12 +1,46 @@
 ---
-- name: Copy disable_v2.py script
+- name: Backup torrc file
   copy:
-    src: "{{ role_path }}/files/disable_v2.py"
-    dest: /opt/disable_v2.py
+    src: /etc/tor/torrc
+    dest: /etc/tor/torrc.bak
+    remote_src: yes
   when: ("V3 services only" in compare_result.stdout)
 
-- name: Execute disable_v2 script
-  command: python3 /opt/disable_v2.py /etc/tor/torrc /etc/tor/torrc
+- name: Remove v2 service definitions from torrc.
+  shell: >
+    awk '!/HiddenServiceVersion 2/'
+    RS="HiddenServiceDir" ORS="HiddenServiceDir"
+    /etc/tor/torrc.bak | sed '$d' > /etc/tor/torrc
+  when: ("V3 services only" in compare_result.stdout)
+
+- name: Check Tor config
+  command: tor --verify-config
+  register: tor_verify
+  become_user: debian-tor
+  when: ("V3 services only" in compare_result.stdout)
+
+- name: Verify that Tor config is valid
+  assert:
+    that:
+      - "'Configuration was valid' in tor_verify.stdout"
+    fail_msg:
+      - "Removal of obsolete V2 configuration blocks failed - the new"
+      - "configuration file is invalid."
+  when: ("V3 services only" in compare_result.stdout)
+
+- name: Verify that V2 config directives are removed
+  assert:
+    that:
+      - "'Onion service version 2 are deprecated' not in tor_verify.stdout"
+    fail_msg:
+      - "V2 configurations were not successfully removed. Please review /etc/tor/torrc"
+      - "and manually remove any v2 service definitions."
+  when: ("V3 services only" in compare_result.stdout)
+
+- name: Remove backup torrc file
+  file:
+    state: absent
+    path: /etc/tor/torrc.bak
   when: ("V3 services only" in compare_result.stdout)
 
 - name: Remove v2 tor source directory
@@ -32,9 +66,3 @@
     state: absent
     path: /var/lib/securedrop/source_v2_url
   when: ("V3 services only" in compare_result.stdout)
-
-- name: Remove disable_v2.py script
-  file:
-    state: absent
-    path: /opt/disable_v2.py
-  when: ("V3 services only" in compare_result.stdout)
@@ -1,2 +1,2 @@
-# sha256 digest quay.io/freedomofpress/sd-docker-builder-focal:2021_03_11
-bc1509c77301fc16662ad43b8be56e6f6c13c4366c2cab648e15dc0e3d46ab66
+# sha256 digest quay.io/freedomofpress/sd-docker-builder-focal:2021_04_14
+46e06c9a83ec7f8f11d227aaaefb1da3b33d35c95f963d54087bcee965fae59e
@@ -1,2 +1,2 @@
-# sha256 digest quay.io/freedomofpress/sd-docker-builder-xenial:2021_03_11
-191501f0653623a0eb8859cd9b37bddab0061a7a02158bdeb9d7318844b47cf4
+# sha256 digest quay.io/freedomofpress/sd-docker-builder-xenial:2021_04_14
+3fefc5cb2382fbcdb650606a62c88e58003d858c6722a72b51a8982dec37a052
@@ -1 +1 @@
-1.8.0
+1.8.1