Packages.securedrop.club created from develop

DevOps
#1

Bonjour,

packages.securedrop.club is configured to watch the SecureDrop develop branch and create packages that can be used as follows:

wget https://packages-host.securedrop.club/key.asc
sudo apt-key add key.asc
sudo apt-add-repository https://packages-host.securedrop.club

To use this repository instead of the FPF repository, create a new file install_files/ansible-base/group_vars/all/qa:



apt_repo_url: https://packages-host.securedrop.club


Replace the signing key


wget -O install_files/ansible-base/roles/install-fpf-repo/files/fpf-signing-key.pub https://packages-host.securedrop.club/key.asc



This is handy for tests.


Cheers







































#2






@dachary This is great!


As we’ve discussed before, there’s an informal QA playbook over here: https://gist.github.com/conorsch/e7556624df59b2a0f8b81f7c0c4f9b7d that’s useful for testing the release candidate Debian packages. Testing from the develop branch is a big step forward, so thanks for putting in the hard work.


As that QA playbook illustrates, we don’t have a convenient story for overriding core aspects of the config such as apt repo URL and apt repo pubkey. In a future version, if we make those values variables, they can be overridden for targeted testing of develop or RC debs.








1 Like





























#3






https://packages.securedrop.club/ now also has packages created from the tip of release/0.5 as well (updated automatically when a PR is merged).






































#4






In the admin tails terminal, when installing 0.5 from scratch:


$ wget -O install_files/ansible-base/roles/install-fpf-repo/files/fpf-signing-key.pub https://packages.securedrop.club/key.asc
$ ( echo --- ; echo apt_repo_url: https://packages.securedrop.club/release/0.5 ) | tee install_files/ansible-base/group_vars/all/qa