Skip to content

Merge version 0.10.0 of freedomofpress/securedrop-workstation #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 33 commits into from
Mar 12, 2024
Merged

Merge version 0.10.0 of freedomofpress/securedrop-workstation #8

merged 33 commits into from
Mar 12, 2024

Conversation

philmcmahon
Copy link
Collaborator

@philmcmahon philmcmahon commented Feb 19, 2024
edited
Loading

Status

Brings our repo up to date with https://github.com/freedomofpress/securedrop-workstation/releases/tag/0.10.0

To check that the changes being pulled in are expected, this tag comparison page is useful: freedomofpress/securedrop-workstation@0.9.0...0.10.0

To generate this PR, I ran the following git steps:

  • checkout latest main
  • checkout pm-merge-0.10.0-fop
  • git fetch [freedomofpress remote]
  • git merge 0.10.0
  • there were a couple of conflicts related to the changelog and version number
  • git commit/push

zenmonkeykstop and others added 30 commits November 23, 2023 11:33
@zenmonkeykstop
Merge pull request freedomofpress#917 from freedomofpress/fedora-38sies
0554d0f 
Move to fedora-38 as base system Fedora version
@legoktm @eaon
Just set Version in RPM spec
fdf191a 
This is mostly a copy of @eaon's change in securedrop-updater[1], with
one key change of normalizing the version down to a PEP 440 compatible
format.

Since we use setuptools's sdist to create a tarball and then expect
rpmbuild to be able to find it, we need to use a common version format
across both setuptools and RPM. Encoding the RC version in the `Release`
field has always been wrong, since that's used for changes to packaging,
not when the upstream (i.e. sdist tarball) changes.

This also means we no longer need to update `Source` in the release
branch to point at the tarball, since it can be inferred correctly from
the existing `%{name}-%{version}.tar.gz` macros.

Leave a TODO to switch to rpmdev-bumpspec which is the RPM `dch`
equivalent to bump the version and insert a changelog entry.

[1]
freedomofpress/securedrop-updater@42a55c7

Co-authored-by: Michael Z <michael@freedom.press>
@zenmonkeykstop
Merge pull request freedomofpress#922 from freedomofpress/fix-versioning
f5a582a 
Just set `Version` in RPM spec
@legoktm
Don't install dev deps in the RPM build container
3d53304 
The RPM build container needs to be highly trustworthy, so it should
only contain things from Fedora itself and any audited code. We don't
audit development dependencies, so we shouldn't be installing them into
the build container.

We split the container used by `./scripts/container.sh` into two, a
base, build container and then a container layered on top with dev
dependencies.

Functionally this should be a no-op since none of the dependencies are
used at build time but it cuts down on the risk of malicious code
injection.

Fixes freedomofpress#921.
@zenmonkeykstop
Merge pull request freedomofpress#924 from freedomofpress/pristine-bu…
33a1ca2 
…ilds

Don't install dev deps in the RPM build container
@zenmonkeykstop
SecureDrop Workstation 0.9.0
575d013 
(cherry picked from commit d549929)
@legoktm
Merge pull request freedomofpress#930 from freedomofpress/update-0_9_…
0630dfa 
…0-changelog

Backport SecureDrop Workstation 0.9.0 changelog
@leee
Migrate to GitHub Actions away from CircleCI
c4cc3e3
@legoktm
Merge pull request freedomofpress#931 from freedomofpress/migrate-to-…
c2fdabe 
…github-actions

Migrate to GitHub Actions
@legoktm
Enable dependabot for GitHub Actions
6afefb9
@zenmonkeykstop
Merge pull request freedomofpress#933 from freedomofpress/gha-dependabot
71a797c 
Enable dependabot for GitHub Actions
@dependabot
Bump actions/checkout from 3 to 4
c8f44fa 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@legoktm
Merge pull request freedomofpress#935 from freedomofpress/dependabot/…
a60b289 
…github_actions/actions/checkout-4

Bump actions/checkout from 3 to 4
@legoktm @zenmonkeykstop
tests: Avoid repeating Fedora version in specific test
49a968c 
We have the CURRENT_FEDORA_VERSION/TEMPLATE constants for this purpose.
@zenmonkeykstop
Merge pull request freedomofpress#926 from freedomofpress/dry-tests-f…
69d7efd 
…edora

tests: Avoid repeating Fedora version in specific test
@eloquence
Make gpg tests more resilient
b3a892f 
- Succeed if expected key is present in sd-gpg
- Fail if no key is present locally or remotely
@eloquence
Remove outdated comment; tweak test
243230f
@eloquence
Reorganize keyring test setup and assertions
a02930f
@zenmonkeykstop
Merge pull request freedomofpress#875 from freedomofpress/gpg-tests
4b1ebfb 
Make `gpg` tests more resilient
@zenmonkeykstop
Adding migration flag
14b0c56
@zenmonkeykstop
fix up version updater to set RPM spec Version: field correctly
a358c2b
@zenmonkeykstop
updated version to 0.9.0-rc1
97b7c7f
@zenmonkeykstop
Updated spec file to reflect versioning fix in freedomofpress#922
181d796
@rocodes @zenmonkeykstop
Support Whonix 17.
ac9eb2f 
Specify whonix template version and use qvm.template_installed to ensure it is present. Update migration flag and vm_tests.
@zenmonkeykstop
commenting out migration flag for main merge
66b737b
@zenmonkeykstop
Merge pull request freedomofpress#938 from freedomofpress/whonix-17
2b3b03d 
Support Whonix 17
@zenmonkeykstop
Updated version to 0.10.0-rc1
469abf5
@rocodes
Merge pull request freedomofpress#940 from freedomofpress/sdw-0.10.0-…
3b14cb4 
…rc1-bump

Update version to 0.10.0-rc1
@zenmonkeykstop
Bump version to 0.10.0-rc2; force migration on next update
1ad4f01
@legoktm
Merge pull request freedomofpress#941 from freedomofpress/version-0.1…
c57b1ca 
…0.0-rc2-bump

[0.10.0] Version 0.10.0 rc2 bump
zenmonkeykstop and others added 2 commits February 8, 2024 10:45
@zenmonkeykstop
SecureDrop Workstation 0.10.0
47355d0 
- Updated sd-whonix to use the Whonix 17 gateway base template
@philmcmahon
Merge tag '0.10.0' into pm-merge-0.10.0-fop
b66d95a 
Securedrop Workstation 0.10.0
@philmcmahon philmcmahon mentioned this pull request Mar 5, 2024
Merged
@zekehuntergreen
Copy link
Collaborator

Looks good! It seems like failed ci jobs have to do with formatting?
Might need to run black on the whole repo.

@philmcmahon
Copy link
Collaborator Author

philmcmahon commented Mar 12, 2024
edited
Loading

Thanks @zekehuntergreen - for future reference I ran:

  • (make new virtualenv using pyenv-virtualenv)
  • python3 setup.py install
  • pip3 install flake8
  • make lint

@philmcmahon philmcmahon merged commit 78e9e69 into main Mar 12, 2024
philmcmahon pushed a commit that referenced this pull request Jul 4, 2024
@legoktm @cfm
Merge pull request #8 from freedomofpress/7-containerize-build-test
4f6225b 
Containerize build and test environment, add some developer tools

(cherry picked from commit freedomofpress/securedrop-updater@9b2d169)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zekehuntergreen zekehuntergreen zekehuntergreen approved these changes

@marjisound marjisound Awaiting requested review from marjisound

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@philmcmahon @zekehuntergreen @zenmonkeykstop @legoktm @leee @eloquence @rocodes