Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

securedrop_client.sdk should also be configured via QubesDB #2040

Open
cfm opened this issue May 30, 2024 · 0 comments · May be fixed by #2236
Open

securedrop_client.sdk should also be configured via QubesDB #2040

cfm opened this issue May 30, 2024 · 0 comments · May be fixed by #2236
Assignees
@legoktm
Labels
sdk

Comments

@cfm
Copy link
Member

cfm commented May 30, 2024

Description

securedrop_client.sdk is still using a configuration file:

securedrop-client/client/securedrop_client/sdk/__init__.py

Lines 105 to 112 in 86b1d07

self.proxy_vm_name = DEFAULT_PROXY_VM_NAME
config = configparser.ConfigParser()
try:
if os.path.exists("/etc/sd-sdk.conf"):
config.read("/etc/sd-sdk.conf")
self.proxy_vm_name = config["proxy"]["name"]
except Exception:
pass # We already have a default name

After #1883, it should be configured via QubesDB.

How will this impact SecureDrop users?

No user-facing changes.

How would this affect the SecureDrop Workstation threat model?

No threat-model considerations beyond those already evaluated for #1883.
@legoktm legoktm self-assigned this Sep 20, 2024
legoktm added a commit that referenced this issue Sep 20, 2024
@legoktm
sdk: Configure custom proxy VM via QubesDB/env; update docs
9177ade 
Instead of using a custom `/etc/sd-sdk.conf` for setting a custom proxy
VM, use our now established pattern of using QubesDB or the environment.

I am somewhat dubious of the use case of using a different proxy VM, but
I can see how it could be useful for some debugging operations.

Update and remove a lot of documentation around updating VCR cassettes
that was outdated but referenced this configuration mechanism.

Fixes #2040.
@legoktm legoktm linked a pull request Sep 20, 2024 that will close this issue
Open
5 tasks
legoktm added a commit that referenced this issue Sep 20, 2024
@legoktm
sdk: Configure custom proxy VM via QubesDB/env; update docs
aca5e2b 
Instead of using a custom `/etc/sd-sdk.conf` for setting a custom proxy
VM, use our now established pattern of using QubesDB or the environment.

I am somewhat dubious of the use case of using a different proxy VM, but
I can see how it could be useful for some debugging operations.

Update and remove a lot of documentation around updating VCR cassettes
that was outdated but referenced this configuration mechanism.

Fixes #2040.
@legoktm legoktm added the sdk label Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@legoktm legoktm

Labels
sdk
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

sdk: Configure custom proxy VM via QubesDB/env; update docs freedomofpress/securedrop-client
2 participants
@legoktm @cfm