From 72ee7df727af2d56e7001a85f8e92e18db288be1 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Fri, 18 Dec 2020 10:36:08 -0800
Subject: [PATCH] Touch-ups to signing script

Based on feedback during review.

  * Don't use docker, just use system python
  * Rebuild index.html
  * Instruct user to commit changes after local review

That's it for now. We can automatically 'git add' files once we have the
ruleset generation sorted out wrt #20.
---
 scripts/generate-and-sign | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/scripts/generate-and-sign b/scripts/generate-and-sign
index 75cf1f2..63409bb 100755
--- a/scripts/generate-and-sign
+++ b/scripts/generate-and-sign
@@ -31,13 +31,23 @@ rm -f "${https_everywhere_repo}/rules/"*.xml
 cp rulesets/*.xml "${https_everywhere_repo}/rules/"
 cp public_release.pem "${https_everywhere_repo}/"
 
+# Switch to upstream subdir, for access to tooling
 pushd "$https_everywhere_repo"
 sd_rules_dir="securedrop-rules"
 rm -rf "$sd_rules_dir"
 mkdir "$sd_rules_dir"
-docker run -it -v "$(pwd):/opt" --workdir /opt python:3.6 python3 utils/merge-rulesets.py
+python3 utils/merge-rulesets.py
 echo "Preparing rulesets for airgapped signature request..."
-docker run -it -v "$(pwd):/opt" --workdir /opt python:3.6 utils/sign-rulesets/async-request.sh public_release.pem "$sd_rules_dir"
+./utils/sign-rulesets/async-request.sh public_release.pem "$sd_rules_dir"
 
-echo "Finished. Review files in ${https_everywhere_repo}/${sd_rules_dir}/"
+# Return to SD ruleset repo root
+popd
+echo "Copying rules to SecureDrop ruleset repo..."
 cp -v "${https_everywhere_repo}/${sd_rules_dir}/"* .
+
+echo "Updating index for SecureDrop rules..."
+./update_index.sh
+
+echo "Finished. Please review local changes, and commit as appropriate."
+# TODO: Not automatically running 'git add *' due to
+# https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/issues/20