conorsch/copy-sd-staging-creds-to-sdw.py

## copy-sd-staging-creds-to-sdw.py
#!/usr/bin/env python3
# Utility script to copy SecureDrop staging VM connection info
# from a "securedrop" repo to a "securedrop-workstation" repo,
# formatted for use in securedrop-workstation provisioning.
# The CWD where this script is run should contain:
#
#   * config.json - which will has its "hidserv.hostname" and "hidserv.key" overridden
#   * sd-journalist.sec - containing the private key whose pubkey is on SD Application Server
#
# Also make sure the fingerprint is correct (staging by default is
# 65A1B5FF195B56353CC63DFFCC40EF1228271441).

import json
import os
from pathlib import Path
from collections import namedtuple
from shutil import copyfile


SECUREDROP_DIRECTORY = Path(os.getenv("SECUREDROP_DIRECTORY", "/home/user/securedrop"))
SECUREDROP_WORKSTATION_DIRECTORY = Path(
    os.getenv("SECUREDROP_WORKSTATION_DIRECTORY", "/home/user/securedrop-workstation")
)

OnionService = namedtuple("OnionService", ["url", "auth_key"])


def get_onion_info() -> OnionService:
    onion_file = SECUREDROP_DIRECTORY.joinpath(
        Path("install_files/ansible-base/app-journalist.auth_private")
    )
    with open(onion_file, "r") as f:
        onion_base, _, _, onion_key = f.read().rstrip().split(":")
    onion = OnionService(onion_base + ".onion", onion_key)
    return onion


def clobber_config(onion):
    config_json = "config.json"
    with open("config.json", "r") as f:
        c = json.load(f)

    c["hidserv"]["hostname"] = onion.url
    c["hidserv"]["key"] = onion.auth_key

    with open("config.json", "w") as f:
        f.write(json.dumps(c, indent=2))


def copy_config():
    for f in "config.json", "sd-journalist.sec":
        p = Path(SECUREDROP_WORKSTATION_DIRECTORY.joinpath(f))
        copyfile(f, p)


if __name__ == "__main__":
    o = get_onion_info()
    clobber_config(o)
    copy_config()
	#!/usr/bin/env python3
	# Utility script to copy SecureDrop staging VM connection info
	# from a "securedrop" repo to a "securedrop-workstation" repo,
	# formatted for use in securedrop-workstation provisioning.
	# The CWD where this script is run should contain:
	#
	# * config.json - which will has its "hidserv.hostname" and "hidserv.key" overridden
	# * sd-journalist.sec - containing the private key whose pubkey is on SD Application Server
	#
	# Also make sure the fingerprint is correct (staging by default is
	# 65A1B5FF195B56353CC63DFFCC40EF1228271441).

	import json
	import os
	from pathlib import Path
	from collections import namedtuple
	from shutil import copyfile


	SECUREDROP_DIRECTORY = Path(os.getenv("SECUREDROP_DIRECTORY", "/home/user/securedrop"))
	SECUREDROP_WORKSTATION_DIRECTORY = Path(
	os.getenv("SECUREDROP_WORKSTATION_DIRECTORY", "/home/user/securedrop-workstation")
	)

	OnionService = namedtuple("OnionService", ["url", "auth_key"])


	def get_onion_info() -> OnionService:
	onion_file = SECUREDROP_DIRECTORY.joinpath(
	Path("install_files/ansible-base/app-journalist.auth_private")
	)
	with open(onion_file, "r") as f:
	onion_base, _, _, onion_key = f.read().rstrip().split(":")
	onion = OnionService(onion_base + ".onion", onion_key)
	return onion


	def clobber_config(onion):
	config_json = "config.json"
	with open("config.json", "r") as f:
	c = json.load(f)

	c["hidserv"]["hostname"] = onion.url
	c["hidserv"]["key"] = onion.auth_key

	with open("config.json", "w") as f:
	f.write(json.dumps(c, indent=2))


	def copy_config():
	for f in "config.json", "sd-journalist.sec":
	p = Path(SECUREDROP_WORKSTATION_DIRECTORY.joinpath(f))
	copyfile(f, p)


	if __name__ == "__main__":
	o = get_onion_info()
	clobber_config(o)
	copy_config()