Packages.securedrop.club created from develop


#1

Bonjour,

packages.securedrop.club is configured to watch the SecureDrop develop branch and create packages that can be used as follows:

wget https://packages-host.securedrop.club/key.asc
sudo apt-key add key.asc
sudo apt-add-repository https://packages-host.securedrop.club 

To use this repository instead of the FPF repository, create a new file install_files/ansible-base/group_vars/all/qa:

apt_repo_url: https://packages-host.securedrop.club

Replace the signing key

wget -O install_files/ansible-base/roles/install-fpf-repo/files/fpf-signing-key.pub https://packages-host.securedrop.club/key.asc

This is handy for tests.

Cheers


#2

@dachary This is great!

As we’ve discussed before, there’s an informal QA playbook over here: https://gist.github.com/conorsch/e7556624df59b2a0f8b81f7c0c4f9b7d that’s useful for testing the release candidate Debian packages. Testing from the develop branch is a big step forward, so thanks for putting in the hard work.

As that QA playbook illustrates, we don’t have a convenient story for overriding core aspects of the config such as apt repo URL and apt repo pubkey. In a future version, if we make those values variables, they can be overridden for targeted testing of develop or RC debs.


#3

https://packages.securedrop.club/ now also has packages created from the tip of release/0.5 as well (updated automatically when a PR is merged).


#4

In the admin tails terminal, when installing 0.5 from scratch:

$ wget -O install_files/ansible-base/roles/install-fpf-repo/files/fpf-signing-key.pub https://packages.securedrop.club/key.asc
$ ( echo --- ; echo apt_repo_url: https://packages.securedrop.club/release/0.5 ) | tee install_files/ansible-base/group_vars/all/qa