From 04b64817dbf59d7d1448ea82e79a1c574794c359 Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Tue, 6 Feb 2024 10:29:16 -0500 Subject: [PATCH] Remove files related to Debian packaging, now in client repo All of the packaging logic has moved to the securedrop-client repository, leaving this responsible for the localwheels building. (RPM nightlies will be moved out at a later time.) Nearly everything has been migrated, the things that haven't (lint-desktop-files, test_deb_package.py and clean-old-packages) have open issues/PRs for them. One explicit workflow change is that PRs to this repo will not test package builds, because doing so causes a catch-22 scenario when the build-requirements.txt in the client repo hasn't been updated yet, so it fails. --- .circleci/config.yml | 257 --------------- Makefile | 46 +-- README.md | 64 +--- build/.gitkeep | 0 scripts/build-debianpackage | 165 ---------- scripts/codename | 14 - scripts/diffoscope-git-helper | 7 + scripts/generate-tag-message | 27 -- scripts/install-deps | 8 +- scripts/lint-desktop-files | 19 -- scripts/update-changelog | 52 --- securedrop-client/debian/changelog-buster | 188 ----------- securedrop-client/debian/changelog-stretch | 128 -------- securedrop-client/debian/control | 13 - securedrop-client/debian/copyright | 7 - securedrop-client/debian/postinst | 44 --- securedrop-client/debian/rules | 28 -- .../debian/securedrop-client.install | 10 - .../debian/securedrop-client.triggers | 7 - securedrop-client/debian/source/format | 1 - securedrop-export/debian/changelog-buster | 53 ---- securedrop-export/debian/changelog-stretch | 13 - securedrop-export/debian/control | 17 - securedrop-export/debian/copyright | 27 -- securedrop-export/debian/postinst | 51 --- securedrop-export/debian/postrm | 40 --- securedrop-export/debian/rules | 27 -- .../debian/securedrop-export.install | 3 - .../debian/securedrop-export.links | 1 - .../debian/securedrop-export.triggers | 7 - securedrop-export/debian/source/format | 1 - securedrop-keyring/debian/changelog-buster | 35 -- securedrop-keyring/debian/control | 12 - securedrop-keyring/debian/copyright | 7 - securedrop-keyring/debian/postinst | 39 --- securedrop-keyring/debian/preinst | 34 -- securedrop-keyring/debian/rules | 12 - .../debian/securedrop-keyring.install | 1 - securedrop-keyring/debian/source/format | 1 - securedrop-keyring/securedrop-keyring.gpg | Bin 3540 -> 0 bytes securedrop-log/debian/changelog-buster | 47 --- securedrop-log/debian/control | 21 -- securedrop-log/debian/copyright | 27 -- securedrop-log/debian/rules | 27 -- securedrop-log/debian/securedrop-log.install | 5 - securedrop-log/debian/securedrop-log.links | 3 - securedrop-log/debian/securedrop-log.triggers | 7 - securedrop-log/debian/source/format | 1 - securedrop-proxy/debian/changelog-buster | 52 --- securedrop-proxy/debian/changelog-stretch | 44 --- securedrop-proxy/debian/control | 15 - securedrop-proxy/debian/copyright | 7 - securedrop-proxy/debian/rules | 26 -- .../debian/securedrop-proxy.install | 2 - .../debian/securedrop-proxy.links | 1 - .../debian/securedrop-proxy.triggers | 7 - securedrop-proxy/debian/source/format | 1 - .../debian/changelog-buster | 59 ---- securedrop-workstation-config/debian/control | 13 - .../debian/copyright | 7 - securedrop-workstation-config/debian/postinst | 49 --- securedrop-workstation-config/debian/rules | 4 - .../securedrop-workstation-config.install | 6 - .../debian/source/format | 1 - securedrop-workstation-config/mailcap.default | 7 - .../mimeapps.list.sd-app | 297 ----------------- .../mimeapps.list.sd-devices-dvm | 298 ------------------ .../mimeapps.list.sd-viewer | 32 -- .../open-in-dvm.desktop | 10 - securedrop-workstation-config/paxctld.conf | 117 ------- .../debian/changelog-buster | 18 -- securedrop-workstation-viewer/debian/control | 15 - .../debian/copyright | 7 - securedrop-workstation-viewer/debian/rules | 4 - .../debian/source/format | 1 - tests/test_deb_package.py | 32 -- tests/test_reproducible_debian_packages.py | 49 --- 77 files changed, 15 insertions(+), 2770 deletions(-) delete mode 100644 build/.gitkeep delete mode 100755 scripts/build-debianpackage delete mode 100755 scripts/codename create mode 100755 scripts/diffoscope-git-helper delete mode 100755 scripts/generate-tag-message delete mode 100755 scripts/lint-desktop-files delete mode 100755 scripts/update-changelog delete mode 100644 securedrop-client/debian/changelog-buster delete mode 100644 securedrop-client/debian/changelog-stretch delete mode 100644 securedrop-client/debian/control delete mode 100644 securedrop-client/debian/copyright delete mode 100644 securedrop-client/debian/postinst delete mode 100755 securedrop-client/debian/rules delete mode 100644 securedrop-client/debian/securedrop-client.install delete mode 100644 securedrop-client/debian/securedrop-client.triggers delete mode 100644 securedrop-client/debian/source/format delete mode 100644 securedrop-export/debian/changelog-buster delete mode 100644 securedrop-export/debian/changelog-stretch delete mode 100644 securedrop-export/debian/control delete mode 100644 securedrop-export/debian/copyright delete mode 100644 securedrop-export/debian/postinst delete mode 100644 securedrop-export/debian/postrm delete mode 100755 securedrop-export/debian/rules delete mode 100644 securedrop-export/debian/securedrop-export.install delete mode 100644 securedrop-export/debian/securedrop-export.links delete mode 100644 securedrop-export/debian/securedrop-export.triggers delete mode 100644 securedrop-export/debian/source/format delete mode 100644 securedrop-keyring/debian/changelog-buster delete mode 100644 securedrop-keyring/debian/control delete mode 100644 securedrop-keyring/debian/copyright delete mode 100644 securedrop-keyring/debian/postinst delete mode 100644 securedrop-keyring/debian/preinst delete mode 100755 securedrop-keyring/debian/rules delete mode 100644 securedrop-keyring/debian/securedrop-keyring.install delete mode 100644 securedrop-keyring/debian/source/format delete mode 100644 securedrop-keyring/securedrop-keyring.gpg delete mode 100644 securedrop-log/debian/changelog-buster delete mode 100644 securedrop-log/debian/control delete mode 100644 securedrop-log/debian/copyright delete mode 100755 securedrop-log/debian/rules delete mode 100644 securedrop-log/debian/securedrop-log.install delete mode 100644 securedrop-log/debian/securedrop-log.links delete mode 100644 securedrop-log/debian/securedrop-log.triggers delete mode 100644 securedrop-log/debian/source/format delete mode 100644 securedrop-proxy/debian/changelog-buster delete mode 100644 securedrop-proxy/debian/changelog-stretch delete mode 100644 securedrop-proxy/debian/control delete mode 100644 securedrop-proxy/debian/copyright delete mode 100755 securedrop-proxy/debian/rules delete mode 100644 securedrop-proxy/debian/securedrop-proxy.install delete mode 100644 securedrop-proxy/debian/securedrop-proxy.links delete mode 100644 securedrop-proxy/debian/securedrop-proxy.triggers delete mode 100644 securedrop-proxy/debian/source/format delete mode 100644 securedrop-workstation-config/debian/changelog-buster delete mode 100644 securedrop-workstation-config/debian/control delete mode 100644 securedrop-workstation-config/debian/copyright delete mode 100644 securedrop-workstation-config/debian/postinst delete mode 100755 securedrop-workstation-config/debian/rules delete mode 100644 securedrop-workstation-config/debian/securedrop-workstation-config.install delete mode 100644 securedrop-workstation-config/debian/source/format delete mode 100644 securedrop-workstation-config/mailcap.default delete mode 100644 securedrop-workstation-config/mimeapps.list.sd-app delete mode 100644 securedrop-workstation-config/mimeapps.list.sd-devices-dvm delete mode 100644 securedrop-workstation-config/mimeapps.list.sd-viewer delete mode 100644 securedrop-workstation-config/open-in-dvm.desktop delete mode 100644 securedrop-workstation-config/paxctld.conf delete mode 100644 securedrop-workstation-viewer/debian/changelog-buster delete mode 100644 securedrop-workstation-viewer/debian/control delete mode 100644 securedrop-workstation-viewer/debian/copyright delete mode 100755 securedrop-workstation-viewer/debian/rules delete mode 100644 securedrop-workstation-viewer/debian/source/format delete mode 100644 tests/test_deb_package.py delete mode 100644 tests/test_reproducible_debian_packages.py diff --git a/.circleci/config.yml b/.circleci/config.yml index ba1e1410..c2bff930 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -24,118 +24,11 @@ common-steps: apt-get install reprotest faketime -y --no-install-recommends .venv/bin/pip install -r test-requirements.txt - - &getnightlyversion - run: - name: Create nightly version for python packages - command: | - cd ~/packaging/monorepo - # Nightly versioning format is: LATEST_TAG.devYYMMDDHHMMSS - export VERSION_TO_BUILD="$(git describe --tags $(git rev-list --tags --max-count=1)).dev$(date +%Y%m%d%H%M%S)" - # Enable access to this env var in subsequent run steps - echo $VERSION_TO_BUILD > ~/packaging/sd_version - echo 'export VERSION_TO_BUILD=$(cat ~/packaging/sd_version)' >> $BASH_ENV - cd $NAME - ./update_version.sh $VERSION_TO_BUILD - git tag $VERSION_TO_BUILD - - - &clonefromenv - run: - name: Clone the repository to be packaged - command: | - mkdir ~/packaging && cd ~/packaging - git clone https://github.com/freedomofpress/securedrop-client.git monorepo - - - &updatedebianchangelog - run: - name: Update debian changelog if nightly - command: | - cd ~/project/$PKG_NAME/debian - export DEBFULLNAME='Automated builds' - export DEBEMAIL=securedrop@freedom.press - if [[ "$IS_NIGHTLY" == "nightly" ]]; then - dch --changelog changelog-buster --distribution unstable --package "$PKG_NAME" --newversion $VERSION_TO_BUILD+buster "This is an automated build." - echo "Bumped debian/changelog" - fi - - - &builddebianpackage - run: - name: Build debian package - command: | - source .venv/bin/activate - export VERSION_CODENAME=$(~/project/scripts/codename) - export PKG_PATH=~/packaging/monorepo/$NAME/ - export PKG_VERSION=$VERSION_TO_BUILD - make $PKG_NAME - ls ~/project/build/debbuild/packaging/*.deb - mkdir -p /tmp/workspace/${VERSION_CODENAME} /tmp/workspace/buildinfo - mv ~/project/build/debbuild/packaging/*.deb /tmp/workspace/${VERSION_CODENAME} - mv ~/project/build/debbuild/packaging/*.buildinfo /tmp/workspace/buildinfo - - &addsshkeys add_ssh_keys: fingerprints: - "85:3a:62:40:e2:91:ab:00:a0:67:9d:c5:26:e1:09:9f" - - &setmetapackageversion - run: - name: Get and set metapackage version via distribution changelog - command: | - CURRENT_VERSION=$(grep -oP "\d+\.\d+\.\d+" ${PKG_NAME}/debian/changelog-buster | head -n1) - if [[ "$IS_NIGHTLY" == "nightly" ]]; then - # Nightly versioning format is: LATEST_TAG.devYYMMDDHHMMSS - export VERSION_TO_BUILD="$CURRENT_VERSION.dev$(date +%Y%m%d%H%M%S)" - else - export VERSION_TO_BUILD="$CURRENT_VERSION" - fi - echo "Will build: $VERSION_TO_BUILD" - # Enable access to this env var in subsequent run steps - mkdir -p ~/packaging - echo $VERSION_TO_BUILD > ~/packaging/sd_version - echo 'export VERSION_TO_BUILD=$(cat ~/packaging/sd_version)' >> $BASH_ENV - - - &commitworkstationdebs - run: - name: Commit workstation debs for deployment to apt-test.freedom.press - command: | - apt-get update - apt-get install -y ca-certificates git git-lfs openssh-client python3 python3-debian python3-rpm - git config --global user.email "securedrop@freedom.press" - git config --global user.name "sdcibot" - - # First publish buildinfo files - git clone git@github.com:freedomofpress/build-logs.git - cd build-logs - mkdir -p "buildinfo/$(date +%Y)" - cp /tmp/workspace/buildinfo/*.buildinfo "buildinfo/$(date +%Y)" - git add . - git diff-index --quiet HEAD || git commit -m "Publishing buildinfo files for ${CODENAME} workstation nightlies" - git push origin main - - # Now the packages themselves - cd .. - git clone git@github.com:freedomofpress/securedrop-apt-test.git - cd securedrop-apt-test - - # Copy built debian packages to the relevant workstation repo - mkdir -p ./workstation/${CODENAME}-nightlies/ - cp /tmp/workspace/${CODENAME}/*.deb ./workstation/${CODENAME}-nightlies/ ||: - - # Clean up old nightlies too - ~/project/scripts/clean-old-packages workstation/${CODENAME}-nightlies 7 - git add . - - # If there are changes, diff-index will fail, so we commit - git diff-index --quiet HEAD || git commit -m "Automated SecureDrop workstation build (${CODENAME})" - - # Clean up other old packages - ~/project/scripts/clean-old-packages core/focal 4 - ~/project/scripts/clean-old-packages workstation/bullseye 4 - # softly fail for bookworm because that directory doesn't exist yet - ~/project/scripts/clean-old-packages workstation/bookworm 4 ||: - git add . - git diff-index --quiet HEAD || git commit -m "Cleanup old packages" - - git push origin main version: 2.1 @@ -150,7 +43,6 @@ jobs: - run: name: install test requirements, run linters, and run tests command: | - make lint-desktop-files source .venv/bin/activate sed -i -re "292s/^(\s+).*\$/\1return _.prepend_to_build_command_raw('')/" /usr/lib/python3/dist-packages/reprotest/build.py make test @@ -173,22 +65,6 @@ jobs: chown ci:root -R . sudo -u ci bash -c "source .venv/bin/activate && pytest -vvs tests/test_reproducible_wheels.py" - reprotest-debs: - docker: - - image: debian:bullseye - steps: - - checkout - - *installdeps - - *installtestdeps - - run: - name: install test requirements and run tests - command: | - source .venv/bin/activate - # Patch reprotest in-place to skip 'setarch' prefix, which fails under containers. - # We cannot use Ubuntu 20.04 python3.8 to build Debian 10 python3.7 packages. - sed -i -re "292s/^(\s+).*\$/\1return _.prepend_to_build_command_raw('')/" /usr/lib/python3/dist-packages/reprotest/build.py - pytest -vvs tests/test_reproducible_debian_packages.py - reprepro-update-tor: docker: - image: debian:bullseye-backports @@ -223,72 +99,6 @@ jobs: && git push origin main && ../scripts/new-tor-issue) - build: &build - parameters: - package: - type: string - image: - type: string - nightly: - type: string - default: "" - docker: - - image: debian:<< parameters.image >> - environment: - NAME: << parameters.package >> - PKG_NAME: securedrop-<< parameters.package >> - IS_NIGHTLY: << parameters.nightly >> - steps: - - checkout - - *installdeps - - *clonefromenv - - *getnightlyversion - - *updatedebianchangelog - - *builddebianpackage - - *persist - - build2: *build - - build-metapackage: &build-metapackage - parameters: - package: - type: string - image: - type: string - nightly: - type: string - default: "" - environment: - PKG_NAME: << parameters.package >> - IS_NIGHTLY: << parameters.nightly >> - docker: - - image: debian:<< parameters.image >> - steps: - - checkout - - *installdeps - - *setmetapackageversion - - *updatedebianchangelog - - *builddebianpackage - - *persist - - build2-metapackage: *build-metapackage - - push-bullseye: &push - docker: - - image: debian:bullseye - environment: - CODENAME: bullseye - steps: - - checkout - - *attach - - *addsshkeys - - *commitworkstationdebs - - push-bookworm: - <<: *push - environment: - CODENAME: bookworm - build-rpm: parameters: package: @@ -353,28 +163,6 @@ workflows: jobs: - lint-and-test - reprotest-wheels - - reprotest-debs - - build: - matrix: - parameters: - package: &packages - - client - - export - - log - - proxy - image: - - bullseye - - bookworm - - build-metapackage: - matrix: - parameters: - package: &metapackages - - securedrop-keyring - - securedrop-workstation-config - - securedrop-workstation-viewer - image: - - bullseye - - bookworm - build-rpm: matrix: parameters: @@ -391,56 +179,11 @@ workflows: only: - main jobs: - # We need bullseye packages to be pushed if bookworm jobs fail. - # So bookworm jobs run in a separate track ("build2") that is identical, - # except the push-bullseye job only depends on the bullseye jobs and the - # final step is push-bookworm, which might fail. - reprepro-update-tor - - build: - matrix: - parameters: - package: *packages - image: - - bullseye - nightly: ["nightly"] - - build2: - matrix: - parameters: - package: *packages - image: - - bookworm - nightly: ["nightly"] - - build-metapackage: - matrix: - parameters: - package: *metapackages - image: - - bullseye - nightly: ["nightly"] - - build2-metapackage: - matrix: - parameters: - package: *metapackages - image: - - bookworm - nightly: ["nightly"] - - push-bullseye: - requires: - - reprepro-update-tor - - build - - build-metapackage - # This should be last as we do expect it to fail occasionally. - - push-bookworm: - requires: - - push-bullseye - - build2 - - build2-metapackage - build-rpm: matrix: parameters: package: *rpmpackages - # This pushes to a totally separate repository, so it can run in parallel - # to the debs - push-rpm: requires: - build-rpm diff --git a/Makefile b/Makefile index b307d33a..724172a0 100644 --- a/Makefile +++ b/Makefile @@ -11,46 +11,10 @@ fix: @ruff check . --fix @ruff format . -.PHONY: securedrop-proxy -securedrop-proxy: ## Builds Debian package for securedrop-proxy code - PKG_NAME="securedrop-proxy" ./scripts/build-debianpackage - -.PHONY: securedrop-client -securedrop-client: ## Builds Debian package for securedrop-client code - PKG_NAME="securedrop-client" ./scripts/build-debianpackage - -.PHONY: securedrop-workstation-config -securedrop-workstation-config: ## Builds Debian metapackage for Qubes Workstation base dependencies - PKG_NAME="securedrop-workstation-config" ./scripts/build-debianpackage - -.PHONY: securedrop-workstation-svs-disp -securedrop-workstation-svs-disp: ## Builds Debian metapackage for Disposable VM dependencies and tooling (DEPRECATED) - PKG_NAME="securedrop-workstation-svs-disp" ./scripts/build-debianpackage - -.PHONY: securedrop-workstation-viewer -securedrop-workstation-viewer: ## Builds Debian metapackage for Disposable VM dependencies and tooling - PKG_NAME="securedrop-workstation-viewer" ./scripts/build-debianpackage - -.PHONY: securedrop-export -securedrop-export: ## Builds Debian package for Qubes Workstation export scripts - PKG_NAME="securedrop-export" ./scripts/build-debianpackage - -.PHONY: securedrop-log -securedrop-log: ## Builds Debian package for Qubes Workstation securedrop-log scripts - PKG_NAME="securedrop-log" ./scripts/build-debianpackage - -.PHONY: securedrop-keyring -securedrop-keyring: ## Builds Debian package containing the release key - PKG_NAME="securedrop-keyring" ./scripts/build-debianpackage - .PHONY: install-deps -install-deps: ## Install initial Debian packaging dependencies +install-deps: ## Install initial wheel building dependencies ./scripts/install-deps -.PHONY: lint-desktop-files -lint-desktop-files: ## Install initial Debian packaging dependencies - ./scripts/lint-desktop-files - .PHONY: requirements requirements: ## Creates requirements files for the Python projects ./scripts/update-requirements @@ -64,15 +28,15 @@ build-wheels: ## Builds the wheels and adds them to the wheels subdirectory .PHONY: test test: ## Run simple test suite (skips reproducibility checks) - pytest -v tests/test_update_requirements.py tests/test_deb_package.py tests/test_utils.py + pytest -v tests/test_update_requirements.py tests/test_utils.py .PHONY: reprotest -reprotest: ## Runs only reproducibility tests, for .deb and .whl files - pytest -vvs tests/test_reproducible_*.py +reprotest: ## Runs only reproducibility tests for .whl files + pytest -vvs tests/test_reproducible_wheels.py .PHONY: help help: ## Prints this message and exits - @printf "Makefile for building SecureDrop Workstation packages\n" + @printf "Makefile for building SecureDrop Workstation wheels\n" @printf "Subcommands:\n\n" @perl -F':.*##\s+' -lanE '$$F[1] and say "\033[36m$$F[0]\033[0m : $$F[1]"' $(MAKEFILE_LIST) \ | sort \ diff --git a/README.md b/README.md index cd005683..57c4f6ee 100644 --- a/README.md +++ b/README.md @@ -4,65 +4,7 @@ # securedrop-builder -`securedrop-builder` is the tool we use to package Python projects into Debian packages for the [SecureDrop Workstation](https://github.com/freedomofpress/securedrop-workstation). This repository also holds copies of reproducibly built wheels included with some Debian packages, in the `wheels` subdirectory of the package. - -* For instructions on how to build [SecureDrop](https://github.com/freedomofpress/securedrop) Debian packages, see https://developers.securedrop.org/en/latest/release_management.html. - -* For building SecureDrop Workstation RPMs, see our [qubes-template-securedrop-workstation](https://github.com/freedomofpress/qubes-template-securedrop-workstation#build-instructions) and [securedrop-workstation-dom0-config](https://github.com/freedomofpress/securedrop-workstation/wiki/Building-securedrop-workstation-dom0-config-RPM-package) docs. - -## Getting Started - -1. Clone `securedrop-builder` and install its dependencies: - - ```shell - git clone git@github.com:freedomofpress/securedrop-builder.git - cd securedrop-builder - make install-deps # This also confifgures the git-lfs repo used to store SecureDrop Workstation dependencies (https://github.com/freedomofpress/securedrop-builder/tree/HEAD/workstation-bootstrap/wheels) - ``` - -2. Build a package in one of the following ways: - ```shell - # From a release tag x.y.z signed by the SecureDrop Release Signing key - PKG_VERSION=x.y.z ./scripts/update-changelog securedrop-client - PKG_GITREF=x.y.z make securedrop-client - ``` - - ```shell - # From a non-release tag or branch - PKG_VERSION= ./scripts/update-changelog securedrop-client - PKG_GITREF= make securedrop-client - ``` - - ```shell - # From a source tarball - # First give the Debian package you want to build a version number by setting it in the changelog - PKG_VERSION= ./scripts/update-changelog securedrop-client - PKG_PATH=local/path/to/securedrop-client/dist/securedrop-client-x.y.z.tar.gz make securedrop-client - ``` - - ```shell - # From a local source checkout - # First give the Debian package you want to build a version number by setting it in the changelog - PKG_VERSION= ./scripts/update-changelog securedrop-client - PKG_PATH=local/path/to/securedrop-client make securedrop-client - ``` - -## Which packages can `securedrop-builder` build? - -* [securedrop-client](https://github.com/freedomofpress/securedrop-client) -* [securedrop-export](https://github.com/freedomofpress/securedrop-export) -* [securedrop-keyring](https://github.com/freedomofpress/securedrop-keyring) -* [securedrop-log](https://github.com/freedomofpress/securedrop-log) -* [securedrop-proxy](https://github.com/freedomofpress/securedrop-proxy) -* [securedrop-workstation-config](https://github.com/freedomofpress/securedrop-builder/tree/main/securedrop-workstation-config) -* [secruedrop-workstation-viewer](https://github.com/freedomofpress/securedrop-builder/tree/main/securedrop-workstation-viewer) - - -## Build and deploy a package - -Refer to https://developers.securedrop.org/en/latest/workstation_release_management.html. - -_If you don't need to deploy a package and just want to test locally, you can start by building it from a source checkout (see :ref:`Getting Started`) and then install it in its corresponding AppVM._ +`securedrop-builder` is the tool we use to build reproducible Python wheels for [SecureDrop Workstation components](https://github.com/freedomofpress/securedrop-client). ## Updating our bootstrapped build tools @@ -164,7 +106,3 @@ git commit ``` Finally, submit a PR containing the new wheels and updated files. -If you wish to test the new wheels in a local build before submitting a PR, -or as part of PR review, you can do so by: - -Then run e.g. `PKG_GITREF=0.4.1 make securedrop-client` to verify that the new wheels are working. diff --git a/build/.gitkeep b/build/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/scripts/build-debianpackage b/scripts/build-debianpackage deleted file mode 100755 index 6e783126..00000000 --- a/scripts/build-debianpackage +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Wrapper script to build Debian packages for the SecureDrop Workstation. -# Requires a source tarball to build the package, defined via `PKG_PATH`, -# or a git reference defined via `PKG_GITREF`. If `PKG_GITREF` matches the -# release tag format, it will be treated as a tag and expected to be signed -# with the production release key. -# -# Explicit configuration is available via the following env vars: -# -# * PKG_PATH -# * PKG_GITREF -# * PKG_NAME -# -set -e -set -u -set -o pipefail - - -# Validate required args. -if [[ -z "${PKG_NAME:-}" ]]; then - echo "Set PKG_NAME of the build"; - exit 1 -fi - -if [[ -z "${PKG_PATH:-}" ]]; then - if [[ -z "${PKG_GITREF:-}" ]]; then - echo "Set PKG_PATH or PKG_GITREF"; - exit 1 - fi -fi - -# Store root of repo, since we'll change dirs several times. -CUR_DIR="$(git rev-parse --show-toplevel)" -VERSION_CODENAME=$("${CUR_DIR}/scripts/codename") - -# Disable use of pip cache during debhelper build actions. -export DH_PIP_EXTRA_ARGS="--no-cache-dir --require-hashes" -# Point dh-virtualenv/pip to our prebuilt wheels -export WHEELS_DIR="${CUR_DIR}/${PKG_NAME}/wheels" - -if [[ -d "${WHEELS_DIR}" ]]; then - # Verify sha256sums.txt in the git repo if we have dependencies - "${CUR_DIR}/scripts/verify-sha256sum-signature" "${PKG_NAME}" -fi - -# Declare general packaging building workspace; subdirs will -# be created within, to build specific packages. -TOP_BUILDDIR="$PWD/build/debbuild/packaging" -mkdir -p "$TOP_BUILDDIR" -rm -rf "${TOP_BUILDDIR:?}/${PKG_NAME}" -mkdir -p "${TOP_BUILDDIR}/${PKG_NAME}" - -# Ensures that a given git tag is signed with the prod release key -# If "rc" is in the tag name, this will fail. -function verify_git_tag() { - local d - local t - d="$1" - t="$2" - echo "checking signature for tag $t" >&2 - prod_fingerprint="2359E6538C0613E652955E6C188EDD3B7B22E6A3" - if ! git -C "$d" tag --verify "$t" 2>&1 \ - | grep -q -F "using RSA key $prod_fingerprint" ; then - echo "Failed to verify $t, not signed with $prod_fingerprint" >&2 - exit 2 - fi -} - -# Clone and checkout the source -function setup_source_tree() { - repo_url="https://github.com/freedomofpress/securedrop-client" - build_dir="/tmp/${PKG_NAME}" - rm -rf "$build_dir" - git clone "$repo_url" "$build_dir" - - if [[ -n "${PKG_GITREF:-}" ]]; then - # if PKG_GITREF looks like a release tag, check for a release signature - [[ "$PKG_GITREF" =~ ^(0|[1-9][0-9]*).(0|[1-9][0-9]*).(0|[1-9][0-9]*)$ ]] && verify_git_tag "$build_dir" "$PKG_GITREF" - git -C "$build_dir" checkout "$PKG_GITREF" - else - echo "Neither PKG_PATH nor PKG_GITREF were defined - please specify one" >&2 - exit 2 - fi -} - -# If the package is contained in the list, it should be a python package. In -# that case, we should extract tarball, and validate wheel hashes. -if [[ "${PKG_NAME}" =~ ^(securedrop-client|securedrop-proxy|securedrop-export|securedrop-log)$ ]]; then - NAME=$(echo $PKG_NAME | cut -d '-' -f2) - echo "${PKG_NAME} is a Python package" - - if [[ -z "${PKG_PATH:-}" ]]; then - # Build from source - setup_source_tree - PKG_PATH="/tmp/${PKG_NAME}/${NAME}" - fi - - - # Copy the source tree to the packaging workspace - cp -rT "$PKG_PATH" "$TOP_BUILDDIR/$PKG_NAME/" - - # Hop into the package build dir, to run dpkg-buildpackage - cd "$TOP_BUILDDIR/$PKG_NAME/" - if [[ -d "${WHEELS_DIR}" ]]; then - # Verify all the hashes from the verified sha256sums.txt if we have dependencies - "${CUR_DIR}/scripts/verify-hashes" "${CUR_DIR}/${PKG_NAME}/sha256sums.txt" - fi - - echo "All hashes verified." -else - echo "Package is a metapackage" - # Copy the source tree to the packaging workspace - cp -r "$CUR_DIR/$PKG_NAME" "$TOP_BUILDDIR/" - # Hop into the package build dir, to run dpkg-buildpackage - cd "$TOP_BUILDDIR/$PKG_NAME/" -fi - -# Legacy: copy over the debian directory from the packaging repo -# if one is not already in the tree -if [[ ! -d "debian/" ]]; then - echo "Copying over legacy debian/ directory for $PKG_NAME" - cp -r "$CUR_DIR/$PKG_NAME/debian" "debian" -fi - -echo "$TOP_BUILDDIR/$PKG_NAME/" - -# Legacy: Move platform-specific changelog into place -if [[ -f "$TOP_BUILDDIR/$PKG_NAME/debian/changelog-$VERSION_CODENAME" ]]; then - echo "Moving legacy $VERSION_CODENAME changelog into place" - mv "$TOP_BUILDDIR/$PKG_NAME/debian/changelog-$VERSION_CODENAME" "$TOP_BUILDDIR/$PKG_NAME/debian/changelog" -fi -if [[ ! -f "$TOP_BUILDDIR/$PKG_NAME/debian/changelog" ]]; then - echo "Moving legacy buster changelog into place" - mv "$TOP_BUILDDIR/$PKG_NAME/debian/changelog-buster" "$TOP_BUILDDIR/$PKG_NAME/debian/changelog" -fi - -# Adjust platform in version number with sed magic to only replace the first instance -sed -i "0,/buster/s//${VERSION_CODENAME}/" debian/changelog - -# Adds reproducibility step -SOURCE_DATE_EPOCH="$(dpkg-parsechangelog -STimestamp)" -export SOURCE_DATE_EPOCH - -# Grab package version from changelog -CHANGELOG_VERSION=$(dpkg-parsechangelog --show-field Version) - -# If PKG_GITREF is set and is a release tag, check that it matches the version in debian/changelog -if [[ -n "${PKG_GITREF:-}" ]] && [[ "${PKG_GITREF:-}" =~ ^(0|[1-9][0-9]*).(0|[1-9][0-9]*).(0|[1-9][0-9]*)$ ]]; then - if ! [[ "$PKG_GITREF+$VERSION_CODENAME" == "$CHANGELOG_VERSION" ]]; then - echo "Changelog version is $CHANGELOG_VERSION, but the provided tag is $PKG_GITREF. Aborting build." - exit 2 - fi -fi - -# Build the package -printf "Building package '%s' with version '%s'...\\n" "$PKG_NAME" "$CHANGELOG_VERSION" -dpkg-buildpackage -us -uc - -# Tell the user the path of the files built -pkg_path="$(find "$TOP_BUILDDIR" -type f -iname "${PKG_NAME}_${CHANGELOG_VERSION}*.deb" | head -n1)" -if [[ -f "$pkg_path" ]]; then - echo "Package location: $pkg_path" -else - echo "Could not find package, look in $TOP_BUILDDIR" -fi diff --git a/scripts/codename b/scripts/codename deleted file mode 100755 index c450c710..00000000 --- a/scripts/codename +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -# Returns the Debian version's codename (e.g. "bullseye") in a way that should -# work across both released versions and unreleased ones. -# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008735 - -source /etc/os-release - -if [[ "$VERSION_CODENAME" != "" ]]; then - echo $VERSION_CODENAME -else - # PRETTY_NAME="Debian GNU/Linux bookworm/sid" - # Use awk to split on spaces and / - echo $PRETTY_NAME | awk '{split($0, a, "[ /]"); print a[4]}' -fi diff --git a/scripts/diffoscope-git-helper b/scripts/diffoscope-git-helper new file mode 100755 index 00000000..a58a50c4 --- /dev/null +++ b/scripts/diffoscope-git-helper @@ -0,0 +1,7 @@ +#!/bin/bash + +if [[ "$1" = "/dev/null" ]]; then + diffoscope --new $2; +else + diffoscope $1 $2; +fi diff --git a/scripts/generate-tag-message b/scripts/generate-tag-message deleted file mode 100755 index ed7a7f6d..00000000 --- a/scripts/generate-tag-message +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# Utility script to generate a signed tag for the packaging repo: -# -# https://github.com/freedomofpress/securedrop-builder -# -# Collects "version" field from package changelogs and prepares a summary -# commit message when incrementing the tag. -set -e -set -u -set -o pipefail - - -if [[ $# != 1 ]]; then - echo "Usage: $0 " - packaging_curver="$(git tag | sort -V | tail -n1)" - echo "The most recent tag available is: $packaging_curver" - echo "You probably want to increment that with a new tag." - exit 1 -fi - -new_version="$1" -printf 'securedrop-builder %s\n\n' "$new_version" -# Inspect all changelogs, prepare a pretty list of packages & versions -for pkg in securedrop-*; do - pkg_version="$(dpkg-parsechangelog -SVersion --file "${pkg}/debian/changelog-buster" | perl -npE 's/\+buster$//')" - printf '%s %s\n' "$pkg" "$pkg_version" -done diff --git a/scripts/install-deps b/scripts/install-deps index 7ebea93f..a2bee875 100755 --- a/scripts/install-deps +++ b/scripts/install-deps @@ -9,10 +9,7 @@ sudo apt-get update sudo apt-get install \ build-essential \ curl \ - devscripts \ - dh-make \ - dh-python \ - dh-virtualenv \ + file \ git-lfs \ libffi-dev \ libssl-dev \ @@ -21,8 +18,7 @@ sudo apt-get install \ python3-pip \ python3-virtualenv \ python3-venv \ - python3-setuptools \ - desktop-file-utils -y + python3-setuptools -y # Inspect the wheel files present locally. If repo was cloned # without git-lfs, they'll be "text/plain", rather than "application/zip". diff --git a/scripts/lint-desktop-files b/scripts/lint-desktop-files deleted file mode 100755 index 110684eb..00000000 --- a/scripts/lint-desktop-files +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# This script uses the desktop-file-validate utility to lint .desktop files -# in this repository. See: https://www.freedesktop.org/wiki/Software/desktop-file-utils/ - -set -e -set -u -set -o pipefail - -if ! [ -x "$(command -v desktop-file-validate)" ]; then - echo "Error: desktop-file-validate is not installed. Run 'make install-deps'." >&2 - exit 1 -fi - -BASEDIR=$(dirname $0) -SEARCHDIR=$(realpath ${BASEDIR}/..) - -# We can add additional excluded paths as needed, following the pattern below. -find ${SEARCHDIR} -name *.desktop -type f -not -path '*/\.git/*' | xargs desktop-file-validate diff --git a/scripts/update-changelog b/scripts/update-changelog deleted file mode 100755 index 2f2bc213..00000000 --- a/scripts/update-changelog +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# Wrapper script for `dch`, for editing changelogs in Debian packages. -# Provides flags on invocation, and also checks for env vars, so that -# maintainer info makes it into the package. -set -e -set -u -set -o pipefail - -TOPLEVEL="$(git rev-parse --show-toplevel)" -VERSION_CODENAME=$("${TOPLEVEL}/scripts/codename") - -# These env vars are only required when updating changelogs, -# otherwise the developer must edit the fields by hand, lest -# they commit "user@localhost" entries. -export DEBEMAIL=${DEBEMAIL:-"securedrop@freedom.press"} -export DEBFULLNAME=${DEBFULLNAME:-"SecureDrop Team"} - -# Determine which package we want to update the changelog for. -# As with the other tools, we'll support the PKG_NAME env var. -PKG_NAME="${PKG_NAME:-}" -if [[ -z "${PKG_NAME:-}" ]]; then - if [[ -n "${1:-}" ]]; then - PKG_NAME="$1" - shift - else - printf 'Usage: %s \n' "$0" - printf 'You can also export PKG_NAME\n' - exit 2 - fi -fi - -if [[ -z "${PKG_VERSION:-}" ]]; then - echo "Error: cannot find env var PKG_VERSION." - exit 3 -fi - - -# Look for a changelog as d/changelog-$platform, d/changelog, or d/changelog-buster -if [[ -f "${TOPLEVEL}/${PKG_NAME}/debian/changelog-${VERSION_CODENAME}" ]]; then - changelog="${TOPLEVEL}/${PKG_NAME}/debian/changelog-${VERSION_CODENAME}" -else - if [[ -f "${TOPLEVEL}/${PKG_NAME}/debian/changelog" ]]; then - changelog="${TOPLEVEL}/${PKG_NAME}/debian/changelog" - else - changelog="${TOPLEVEL}/${PKG_NAME}/debian/changelog-buster" - fi -fi - -# Normalize version, convert any - to ~, e.g. 0.9.0-rc1 to 0.9.0~rc1 -PKG_VERSION=$(echo $PKG_VERSION | sed 's/-/~/g') - -dch -b --newversion "${PKG_VERSION}+${VERSION_CODENAME}" --distribution unstable -c "$changelog" diff --git a/securedrop-client/debian/changelog-buster b/securedrop-client/debian/changelog-buster deleted file mode 100644 index 6649f6b3..00000000 --- a/securedrop-client/debian/changelog-buster +++ /dev/null @@ -1,188 +0,0 @@ -securedrop-client (0.9.0+bullseye) unstable; urgency=medium - - * see changelog.md - - -- SecureDrop Team Thu, 16 Mar 2023 16:29:03 -0400 - -securedrop-client (0.8.1+bullseye) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 15 Sep 2022 08:37:55 +1000 - -securedrop-client (0.8.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 06 Jul 2022 14:06:23 +1000 - -securedrop-client (0.7.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 20 Apr 2022 10:41:31 -0400 - -securedrop-client (0.6.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Tue, 15 Feb 2022 10:45:20 -0800 - -securedrop-client (0.5.1+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 02 Dec 2021 16:41:49 -0800 - -securedrop-client (0.5.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 01 Dec 2021 12:09:27 -0800 - -securedrop-client (0.4.1+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 17 Mar 2021 11:20:12 -0700 - -securedrop-client (0.4.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 10 Dec 2020 14:36:06 -0800 - -securedrop-client (0.3.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 05 Nov 2020 11:40:46 -0500 - -securedrop-client (0.2.1+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 16 Jul 2020 11:56:07 -0400 - -securedrop-client (0.2.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Fri, 29 May 2020 17:19:31 -0400 - -securedrop-client (0.1.6+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Tue, 31 Mar 2020 10:45:27 -0400 - -securedrop-client (0.1.5+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Mon, 30 Mar 2020 14:11:21 -0400 - -securedrop-client (0.1.4+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 26 Mar 2020 11:45:01 -0400 - -securedrop-client (0.1.3+buster) unstable; urgency=medium - - * See changelog.md - - -- mickael e. Wed, 18 Mar 2020 12:32:35 -0400 - -securedrop-client (0.1.2+buster) unstable; urgency=medium - - * See changelog.md - - -- redshiftzero Tue, 10 Mar 2020 13:12:54 -0400 - -securedrop-client (0.1.1+buster) unstable; urgency=medium - - * See changelog.md - - -- redshiftzero Tue, 03 Mar 2020 11:39:03 -0500 - -securedrop-client (0.1.0+buster) unstable; urgency=medium - - * See changelog.md - - -- redshiftzero Fri, 21 Feb 2020 13:34:42 -0500 - -securedrop-client (0.0.13+buster) unstable; urgency=medium - - * remove user refresh and replace with sync icon (#732) - * build-requirements: update for production beta (#730) - * No sync on ui operations (#721) - * Use SecureQLabel for message previews (#720) - * Show DD MMM format for source title (#719) - * Add new metadata queue. (#715) - * Improve performance of storage.get_remote_data (#709) - * app/queue: prioritize user-triggered state changes (#708) - * Fix HTML entities being escaped in speech bubbles. (#703) - * Activity indicator for file download / decryption. (#702) - * Rename VMs (#701) - - -- SecureDrop Team Fri, 17 Jan 2020 18:20:20 -0800 - -securedrop-client (0.0.12+buster) unstable; urgency=medium - - * Use revised VM names (securedrop-workstation #285) - * Delete sources using the general queue (#402) - * Add a preview snippet for sources (#135) - * Add a show/hide password feature on the login screen (#659) - * Disable sync icon during active sync (#388) - * Add keyboard shortcuts for sending replies (#606) - * Add hover states for UI elements (#591) - - -- SecureDrop Team Fri, 17 Jan 2020 18:20:20 -0800 - -securedrop-client (0.0.11+buster) unstable; urgency=medium - - * Add apparmor profile (#673) - * Add failure message for replies (#664) - * Move metadata sync to api queue (#640) - * Add print integration (#631) - * Populate source list immediately upon login (#626) - - -- SecureDrop Team Thu, 19 Dec 2019 12:20:20 -0500 - -securedrop-client (0.0.10+buster) unstable; urgency=medium - - * Add Python 3.7/buster support (#568, #609) - * Add export to USB support (#611, #547, #562, #563, #564) - * Retry failed replies (#530) - * Pause queue on auth errors, connection failures, and timeouts (#531) - * Add pending reply status, persist replies in the database (#578) - * Set realistic timeouts, scale file/message download timeouts using file size (#515, #567) - * Update qrexec keyword prefix characters (#537) - * Reply box no longer accepts rich text input (#580) - * Format reply box placeholder text (#597) - * Redesign FileWidget (#535) - * Style conversation header (#543) - * Login form submits if user presses Enter or Return (#615) - * Enable changeable log levels (#603) - * Remove borders around source list, send icon, and reply box (#505) - * Move star and date in source widget (#506) - * Polish source widget (#522) - * Polish offline UI (#586) - * Add branding image to left pane and polish styling (#520) - * Add empty conversation view (#510) - * Update fonts weights and colors (#502) - * Bugfix: handle missing files during export and open (#566) - * Bugfix: do not escape quotes in SecureQLabel (#516) - * Bugfix: skip round trip to user endpoint during logic (#605, #621, #623) - * Bugfix: fix bug of sources disappearing from source list (#620) - * Bugfix: fix db warnings upon source deletion (#581) - * Add more detailed developer documentation (#508) - * Add documentation for updating dependencies (#536) - * Ensure build/dev requirements files stay in sync (#602) - * Parallelize test suite (#569) - * Ignore third-party deprecation warnings (#576) - * Add bandit to check target (#548) - - -- redshiftzero Wed, 20 Nov 2019 09:20:22 -0500 - diff --git a/securedrop-client/debian/changelog-stretch b/securedrop-client/debian/changelog-stretch deleted file mode 100644 index ce63c208..00000000 --- a/securedrop-client/debian/changelog-stretch +++ /dev/null @@ -1,128 +0,0 @@ -securedrop-client (0.0.10+stretch) unstable; urgency=medium - - * Add Python 3.7/buster support (#568, #609) - * Add export to USB support (#611, #547, #562, #563, #564) - * Retry failed replies (#530) - * Pause queue on auth errors, connection failures, and timeouts (#531) - * Add pending reply status, persist replies in the database (#578) - * Set realistic timeouts, scale file/message download timeouts using file size (#515, #567) - * Update qrexec keyword prefix characters (#537) - * Reply box no longer accepts rich text input (#580) - * Format reply box placeholder text (#597) - * Redesign FileWidget (#535) - * Style conversation header (#543) - * Login form submits if user presses Enter or Return (#615) - * Enable changeable log levels (#603) - * Remove borders around source list, send icon, and reply box (#505) - * Move star and date in source widget (#506) - * Polish source widget (#522) - * Polish offline UI (#586) - * Add branding image to left pane and polish styling (#520) - * Add empty conversation view (#510) - * Update fonts weights and colors (#502) - * Bugfix: handle missing files during export and open (#566) - * Bugfix: do not escape quotes in SecureQLabel (#516) - * Bugfix: skip round trip to user endpoint during logic (#605, #621, #623) - * Bugfix: fix bug of sources disappearing from source list (#620) - * Bugfix: fix db warnings upon source deletion (#581) - * Add more detailed developer documentation (#508) - * Add documentation for updating dependencies (#536) - * Ensure build/dev requirements files stay in sync (#602) - * Parallelize test suite (#569) - * Ignore third-party deprecation warnings (#576) - * Add bandit to check target (#548) - - -- redshiftzero Wed, 20 Nov 2019 09:20:22 -0500 - -securedrop-client (0.0.9) unstable; urgency=medium - - * Use Montserrat and Source Sans Pro (#493) - * Same BG for scrollarea, conversation view, selected source (#494,#496) - * Supports opening submissions in DispVMs from Qubes dev env (#490) - * Center all popup windows (#487) - * Use priority queue for job processing (#486) - * Use SecureQLabel (#485) - * Extract and display original document filenames (#452) - * Save in-progress replies via persisting SourceConversationWrapper (#431) - - -- Mickael E. Wed, 31 Jul 2019 11:39:45 -0400 - -securedrop-client (0.0.8) unstable; urgency=medium - - * Update SDK to 0.0.10, urllib to 1.24.3, and SQLAlchemy to 1.3.3 (#424) - * Remove pipenv in favor of pip-tools (#372) - - -- Allie Crevier Mon, 17 Jun 2019 15:21:41 -0400 - -securedrop-client (0.0.7) unstable; urgency=medium - - * Update securedrop-sdk to 0.0.8 (#357) - - -- Allie Crevier Mon, 06 May 2019 16:01:16 -0400 - -securedrop-client (0.0.6) unstable; urgency=medium - - * Long lived threads are now de-authenticated on logout (#179) - * updated requirements based on newly built wheels (#177) - * Application no longer crashes when source collection is deleted on web - interface (#176) - * Improved input validation for login panel (#169) - * Delete submissions on disk when deleted from server (#168) - * Escape HTML in messages (#164) - * Source list displayed by last_updated value (#158) - * Show attachment icon when document count is greater than zero (#157) - * Disable refresh when API call in progress (#154) - * Fix crash in offline mode (#150) - * Developer environment fixes (#148, #149, #152) - - -- Mickael E. Thu, 15 Nov 2018 17:49:57 -0500 - -securedrop-client (0.0.5-1) unstable; urgency=medium - - * Package updated to apt-test-qubes did not include securedrop-sdk 0.4 - - -- Mickael E. Mon, 12 Nov 2018 17:25:49 -0500 - -securedrop-client (0.0.5) unstable; urgency=medium - - * Standardize dev env (#145) - * Update securedrop-proxy to 0.0.4 - - -- Mickael E. Sat, 10 Nov 2018 15:58:36 -0500 - -securedrop-client (0.0.4) unstable; urgency=medium - - * Adds .desktop shortcut. - - -- Mickael E. Fri, 09 Nov 2018 16:18:55 -0500 - -securedrop-client (0.0.3) unstable; urgency=medium - - * Fix and squash migrations (#129). - * Don't hide two factor code while typing (#131). - * Remove placeholder text from source list (#134). - - -- redshiftzero Fri, 09 Nov 2018 13:10:21 -0500 - -securedrop-client (0.0.2-1) unstable; urgency=medium - - * Resolves venv paths in generated scripts (via dh-virtualenv) - - -- Conor Schaefer Thu, 08 Nov 2018 18:45:53 -0800 - -securedrop-client (0.0.2) unstable; urgency=medium - - * Enable decryption and viewing of replies (#114). - * Enable decryption and viewing of messages (#99). - * Enable decryption and opening of files in a DispVM (#113). - * Add status bar on bottom of application (#65). - * Prevent concurrent application launches (#54). - * Enable starring/unstarring of sources (#50). - - -- redshiftzero Wed, 07 Nov 2018 19:39:22 -0500 - -securedrop-client (0.0.1) unstable; urgency=medium - - * Initial release. - - -- Joshua Thayer Thu, 18 Oct 2018 00:14:11 -0700 diff --git a/securedrop-client/debian/control b/securedrop-client/debian/control deleted file mode 100644 index ec549a7c..00000000 --- a/securedrop-client/debian/control +++ /dev/null @@ -1,13 +0,0 @@ -Source: securedrop-client -Section: unknown -Priority: optional -Maintainer: SecureDrop Team -Build-Depends: debhelper-compat (= 11), dh-python, python3-all, python3-setuptools, dh-virtualenv -Standards-Version: 3.9.8 -Homepage: https://github.com/freedomofpress/securedrop-client -X-Python3-Version: >= 3.5 - -Package: securedrop-client -Architecture: all -Depends: ${python3:Depends},${misc:Depends}, python3-pyqt5, python3-pyqt5.qtsvg, apparmor-utils -Description: securedrop client for qubes workstation diff --git a/securedrop-client/debian/copyright b/securedrop-client/debian/copyright deleted file mode 100644 index bbdb6d98..00000000 --- a/securedrop-client/debian/copyright +++ /dev/null @@ -1,7 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: securedrop-client -Source: https://github.com/freedomofpress/securedrop-client - -Files: * -Copyright: 2020 Freedom of the Press Foundation -License: AGPL-3.0+ diff --git a/securedrop-client/debian/postinst b/securedrop-client/debian/postinst deleted file mode 100644 index f04f9bc8..00000000 --- a/securedrop-client/debian/postinst +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# postinst script for securedrop-client -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - configure) - - update-desktop-database /usr/share/applications - aa-enforce /usr/bin/securedrop-client - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - - update-desktop-database /usr/share/applications - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/securedrop-client/debian/rules b/securedrop-client/debian/rules deleted file mode 100755 index 4ce4eb49..00000000 --- a/securedrop-client/debian/rules +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/make -f - -%: - dh $@ --with python-virtualenv - -# For backwards compatibility; can be set to build-requirements.txt once fully switched to new path -REQUIREMENTS_FILE=$(shell test -e build-requirements.txt && echo "build-requirements.txt" || echo "requirements/build-requirements.txt") - -override_dh_virtualenv: - test -e $(REQUIREMENTS_FILE) - dh_virtualenv \ - --python /usr/bin/python3 \ - --use-system-packages \ - --extra-pip-arg "--ignore-installed" \ - --extra-pip-arg "--no-index" \ - --extra-pip-arg "--find-links" \ - --extra-pip-arg "$(WHEELS_DIR)" \ - --extra-pip-arg "--no-deps" \ - --extra-pip-arg "--no-cache-dir" \ - --extra-pip-arg "--no-use-pep517" \ - --requirements $(REQUIREMENTS_FILE) - -override_dh_strip_nondeterminism: - find ./debian/ -type f -name '*.pyc' -delete - find ./debian/ -type f -name 'pip-selfcheck.json' -delete - find ./debian/ -type f -name 'direct_url.json' -delete - find ./debian/ -type f -name 'RECORD' -delete - dh_strip_nondeterminism $@ diff --git a/securedrop-client/debian/securedrop-client.install b/securedrop-client/debian/securedrop-client.install deleted file mode 100644 index 742b137e..00000000 --- a/securedrop-client/debian/securedrop-client.install +++ /dev/null @@ -1,10 +0,0 @@ -files/alembic.ini usr/share/securedrop-client/ -alembic/env.py usr/share/securedrop-client/alembic/ -alembic/README usr/share/securedrop-client/alembic/ -alembic/script.py.mako usr/share/securedrop-client/alembic/ -alembic/versions/*.py usr/share/securedrop-client/alembic/versions/ -files/sd-app-qubes-gpg-domain.sh etc/profile.d/ -files/securedrop-client usr/bin/ -files/securedrop-client.desktop usr/share/applications/ -files/press.freedom.SecureDropClient.desktop usr/share/applications/ -files/usr.bin.securedrop-client /etc/apparmor.d/ diff --git a/securedrop-client/debian/securedrop-client.triggers b/securedrop-client/debian/securedrop-client.triggers deleted file mode 100644 index d24bbda1..00000000 --- a/securedrop-client/debian/securedrop-client.triggers +++ /dev/null @@ -1,7 +0,0 @@ -# Register interest in Python interpreter changes; and -# don't make the Python package dependent on the virtualenv package -# processing (noawait) -interest-noawait /usr/bin/python3 - -# Also provide a symbolic trigger for all dh-virtualenv packages -interest dh-virtualenv-interpreter-update diff --git a/securedrop-client/debian/source/format b/securedrop-client/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/securedrop-client/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/securedrop-export/debian/changelog-buster b/securedrop-export/debian/changelog-buster deleted file mode 100644 index 8c0ab7db..00000000 --- a/securedrop-export/debian/changelog-buster +++ /dev/null @@ -1,53 +0,0 @@ -securedrop-export (0.3.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Tue, 05 Jul 2022 17:37:31 -0400 - -securedrop-export (0.2.6+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Fri, 26 Mar 2021 13:33:51 -0400 - -securedrop-export (0.2.5+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 17 Mar 2021 11:24:08 -0700 - -securedrop-export (0.2.4+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 05 Nov 2020 11:48:25 -0500 - -securedrop-export (0.2.3+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Fri, 27 Mar 2020 17:26:30 -0400 - -securedrop-export (0.2.2+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Fri, 20 Mar 2020 12:46:44 -0400 - -securedrop-export (0.2.1+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Mon, 02 Mar 2020 09:52:03 -0500 - -securedrop-export (0.2.0+buster) unstable; urgency=medium - - * See changelog.md - - -- redshiftzero Fri, 21 Feb 2020 13:36:28 -0500 - -securedrop-export (0.1.2+buster) unstable; urgency=medium - - * Initial release on Debian buster - - -- redshiftzero Thu, 21 Nov 2019 11:05:38 -0500 diff --git a/securedrop-export/debian/changelog-stretch b/securedrop-export/debian/changelog-stretch deleted file mode 100644 index ba07e08f..00000000 --- a/securedrop-export/debian/changelog-stretch +++ /dev/null @@ -1,13 +0,0 @@ -securedrop-export (0.1.2-1) unstable; urgency=medium - - [ Freedom Of The Press Foundation ] - * Adds logging (#17) - - -- SecureDrop Team Fri, 27 Sep 2019 10:05:12 -0400 - -securedrop-export (0.1.1-1) unstable; urgency=medium - - [ Freedom Of The Press Foundation ] - * Initial release - - -- SecureDrop Team Thu, 18 Jul 2019 10:47:38 -0700 diff --git a/securedrop-export/debian/control b/securedrop-export/debian/control deleted file mode 100644 index 5ba6a306..00000000 --- a/securedrop-export/debian/control +++ /dev/null @@ -1,17 +0,0 @@ -Source: securedrop-export -Section: utils -Priority: optional -Maintainer: SecureDrop Team -Build-Depends: debhelper-compat (= 11), dh-python, python3-all, python3-setuptools, dh-virtualenv -Standards-Version: 3.9.8 -Homepage: https://github.com/freedomofpress/securedrop-export -Vcs-Git: https://github.com/freedomofpress/securedrop-export.git -X-Python-3-Version: >= 3.5 - -Package: securedrop-export -Architecture: all -Depends: ${python3:Depends}, ${misc:Depends}, cryptsetup, cups, printer-driver-brlaser, printer-driver-hpcups, system-config-printer, xpp, libcups2-dev, python3-dev, libtool-bin, unoconv, gnome-disk-utility -Description: Submission export scripts for SecureDrop Workstation - This package provides scripts used by the SecureDrop Qubes Workstation to - export submissions from the client to external storage, via the sd-export - Qube. diff --git a/securedrop-export/debian/copyright b/securedrop-export/debian/copyright deleted file mode 100644 index e4413fb5..00000000 --- a/securedrop-export/debian/copyright +++ /dev/null @@ -1,27 +0,0 @@ -Upstream-Name: securedrop-export -Source: https://github.com/freedomofpress/securedrop-export - -Files: * -Copyright: 2019 Freedom of the Press Foundation -License: GPL-3.0+ - -Files: debian/* -Copyright: 2019 Freedom of the Press Foundation -License: GPL-3.0+ - -License: GPL-3.0+ - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program. If not, see . - . - On Debian systems, the complete text of the GNU General - Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". diff --git a/securedrop-export/debian/postinst b/securedrop-export/debian/postinst deleted file mode 100644 index 243a9a2d..00000000 --- a/securedrop-export/debian/postinst +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -# postinst script for securedrop-export -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -NOTIFICATION_SERVICE_PATH='/usr/share/dbus-1/services/org.freedesktop.mate.Notifications.service' - -case "$1" in - configure) - - update-desktop-database /usr/share/applications - update-mime-database /usr/share/mime - # Disable notifictions service, since the printer configuration - # is not required and will not persist - if [ -e ${NOTIFICATION_SERVICE_PATH} ]; then - mv "${NOTIFICATION_SERVICE_PATH}" "${NOTIFICATION_SERVICE_PATH}.disabled" - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - - update-desktop-database /usr/share/applications - update-mime-database /usr/share/mime - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/securedrop-export/debian/postrm b/securedrop-export/debian/postrm deleted file mode 100644 index 0753737d..00000000 --- a/securedrop-export/debian/postrm +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -# postrm script for securedrop-export -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - - update-desktop-database /usr/share/applications - update-mime-database /usr/share/mime - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/securedrop-export/debian/rules b/securedrop-export/debian/rules deleted file mode 100755 index 606bc1a8..00000000 --- a/securedrop-export/debian/rules +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/make -f - -%: - dh $@ --with python-virtualenv - -# For backwards compatibility; can be set to build-requirements.txt once fully switched to new path -REQUIREMENTS_FILE=$(shell test -e build-requirements.txt && echo "build-requirements.txt" || echo "requirements/build-requirements.txt") - -override_dh_virtualenv: - test -e $(REQUIREMENTS_FILE) - dh_virtualenv \ - --python /usr/bin/python3 \ - --extra-pip-arg "--ignore-installed" \ - --extra-pip-arg "--no-index" \ - --extra-pip-arg "--find-links" \ - --extra-pip-arg "$(WHEELS_DIR)" \ - --extra-pip-arg "--no-deps" \ - --extra-pip-arg "--no-cache-dir" \ - --extra-pip-arg "--no-use-pep517" \ - --requirements $(REQUIREMENTS_FILE) - -override_dh_strip_nondeterminism: - find ./debian/ -type f -name '*.pyc' -delete - find ./debian/ -type f -name 'pip-selfcheck.json' -delete - find ./debian/ -type f -name 'direct_url.json' -delete - find ./debian/ -type f -name 'RECORD' -delete - dh_strip_nondeterminism $@ diff --git a/securedrop-export/debian/securedrop-export.install b/securedrop-export/debian/securedrop-export.install deleted file mode 100644 index 98c75f6e..00000000 --- a/securedrop-export/debian/securedrop-export.install +++ /dev/null @@ -1,3 +0,0 @@ -files/application-x-sd-export.xml usr/share/mime/packages -files/send-to-usb.desktop usr/share/applications -files/sd-logo.png usr/share/securedrop/icons diff --git a/securedrop-export/debian/securedrop-export.links b/securedrop-export/debian/securedrop-export.links deleted file mode 100644 index 38aae3b7..00000000 --- a/securedrop-export/debian/securedrop-export.links +++ /dev/null @@ -1 +0,0 @@ -opt/venvs/securedrop-export/bin/send-to-usb usr/bin/send-to-usb diff --git a/securedrop-export/debian/securedrop-export.triggers b/securedrop-export/debian/securedrop-export.triggers deleted file mode 100644 index d24bbda1..00000000 --- a/securedrop-export/debian/securedrop-export.triggers +++ /dev/null @@ -1,7 +0,0 @@ -# Register interest in Python interpreter changes; and -# don't make the Python package dependent on the virtualenv package -# processing (noawait) -interest-noawait /usr/bin/python3 - -# Also provide a symbolic trigger for all dh-virtualenv packages -interest dh-virtualenv-interpreter-update diff --git a/securedrop-export/debian/source/format b/securedrop-export/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/securedrop-export/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/securedrop-keyring/debian/changelog-buster b/securedrop-keyring/debian/changelog-buster deleted file mode 100644 index 70102e69..00000000 --- a/securedrop-keyring/debian/changelog-buster +++ /dev/null @@ -1,35 +0,0 @@ -securedrop-keyring (0.2.1+bullseye) unstable; urgency=medium - - * Remove Debian-autogenerated configuration files - - -- SecureDrop Team Mon, 05 Jun 2023 12:09:40 -0700 - -securedrop-keyring (0.2.0+bullseye) unstable; urgency=medium - - * Update release key with new 2024-07-08 expiry - - -- SecureDrop Team Wed, 24 May 2023 08:53:03 -0700 - -securedrop-keyring (0.1.7+bullseye) unstable; urgency=medium - - * Update release key fingerprint to 2021 key in preinst - - -- SecureDrop Team Tue, 02 May 2023 16:54:44 +0000 - -securedrop-keyring (0.1.6+buster) unstable; urgency=medium - - * Update public key with new expiration date - - -- SecureDrop Team Tue, 17 May 2022 14:06:56 -0700 - -securedrop-keyring (0.1.5+buster) unstable; urgency=medium - - * Added new public key to support planned signing key rotation - - -- SecureDrop Team Tue, 25 May 2021 10:44:05 -0400 - -securedrop-keyring (0.1.4+buster) unstable; urgency=medium - - * Initial release for securedrop workstation - - -- SecureDrop Team Fri, 22 May 2020 11:18:05 -0400 diff --git a/securedrop-keyring/debian/control b/securedrop-keyring/debian/control deleted file mode 100644 index b8e9b55c..00000000 --- a/securedrop-keyring/debian/control +++ /dev/null @@ -1,12 +0,0 @@ -Source: securedrop-keyring -Section: web -Priority: optional -Maintainer: SecureDrop Team -Build-Depends: debhelper-compat (= 11), -Standards-Version: 3.9.8 -Homepage: https://github.com/freedomofpress/securedrop-builder - -Package: securedrop-keyring -Architecture: all -Depends: gnupg -Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. diff --git a/securedrop-keyring/debian/copyright b/securedrop-keyring/debian/copyright deleted file mode 100644 index 335f3bf0..00000000 --- a/securedrop-keyring/debian/copyright +++ /dev/null @@ -1,7 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: securedrop-keyring -Source: https://github.com/freedomofpress/securedrop-builder - -Files: * -Copyright: 2020 Freedom of the Press Foundation -License: GPLv3+ diff --git a/securedrop-keyring/debian/postinst b/securedrop-keyring/debian/postinst deleted file mode 100644 index 94fc4dec..00000000 --- a/securedrop-keyring/debian/postinst +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# postinst script for securedrop-keyring -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -case "$1" in - configure) - chown -R root:root /etc/apt/trusted.gpg.d/ - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/securedrop-keyring/debian/preinst b/securedrop-keyring/debian/preinst deleted file mode 100644 index 2e084809..00000000 --- a/securedrop-keyring/debian/preinst +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -set -e - -# Solution adapted from DKG's work on `deb.torproject.org-keyring` and -# the securedrop core keyring package. -# -# The salt provisioning logic uses pkgrepo.managed, which writes the -# key to `/etc/apt/trusted.gpg`. It's cleaner to use the trusted.gpg.d -# subdirectory, since we can update that trivially in future versions -# of the keyring package. -# -# Therefore let's clean up prior versions of the key installed -# to the general apt keyring, to ensure we only have one signing key -# installed for authenticating securedrop-related packages. - -if [ -e /etc/apt/trusted.gpg ] && which gpg >/dev/null; then - ( - h="$(mktemp -d)" - trap "rm -rf '$h'" EXIT - - if gpg --homedir="$h" \ - --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg \ - --list-key 0x2359E6538C0613E652955E6C188EDD3B7B22E6A3 > /dev/null 2>&1 ; then - gpg --homedir="$h" \ - --batch --no-tty --no-default-keyring --keyring /etc/apt/trusted.gpg \ - --no-auto-check-trustdb \ - --delete-key 0x2359E6538C0613E652955E6C188EDD3B7B22E6A3 || true - fi - ) -fi - -#DEBHELPER# - diff --git a/securedrop-keyring/debian/rules b/securedrop-keyring/debian/rules deleted file mode 100755 index f0c5d531..00000000 --- a/securedrop-keyring/debian/rules +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/make -f - -%: - dh $@ - -# Override debhelper's auto-generated files in `/etc/` -# to force an exact replacement of the files we are modifying -# there (specifically, `/etc/apt/trusted.gpg.d/securedrop-keyring.gpg`). -override_dh_installdeb: - dh_installdeb - cat /dev/null > ${CURDIR}/debian/securedrop-keyring/DEBIAN/conffiles - diff --git a/securedrop-keyring/debian/securedrop-keyring.install b/securedrop-keyring/debian/securedrop-keyring.install deleted file mode 100644 index 34a62562..00000000 --- a/securedrop-keyring/debian/securedrop-keyring.install +++ /dev/null @@ -1 +0,0 @@ -securedrop-keyring.gpg etc/apt/trusted.gpg.d/ diff --git a/securedrop-keyring/debian/source/format b/securedrop-keyring/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/securedrop-keyring/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/securedrop-keyring/securedrop-keyring.gpg b/securedrop-keyring/securedrop-keyring.gpg deleted file mode 100644 index 51b1fd78832ef0f7234446debb9b35c479e05219..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3540 zcmbuAXEYlM|Hl&~E}^)pBKF>+M!D3eqDstAvv#Dah@grZwbhKRXtb!^nvD>OTD|tF zJzJ|)B7$r7xzBz6&w1{f|2fY&&+p~$d(QXO=X^hTRE#uEdG0kpW@Ati6y7nL2z%Fi?+e!D>jP`@?+B2k~V^T{p zEoR#5TeEe6+UuZsc223h2R)(i7j_JCqPP6M#okC55PiRmBYS@ex@{+|i`}XHTrL>D z>7o-m2(b^Gc(gJUR%lS`smM$9raz3xujsBMMjEkyU`W|=Nb^c4gklHBvaOe+;;swc z58wM{`kL)RvW_4b!@BI1Mw?yORMDSoc?PvCw&U7a=!*WymFTvpL00~$jiFk3CtKZr z?X`u7p35U$zF4R#yGdBlxIvlB_ZaPmdp9uBm`CmFn>c+@LG~|t2V9ItTH?BJx03rG z@g%#O%x}e?@V7B&t>5>YpZ^&N&!~G__H|M)k(VIDCGIddymKz7e;xNnLPnA zdVqhzl57HORHtAkEYKRcqQe(zmG}Bz3h6yT^)@|b7c|0S%rNTkvg$`AiBIfxgL~|yX4Fo@>B`>tYC)V;<0!nlD+?BDLz8ENzxZi zV?fWAv-)Dz>~7!>(s+@f!jJjiV2vYoSIg$;qHPUj=CA|+3lIRTWdHzBXcQ3e*EJd- zkgfq3qz=Xh&1a5$gmm^p@*zA>-X7j4K0{;>-%Y>2a<@NoY0STJX-{O3w7i`BbuD)c z66xmSC4jh^lo21EgY) zxW-Q-XtRMx0<&(IXE{8ArYx$32y7ICs9eHS+(2|R^cl(kdOGHR|G6xgep-9V$yI)p~QKsMEoXE zx2+|f(5@qSu1pqEQwLqrGd_~7ylpQrb;DynXWt3BOp%utEZNT<6|ZJ7Z0~)I^hqAq z2cL|*MF>IU?f(!;JI_2*w}KzvpKp}?Nb*64^$eUy!6WTuD?q+lS`oND^l*e1hl9A# z_iAdxr0@cYDz>4Oa?@05TaKC^!gQmSC+I0gqnt)-<71H8bkfmbMB(>IFGuSNh|ejo zIF5~W#{oa>nwt1dY_HpRt-*e(#8=rUrr3B@kn6_s5{|PR zTu%RYyw*0Dem-hKc#UuzCRK#sdrRZrXyh$iVBz&v>k4igft*xxLILC-3-0k+H&Ag$ zv-<&h?kdSTH(q*k7F9ow>QfqIj(9qM`xphoEkBO6HJBiHFBaVj5iwbFSDWN=V{tfT z`>u6ST-G}V_Em4lWu%@5X55YMyWFCL2z^+2#76W<^oP=kjgl@2w*GCMb2#6@NVEQ< zuv$mGXhp+rKPl2N%zxx4qxspL8Spn`U6yg(HyV8-oBiQYV5>%V>42YUtvc#nr1tKE zzK8sD$-8oSX7o6wKg8KgUexHoO@W5m8+h{L0k=*ko4qP%LAK`HwpN#g5Zyf=r9_aG zzWWzrh4Z^uH~)7cYW;y{oBckVMS)229JY5VQ@<*_)3&6(SwwP859%X-nBx&cmnwVT4E@Us9bx%$rG%0v zOh&avp#}!!brfTLTpOrh%YyKAT)BGr)K2ACWmIr>B(1A4a7yIsYhP#HgZoFwljtXe zz=F`STn2ZF{)Yh#W}(=Zu%S!Xgnojpq9L(J)kEU@c5}JYzJYKIKhai!^LB!>Il;dP z@ajyo-xXaG0_|8_LKo%<~ZCcEz9V(g~|enB1K-H=KTdxL>$$byGt9 zPrRuATt@)mKh~_=k%9*Uo`|dvr%Y$X#)>p3j>x1v)^Ro{56nanMIH$-A$oKz4C||<_@;W0P>WAH*jQc`{yzN%x=uhvCa}+|aQaX2j z>>@OIE7;x92la>qQ%Jr!z0G;-#Ixxqhq`Txv=xFoWvw*jk*}G;3!CggnyT%?uHQpM zQB9Ubk;BIgr}24P$XDM?J$ye-7AV!cm!6!Hah6P!gWkiN|IvZ~&+>@5TnY=6B|h)@ z%bE#PH))`M+DwFsli~ljRwQ5DKdlu<^Y>W^S7rKX_SJl1^NaJQ4JQarw-h=h*KKmP z$Yh!m?h>Cc;=N)OS}>RIG#Yv_Y-&4YUCWEK88BRAR)e5_3?bRI=O;`}1@Z(!c`a*H z28I+FSR^*4M`T13j2wDXeS)nQ#Y`P@_>C-JbAuluW8kB0ilM558uh>wQYIA+O5)TB zRmeep!*4SIableKTL^FjWJyI422;=sW2hTF@;oPyYxjDpCjv3&- zG^3onw6wh0y%{AeT$KP0IKB@_T|JsxQu(C2J^Q%*mpv_L(Cn|9ys{kuJY61lBEIcV zs8Fzzw>5RHre&5aFxQ40(526M5vot9Zng|-6$7uc3$3Kh@ZROt$c_TUtPJ(cxE4d_^EXKg zSOT^a@vNgV$@FoHiB}f-Rf%R9Xib)6O>jp8fn-QH0Zn(CQOeMxG&}8kY&v(VpJk!9_r{BVkfae|R`w_i=U3_a&8f za#}NMgw{+AdJRc@4va*0HDeufS*|k*k0C=B?N7d`KA%(oH+a)5nX4a`lY{so&{qlA-{gU9(1eKxdMRvb1c|TMR#Y zTW-_km?+h&J6(`o!}DO<@NrJrTA90T`5q&u{93_a^ Mon, 04 Jul 2022 21:51:55 -0400 - -securedrop-log (0.1.2+buster) unstable; urgency=medium - - * see changelog.md - - -- SecureDrop Team Thu, 05 Nov 2020 11:34:25 -0500 - -securedrop-log (0.1.1+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 27 Feb 2020 08:25:27 -0800 - -securedrop-log (0.1.0+buster) unstable; urgency=medium - - * See changelog.md - - -- redshiftzero Fri, 21 Feb 2020 13:35:58 -0500 - -securedrop-log (0.0.4+buster) unstable; urgency=medium - - * See changelog.md - - -- Kushal Das Tue, 22 Jan 2019 13:05:38 +0530 - -securedrop-log (0.0.3+buster) unstable; urgency=medium - - * See changelog.md - - -- Kushal Das Tue, 17 Dec 2019 13:05:38 +0530 - -securedrop-log (0.0.2+buster) unstable; urgency=medium - - * See changelog.md - - -- redshiftzero Thu, 12 Dec 2019 19:30:18 -0500 - -securedrop-log (0.0.1+buster) unstable; urgency=medium - - * Initial release on Debian buster - - -- Kushal Das Fri, 06 Dec 2019 11:05:38 +0530 diff --git a/securedrop-log/debian/control b/securedrop-log/debian/control deleted file mode 100644 index 1a9ec291..00000000 --- a/securedrop-log/debian/control +++ /dev/null @@ -1,21 +0,0 @@ -Source: securedrop-log -Section: utils -Priority: optional -Maintainer: SecureDrop Team -Build-Depends: - debhelper-compat (= 11), - dh-python, - python3-all, - dh-virtualenv, - python3-distutils -Standards-Version: 3.9.8 -Homepage: https://github.com/freedomofpress/securedrop-log -Vcs-Git: https://github.com/freedomofpress/securedrop-log.git -X-Python-3-Version: >= 3.7 - -Package: securedrop-log -Architecture: all -Depends: python3-distutils, ${misc:Depends}, ${python3:Depends} -Description: Python module and qrexec service to store logs for SecureDrop Workstation - This package provides Python module and qrexec service files to create a logging VM in - SecureDrop Workstation project in Qubes. diff --git a/securedrop-log/debian/copyright b/securedrop-log/debian/copyright deleted file mode 100644 index 19e406a8..00000000 --- a/securedrop-log/debian/copyright +++ /dev/null @@ -1,27 +0,0 @@ -Upstream-Name: securedrop-log -Source: https://github.com/freedomofpress/securedrop-log - -Files: * -Copyright: 2020 Freedom of the Press Foundation -License: GPL-3.0+ - -Files: debian/* -Copyright: 2020 Freedom of the Press Foundation -License: GPL-3.0+ - -License: GPL-3.0+ - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program. If not, see . - . - On Debian systems, the complete text of the GNU General - Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". diff --git a/securedrop-log/debian/rules b/securedrop-log/debian/rules deleted file mode 100755 index 606bc1a8..00000000 --- a/securedrop-log/debian/rules +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/make -f - -%: - dh $@ --with python-virtualenv - -# For backwards compatibility; can be set to build-requirements.txt once fully switched to new path -REQUIREMENTS_FILE=$(shell test -e build-requirements.txt && echo "build-requirements.txt" || echo "requirements/build-requirements.txt") - -override_dh_virtualenv: - test -e $(REQUIREMENTS_FILE) - dh_virtualenv \ - --python /usr/bin/python3 \ - --extra-pip-arg "--ignore-installed" \ - --extra-pip-arg "--no-index" \ - --extra-pip-arg "--find-links" \ - --extra-pip-arg "$(WHEELS_DIR)" \ - --extra-pip-arg "--no-deps" \ - --extra-pip-arg "--no-cache-dir" \ - --extra-pip-arg "--no-use-pep517" \ - --requirements $(REQUIREMENTS_FILE) - -override_dh_strip_nondeterminism: - find ./debian/ -type f -name '*.pyc' -delete - find ./debian/ -type f -name 'pip-selfcheck.json' -delete - find ./debian/ -type f -name 'direct_url.json' -delete - find ./debian/ -type f -name 'RECORD' -delete - dh_strip_nondeterminism $@ diff --git a/securedrop-log/debian/securedrop-log.install b/securedrop-log/debian/securedrop-log.install deleted file mode 100644 index 01500926..00000000 --- a/securedrop-log/debian/securedrop-log.install +++ /dev/null @@ -1,5 +0,0 @@ -securedrop.Log etc/qubes-rpc/ -sd-rsyslog usr/sbin/ -securedrop-log.service etc/systemd/system -sdlog.conf etc/rsyslog.d/ - diff --git a/securedrop-log/debian/securedrop-log.links b/securedrop-log/debian/securedrop-log.links deleted file mode 100644 index e5480a62..00000000 --- a/securedrop-log/debian/securedrop-log.links +++ /dev/null @@ -1,3 +0,0 @@ -opt/venvs/securedrop-log/sbin/securedrop-log usr/sbin/securedrop-log -opt/venvs/securedrop-log/sbin/securedrop-log-saver usr/sbin/securedrop-log-saver -opt/venvs/securedrop-log/sbin/securedrop-redis-log usr/sbin/securedrop-redis-log diff --git a/securedrop-log/debian/securedrop-log.triggers b/securedrop-log/debian/securedrop-log.triggers deleted file mode 100644 index d24bbda1..00000000 --- a/securedrop-log/debian/securedrop-log.triggers +++ /dev/null @@ -1,7 +0,0 @@ -# Register interest in Python interpreter changes; and -# don't make the Python package dependent on the virtualenv package -# processing (noawait) -interest-noawait /usr/bin/python3 - -# Also provide a symbolic trigger for all dh-virtualenv packages -interest dh-virtualenv-interpreter-update diff --git a/securedrop-log/debian/source/format b/securedrop-log/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/securedrop-log/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/securedrop-proxy/debian/changelog-buster b/securedrop-proxy/debian/changelog-buster deleted file mode 100644 index c4ae8c3d..00000000 --- a/securedrop-proxy/debian/changelog-buster +++ /dev/null @@ -1,52 +0,0 @@ -securedrop-proxy (0.4.1+bullseye) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 03 May 2023 19:36:49 +0000 - -securedrop-proxy (0.4.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Mon, 04 Jul 2022 21:44:26 -0400 - -securedrop-proxy (0.3.1+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 05 Nov 2020 11:10:17 -0500 - -securedrop-proxy (0.3.0+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Fri, 29 May 2020 17:13:04 -0400 - -securedrop-proxy (0.2.1+buster) unstable; urgency=medium - - * See changelog.md - - -- SecureDrop Team Mon, 30 Mar 2020 14:11:49 -0400 - -securedrop-proxy (0.2.0+buster) unstable; urgency=medium - - * See changelog.md - - -- redshiftzero Fri, 21 Feb 2020 13:35:28 -0500 - -securedrop-proxy (0.1.6+buster) unstable; urgency=medium - - * Fixes CI for git-lfs based package builds (#60) - * Rename VMs (#59) - * Restructures the code base with more object methods (#55) - * Add quality control tools (#54) - * Improve error handling, tests (#53) - * Adds buster packaging in CI (#52) - - -- John Hensley Tue, 28 Jan 2020 15:52:15 -0500 - -securedrop-proxy (0.1.5+buster) unstable; urgency=medium - - * Update python3.5 to python3 and add changelog for buster builds - - -- Allie Crevier Thu, 21 Nov 2019 19:25:41 -0500 diff --git a/securedrop-proxy/debian/changelog-stretch b/securedrop-proxy/debian/changelog-stretch deleted file mode 100644 index 27116091..00000000 --- a/securedrop-proxy/debian/changelog-stretch +++ /dev/null @@ -1,44 +0,0 @@ -securedrop-proxy (0.1.5+stretch) unstable; urgency=medium - - * Update python3.5 to python3 and add changelog for buster builds - - -- Allie Crevier Thu, 21 Nov 2019 19:40:09 -0500 - -securedrop-proxy (0.1.4) unstable; urgency=medium - - * Update urllib3 to version 1.24.3 or later due to CVE-2019-11324 (#35) - * Remove pipenv in favor of pip-tools (#33) - - -- Allie Crevier Tue, 18 Jun 2019 15:55:27 -0400 - -securedrop-proxy (0.1.3) unstable; urgency=medium - - * Updated PyYAML to 5.1 and safe loading of YAML files - #24 and #25 - - -- Kushal Das Thu, 25 Apr 2019 02:02:38 +0530 - -securedrop-proxy (0.1.2) unstable; urgency=medium - - * Update requirements: Remove dev requirements (#20), update wheel hashes - (#21) - - -- Mickael E. Thu, 15 Nov 2018 16:19:39 -0500 - -securedrop-proxy (0.1.1-1) unstable; urgency=medium - - * Resolves venv paths in generated scripts (via dh-virtualenv) - - -- Conor Schaefer Thu, 08 Nov 2018 18:51:12 -0800 - -securedrop-proxy (0.1.1) unstable; urgency=medium - - * Update requests to 2.20.0 - - -- redshiftzero Wed, 07 Nov 2018 19:37:41 -0500 - -securedrop-proxy (0.1.0) unstable; urgency=medium - - * Initial release. (Closes: #XXX) - - -- Kushal Das Tue, 25 Sep 2018 17:58:38 -0400 diff --git a/securedrop-proxy/debian/control b/securedrop-proxy/debian/control deleted file mode 100644 index d5469a91..00000000 --- a/securedrop-proxy/debian/control +++ /dev/null @@ -1,15 +0,0 @@ -Source: securedrop-proxy -Section: unknown -Priority: optional -Maintainer: SecureDrop Team -Build-Depends: debhelper-compat (= 11), dh-python, python3-all, python3-setuptools, dh-virtualenv -Standards-Version: 3.9.8 -Homepage: https://github.com/freedomofpress/securedrop-proxy -X-Python3-Version: >= 3.5 - -Package: securedrop-proxy -Architecture: all -Depends: ${python3:Depends}, ${misc:Depends}, libyaml-0-2 -Description: This is securedrop Qubes proxy service - This package provides the network proxy on Qubes to talk to the SecureDrop server. - diff --git a/securedrop-proxy/debian/copyright b/securedrop-proxy/debian/copyright deleted file mode 100644 index beadd47b..00000000 --- a/securedrop-proxy/debian/copyright +++ /dev/null @@ -1,7 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: securedrop-proxy -Source: https://github.com/freedomofpress/securedrop-proxy - -Files: * -Copyright: 2020 Freedom of the Press Foundation -License: GPLv3+ diff --git a/securedrop-proxy/debian/rules b/securedrop-proxy/debian/rules deleted file mode 100755 index 1554f7c0..00000000 --- a/securedrop-proxy/debian/rules +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/make -f - -%: - dh $@ --with python-virtualenv - -REQUIREMENTS_FILE=build-requirements.txt - -override_dh_virtualenv: - test -e $(REQUIREMENTS_FILE) - dh_virtualenv \ - --python /usr/bin/python3 \ - --extra-pip-arg "--ignore-installed" \ - --extra-pip-arg "--no-index" \ - --extra-pip-arg "--find-links" \ - --extra-pip-arg "$(WHEELS_DIR)" \ - --extra-pip-arg "--no-deps" \ - --extra-pip-arg "--no-cache-dir" \ - --extra-pip-arg "--no-use-pep517" \ - --requirements $(REQUIREMENTS_FILE) - -override_dh_strip_nondeterminism: - find ./debian/ -type f -name '*.pyc' -delete - find ./debian/ -type f -name 'pip-selfcheck.json' -delete - find ./debian/ -type f -name 'direct_url.json' -delete - find ./debian/ -type f -name 'RECORD' -delete - dh_strip_nondeterminism $@ diff --git a/securedrop-proxy/debian/securedrop-proxy.install b/securedrop-proxy/debian/securedrop-proxy.install deleted file mode 100644 index 54555377..00000000 --- a/securedrop-proxy/debian/securedrop-proxy.install +++ /dev/null @@ -1,2 +0,0 @@ -qubes/securedrop.Proxy etc/qubes-rpc/ -config-example.yaml usr/share/securedrop-proxy/ diff --git a/securedrop-proxy/debian/securedrop-proxy.links b/securedrop-proxy/debian/securedrop-proxy.links deleted file mode 100644 index abddf108..00000000 --- a/securedrop-proxy/debian/securedrop-proxy.links +++ /dev/null @@ -1 +0,0 @@ -opt/venvs/securedrop-proxy/bin/sd-proxy usr/bin/sd-proxy diff --git a/securedrop-proxy/debian/securedrop-proxy.triggers b/securedrop-proxy/debian/securedrop-proxy.triggers deleted file mode 100644 index a309d193..00000000 --- a/securedrop-proxy/debian/securedrop-proxy.triggers +++ /dev/null @@ -1,7 +0,0 @@ -# Register interest in Python interpreter changes (Python 2 for now); and -# don't make the Python package dependent on the virtualenv package -# processing (noawait) -interest-noawait /usr/bin/python3 - -# Also provide a symbolic trigger for all dh-virtualenv packages -interest dh-virtualenv-interpreter-update diff --git a/securedrop-proxy/debian/source/format b/securedrop-proxy/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/securedrop-proxy/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/securedrop-workstation-config/debian/changelog-buster b/securedrop-workstation-config/debian/changelog-buster deleted file mode 100644 index 9f75992d..00000000 --- a/securedrop-workstation-config/debian/changelog-buster +++ /dev/null @@ -1,59 +0,0 @@ -securedrop-workstation-config (0.2.0+buster) unstable; urgency=medium - - * Update mimeapps.list.sd-viewer to work on Bullseye (Qubes 4.1) - - -- SecureDrop Team Wed, 29 Jun 2022 15:25:05 -0700 - -securedrop-workstation-config (0.1.7+buster) unstable; urgency=medium - - * Add mp4 to allow-list for sd-viewer - - -- SecureDrop Team Mon, 02 May 2022 16:05:46 -0700 - -securedrop-workstation-config (0.1.6+buster) unstable; urgency=medium - - * Bugfix in .desktop file syntax; improved Fail Closed behavior - - -- SecureDrop Team Tue, 02 Mar 2021 15:00:00 -0400 - -securedrop-workstation-config (0.1.5+buster) unstable; urgency=medium - - * Adds a "default" mimetype handler, for reuse by other VMs - - -- SecureDrop Team Thu, 01 Oct 2020 17:55:53 -0700 - -securedrop-workstation-config (0.1.4+buster) unstable; urgency=medium - - * Provides mime type files all VMs for template consolidation - - -- SecureDrop Team Wed, 26 Aug 2020 15:24:29 -0400 - -securedrop-workstation-config (0.1.3+buster) unstable; urgency=medium - - * Adds securedrop-keyring to list of dependencies - - -- SecureDrop Team Fri, 22 May 2020 12:02:57 -0400 - -securedrop-workstation-config (0.1.2+buster) unstable; urgency=medium - - * Bump securedrop-workstation-config to 0.1.2 - - -- SecureDrop Team Mon, 10 Feb 2020 17:45:01 -0500 - -securedrop-workstation-config (0.1.1+buster) unstable; urgency=medium - - * Remove libgnomevfs2-bin from dependencies and bump to 0.1.1 - - -- SecureDrop Team Thu, 31 Oct 2019 14:56:04 -0400 - -securedrop-workstation-config (0.1.0+buster) unstable; urgency=medium - - * Provides buster support through buster-specific package. - - -- SecureDrop Team Thu, 31 Oct 2019 12:22:23 -0400 - -securedrop-workstation-config (0.1.0) unstable; urgency=medium - - * Initial release. - - -- SecureDrop Team Thu, 4 Oct 2018 15:33:10 -0400 diff --git a/securedrop-workstation-config/debian/control b/securedrop-workstation-config/debian/control deleted file mode 100644 index f3968c61..00000000 --- a/securedrop-workstation-config/debian/control +++ /dev/null @@ -1,13 +0,0 @@ -Source: securedrop-workstation-config -Section: unknown -Priority: optional -Maintainer: SecureDrop Team -Build-Depends: debhelper-compat (= 11), -Standards-Version: 3.9.8 -Homepage: https://github.com/freedomofpress/securedrop-workstation-config - -Package: securedrop-workstation-config -Architecture: all -Depends: nautilus, gvfs-bin, securedrop-keyring -Description: This is the SecureDrop workstation template configuration package. - This package provides dependencies and configuration for the Qubes SecureDrop workstation VM Templates. diff --git a/securedrop-workstation-config/debian/copyright b/securedrop-workstation-config/debian/copyright deleted file mode 100644 index b2055f91..00000000 --- a/securedrop-workstation-config/debian/copyright +++ /dev/null @@ -1,7 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: securedrop-workstation-config -Source: https://github.com/freedomofpress/securedrop-builder - -Files: * -Copyright: 2020 Freedom of the Press Foundation -License: GPLv3+ diff --git a/securedrop-workstation-config/debian/postinst b/securedrop-workstation-config/debian/postinst deleted file mode 100644 index 2084a52f..00000000 --- a/securedrop-workstation-config/debian/postinst +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# postinst script for securedrop-workstation-config -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - configure) - # move pax flags and restart paxctld service - # copy and set default mimeapps handling - # except for whonix-based VMs - if [ ! -e "/etc/whonix_version" ]; then - cp /opt/sdw/paxctld.conf /etc/paxctld.conf - systemctl restart paxctld - cp /opt/sdw/open-in-dvm.desktop /usr/share/applications/ - cp /opt/sdw/mimeapps.list.sd-app /usr/share/applications/mimeapps.list - cp /opt/sdw/mimeapps.list.sd-app /opt/sdw/mimeapps.list.default - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/securedrop-workstation-config/debian/rules b/securedrop-workstation-config/debian/rules deleted file mode 100755 index 2d33f6ac..00000000 --- a/securedrop-workstation-config/debian/rules +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/make -f - -%: - dh $@ diff --git a/securedrop-workstation-config/debian/securedrop-workstation-config.install b/securedrop-workstation-config/debian/securedrop-workstation-config.install deleted file mode 100644 index e2d96c18..00000000 --- a/securedrop-workstation-config/debian/securedrop-workstation-config.install +++ /dev/null @@ -1,6 +0,0 @@ -mailcap.default opt/sdw/ -mimeapps.list.sd-viewer opt/sdw/ -mimeapps.list.sd-app opt/sdw/ -mimeapps.list.sd-devices-dvm opt/sdw/ -open-in-dvm.desktop opt/sdw/ -paxctld.conf opt/sdw/ diff --git a/securedrop-workstation-config/debian/source/format b/securedrop-workstation-config/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/securedrop-workstation-config/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/securedrop-workstation-config/mailcap.default b/securedrop-workstation-config/mailcap.default deleted file mode 100644 index 4c3bb897..00000000 --- a/securedrop-workstation-config/mailcap.default +++ /dev/null @@ -1,7 +0,0 @@ -# Mailcap acts as a fallback mechanism if MIME type lookup fails in tools like -# xdg-open. Because the Mailcap MIME type definitions do not match the -# ones used by the SecureDrop Workstation, we disable Mailcap for the default -# user using a wildcard rule. Lookup attempts are logged to /var/log/syslog -# and sd-log. - -*/*; logger "Mailcap is disabled." diff --git a/securedrop-workstation-config/mimeapps.list.sd-app b/securedrop-workstation-config/mimeapps.list.sd-app deleted file mode 100644 index 6a23b860..00000000 --- a/securedrop-workstation-config/mimeapps.list.sd-app +++ /dev/null @@ -1,297 +0,0 @@ -[Default Applications] -application/x-dia-diagram=open-in-dvm.desktop; -text/x-vcard=open-in-dvm.desktop; -text/directory=open-in-dvm.desktop; -text/calendar=open-in-dvm.desktop; -application/x-cd-image=open-in-dvm.desktop; -application/x-desktop=open-in-dvm.desktop; -application/x-raw-disk-image=open-in-dvm.desktop; -application/x-raw-disk-image-xz-compressed=open-in-dvm.desktop; -image/x-compressed-xcf=open-in-dvm.desktop; -image/x-xcf=open-in-dvm.desktop; -image/x-psd=open-in-dvm.desktop; -image/x-fits=open-in-dvm.desktop; -image/bmp=open-in-dvm.desktop; -image/gif=open-in-dvm.desktop; -image/x-icb=open-in-dvm.desktop; -image/x-ico=open-in-dvm.desktop; -image/x-pcx=open-in-dvm.desktop; -image/x-portable-anymap=open-in-dvm.desktop; -image/x-portable-bitmap=open-in-dvm.desktop; -image/x-portable-graymap=open-in-dvm.desktop; -image/x-portable-pixmap=open-in-dvm.desktop; -image/x-xbitmap=open-in-dvm.desktop; -image/x-xpixmap=open-in-dvm.desktop; -image/svg+xml=open-in-dvm.desktop; -application/vnd.ms-word=open-in-dvm.desktop; -application/vnd.wordperfect=open-in-dvm.desktop; -application/vnd.sun.xml.writer=open-in-dvm.desktop; -application/vnd.sun.xml.writer.global=open-in-dvm.desktop; -application/vnd.sun.xml.writer.template=open-in-dvm.desktop; -application/vnd.stardivision.writer=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text-template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text-web=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text-master=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.wordprocessingml.document=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.wordprocessingml.template=open-in-dvm.desktop; -application/vnd.ms-excel=open-in-dvm.desktop; -application/vnd.stardivision.calc=open-in-dvm.desktop; -application/vnd.sun.xml.calc=open-in-dvm.desktop; -application/vnd.sun.xml.calc.template=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.spreadsheetml.template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.spreadsheet=open-in-dvm.desktop; -application/vnd.oasis.opendocument.spreadsheet-template=open-in-dvm.desktop; -application/vnd.ms-powerpoint=open-in-dvm.desktop; -application/vnd.stardivision.impress=open-in-dvm.desktop; -application/vnd.sun.xml.impress=open-in-dvm.desktop; -application/vnd.sun.xml.impress.template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.presentation=open-in-dvm.desktop; -application/vnd.oasis.opendocument.presentation-template=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.presentationml.presentation=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.presentationml.template=open-in-dvm.desktop; -application/vnd.stardivision.draw=open-in-dvm.desktop; -application/vnd.sun.xml.draw=open-in-dvm.desktop; -application/vnd.sun.xml.draw.template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.graphics=open-in-dvm.desktop; -application/vnd.oasis.opendocument.graphics-template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.formula=open-in-dvm.desktop; -application/vnd.sun.xml.math=open-in-dvm.desktop; -application/vnd.stardivision.math=open-in-dvm.desktop; -application/vnd.oasis.opendocument.database=open-in-dvm.desktop; -application/vnd.sun.xml.base=open-in-dvm.desktop; -application/pdf=open-in-dvm.desktop; -application/postscript=open-in-dvm.desktop; -application/x-qw=open-in-dvm.desktop; -application/x-gnucash=open-in-dvm.desktop; -application/vnd.lotus-1-2-3=open-in-dvm.desktop; -application/x-oleo=open-in-dvm.desktop; -application/x-gnumeric=open-in-dvm.desktop; -application/x-xbase=open-in-dvm.desktop; -application/x-abiword=open-in-dvm.desktop; -application/x-dvi=open-in-dvm.desktop; -application/x-catalog=open-in-dvm.desktop; -application/x-rpm=open-in-dvm.desktop; -text/csv=open-in-dvm.desktop; -text/plain=open-in-dvm.desktop; -text/html=open-in-dvm.desktop; -application/xhtml+xml=open-in-dvm.desktop; -inode/directory=open-in-dvm.desktop; -x-content/blank-cd=open-in-dvm.desktop; -x-content/blank-dvd=open-in-dvm.desktop; -x-content/blank-bd=open-in-dvm.desktop; -x-content/blank-hddvd=open-in-dvm.desktop; -x-content/video-dvd=open-in-dvm.desktop; -x-content/video-vcd=open-in-dvm.desktop; -x-content/video-svcd=open-in-dvm.desktop; -#x-content/video-bluray=open-in-dvm.desktop; -#x-content/video-hddvd=open-in-dvm.desktop; -x-content/audio-cdda=open-in-dvm.desktop; -x-content/audio-dvd=open-in-dvm.desktop; -x-content/audio-player=open-in-dvm.desktop; -x-content/image-dcf=open-in-dvm.desktop; -x-content/image-picturecd=open-in-dvm.desktop; -# URI scheme handlers -x-scheme-handler/mailto=open-in-dvm.desktop; -x-scheme-handler/http=open-in-dvm.desktop; -x-scheme-handler/https=open-in-dvm.desktop; -application/mxf=open-in-dvm.desktop; -application/ogg=open-in-dvm.desktop; -application/ram=open-in-dvm.desktop; -application/sdp=open-in-dvm.desktop; -application/smil=open-in-dvm.desktop; -application/smil+xml=open-in-dvm.desktop; -application/vnd.apple.mpegurl=open-in-dvm.desktop; -application/vnd.ms-wpl=open-in-dvm.desktop; -application/vnd.rn-realmedia=open-in-dvm.desktop; -application/x-extension-m4a=open-in-dvm.desktop; -application/x-extension-mp4=open-in-dvm.desktop; -application/x-flac=open-in-dvm.desktop; -application/x-flash-video=open-in-dvm.desktop; -application/x-matroska=open-in-dvm.desktop; -application/x-netshow-channel=open-in-dvm.desktop; -application/x-ogg=open-in-dvm.desktop; -application/x-quicktime-media-link=open-in-dvm.desktop; -application/x-quicktimeplayer=open-in-dvm.desktop; -application/x-shorten=open-in-dvm.desktop; -application/x-smil=open-in-dvm.desktop; -application/xspf+xml=open-in-dvm.desktop; -audio/3gpp=open-in-dvm.desktop; -audio/ac3=open-in-dvm.desktop; -audio/AMR=open-in-dvm.desktop; -audio/AMR-WB=open-in-dvm.desktop; -audio/basic=open-in-dvm.desktop; -audio/midi=open-in-dvm.desktop; -audio/mp2=open-in-dvm.desktop; -audio/mp4=open-in-dvm.desktop; -audio/mpeg=open-in-dvm.desktop; -audio/mpegurl=open-in-dvm.desktop; -audio/ogg=open-in-dvm.desktop; -audio/prs.sid=open-in-dvm.desktop; -audio/vnd.rn-realaudio=open-in-dvm.desktop; -audio/x-aiff=open-in-dvm.desktop; -audio/x-ape=open-in-dvm.desktop; -audio/x-flac=open-in-dvm.desktop; -audio/x-gsm=open-in-dvm.desktop; -audio/x-it=open-in-dvm.desktop; -audio/x-m4a=open-in-dvm.desktop; -audio/x-matroska=open-in-dvm.desktop; -audio/x-mod=open-in-dvm.desktop; -audio/x-mp3=open-in-dvm.desktop; -audio/x-mpeg=open-in-dvm.desktop; -audio/x-mpegurl=open-in-dvm.desktop; -audio/x-ms-asf=open-in-dvm.desktop; -audio/x-ms-asx=open-in-dvm.desktop; -audio/x-ms-wax=open-in-dvm.desktop; -audio/x-ms-wma=open-in-dvm.desktop; -audio/x-musepack=open-in-dvm.desktop; -audio/x-pn-aiff=open-in-dvm.desktop; -audio/x-pn-au=open-in-dvm.desktop; -audio/x-pn-realaudio=open-in-dvm.desktop; -audio/x-pn-realaudio-plugin=open-in-dvm.desktop; -audio/x-pn-wav=open-in-dvm.desktop; -audio/x-pn-windows-acm=open-in-dvm.desktop; -audio/x-realaudio=open-in-dvm.desktop; -audio/x-real-audio=open-in-dvm.desktop; -audio/x-s3m=open-in-dvm.desktop; -audio/x-sbc=open-in-dvm.desktop; -audio/x-scpls=open-in-dvm.desktop; -audio/x-speex=open-in-dvm.desktop; -audio/x-stm=open-in-dvm.desktop; -audio/x-tta=open-in-dvm.desktop; -audio/x-wav=open-in-dvm.desktop; -audio/x-wavpack=open-in-dvm.desktop; -audio/x-vorbis=open-in-dvm.desktop; -audio/x-vorbis+ogg=open-in-dvm.desktop; -audio/x-xm=open-in-dvm.desktop; -image/vnd.rn-realpix=open-in-dvm.desktop; -image/x-pict=open-in-dvm.desktop; -misc/ultravox=open-in-dvm.desktop; -text/google-video-pointer=open-in-dvm.desktop; -text/x-google-video-pointer=open-in-dvm.desktop; -video/3gp=open-in-dvm.desktop; -video/3gpp=open-in-dvm.desktop; -video/dv=open-in-dvm.desktop; -video/divx=open-in-dvm.desktop; -video/fli=open-in-dvm.desktop; -video/flv=open-in-dvm.desktop; -video/mp2t=open-in-dvm.desktop; -video/mp4=open-in-dvm.desktop; -video/mp4v-es=open-in-dvm.desktop; -video/mpeg=open-in-dvm.desktop; -video/msvideo=open-in-dvm.desktop; -video/ogg=open-in-dvm.desktop; -video/quicktime=open-in-dvm.desktop; -video/vivo=open-in-dvm.desktop; -video/vnd.divx=open-in-dvm.desktop; -video/vnd.mpegurl=open-in-dvm.desktop; -video/vnd.rn-realvideo=open-in-dvm.desktop; -video/vnd.vivo=open-in-dvm.desktop; -video/webm=open-in-dvm.desktop; -video/x-anim=open-in-dvm.desktop; -video/x-avi=open-in-dvm.desktop; -video/x-flc=open-in-dvm.desktop; -video/x-fli=open-in-dvm.desktop; -video/x-flic=open-in-dvm.desktop; -video/x-flv=open-in-dvm.desktop; -video/x-m4v=open-in-dvm.desktop; -video/x-matroska=open-in-dvm.desktop; -video/x-mpeg=open-in-dvm.desktop; -video/x-mpeg2=open-in-dvm.desktop; -video/x-ms-asf=open-in-dvm.desktop; -video/x-ms-asx=open-in-dvm.desktop; -video/x-msvideo=open-in-dvm.desktop; -video/x-ms-wm=open-in-dvm.desktop; -video/x-ms-wmv=open-in-dvm.desktop; -video/x-ms-wmx=open-in-dvm.desktop; -video/x-ms-wvx=open-in-dvm.desktop; -video/x-nsv=open-in-dvm.desktop; -video/x-ogm+ogg=open-in-dvm.desktop; -video/x-theora+ogg=open-in-dvm.desktop; -video/x-totem-stream=open-in-dvm.desktop; -x-content/video-dvd=open-in-dvm.desktop; -x-content/video-vcd=open-in-dvm.desktop; -x-content/video-svcd=open-in-dvm.desktop; -x-scheme-handler/pnm=open-in-dvm.desktop; -x-scheme-handler/mms=open-in-dvm.desktop; -x-scheme-handler/net=open-in-dvm.desktop; -x-scheme-handler/rtp=open-in-dvm.desktop; -x-scheme-handler/rtmp=open-in-dvm.desktop; -x-scheme-handler/rtsp=open-in-dvm.desktop; -x-scheme-handler/mmsh=open-in-dvm.desktop; -x-scheme-handler/uvox=open-in-dvm.desktop; -x-scheme-handler/icy=open-in-dvm.desktop; -x-scheme-handler/icyx=open-in-dvm.desktop; -application/x-7z-compressed=open-in-dvm.desktop; -application/x-7z-compressed-tar=open-in-dvm.desktop; -application/x-ace=open-in-dvm.desktop; -application/x-alz=open-in-dvm.desktop; -application/x-ar=open-in-dvm.desktop; -application/x-arj=open-in-dvm.desktop; -application/x-bzip=open-in-dvm.desktop; -application/x-bzip-compressed-tar=open-in-dvm.desktop; -application/x-bzip1=open-in-dvm.desktop; -application/x-bzip1-compressed-tar=open-in-dvm.desktop; -application/x-cabinet=open-in-dvm.desktop; -application/x-cbr=open-in-dvm.desktop; -application/x-cbz=open-in-dvm.desktop; -application/x-compress=open-in-dvm.desktop; -application/x-compressed-tar=open-in-dvm.desktop; -application/x-cpio=open-in-dvm.desktop; -application/x-deb=open-in-dvm.desktop; -application/x-ear=open-in-dvm.desktop; -application/x-ms-dos-executable=open-in-dvm.desktop; -application/x-gtar=open-in-dvm.desktop; -application/x-gzip=open-in-dvm.desktop; -application/x-gzpostscript=open-in-dvm.desktop; -application/x-java-archive=open-in-dvm.desktop; -application/x-lha=open-in-dvm.desktop; -application/x-lhz=open-in-dvm.desktop; -application/x-lrzip=open-in-dvm.desktop; -application/x-lrzip-compressed-tar=open-in-dvm.desktop; -application/x-lzip=open-in-dvm.desktop; -application/x-lzip-compressed-tar=open-in-dvm.desktop; -application/x-lzma=open-in-dvm.desktop; -application/x-lzma-compressed-tar=open-in-dvm.desktop; -application/x-lzop=open-in-dvm.desktop; -application/x-lzop-compressed-tar=open-in-dvm.desktop; -application/x-ms-wim=open-in-dvm.desktop; -application/x-rar=open-in-dvm.desktop; -application/x-rar-compressed=open-in-dvm.desktop; -application/x-rzip=open-in-dvm.desktop; -application/x-tar=open-in-dvm.desktop; -application/x-tarz=open-in-dvm.desktop; -application/x-stuffit=open-in-dvm.desktop; -application/x-war=open-in-dvm.desktop; -application/x-xz=open-in-dvm.desktop; -application/x-xz-compressed-tar=open-in-dvm.desktop; -application/x-zip=open-in-dvm.desktop; -application/x-zip-compressed=open-in-dvm.desktop; -application/x-zoo=open-in-dvm.desktop; -application/zip=open-in-dvm.desktop; -application/x-archive=open-in-dvm.desktop; -application/vnd.ms-cab-compressed=open-in-dvm.desktop; -application/x-source-rpm=open-in-dvm.desktop; -image/bmp=open-in-dvm.desktop; -image/gif=open-in-dvm.desktop; -image/jpeg=open-in-dvm.desktop; -image/jpg=open-in-dvm.desktop; -image/pjpeg=open-in-dvm.desktop; -image/png=open-in-dvm.desktop; -image/tiff=open-in-dvm.desktop; -image/x-bmp=open-in-dvm.desktop; -image/x-gray=open-in-dvm.desktop; -image/x-icb=open-in-dvm.desktop; -image/x-ico=open-in-dvm.desktop; -image/x-png=open-in-dvm.desktop; -image/x-portable-anymap=open-in-dvm.desktop; -image/x-portable-bitmap=open-in-dvm.desktop; -image/x-portable-graymap=open-in-dvm.desktop; -image/x-portable-pixmap=open-in-dvm.desktop; -image/x-xbitmap=open-in-dvm.desktop; -image/x-xpixmap=open-in-dvm.desktop; -image/x-pcx=open-in-dvm.desktop; -image/svg+xml=open-in-dvm.desktop; -image/svg+xml-compressed=open-in-dvm.desktop; -image/vnd.wap.wbmp=open-in-dvm.desktop; diff --git a/securedrop-workstation-config/mimeapps.list.sd-devices-dvm b/securedrop-workstation-config/mimeapps.list.sd-devices-dvm deleted file mode 100644 index 886a600b..00000000 --- a/securedrop-workstation-config/mimeapps.list.sd-devices-dvm +++ /dev/null @@ -1,298 +0,0 @@ -[Default Applications] -application/x-sd-export=send-to-usb.desktop; -application/x-dia-diagram=open-in-dvm.desktop; -text/x-vcard=open-in-dvm.desktop; -text/directory=open-in-dvm.desktop; -text/calendar=open-in-dvm.desktop; -application/x-cd-image=open-in-dvm.desktop; -application/x-desktop=open-in-dvm.desktop; -application/x-raw-disk-image=open-in-dvm.desktop; -application/x-raw-disk-image-xz-compressed=open-in-dvm.desktop; -image/x-compressed-xcf=open-in-dvm.desktop; -image/x-xcf=open-in-dvm.desktop; -image/x-psd=open-in-dvm.desktop; -image/x-fits=open-in-dvm.desktop; -image/bmp=open-in-dvm.desktop; -image/gif=open-in-dvm.desktop; -image/x-icb=open-in-dvm.desktop; -image/x-ico=open-in-dvm.desktop; -image/x-pcx=open-in-dvm.desktop; -image/x-portable-anymap=open-in-dvm.desktop; -image/x-portable-bitmap=open-in-dvm.desktop; -image/x-portable-graymap=open-in-dvm.desktop; -image/x-portable-pixmap=open-in-dvm.desktop; -image/x-xbitmap=open-in-dvm.desktop; -image/x-xpixmap=open-in-dvm.desktop; -image/svg+xml=open-in-dvm.desktop; -application/vnd.ms-word=open-in-dvm.desktop; -application/vnd.wordperfect=open-in-dvm.desktop; -application/vnd.sun.xml.writer=open-in-dvm.desktop; -application/vnd.sun.xml.writer.global=open-in-dvm.desktop; -application/vnd.sun.xml.writer.template=open-in-dvm.desktop; -application/vnd.stardivision.writer=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text-template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text-web=open-in-dvm.desktop; -application/vnd.oasis.opendocument.text-master=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.wordprocessingml.document=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.wordprocessingml.template=open-in-dvm.desktop; -application/vnd.ms-excel=open-in-dvm.desktop; -application/vnd.stardivision.calc=open-in-dvm.desktop; -application/vnd.sun.xml.calc=open-in-dvm.desktop; -application/vnd.sun.xml.calc.template=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.spreadsheetml.template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.spreadsheet=open-in-dvm.desktop; -application/vnd.oasis.opendocument.spreadsheet-template=open-in-dvm.desktop; -application/vnd.ms-powerpoint=open-in-dvm.desktop; -application/vnd.stardivision.impress=open-in-dvm.desktop; -application/vnd.sun.xml.impress=open-in-dvm.desktop; -application/vnd.sun.xml.impress.template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.presentation=open-in-dvm.desktop; -application/vnd.oasis.opendocument.presentation-template=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.presentationml.presentation=open-in-dvm.desktop; -application/vnd.openxmlformats-officedocument.presentationml.template=open-in-dvm.desktop; -application/vnd.stardivision.draw=open-in-dvm.desktop; -application/vnd.sun.xml.draw=open-in-dvm.desktop; -application/vnd.sun.xml.draw.template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.graphics=open-in-dvm.desktop; -application/vnd.oasis.opendocument.graphics-template=open-in-dvm.desktop; -application/vnd.oasis.opendocument.formula=open-in-dvm.desktop; -application/vnd.sun.xml.math=open-in-dvm.desktop; -application/vnd.stardivision.math=open-in-dvm.desktop; -application/vnd.oasis.opendocument.database=open-in-dvm.desktop; -application/vnd.sun.xml.base=open-in-dvm.desktop; -application/pdf=open-in-dvm.desktop; -application/postscript=open-in-dvm.desktop; -application/x-qw=open-in-dvm.desktop; -application/x-gnucash=open-in-dvm.desktop; -application/vnd.lotus-1-2-3=open-in-dvm.desktop; -application/x-oleo=open-in-dvm.desktop; -application/x-gnumeric=open-in-dvm.desktop; -application/x-xbase=open-in-dvm.desktop; -application/x-abiword=open-in-dvm.desktop; -application/x-dvi=open-in-dvm.desktop; -application/x-catalog=open-in-dvm.desktop; -application/x-rpm=open-in-dvm.desktop; -text/csv=open-in-dvm.desktop; -text/plain=open-in-dvm.desktop; -text/html=open-in-dvm.desktop; -application/xhtml+xml=open-in-dvm.desktop; -inode/directory=open-in-dvm.desktop; -x-content/blank-cd=open-in-dvm.desktop; -x-content/blank-dvd=open-in-dvm.desktop; -x-content/blank-bd=open-in-dvm.desktop; -x-content/blank-hddvd=open-in-dvm.desktop; -x-content/video-dvd=open-in-dvm.desktop; -x-content/video-vcd=open-in-dvm.desktop; -x-content/video-svcd=open-in-dvm.desktop; -#x-content/video-bluray=open-in-dvm.desktop; -#x-content/video-hddvd=open-in-dvm.desktop; -x-content/audio-cdda=open-in-dvm.desktop; -x-content/audio-dvd=open-in-dvm.desktop; -x-content/audio-player=open-in-dvm.desktop; -x-content/image-dcf=open-in-dvm.desktop; -x-content/image-picturecd=open-in-dvm.desktop; -# URI scheme handlers -x-scheme-handler/mailto=open-in-dvm.desktop; -x-scheme-handler/http=open-in-dvm.desktop; -x-scheme-handler/https=open-in-dvm.desktop; -application/mxf=open-in-dvm.desktop; -application/ogg=open-in-dvm.desktop; -application/ram=open-in-dvm.desktop; -application/sdp=open-in-dvm.desktop; -application/smil=open-in-dvm.desktop; -application/smil+xml=open-in-dvm.desktop; -application/vnd.apple.mpegurl=open-in-dvm.desktop; -application/vnd.ms-wpl=open-in-dvm.desktop; -application/vnd.rn-realmedia=open-in-dvm.desktop; -application/x-extension-m4a=open-in-dvm.desktop; -application/x-extension-mp4=open-in-dvm.desktop; -application/x-flac=open-in-dvm.desktop; -application/x-flash-video=open-in-dvm.desktop; -application/x-matroska=open-in-dvm.desktop; -application/x-netshow-channel=open-in-dvm.desktop; -application/x-ogg=open-in-dvm.desktop; -application/x-quicktime-media-link=open-in-dvm.desktop; -application/x-quicktimeplayer=open-in-dvm.desktop; -application/x-shorten=open-in-dvm.desktop; -application/x-smil=open-in-dvm.desktop; -application/xspf+xml=open-in-dvm.desktop; -audio/3gpp=open-in-dvm.desktop; -audio/ac3=open-in-dvm.desktop; -audio/AMR=open-in-dvm.desktop; -audio/AMR-WB=open-in-dvm.desktop; -audio/basic=open-in-dvm.desktop; -audio/midi=open-in-dvm.desktop; -audio/mp2=open-in-dvm.desktop; -audio/mp4=open-in-dvm.desktop; -audio/mpeg=open-in-dvm.desktop; -audio/mpegurl=open-in-dvm.desktop; -audio/ogg=open-in-dvm.desktop; -audio/prs.sid=open-in-dvm.desktop; -audio/vnd.rn-realaudio=open-in-dvm.desktop; -audio/x-aiff=open-in-dvm.desktop; -audio/x-ape=open-in-dvm.desktop; -audio/x-flac=open-in-dvm.desktop; -audio/x-gsm=open-in-dvm.desktop; -audio/x-it=open-in-dvm.desktop; -audio/x-m4a=open-in-dvm.desktop; -audio/x-matroska=open-in-dvm.desktop; -audio/x-mod=open-in-dvm.desktop; -audio/x-mp3=open-in-dvm.desktop; -audio/x-mpeg=open-in-dvm.desktop; -audio/x-mpegurl=open-in-dvm.desktop; -audio/x-ms-asf=open-in-dvm.desktop; -audio/x-ms-asx=open-in-dvm.desktop; -audio/x-ms-wax=open-in-dvm.desktop; -audio/x-ms-wma=open-in-dvm.desktop; -audio/x-musepack=open-in-dvm.desktop; -audio/x-pn-aiff=open-in-dvm.desktop; -audio/x-pn-au=open-in-dvm.desktop; -audio/x-pn-realaudio=open-in-dvm.desktop; -audio/x-pn-realaudio-plugin=open-in-dvm.desktop; -audio/x-pn-wav=open-in-dvm.desktop; -audio/x-pn-windows-acm=open-in-dvm.desktop; -audio/x-realaudio=open-in-dvm.desktop; -audio/x-real-audio=open-in-dvm.desktop; -audio/x-s3m=open-in-dvm.desktop; -audio/x-sbc=open-in-dvm.desktop; -audio/x-scpls=open-in-dvm.desktop; -audio/x-speex=open-in-dvm.desktop; -audio/x-stm=open-in-dvm.desktop; -audio/x-tta=open-in-dvm.desktop; -audio/x-wav=open-in-dvm.desktop; -audio/x-wavpack=open-in-dvm.desktop; -audio/x-vorbis=open-in-dvm.desktop; -audio/x-vorbis+ogg=open-in-dvm.desktop; -audio/x-xm=open-in-dvm.desktop; -image/vnd.rn-realpix=open-in-dvm.desktop; -image/x-pict=open-in-dvm.desktop; -misc/ultravox=open-in-dvm.desktop; -text/google-video-pointer=open-in-dvm.desktop; -text/x-google-video-pointer=open-in-dvm.desktop; -video/3gp=open-in-dvm.desktop; -video/3gpp=open-in-dvm.desktop; -video/dv=open-in-dvm.desktop; -video/divx=open-in-dvm.desktop; -video/fli=open-in-dvm.desktop; -video/flv=open-in-dvm.desktop; -video/mp2t=open-in-dvm.desktop; -video/mp4=open-in-dvm.desktop; -video/mp4v-es=open-in-dvm.desktop; -video/mpeg=open-in-dvm.desktop; -video/msvideo=open-in-dvm.desktop; -video/ogg=open-in-dvm.desktop; -video/quicktime=open-in-dvm.desktop; -video/vivo=open-in-dvm.desktop; -video/vnd.divx=open-in-dvm.desktop; -video/vnd.mpegurl=open-in-dvm.desktop; -video/vnd.rn-realvideo=open-in-dvm.desktop; -video/vnd.vivo=open-in-dvm.desktop; -video/webm=open-in-dvm.desktop; -video/x-anim=open-in-dvm.desktop; -video/x-avi=open-in-dvm.desktop; -video/x-flc=open-in-dvm.desktop; -video/x-fli=open-in-dvm.desktop; -video/x-flic=open-in-dvm.desktop; -video/x-flv=open-in-dvm.desktop; -video/x-m4v=open-in-dvm.desktop; -video/x-matroska=open-in-dvm.desktop; -video/x-mpeg=open-in-dvm.desktop; -video/x-mpeg2=open-in-dvm.desktop; -video/x-ms-asf=open-in-dvm.desktop; -video/x-ms-asx=open-in-dvm.desktop; -video/x-msvideo=open-in-dvm.desktop; -video/x-ms-wm=open-in-dvm.desktop; -video/x-ms-wmv=open-in-dvm.desktop; -video/x-ms-wmx=open-in-dvm.desktop; -video/x-ms-wvx=open-in-dvm.desktop; -video/x-nsv=open-in-dvm.desktop; -video/x-ogm+ogg=open-in-dvm.desktop; -video/x-theora+ogg=open-in-dvm.desktop; -video/x-totem-stream=open-in-dvm.desktop; -x-content/video-dvd=open-in-dvm.desktop; -x-content/video-vcd=open-in-dvm.desktop; -x-content/video-svcd=open-in-dvm.desktop; -x-scheme-handler/pnm=open-in-dvm.desktop; -x-scheme-handler/mms=open-in-dvm.desktop; -x-scheme-handler/net=open-in-dvm.desktop; -x-scheme-handler/rtp=open-in-dvm.desktop; -x-scheme-handler/rtmp=open-in-dvm.desktop; -x-scheme-handler/rtsp=open-in-dvm.desktop; -x-scheme-handler/mmsh=open-in-dvm.desktop; -x-scheme-handler/uvox=open-in-dvm.desktop; -x-scheme-handler/icy=open-in-dvm.desktop; -x-scheme-handler/icyx=open-in-dvm.desktop; -application/x-7z-compressed=open-in-dvm.desktop; -application/x-7z-compressed-tar=open-in-dvm.desktop; -application/x-ace=open-in-dvm.desktop; -application/x-alz=open-in-dvm.desktop; -application/x-ar=open-in-dvm.desktop; -application/x-arj=open-in-dvm.desktop; -application/x-bzip=open-in-dvm.desktop; -application/x-bzip-compressed-tar=open-in-dvm.desktop; -application/x-bzip1=open-in-dvm.desktop; -application/x-bzip1-compressed-tar=open-in-dvm.desktop; -application/x-cabinet=open-in-dvm.desktop; -application/x-cbr=open-in-dvm.desktop; -application/x-cbz=open-in-dvm.desktop; -application/x-compress=open-in-dvm.desktop; -application/x-compressed-tar=open-in-dvm.desktop; -application/x-cpio=open-in-dvm.desktop; -application/x-deb=open-in-dvm.desktop; -application/x-ear=open-in-dvm.desktop; -application/x-ms-dos-executable=open-in-dvm.desktop; -application/x-gtar=open-in-dvm.desktop; -application/x-gzip=open-in-dvm.desktop; -application/x-gzpostscript=open-in-dvm.desktop; -application/x-java-archive=open-in-dvm.desktop; -application/x-lha=open-in-dvm.desktop; -application/x-lhz=open-in-dvm.desktop; -application/x-lrzip=open-in-dvm.desktop; -application/x-lrzip-compressed-tar=open-in-dvm.desktop; -application/x-lzip=open-in-dvm.desktop; -application/x-lzip-compressed-tar=open-in-dvm.desktop; -application/x-lzma=open-in-dvm.desktop; -application/x-lzma-compressed-tar=open-in-dvm.desktop; -application/x-lzop=open-in-dvm.desktop; -application/x-lzop-compressed-tar=open-in-dvm.desktop; -application/x-ms-wim=open-in-dvm.desktop; -application/x-rar=open-in-dvm.desktop; -application/x-rar-compressed=open-in-dvm.desktop; -application/x-rzip=open-in-dvm.desktop; -application/x-tar=open-in-dvm.desktop; -application/x-tarz=open-in-dvm.desktop; -application/x-stuffit=open-in-dvm.desktop; -application/x-war=open-in-dvm.desktop; -application/x-xz=open-in-dvm.desktop; -application/x-xz-compressed-tar=open-in-dvm.desktop; -application/x-zip=open-in-dvm.desktop; -application/x-zip-compressed=open-in-dvm.desktop; -application/x-zoo=open-in-dvm.desktop; -application/zip=open-in-dvm.desktop; -application/x-archive=open-in-dvm.desktop; -application/vnd.ms-cab-compressed=open-in-dvm.desktop; -application/x-source-rpm=open-in-dvm.desktop; -image/bmp=open-in-dvm.desktop; -image/gif=open-in-dvm.desktop; -image/jpeg=open-in-dvm.desktop; -image/jpg=open-in-dvm.desktop; -image/pjpeg=open-in-dvm.desktop; -image/png=open-in-dvm.desktop; -image/tiff=open-in-dvm.desktop; -image/x-bmp=open-in-dvm.desktop; -image/x-gray=open-in-dvm.desktop; -image/x-icb=open-in-dvm.desktop; -image/x-ico=open-in-dvm.desktop; -image/x-png=open-in-dvm.desktop; -image/x-portable-anymap=open-in-dvm.desktop; -image/x-portable-bitmap=open-in-dvm.desktop; -image/x-portable-graymap=open-in-dvm.desktop; -image/x-portable-pixmap=open-in-dvm.desktop; -image/x-xbitmap=open-in-dvm.desktop; -image/x-xpixmap=open-in-dvm.desktop; -image/x-pcx=open-in-dvm.desktop; -image/svg+xml=open-in-dvm.desktop; -image/svg+xml-compressed=open-in-dvm.desktop; -image/vnd.wap.wbmp=open-in-dvm.desktop; diff --git a/securedrop-workstation-config/mimeapps.list.sd-viewer b/securedrop-workstation-config/mimeapps.list.sd-viewer deleted file mode 100644 index 00a680e6..00000000 --- a/securedrop-workstation-config/mimeapps.list.sd-viewer +++ /dev/null @@ -1,32 +0,0 @@ -[Default Applications] -text/plain=org.gnome.gedit.desktop -text/csv=libreoffice-base.desktop -application/vnd.oasis.opendocument.text=libreoffice-base.desktop -application/vnd.oasis.opendocument.spreadsheet=libreoffice-base.desktop -application/vnd.oasis.opendocument.presentation=libreoffice-base.desktop -application/msword=libreoffice-base.desktop -application/vnd.ms-excel=libreoffice-base.desktop -application/vnd.ms-powerpoint=libreoffice-base.desktop -application/vnd.openxmlformats-officedocument.wordprocessingml.document=libreoffice-base.desktop -application/vnd.openxmlformats-officedocument.spreadsheetml.sheet=libreoffice-base.desktop -application/vnd.openxmlformats-officedocument.presentationml.presentation=libreoffice-base.desktop -application/pdf=org.gnome.Evince.desktop -application/x-desktop=org.gnome.gedit.desktop -audio/mp4=audacious.desktop -audio/mpeg=audacious.desktop -audio/x-vorbis+ogg=audacious.desktop -audio/x-wav=audacious.desktop -video/quicktime=org.gnome.Totem.desktop -video/x-theora+ogg=org.gnome.Totem.desktop -video/mp4=org.gnome.Totem.desktop -video/x-msvideo=org.gnome.Totem.desktop -video/x-ms-wmv=org.gnome.Totem.desktop -image/jpeg=org.gnome.eog.desktop -image/gif=org.gnome.eog.desktop -image/tiff=org.gnome.Evince.desktop -image/png=org.gnome.eog.desktop -image/svg+xml=org.gnome.eog.desktop -image/vnd.djvu=org.gnome.Evince.desktop -application/vnd.rar=org.gnome.FileRoller.desktop -application/zip=org.gnome.FileRoller.desktop -application/x-7z-compressed=org.gnome.FileRoller.desktop diff --git a/securedrop-workstation-config/open-in-dvm.desktop b/securedrop-workstation-config/open-in-dvm.desktop deleted file mode 100644 index a3aaad78..00000000 --- a/securedrop-workstation-config/open-in-dvm.desktop +++ /dev/null @@ -1,10 +0,0 @@ -[Desktop Entry] -Type=Application -Version=1.0 -Name=Open in Disposable VM -Comment=Open file in a Disposable VM -TryExec=/usr/bin/qvm-open-in-vm -Exec=/usr/bin/qvm-open-in-vm --view-only @dispvm:sd-viewer %f -Icon=/usr/share/icons/Qubes/dispvm-gray.png -Terminal=false -Categories=Utility diff --git a/securedrop-workstation-config/paxctld.conf b/securedrop-workstation-config/paxctld.conf deleted file mode 100644 index b41b399f..00000000 --- a/securedrop-workstation-config/paxctld.conf +++ /dev/null @@ -1,117 +0,0 @@ -# This file was provisioned via securedrop-workstation-svs-disp -# grub - -/usr/bin/grub-script-check E -/usr/bin/grub-bios-setup E -/usr/sbin/grub-mkdevicemap E -/usr/sbin/grub-probe E - -# qemu -/usr/bin/qemu-alpha m -/usr/bin/qemu-arm m -/usr/bin/qemu-armeb m -/usr/bin/qemu-cris m -/usr/bin/qemu-i386 m -/usr/bin/qemu-m68k m -/usr/bin/qemu-microblaze m -/usr/bin/qemu-microblazeel m -/usr/bin/qemu-mips m -/usr/bin/qemu-mips64 m -/usr/bin/qemu-mips64el m -/usr/bin/qemu-mipsel m -/usr/bin/qemu-mipsn32 m -/usr/bin/qemu-mipsn32el m -/usr/bin/qemu-or32 m -/usr/bin/qemu-ppc m -/usr/bin/qemu-ppc64 m -/usr/bin/qemu-ppc64abi32 m -/usr/bin/qemu-s390x m -/usr/bin/qemu-sh4 m -/usr/bin/qemu-sh4eb m -/usr/bin/qemu-sparc m -/usr/bin/qemu-sparc32plus m -/usr/bin/qemu-sparc64 m -/usr/bin/qemu-unicore32 m -/usr/bin/qemu-x86_64 m - -/usr/bin/qemu-system-aarch64 m -/usr/bin/qemu-system-alpha m -/usr/bin/qemu-system-arm m -/usr/bin/qemu-system-cris m -/usr/bin/qemu-system-i386 m -/usr/bin/qemu-system-lm32 m -/usr/bin/qemu-system-m68k m -/usr/bin/qemu-system-microblaze m -/usr/bin/qemu-system-microblazeel m -/usr/bin/qemu-system-mips m -/usr/bin/qemu-system-mips64 m -/usr/bin/qemu-system-mips64el m -/usr/bin/qemu-system-mipsel m -/usr/bin/qemu-system-moxie m -/usr/bin/qemu-system-or32 m -/usr/bin/qemu-system-ppc m -/usr/bin/qemu-system-ppc64 m -/usr/bin/qemu-system-ppcemb m -/usr/bin/qemu-system-s390x m -/usr/bin/qemu-system-sh4 m -/usr/bin/qemu-system-sh4eb m -/usr/bin/qemu-system-sparc m -/usr/bin/qemu-system-sparc64 m -/usr/bin/qemu-system-unicore32 m -/usr/bin/qemu-system-x86_64 m -/usr/bin/qemu-system-xtensa m -/usr/bin/qemu-system-xtensaeb m - -# skype -/usr/lib/skype/skype m -/usr/lib32/skype/skype m - -# steam -/usr/lib32/ld-linux.so.2 m - -# node -/usr/bin/node m - -# chrome -/opt/google/chrome/chrome-sandbox m -/opt/google/chrome/nacl_helper m -/opt/google/chrome/chrome m - -# chromium -/usr/lib/chromium-browser/chromium-browser m - -# firefox -/usr/lib/firefox/firefox m -/usr/lib/firefox/plugin-container m - -# webapp-container -/usr/bin/webapp-container m - -# oxide -/usr/lib/x86_64-linux-gnu/oxide-qt/oxide-renderer m - -# valgrind -/usr/bin/valgrind m - -# python -/usr/bin/python2.7 E -/usr/bin/python3.5 E - -# java -/usr/lib/jvm/java-6-sun-1.6.0.10/jre/bin/java m -/usr/lib/jvm/java-6-sun-1.6.0.10/jre/bin/javaws m -/usr/lib/jvm/java-6-openjdk/jre/bin/java m -/usr/lib/jvm/java-6-openjdk/jre/bin/java m -/usr/lib/jvm/java-8-openjdk/jre/bin/java m -/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java m -# openrc -/lib/rc/bin/lsb2rcconf E - -# libreoffice -# Ubuntu doesn't seem to carry this patch: -# https://bz.apache.org/ooo/show_bug.cgi?id=80816 -# libreoffice will still run fine without the below line, -# but it will report an RWX mprotect attempt -# /usr/lib/libreoffice/program/soffice.bin m - -/usr/bin/totem m diff --git a/securedrop-workstation-viewer/debian/changelog-buster b/securedrop-workstation-viewer/debian/changelog-buster deleted file mode 100644 index afccb788..00000000 --- a/securedrop-workstation-viewer/debian/changelog-buster +++ /dev/null @@ -1,18 +0,0 @@ -securedrop-workstation-viewer (0.2.0+buster) unstable; urgency=medium - - * Move packages to debhelper-compat 11 - - -- SecureDrop Team Mon, 04 Jul 2022 22:03:18 -0400 - -securedrop-workstation-viewer (0.1.1+buster) unstable; urgency=medium - - * Fixes typo in control fields, replaces package - 'securedrop-workstation-svs-disp' - - -- SecureDrop Team Mon, 05 Oct 2020 16:59:56 -0700 - -securedrop-workstation-viewer (0.1.0+buster) unstable; urgency=medium - - * Creates package, replacing 'securedrop-workstation-sd-svs-disp' package - - -- SecureDrop Team Thu, 01 Oct 2020 17:36:58 -0700 diff --git a/securedrop-workstation-viewer/debian/control b/securedrop-workstation-viewer/debian/control deleted file mode 100644 index b2412c04..00000000 --- a/securedrop-workstation-viewer/debian/control +++ /dev/null @@ -1,15 +0,0 @@ -Source: securedrop-workstation-viewer -Section: unknown -Priority: optional -Maintainer: SecureDrop Team -Build-Depends: debhelper-compat (= 11), -Standards-Version: 3.9.8 -Homepage: https://github.com/freedomofpress/securedrop-builder - -Package: securedrop-workstation-viewer -Architecture: all -Depends: securedrop-workstation-config,securedrop-workstation-grsec,apparmor-profiles,apparmor-profiles-extra,apparmor-utils,audacious,eog,evince,file-roller,gedit,totem -Description: This is the SecureDrop workstation SecureDrop Viewer Disposable VM template configuration package. This package provides dependencies and configuration for the Qubes SecureDrop workstation sd-viewer Template VM. -Provides: securedrop-workstation-svs-disp -Conflicts: securedrop-workstation-svs-disp -Replaces: securedrop-workstation-svs-disp diff --git a/securedrop-workstation-viewer/debian/copyright b/securedrop-workstation-viewer/debian/copyright deleted file mode 100644 index e4a333e6..00000000 --- a/securedrop-workstation-viewer/debian/copyright +++ /dev/null @@ -1,7 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: securedrop-workstation-svs-disp -Source: https://github.com/freedomofpress/securedrop-builder - -Files: * -Copyright: 2020 Freedom of the Press Foundation -License: GPLv3+ diff --git a/securedrop-workstation-viewer/debian/rules b/securedrop-workstation-viewer/debian/rules deleted file mode 100755 index 2d33f6ac..00000000 --- a/securedrop-workstation-viewer/debian/rules +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/make -f - -%: - dh $@ diff --git a/securedrop-workstation-viewer/debian/source/format b/securedrop-workstation-viewer/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/securedrop-workstation-viewer/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/tests/test_deb_package.py b/tests/test_deb_package.py deleted file mode 100644 index 8d98985f..00000000 --- a/tests/test_deb_package.py +++ /dev/null @@ -1,32 +0,0 @@ -import subprocess -import tempfile -from pathlib import Path - -import pytest - -SECUREDROP_ROOT = Path( - subprocess.check_output(["/usr/bin/git", "rev-parse", "--show-toplevel"]).decode().strip() -) -DEB_PATHS = list((SECUREDROP_ROOT / "build/debbuild/packaging").glob("*.deb")) - - -@pytest.mark.parametrize("deb", DEB_PATHS) -def test_securedrop_keyring_removes_conffiles(deb: Path): - """ - Ensures additional conffiles are not shipped in the `securedrop-keyring` - package. Files in `/etc/` are automatically marked as conffiles during - packaging, so our build logic overwrites the additional files that would - be left behind in the `/etc/apt/trusted.gpg.d/` diretory. - - When `securedrop-keyring.gpg` is shipped in `/usr/share/keyrings`, this - test can be removed. - """ - if not deb.name.startswith("securedrop-keyring"): - return - - with tempfile.TemporaryDirectory() as tmpdir: - subprocess.check_call(["/usr/bin/dpkg-deb", "--control", deb, tmpdir]) - conffiles_path = Path(tmpdir) / "conffiles" - assert conffiles_path.exists() - # No files are currently allow-listed to be conffiles - assert conffiles_path.read_text().rstrip() == "" diff --git a/tests/test_reproducible_debian_packages.py b/tests/test_reproducible_debian_packages.py deleted file mode 100644 index 9703413e..00000000 --- a/tests/test_reproducible_debian_packages.py +++ /dev/null @@ -1,49 +0,0 @@ -import os -import subprocess - -import pytest - -PACKAGE_BUILD_TARGETS = { - "securedrop-client": "main", - "securedrop-log": "main", - "securedrop-proxy": "main", - "securedrop-export": "main", -} - -# These are the package names we want to test reproducibility for -PACKAGE_NAMES = PACKAGE_BUILD_TARGETS.keys() - - -def get_repo_root(): - cmd = "git rev-parse --show-toplevel".split() - return subprocess.check_output(cmd).decode("utf-8").rstrip() - - -repo_root = get_repo_root() - - -@pytest.mark.parametrize("pkg_name", PACKAGE_NAMES) -def test_deb_builds_are_reproducible(pkg_name): - """ - Uses 'reprotest' to confirm that the Debian package build process - is deterministic, i.e. all .deb files are created with the same checksum - across multiple builds. - - We're not testing many variations, only exec_path, as a simple test - for deterministic builds with most aspects controlled. - """ - - cmd_env = os.environ.copy() - cmd_env["PKG_GITREF"] = os.environ.get("PKG_GITREF", PACKAGE_BUILD_TARGETS[pkg_name]) - cmd_env["TERM"] = "xterm-256color" - cmd = [ - "reprotest", - "-c", - f"make {pkg_name}", - "--variations", - "-all, -kernel, +exec_path, +build_path", - "--no-clean-on-error", - ".", - f"build/debbuild/packaging/{pkg_name}*.deb", - ] - subprocess.check_call(cmd, env=cmd_env, cwd=repo_root)