Skip to content

rocodes/securedrop-https-everywhere-ruleset

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
.github
.github
 
 
docker
docker
 
 
rulesets
rulesets
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
default.rulesets.1588004096.gz
default.rulesets.1588004096.gz
 
 
default.rulesets.1593528236.gz
default.rulesets.1593528236.gz
 
 
default.rulesets.1596120728.gz
default.rulesets.1596120728.gz
 
 
default.rulesets.1603895824.gz
default.rulesets.1603895824.gz
 
 
default.rulesets.1607477429.gz
default.rulesets.1607477429.gz
 
 
default.rulesets.1608596542.gz
default.rulesets.1608596542.gz
 
 
default.rulesets.1610485177.gz
default.rulesets.1610485177.gz
 
 
default.rulesets.1610486469.gz
default.rulesets.1610486469.gz
 
 
default.rulesets.1611616447.gz
default.rulesets.1611616447.gz
 
 
dev-requirements.in
dev-requirements.in
 
 
dev-requirements.txt
dev-requirements.txt
 
 
index.html
index.html
 
 
jwk.py
jwk.py
 
 
latest-rulesets-timestamp
latest-rulesets-timestamp
 
 
onboarded.txt
onboarded.txt
 
 
pgppubkey_to_jwk.py
pgppubkey_to_jwk.py
 
 
public_release.pem
public_release.pem
 
 
release-pubkey.jwk
release-pubkey.jwk
 
 
requirements.in
requirements.in
 
 
requirements.txt
requirements.txt
 
 
rulesets-signature.1588004096.sha256
rulesets-signature.1588004096.sha256
 
 
rulesets-signature.1593528236.sha256
rulesets-signature.1593528236.sha256
 
 
rulesets-signature.1596120728.sha256
rulesets-signature.1596120728.sha256
 
 
rulesets-signature.1603895824.sha256
rulesets-signature.1603895824.sha256
 
 
rulesets-signature.1607477429.sha256
rulesets-signature.1607477429.sha256
 
 
rulesets-signature.1608596542.sha256
rulesets-signature.1608596542.sha256
 
 
rulesets-signature.1610485177.sha256
rulesets-signature.1610485177.sha256
 
 
rulesets-signature.1610486469.sha256
rulesets-signature.1610486469.sha256
 
 
rulesets-signature.1611616447.sha256
rulesets-signature.1611616447.sha256
 
 
sddir.py
sddir.py
 
 
update_index.sh
update_index.sh
 
 

Repository files navigation

HTTPS-Everywhere Rulesets for SecureDrop

Development

Setup:

virtualenv --python=python3 .venv
source .venv/bin/activate
pip install --require-hashes --no-deps -r requirements.txt

You can create a test key for signing using:

make test-key

which will create test-key.jwk in your current working directory.

Updating Rulesets

Adding a new organization

  1. Ensure they are in the official SecureDrop directory. If they are not, go through the IVF process with the organization.

  2. Add their domain name and the requested URL to the onboarded.txt via PR into this repository. We match the domain based on the landing page of the organization, comparing the netloc in a URL with structure scheme://netloc/path;parameters?query#fragment.

  3. Next, generate and sign the update ruleset using the following command (requires signing key, please ping @emkll for assistance):

./scripts/generate-and-sign
  1. Commit all files generated by the script above and open a Pull Request to this repository. Once the PR is merged, the rulesets will automatically be deployed to production.

Verifying changes

Inspect the diff. If it looks good, commit the resulting index.html and all files to be served. To test locally, run

make serve

And configure your browser to use http://localhost:4080/https-everywhere/.

Deployment

Upon merge the container will be published to quay.io/freedomofpress and the new tag will be deployed automatically.

About

HTTPS Everywhere ruleset for human-readable Onion URLs for SecureDrop instances

securedrop.org/https-everywhere/

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 46.4%
  • Shell 29.6%
  • Makefile 12.1%
  • Dockerfile 8.3%
  • HTML 3.6%