Do not declare logo as conffile

Resolves #5850
freedomofpress · Sep 21, 2021 · 7effd06 · 7effd06
1 parent a6b478f
commit 7effd06
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 12 deletions.
diff --git a/install_files/securedrop-app-code/debian/conffiles b/install_files/securedrop-app-code/debian/conffiles
@@ -1 +0,0 @@
-/var/www/securedrop/static/i/logo.png

diff --git a/install_files/securedrop-app-code/debian/preinst b/install_files/securedrop-app-code/debian/preinst
@@ -94,13 +94,6 @@ case "$1" in
       permanently_disable_swap
       convert_document_to_journalist_interface
 
-      if [ -n "$2" ] && [ "$2" = "0.3" ] ; then
-        # Copy the custom logo (workaround due to #911)
-        cp /var/www/securedrop/static/i/logo.png /tmp/securedrop_custom_logo.png
-        # Remove the custom logo so we don't get an error from dpkg conffiles
-        rm /var/www/securedrop/static/i/logo.png
-      fi
-
       if service_exists 'haveged'; then
         systemctl stop haveged
         systemctl disable haveged

diff --git a/molecule/builder-focal/tests/test_securedrop_deb_package.py b/molecule/builder-focal/tests/test_securedrop_deb_package.py
@@ -303,7 +303,7 @@ def test_deb_package_contains_no_generated_assets(securedrop_app_code_contents:
 @pytest.mark.parametrize("deb", deb_paths.values())
 def test_deb_package_contains_expected_conffiles(host: Host, deb: Path):
     """
-    Ensures the `securedrop-app-code` package declares only whitelisted
+    Ensures the `securedrop-app-code` package declares only allow-listed
     `conffiles`. Several files in `/etc/` would automatically be marked
     conffiles, which would break unattended updates to critical package
     functionality such as AppArmor profiles. This test validates overrides
@@ -319,10 +319,11 @@ def test_deb_package_contains_expected_conffiles(host: Host, deb: Path):
         f = host.file(conffiles_path)
 
         assert f.is_file
-        # Ensure that the entirety of the file lists only the logo as conffile;
-        # effectively ensures e.g. AppArmor profiles are not conffiles.
+
         conffiles = f.content_string.rstrip()
-        assert conffiles == "/var/www/securedrop/static/i/logo.png"
+
+        # No files are currently allow-listed to be conffiles
+        assert conffiles == ""
 
     # For the securedrop-config package, we want to ensure there are no
     # conffiles so securedrop_additions.sh is squashed every time