Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0.13.0] Backport 4435 to 0.13.0 #4443

Merged
merged 5 commits into from
May 17, 2019
Merged

[0.13.0] Backport 4435 to 0.13.0 #4443

merged 5 commits into from
May 17, 2019

Conversation

emkll
Copy link
Contributor

@emkll emkll commented May 16, 2019
edited by zenmonkeykstop
Loading

Status

Ready for review

Description of Changes

Backports #4435 to the 0.13.0 release branch

Testing

@emkll emkll requested a review from zenmonkeykstop May 16, 2019 17:04
emkll added 5 commits May 16, 2019 16:27
@emkll
Require hashes in admin Dockerfile
593253d 
(cherry picked from commit 78cfd00)
@emkll
Improve app build logic to use source tarball hashes for integrity
fbc852f 
Use no-binary and require hashes option at wheel build time, and generate new requirements file (without hashes) for securedrop-app-code deb package. This is because dpkg-buildpackage modifies the zip data of the built wheel files, making it difficult to require hashes at install-time server-side. The deb package is signed and as such would be difficult to tamper with wheel contents in transit

(cherry picked from commit 4418f4c)
@emkll
Use system package for python-wheel
037dd66 
This will make the build process marginally faster and provide better integrity

(cherry picked from commit 3936aec)
@emkll
Update builder image
6d6b4f0 
Adds python-wheel and latest security patches

(cherry picked from commit 6cf4392)
@emkll
Fail explicitly on hash mismatch at build-time
2b645bc 
Before, build would fail due to absence of wheels in the /var/securedrop/wheelhouse, at a later step.

(cherry picked from commit bd2f1cb)
@emkll emkll force-pushed the backport-4435-to-0.13.0 branch from acf4b57 to 2b645bc Compare May 16, 2019 20:27
@codecov-io
Copy link

Codecov Report

Merging #4443 into release/0.13.0 will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@               Coverage Diff               @@
##           release/0.13.0    #4443   +/-   ##
===============================================
  Coverage           83.72%   83.72%           
===============================================
  Files                  44       44           
  Lines                2956     2956           
  Branches              321      321           
===============================================
  Hits                 2475     2475           
  Misses                404      404           
  Partials               77       77

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bb1b5c7...2b645bc. Read the comment docs.

zenmonkeykstop
zenmonkeykstop approved these changes May 17, 2019
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zenmonkeykstop zenmonkeykstop merged commit 4570a64 into release/0.13.0 May 17, 2019
@zenmonkeykstop zenmonkeykstop deleted the backport-4435-to-0.13.0 branch May 17, 2019 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@heartsucker heartsucker Awaiting requested review from heartsucker

@kushaldas kushaldas Awaiting requested review from kushaldas

@msheiny msheiny Awaiting requested review from msheiny

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@emkll @codecov-io @zenmonkeykstop