redshiftzero

$ hey -z 1m -c 50 -m GET https://tor-apt.freedom.press/dists/trusty/Release
Summary:
  Total:	60.3476 secs
  Slowest:	1.2616 secs
  Fastest:	0.0277 secs
  Average:	0.0860 secs
  Requests/sec:	578.8131
  Total data:	101995600 bytes
  Size/request:	2920 bytes

redshiftzero

---
# Playbook to update SecureDrop VMs configured with the latest stable release
# to use the release candiate packages from apt-test.freedom.press (rather
# than apt.freedom.press). Updates the apt repo pubkey with a testing pubkey,
# and alters the apt source lists to point to the test server.
#
# Steps to use this playbook:
#
#   1. `git checkout 1.2.2`
#   2. Provision prod VMs.

redshiftzero

import zlib
import itsdangerous
import argparse


def read_flask_cookie(cookie):
    compressed_data = itsdangerous.base64_decode(cookie.split(".")[1])
    return zlib.decompress(compressed_data)

redshiftzero

$ vagrant -v
Vagrant 2.1.2
$ vagrant up app-staging
Bringing machine 'app-staging' up with 'virtualbox' provider...
==> app-staging: Importing base box 'bento/ubuntu-14.04'...
==> app-staging: Matching MAC address for NAT networking...
==> app-staging: Checking if box 'bento/ubuntu-14.04' is up to date...
==> app-staging: A newer version of the box 'bento/ubuntu-14.04' for provider 'virtualbox' is
==> app-staging: available! You currently have version '201803.24.0'. The latest is version
==> app-staging: '201806.08.0'. Run `vagrant box update` to update.

redshiftzero

Building securedrop-proxy 0.1.1 and securedrop-client 0.0.2

Following build guidelines in PR #9, in a Debian AppVM:

1. make install-deps
2. make syncwheels

securedrop-client

redshiftzero

For 0.11 release changes

Get an API token

$ curl -X POST -H "Content-Type: application/json" --data '{"username":"myusername","passphrase":"mypassword","one_time_code":"123456"}' --proxy socks5h://127.0.0.1:9150 myonionaddress.onion/api/v1/token

The response body will contain a token.

redshiftzero

redshiftzero  nimloth  ../securedrop-prod-specific-test $  git init
Initialized empty Git repository in /Users/redshiftzero/Documents/Github/securedrop-prod-specific-test/.git/

 redshiftzero  nimloth  ../securedrop-prod-specific-test $  ls

 redshiftzero  nimloth  ../securedrop-prod-specific-test $  vi prod-specific.yml  # Add prod-specific.yml from 0.3.12

 redshiftzero  nimloth  ../securedrop-prod-specific-test $  git add prod-specific.yml

 redshiftzero  nimloth  ../securedrop-prod-specific-test $  git commit

redshiftzero

#!/usr/bin/env python3
from pytm.pytm import Actor, Boundary, Dataflow, Datastore, Element, ExternalEntity, Process, TM, Server

tm = TM("SecureDrop")
tm.description = "SecureDrop core threat model"

# Trust boundaries
source_area = Boundary("Source Area")
securedrop_area = Boundary("SecureDrop Area")
external_services = Boundary("External Services")

redshiftzero

#!/opt/venvs/securedrop-app-code/bin/python
import pretty_bad_protocol as gnupg
import scrypt
import threading
import time
from base64 import b32encode

KEY_LEN = 4096
SCRYPT_PARAMS = dict(N=2**14, r=8, p=1)

redshiftzero

digraph g {
  "sd-proxy-buster-template" -> "sd-log" [label="securedrop.Log" color=red];
  "sd-devices" -> "sd-log" [label="securedrop.Log" color=red];
  "sd-devices-dvm" -> "sd-log" [label="securedrop.Log" color=red];
  "sd-whonix" -> "sd-log" [label="securedrop.Log" color=red];
  "sd-gpg" -> "sd-log" [label="securedrop.Log" color=red];
  "sd-proxy" -> "sd-log" [label="securedrop.Log" color=red];
  "sd-devices-buster-template" -> "sd-log" [label="securedrop.Log" color=red];
  "sd-app-buster-template" -> "sd-log" [label="securedrop.Log" color=red];
  "securedrop-workstation-buster" -> "sd-log" [label="securedrop.Log" color=red];