rocodes
rocodes
> One thing I haven't yet figured out is poetry compatibility across bookworm and trixie. We can't set package-mode = false, but installing with poetry install --no-root works. I may...
For whatever reason, I couldn't install poetry that way per my comment in #2435. I could spend more time trying to make it work, e.g. by using `--break-system-packages` to force...
Thanks for noting this. I think the friendliest thing to do might be, instead of deleting the logind override file in `securedrop-logind-override-disable` service, to instead ship a higher priority file...
Just to expand a bit on the options here: * #1053 alone would not solve the issue of "don't ship test artifacts in the prod rpm" (which I agree we...
### rpm build options (option 2) Initially I proposed conditional builds with macros ( `if %buildcondition ...`), where the conditions were on by default and represented prod settings. Now that...
Last idea: I think we could also combine the options, eg: - provision supplementary "staging" and "dev" packages signed by our test key that provision test/staging files to a separate...
After thinking about it (and also related issues such as https://github.com/freedomofpress/securedrop-workstation/issues/1178) I am leaning towards something like this: - separate keyring/repo bootstrap package where the prod keyring package and rpm...
Reviving this ticket to talk a bit about the various build environments we support. (Added this issue temporarily to the 1.1.0 milestone so that we make sure to discuss it;...
Now that we're planning to ship a boostrap rpm with the yum .repo file and signing key, this opens up the possibility to (work towards) deprecating at least the dynamic...
So after all that context, here's my rough proposal: * **Prod install**: dom0 config rpm + securedrop-keyring package (prod key signed, yum.securedrop.org) * **Staging install:** dom0 config rpm + securedrop-keyring-staging...