WIP: Add and refactor Debianization

freedomofpress · Dec 14, 2023 · d3fe49e · d3fe49e
1 parent fde9306
commit d3fe49e
Show file tree

Hide file tree

Showing 32 changed files with 1,419 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,20 @@
+name: CI
+on: [push, pull_request]
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build-bullseye:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          repository: "freedomofpress/securedrop-builder"
+          path: "../securedrop-builder"
+          lfs: true
+      - name: Lint and test Rust code
+        run: |
+          ./scripts/build-debs.sh
diff --git a/debian/changelog b/debian/changelog
@@ -0,0 +1,188 @@
+securedrop-client (0.9.0+bullseye) unstable; urgency=medium
+
+  * see changelog.md 
+
+ -- SecureDrop Team <[email protected]>  Thu, 16 Mar 2023 16:29:03 -0400
+
+securedrop-client (0.8.1+bullseye) unstable; urgency=medium
+
+  * See changelog.md 
+
+ -- SecureDrop Team <[email protected]>  Thu, 15 Sep 2022 08:37:55 +1000
+
+securedrop-client (0.8.0+buster) unstable; urgency=medium
+
+  * See changelog.md 
+
+ -- SecureDrop Team <[email protected]>  Wed, 06 Jul 2022 14:06:23 +1000
+
+securedrop-client (0.7.0+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 20 Apr 2022 10:41:31 -0400
+
+securedrop-client (0.6.0+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Tue, 15 Feb 2022 10:45:20 -0800
+
+securedrop-client (0.5.1+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Thu, 02 Dec 2021 16:41:49 -0800
+
+securedrop-client (0.5.0+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Wed, 01 Dec 2021 12:09:27 -0800
+
+securedrop-client (0.4.1+buster) unstable; urgency=medium
+
+  * See changelog.md 
+
+ -- SecureDrop Team <[email protected]>  Wed, 17 Mar 2021 11:20:12 -0700
+
+securedrop-client (0.4.0+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Thu, 10 Dec 2020 14:36:06 -0800
+
+securedrop-client (0.3.0+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Thu, 05 Nov 2020 11:40:46 -0500
+
+securedrop-client (0.2.1+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Thu, 16 Jul 2020 11:56:07 -0400
+
+securedrop-client (0.2.0+buster) unstable; urgency=medium
+
+  * See changelog.md 
+
+ -- SecureDrop Team <[email protected]>  Fri, 29 May 2020 17:19:31 -0400
+
+securedrop-client (0.1.6+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Tue, 31 Mar 2020 10:45:27 -0400
+
+securedrop-client (0.1.5+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Mon, 30 Mar 2020 14:11:21 -0400
+
+securedrop-client (0.1.4+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- SecureDrop Team <[email protected]>  Thu, 26 Mar 2020 11:45:01 -0400
+
+securedrop-client (0.1.3+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- mickael e. <[email protected]>  Wed, 18 Mar 2020 12:32:35 -0400
+
+securedrop-client (0.1.2+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- redshiftzero <[email protected]>  Tue, 10 Mar 2020 13:12:54 -0400
+
+securedrop-client (0.1.1+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- redshiftzero <[email protected]>  Tue, 03 Mar 2020 11:39:03 -0500
+
+securedrop-client (0.1.0+buster) unstable; urgency=medium
+
+  * See changelog.md
+
+ -- redshiftzero <[email protected]>  Fri, 21 Feb 2020 13:34:42 -0500
+
+securedrop-client (0.0.13+buster) unstable; urgency=medium
+
+  * remove user refresh and replace with sync icon (#732)
+  * build-requirements: update for production beta (#730)
+  * No sync on ui operations (#721)
+  * Use SecureQLabel for message previews (#720)
+  * Show DD MMM format for source title (#719)
+  * Add new metadata queue. (#715)
+  * Improve performance of storage.get_remote_data (#709)
+  * app/queue: prioritize user-triggered state changes (#708)
+  * Fix HTML entities being escaped in speech bubbles. (#703)
+  * Activity indicator for file download / decryption. (#702)
+  * Rename VMs (#701)
+
+ -- SecureDrop Team <[email protected]>  Fri, 17 Jan 2020 18:20:20 -0800
+
+securedrop-client (0.0.12+buster) unstable; urgency=medium
+
+  * Use revised VM names (securedrop-workstation #285)
+  * Delete sources using the general queue (#402)
+  * Add a preview snippet for sources (#135)
+  * Add a show/hide password feature on the login screen (#659)
+  * Disable sync icon during active sync (#388)
+  * Add keyboard shortcuts for sending replies (#606)
+  * Add hover states for UI elements (#591)
+
+ -- SecureDrop Team <[email protected]>  Fri, 17 Jan 2020 18:20:20 -0800
+
+securedrop-client (0.0.11+buster) unstable; urgency=medium
+
+  * Add apparmor profile (#673)
+  * Add failure message for replies (#664)
+  * Move metadata sync to api queue (#640)
+  * Add print integration (#631)
+  * Populate source list immediately upon login (#626)
+
+ -- SecureDrop Team <[email protected]>  Thu, 19 Dec 2019 12:20:20 -0500
+
+securedrop-client (0.0.10+buster) unstable; urgency=medium
+
+  * Add Python 3.7/buster support (#568, #609)
+  * Add export to USB support (#611, #547, #562, #563, #564)
+  * Retry failed replies (#530)
+  * Pause queue on auth errors, connection failures, and timeouts (#531)
+  * Add pending reply status, persist replies in the database (#578)
+  * Set realistic timeouts, scale file/message download timeouts using file size (#515, #567)
+  * Update qrexec keyword prefix characters (#537)
+  * Reply box no longer accepts rich text input (#580)
+  * Format reply box placeholder text (#597)
+  * Redesign FileWidget (#535)
+  * Style conversation header (#543)
+  * Login form submits if user presses Enter or Return (#615)
+  * Enable changeable log levels (#603)
+  * Remove borders around source list, send icon, and reply box (#505)
+  * Move star and date in source widget (#506)
+  * Polish source widget (#522)
+  * Polish offline UI (#586)
+  * Add branding image to left pane and polish styling (#520)
+  * Add empty conversation view (#510)
+  * Update fonts weights and colors (#502)
+  * Bugfix: handle missing files during export and open (#566)
+  * Bugfix: do not escape quotes in SecureQLabel (#516)
+  * Bugfix: skip round trip to user endpoint during logic (#605, #621, #623)
+  * Bugfix: fix bug of sources disappearing from source list (#620)
+  * Bugfix: fix db warnings upon source deletion (#581)
+  * Add more detailed developer documentation (#508)
+  * Add documentation for updating dependencies (#536)
+  * Ensure build/dev requirements files stay in sync (#602)
+  * Parallelize test suite (#569)
+  * Ignore third-party deprecation warnings (#576)
+  * Add bandit to check target (#548)
+
+ -- redshiftzero <[email protected]>  Wed, 20 Nov 2019 09:20:22 -0500
+
diff --git a/debian/control b/debian/control
@@ -0,0 +1,53 @@
+Source: securedrop-client
+Section: unknown
+Priority: optional
+Maintainer: SecureDrop Team <[email protected]>
+Build-Depends: debhelper-compat (= 11), python3-virtualenv
+Standards-Version: 3.9.8
+Homepage: https://github.com/freedomofpress/securedrop-client
+X-Python3-Version: >= 3.5
+
+Package: securedrop-client
+Architecture: all
+Depends: ${python3:Depends},${misc:Depends}, python3-pyqt5, python3-pyqt5.qtsvg, apparmor-utils
+Description: securedrop client for qubes workstation
+
+Package: securedrop-export
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends}, cryptsetup, cups, printer-driver-brlaser, printer-driver-hpcups, system-config-printer, xpp, libcups2-dev, python3-dev, libtool-bin, unoconv, gnome-disk-utility
+Description: Submission export scripts for SecureDrop Workstation
+ This package provides scripts used by the SecureDrop Qubes Workstation to
+ export submissions from the client to external storage, via the sd-export
+ Qube.
+
+Package: securedrop-keyring
+Architecture: all
+Depends: gnupg
+Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt.
+
+Package: securedrop-log
+Architecture: all
+Depends: python3-distutils, ${misc:Depends}, ${python3:Depends}
+Description: Python module and qrexec service to store logs for SecureDrop Workstation
+ This package provides Python module and qrexec service files to create a logging VM in
+ SecureDrop Workstation project in Qubes.
+
+Package: securedrop-proxy
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends}, libyaml-0-2
+Description: This is securedrop Qubes proxy service
+ This package provides the network proxy on Qubes to talk to the SecureDrop server.
+
+Package: securedrop-workstation-config
+Architecture: all
+Depends: nautilus, gvfs-bin, securedrop-keyring
+Description: This is the SecureDrop workstation template configuration package.
+ This package provides dependencies and configuration for the Qubes SecureDrop workstation VM Templates.
+
+Package: securedrop-workstation-viewer
+Architecture: all
+Depends: securedrop-workstation-config,securedrop-workstation-grsec,apparmor-profiles,apparmor-profiles-extra,apparmor-utils,audacious,eog,evince,file-roller,gedit,totem
+Description: This is the SecureDrop workstation SecureDrop Viewer Disposable VM template configuration package. This package provides dependencies and configuration for the Qubes SecureDrop workstation sd-viewer Template VM.
+Provides: securedrop-workstation-svs-disp
+Conflicts: securedrop-workstation-svs-disp
+Replaces: securedrop-workstation-svs-disp
diff --git a/debian/copyright b/debian/copyright
@@ -0,0 +1,7 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: securedrop-client
+Source: https://github.com/freedomofpress/securedrop-client
+
+Files: *
+Copyright: 2020 Freedom of the Press Foundation <[email protected]>
+License: AGPL-3.0+
diff --git a/debian/rules b/debian/rules
@@ -0,0 +1,18 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_auto_install:
+	bash ./debian/setup-venv.sh client
+	bash ./debian/setup-venv.sh export
+	bash ./debian/setup-venv.sh log
+	bash ./debian/setup-venv.sh proxy
+	dh_auto_install
+
+override_dh_strip_nondeterminism:
+	find ./debian/ -type f -name '*.pyc' -delete
+	find ./debian/ -type f -name 'pip-selfcheck.json' -delete
+	find ./debian/ -type f -name 'direct_url.json' -delete
+	find ./debian/ -type f -name 'RECORD' -delete
+	dh_strip_nondeterminism $@
diff --git a/debian/securedrop-client.install b/debian/securedrop-client.install
@@ -0,0 +1,7 @@
+client/files/alembic.ini usr/share/securedrop-client/
+client/alembic usr/share/securedrop-client/
+client/files/sd-app-qubes-gpg-domain.sh etc/profile.d/
+client/files/securedrop-client usr/bin/
+client/files/securedrop-client.desktop usr/share/applications/
+client/files/press.freedom.SecureDropClient.desktop usr/share/applications/
+client/files/usr.bin.securedrop-client /etc/apparmor.d/
diff --git a/debian/securedrop-client.postinst b/debian/securedrop-client.postinst
@@ -0,0 +1,44 @@
+#!/bin/sh
+# postinst script for securedrop-client
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+
+    update-desktop-database /usr/share/applications
+    aa-enforce /usr/bin/securedrop-client
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+
+    update-desktop-database /usr/share/applications
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/securedrop-export.install b/debian/securedrop-export.install
@@ -0,0 +1,3 @@
+export/files/application-x-sd-export.xml usr/share/mime/packages
+export/files/send-to-usb.desktop usr/share/applications
+export/files/sd-logo.png usr/share/securedrop/icons
diff --git a/debian/securedrop-export.links b/debian/securedrop-export.links
@@ -0,0 +1 @@
+opt/venvs/securedrop-export/bin/send-to-usb usr/bin/send-to-usb