Setup:
virtualenv --python=python3 .venv
source .venv/bin/activate
pip install --require-hashes --no-deps -r requirements.txt
You can create a test key for signing using:
make test-key
which will create test-key.jwk in your current working directory.
-
Ensure they are in the official SecureDrop directory. If they are not, go through the IVF process with the organization.
-
Add their domain name and the requested URL to the
onboarded.txtvia PR into this repository. We match the domain based on the landing page of the organization, comparing thenetlocin a URL with structurescheme://netloc/path;parameters?query#fragment. -
Next, generate and sign the update ruleset using the following command (requires signing key, please ping
@emkllfor assistance):
./scripts/generate-and-sign
- Commit all files generated by the script above and open a Pull Request to this repository. Once the PR is merged, the rulesets will automatically be deployed to production.
Inspect the diff. If it looks good, commit the resulting index.html and all files to be served. To test locally, run
make serve
And configure your browser to use http://localhost:4080/https-everywhere/.
Upon merge the container will be published to quay.io/freedomofpress and the new tag will be deployed automatically.