forked from freedomofpress/securedrop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup_ubuntu.sh
executable file
·142 lines (117 loc) · 4.93 KB
/
setup_ubuntu.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#! /bin/bash
# stop setup script if any command fails
set -e
# uncomment to print debugging information
#set -x
#check platform and distro
opsys=`uname`
if [[ $opsys != 'Linux' ]]; then
echo "This setup script only works for Linux platforms. Exiting script."
exit 1
fi
distro=$(cat /etc/*-release | grep DISTRIB_ID | cut -d"=" -f 2)
if [[ $distro != "Ubuntu" && $distro != "Debian" ]]; then
echo "This setup script only works for Ubuntu/Debian systems. Exiting script."
exit 1
fi
# define colored output for some statements
bold=$(tput bold)
blue=$(tput setaf 4)
red=$(tput setaf 1)
normalcolor=$(tput sgr 0)
DEPENDENCIES='gnupg2 secure-delete haveged python-dev python-pip python-virtualenv'
echo "Welcome to the SecureDrop setup script for Debian/Ubuntu."
# Since this script lives in the top level of the securedrop repository, it is
# natural to expect that users will have cloned the repo, cd'ed into it, and
# are now running ./setup_ubuntu.sh. We will check that this is the case, and
# if so can skip some later steps.
if [[ -d ".git" && -n `grep "securedrop" .git/config` ]]; then
cd .. # run this script in the directory *containing* the securedrop git repo
else
echo "You are not running this script inside the Securedrop repo."
echo "Do you need to clone the SecureDrop repo? [Y/N]"
read gitans
if [[ $gitans = 'y' || $gitans = 'Y' ]]; then
echo "Type the path of where you would like to clone it, and then push ENTER."
read sdpath
cd $sdpath
echo "If you are cloning from your own fork, type your Github username and push ENTER. If not, leave it blank and push ENTER."
read gitusername
if [[ $gitusername != "" ]]; then
echo "Cloning the repo from "$gitusername "..."
git clone https://github.com/$gitusername/securedrop.git
else
echo "Cloning the repo..."
git clone https://github.com/freedomofpress/securedrop.git
fi
fi
fi
if [ ! -d "securedrop" ]; then
echo "Couldn't find the securedrop repo... exiting!"
exit 1
fi
echo "Installing dependencies: "$DEPENDENCIES
sudo apt-get -y install $DEPENDENCIES
# continue working in the application directory
cd securedrop/securedrop
echo "Setting up the virtual environment..."
virtualenv env
source env/bin/activate
pip install --upgrade distribute
pip install -r source-requirements.txt
pip install -r document-requirements.txt
echo "Setting up configurations..."
# set up the securedrop root directory
cp example_config.py config.py
securedrop_root=$(pwd)/.securedrop
sed -i "s@ SECUREDROP_ROOT='/tmp/securedrop'@ SECUREDROP_ROOT='$securedrop_root'@" config.py
mkdir -p $securedrop_root/{store,keys,tmp}
keypath=$securedrop_root/keys
# avoid the "unsafe permissions on GPG homedir" warning
chmod 700 $keypath
# generate and store random values required by config.py
secret_key=$(python -c 'import os; print os.urandom(32).__repr__().replace("\\","\\\\")')
bcrypt_id_salt=$(python -c 'import bcrypt; print bcrypt.gensalt()')
bcrypt_gpg_salt=$(python -c 'import bcrypt; print bcrypt.gensalt()')
sed -i "s@ SECRET_KEY.*@ SECRET_KEY=$secret_key@" config.py
sed -i "s@^BCRYPT_ID_SALT.*@BCRYPT_ID_SALT='$bcrypt_id_salt'@" config.py
sed -i "s@^BCRYPT_GPG_SALT.*@BCRYPT_GPG_SALT='$bcrypt_gpg_salt'@" config.py
# initialize development database (using sqlite by default)
echo "Creating database tables..."
python -c 'import db; db.create_tables()'
echo ""
echo "You will need a journalist key for development."
echo "Would you like to generate one or use the key included?"
echo "If you're not familiar with gpg2, you ought to import the key."
echo "$bold$blue Use these keys for development and testing only, NEVER production."
echo $normalcolor
echo "Type 'g' and push ENTER to generate, otherwise leave blank and push ENTER."
read genkey
if [[ $genkey != "" ]]; then
echo "Generating new key."
gpg2 --homedir $keypath --gen-key
else
echo "Importing key included in the repo."
gpg2 --homedir $keypath --import test_journalist_key.*
fi
# get journalist key fingerpint from gpg2, remove spaces, and put into config file
journalistkey=$(gpg2 --homedir $keypath --fingerprint | grep fingerprint | cut -d"=" -f 2 | sed 's/ //g' | head -n 1)
echo "Using journalist key with fingerprint $journalistkey"
sed -i "s@^JOURNALIST_KEY.*@JOURNALIST_KEY='$journalistkey'@" config.py
echo ""
echo "Running unit tests... these should all pass!"
set +e # turn this flag off so we can checks if the tests failed
python test.py
if [[ $? != 0 ]]; then
echo "$bold$red It looks like something went wrong in your dev setup."
echo "Feel free to open an issue on Github: https://github.com/freedomofpress/securedrop/issues/new"
echo $normalcolor
fi
echo $bold$blue
echo "And you're done!"
echo $normalcolor
echo "To make sure everything works, try running the app in the development environment:"
echo "cd securedrop"
echo ". env/bin/activate"
echo "python source.py"
echo "python journalist.py"