Merge branch 'develop' into add-types-to-api-in-journalist-app

molecule/fetch-tor-packages/create.yml

@@ -7,14 +7,12 @@
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
     molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
     molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
-    # Use same container image as the Xenial build scenario
-    image_hash: "{{ lookup('pipe', 'egrep -v ^# ../builder-xenial/image_hash') }}"
   tasks:
     - name: Create molecule instance(s)
       docker_container:
         name: "{{ item.name }}"
-        # Use same container image as the Xenial build scenario
-        image: "quay.io/freedomofpress/sd-docker-builder-xenial@sha256:{{ image_hash }}"
+        # Use same container image as the build scenario
+        image: "{{ item.image }}@sha256:{{ lookup('pipe', 'egrep -v ^# ../builder-'+item.distro+'/image_hash') }}"
         state: started
         recreate: False
         command: "{{ item.command | default('sleep infinity') }}"

molecule/fetch-tor-packages/molecule.yml

@@ -7,6 +7,12 @@ lint:
   name: yamllint
 platforms:
   - name: tor-package-fetcher-xenial
+    image: "quay.io/freedomofpress/sd-docker-builder-xenial"
+    distro: xenial
+
+  - name: tor-package-fetcher-focal
+    image: "quay.io/freedomofpress/sd-docker-builder-focal"
+    distro: focal
 
 provisioner:
   name: ansible

molecule/fetch-tor-packages/playbook.yml

@@ -12,7 +12,7 @@
     tor_repo_pubkey: "{{ sd_repo_root + '/install_files/ansible-base/roles/tor-hidden-services/files/tor-signing-key.pub' }}"
     tor_repo_url: "deb https://deb.torproject.org/torproject.org {{ ansible_distribution_release }} main"
     # Used to fetch a precise version; must also be updated in the test vars
-    tor_version: "0.4.3.6-1~xenial+1"
+    tor_version: "0.4.3.6-1~{{ ansible_distribution_release }}+1"
 
   tasks:
     - name: Add Tor apt repo pubkey

molecule/fetch-tor-packages/prepare.yml

@@ -4,4 +4,4 @@
   gather_facts: no
   tasks:
     - name: Install python
-      raw: apt-get update && apt-get install -qq python-minimal apt-transport-https
+      raw: apt-get update && apt-get install -qq python3 apt-transport-https

molecule/fetch-tor-packages/tests/test_tor_packages.py

@@ -2,13 +2,17 @@
 import pytest
 
 
-testinfra_hosts = ['docker://tor-package-fetcher-xenial']
+testinfra_hosts = [
+    "docker://tor-package-fetcher-xenial",
+    "docker://tor-package-fetcher-focal",
+]
 TOR_DOWNLOAD_DIR = "/tmp/tor-debs"
 TOR_PACKAGES = [
     {"name": "tor", "arch": "amd64"},
     {"name": "tor-geoipdb", "arch": "all"},
 ]
-TOR_VERSION = "0.4.3.6-1~xenial+1"
+# The '{}' will be replaced with platform, e.g. Focal
+TOR_VERSION_TEMPLATE = "0.4.3.6-1~{}+1"
 
 
 def test_tor_apt_repo(host):
@@ -27,24 +31,25 @@ def test_tor_package_versions(host, pkg):
     """
     Inspect package info and confirm we're getting the version we expect.
     """
-    package_name = "{}_{}_{}.deb".format(pkg["name"], TOR_VERSION, pkg["arch"])
+    tor_version = TOR_VERSION_TEMPLATE.format(host.system_info.codename)
+    package_name = "{}_{}_{}.deb".format(pkg["name"], tor_version, pkg["arch"])
     filepath = os.path.join(TOR_DOWNLOAD_DIR, package_name)
     f = host.file(filepath)
     assert f.exists
     assert f.is_file
 
     cmd = "dpkg-deb -f {} Version".format(filepath)
     package_version = host.check_output(cmd)
-    assert package_version == TOR_VERSION
+    assert package_version == tor_version
 
 
 def test_tor_package_platform(host):
     """
-    Sanity check to ensure we're running on Xenial, which is the only
-    option for SecureDrop distributions supported by upstream Tor Project.
+    Sanity check to ensure we're running on a version of Ubuntu
+    that is supported by the upstream Tor Project, i.e. Xenial or Focal.
     The Trusty channel was disabled by Tor Project on 2019-01-08.
     """
     assert host.system_info.type == "linux"
     assert host.system_info.distribution == "ubuntu"
-    assert host.system_info.codename == "xenial"
-    assert host.system_info.release == "16.04"
+    assert host.system_info.codename in ("xenial", "focal")
+    assert host.system_info.release in ("16.04", "20.04")

securedrop/journalist_templates/login.html

@@ -7,7 +7,7 @@ <h1>{{ gettext('Login to access the journalist interface') }}</h1>
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
   <p><input class="login-username" type="text" name="username" autocomplete="off" placeholder="{{ gettext('Username') }}" autofocus></p>
   <p><input class="login-password" id="login-form-password" type="password" name="password" placeholder="{{ gettext('Password') }}"></p>
-  <p class="show-password-checkbox-container"><label><input id="show-password-check" type="checkbox">Show password</label></p>
+  <p class="show-password-checkbox-container"><label><input id="show-password-check" type="checkbox">{{ gettext('Show password') }}</label></p>
   <p><input class="login-token" name="token" id="token" type="text" placeholder="{{ gettext('Two-factor Code') }}"></p>
   <button type="submit">{{ gettext('LOG IN') }}</button>
 </form>