Skip to content

Commit

Permalink
Touch-ups to signing script
Browse files Browse the repository at this point in the history 
Based on feedback during review.

  * Don't use docker, just use system python
  * Rebuild index.html
  * Instruct user to commit changes after local review

That's it for now. We can automatically 'git add' files once we have the
ruleset generation sorted out wrt #20.
  • Loading branch information
Conor Schaefer committed Dec 22, 2020
1 parent 3d216cf commit 72ee7df
Showing 1 changed file with 13 additions and 3 deletions.
16 changes: 13 additions & 3 deletions scripts/generate-and-sign
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,23 @@ rm -f "${https_everywhere_repo}/rules/"*.xml
cp rulesets/*.xml "${https_everywhere_repo}/rules/"
cp public_release.pem "${https_everywhere_repo}/"

# Switch to upstream subdir, for access to tooling
pushd "$https_everywhere_repo"
sd_rules_dir="securedrop-rules"
rm -rf "$sd_rules_dir"
mkdir "$sd_rules_dir"
docker run -it -v "$(pwd):/opt" --workdir /opt python:3.6 python3 utils/merge-rulesets.py
python3 utils/merge-rulesets.py
echo "Preparing rulesets for airgapped signature request..."
docker run -it -v "$(pwd):/opt" --workdir /opt python:3.6 utils/sign-rulesets/async-request.sh public_release.pem "$sd_rules_dir"
./utils/sign-rulesets/async-request.sh public_release.pem "$sd_rules_dir"

echo "Finished. Review files in ${https_everywhere_repo}/${sd_rules_dir}/"
# Return to SD ruleset repo root
popd
echo "Copying rules to SecureDrop ruleset repo..."
cp -v "${https_everywhere_repo}/${sd_rules_dir}/"* .

echo "Updating index for SecureDrop rules..."
./update_index.sh

echo "Finished. Please review local changes, and commit as appropriate."
# TODO: Not automatically running 'git add *' due to
# https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/issues/20

0 comments on commit 72ee7df

Please sign in to comment.