Evaluating new deb package behavior

The SDW config logic installs deb packages from FPF-controlled apt repos, for various other components of the SDW architecture, such as:

• https://github.com/freedomofpress/securedrop-client
• https://github.com/freedomofpress/securedrop-export
• https://github.com/freedomofpress/securedrop-proxy
• https://github.com/freedomofpress/securedrop-log

Installing candidate deb packages, before they've been uploaded to an apt repo, requires some local modifications. In these cases, you'll want to:

1. Modify the component code on a feature branch in the component repo
2. Build a new source tarball from the component feature branch
3. Update the version in the debian-packaging repo, build deb pkg
4. Copy deb package to ./sd-workstation/ in this repo
5. Then use a temporary patch to prefer the locally built deb to the apt repo version:

diff --git a/dom0/sd-logging-setup.sls b/dom0/sd-logging-setup.sls
index 64db8ae..4331540 100644
--- a/dom0/sd-logging-setup.sls
+++ b/dom0/sd-logging-setup.sls
@@ -6,12 +6,15 @@ include:
 
 {% if "template" in grains['id'] or grains['id'] in ["securedrop-workstation-buster", "whonix-gw-15"] %}
 # Install securedrop-log package in TemplateVMs only
+# TEMPORARY: use local custom deb, to test new package
+# without vmname hardcoded in config
 install-securedrop-log-package:
-  pkg.installed:
-    - pkgs:
-      - securedrop-log
-    - require:
-      - sls: fpf-apt-test-repo
+  file.managed:
+   - name: /opt/securedrop-log.deb
+   - source: salt://sd/sd-workstation/securedrop-log_0.1.1+buster_all.deb
+   - mode: 644
+  cmd.run:
+   - name: apt install -y /opt/securedrop-log.deb
 {% endif %}
 
 {% if grains['id'] == "sd-log-buster-template" %}

Make sure to commit a temporary patch as part of your PR, but state in the test plan that it should be dropped/reverted prior to merge.