Merge pull request #4205 from freedomofpress/4201-4204-to-0.12.0

[0.12.0] [xenial] Restart haveged and apparmor and update builder images

install_files/ansible-base/roles/app/handlers/main.yml

@@ -19,6 +19,13 @@
     name: securedrop_worker
     state: present
 
+## Here, we list apparmor before haveged to ensure the correct AppArmor
+## profile is loaded prior to restarting haveged
+- name: restart apparmor
+  service:
+    name: apparmor
+    state: restarted
+
 - name: restart haveged
   service:
     name: haveged

install_files/ansible-base/roles/app/tasks/configure_haveged.yml

@@ -75,6 +75,9 @@
     line: "After=apparmor.service systemd-random-seed.service"
     backrefs: yes
   when: haveged_apparmor.stat.exists
+  notify:
+    - restart apparmor
+    - restart haveged
   tags:
     - haveged
     - hardening

molecule/builder-trusty/image_hash

@@ -1,2 +1,2 @@
-# sha256 digest quay.io/freedomofpress/sd-docker-builder:2019_02_25
-719778910c86404177836da0442f9edf9d63f313b93575211bcc29f8ef6c8f76
+# sha256 digest quay.io/freedomofpress/sd-docker-builder:2019_02_26
+6b61ef9a80df39721e04d9326c1ed5dc812b0594657e10b81a37501c860fb4ca

molecule/builder-xenial/image_hash

@@ -1,2 +1,2 @@
-# sha256 digest quay.io/freedomofpress/sd-docker-builder-xenial:2019_02_25
-229f05cba83312f93ae465c3d5751541c7e9a33d5b8892108deb3aff8535d61a
+# sha256 digest quay.io/freedomofpress/sd-docker-builder-xenial:2019_02_26
+20ea729cf47f78edd9a5e34b0254e6bac9528ceca336151ffa7e81eb106fc3e8