Skip to content

Panga9309/securedrop-https-everywhere-ruleset

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

281 Commits
.github
.github
 
 
docker
docker
 
 
rulesets
rulesets
 
 
scripts
scripts
 
 
upstream
upstream
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
default.rulesets.1625068418.gz
default.rulesets.1625068418.gz
 
 
default.rulesets.1625864047.gz
default.rulesets.1625864047.gz
 
 
default.rulesets.1625865001.gz
default.rulesets.1625865001.gz
 
 
default.rulesets.1637775141.gz
default.rulesets.1637775141.gz
 
 
default.rulesets.1640130986.gz
default.rulesets.1640130986.gz
 
 
default.rulesets.1642634848.gz
default.rulesets.1642634848.gz
 
 
default.rulesets.1644257599.gz
default.rulesets.1644257599.gz
 
 
default.rulesets.1644258093.gz
default.rulesets.1644258093.gz
 
 
default.rulesets.1647556836.gz
default.rulesets.1647556836.gz
 
 
default.rulesets.1649867750.gz
default.rulesets.1649867750.gz
 
 
default.rulesets.1650641408.gz
default.rulesets.1650641408.gz
 
 
default.rulesets.1662127899.gz
default.rulesets.1662127899.gz
 
 
default.rulesets.1665153006.gz
default.rulesets.1665153006.gz
 
 
default.rulesets.1667947775.gz
default.rulesets.1667947775.gz
 
 
default.rulesets.1669822464.gz
default.rulesets.1669822464.gz
 
 
default.rulesets.1671034888.gz
default.rulesets.1671034888.gz
 
 
default.rulesets.1678138922.gz
default.rulesets.1678138922.gz
 
 
default.rulesets.1679933350.gz
default.rulesets.1679933350.gz
 
 
default.rulesets.1688046105.gz
default.rulesets.1688046105.gz
 
 
default.rulesets.1695855234.gz
default.rulesets.1695855234.gz
 
 
default.rulesets.1699316853.gz
default.rulesets.1699316853.gz
 
 
default.rulesets.1705008530.gz
default.rulesets.1705008530.gz
 
 
default.rulesets.1706124696.gz
default.rulesets.1706124696.gz
 
 
default.rulesets.1707500622.gz
default.rulesets.1707500622.gz
 
 
default.rulesets.1718736717.gz
default.rulesets.1718736717.gz
 
 
index.html
index.html
 
 
jwk.py
jwk.py
 
 
latest-rulesets-timestamp
latest-rulesets-timestamp
 
 
onboarded.txt
onboarded.txt
 
 
pgppubkey_to_jwk.py
pgppubkey_to_jwk.py
 
 
poetry.lock
poetry.lock
 
 
public_release.pem
public_release.pem
 
 
pyproject.toml
pyproject.toml
 
 
release-pubkey.jwk
release-pubkey.jwk
 
 
rulesets-signature.1625068418.sha256
rulesets-signature.1625068418.sha256
 
 
rulesets-signature.1625864047.sha256
rulesets-signature.1625864047.sha256
 
 
rulesets-signature.1625865001.sha256
rulesets-signature.1625865001.sha256
 
 
rulesets-signature.1637775141.sha256
rulesets-signature.1637775141.sha256
 
 
rulesets-signature.1640130986.sha256
rulesets-signature.1640130986.sha256
 
 
rulesets-signature.1642634848.sha256
rulesets-signature.1642634848.sha256
 
 
rulesets-signature.1644257599.sha256
rulesets-signature.1644257599.sha256
 
 
rulesets-signature.1644258093.sha256
rulesets-signature.1644258093.sha256
 
 
rulesets-signature.1647556836.sha256
rulesets-signature.1647556836.sha256
 
 
rulesets-signature.1649867750.sha256
rulesets-signature.1649867750.sha256
 
 
rulesets-signature.1650641408.sha256
rulesets-signature.1650641408.sha256
 
 
rulesets-signature.1662127899.sha256
rulesets-signature.1662127899.sha256
 
 
rulesets-signature.1665153006.sha256
rulesets-signature.1665153006.sha256
 
 
rulesets-signature.1667947775.sha256
rulesets-signature.1667947775.sha256
 
 
rulesets-signature.1669822464.sha256
rulesets-signature.1669822464.sha256
 
 
rulesets-signature.1671034888.sha256
rulesets-signature.1671034888.sha256
 
 
rulesets-signature.1678138922.sha256
rulesets-signature.1678138922.sha256
 
 
rulesets-signature.1679933350.sha256
rulesets-signature.1679933350.sha256
 
 
rulesets-signature.1688046105.sha256
rulesets-signature.1688046105.sha256
 
 
rulesets-signature.1695855234.sha256
rulesets-signature.1695855234.sha256
 
 
rulesets-signature.1699316853.sha256
rulesets-signature.1699316853.sha256
 
 
rulesets-signature.1705008530.sha256
rulesets-signature.1705008530.sha256
 
 
rulesets-signature.1706124696.sha256
rulesets-signature.1706124696.sha256
 
 
rulesets-signature.1707500622.sha256
rulesets-signature.1707500622.sha256
 
 
rulesets-signature.1718736717.sha256
rulesets-signature.1718736717.sha256
 
 
sddir.py
sddir.py
 
 
update_index.sh
update_index.sh
 
 

Repository files navigation

By contributing to this project, you agree to abide by our Code of Conduct.

HTTPS-Everywhere Rulesets for SecureDrop

securedrop-https-everywhere-ruleset is used to create a signed HTTPS Everywhere ruleset that maps full-length .onion addresses to user-friendly onion names for some news organizations listed in the SecureDrop directory. Any time a new onion name is approved, we add its mapping to our HTTPS Everywhere ruleset and deploy it to https://securedrop.org/https-everywhere/ . Tor Browser automatically includes our ruleset in the default HTTPS Everywhere extension and checks for updates on startup. (Tor Browser will soon switch to checking https://securedrop.org/https-everywhere-2021/ which uses our new release signing key).

Development

First, install poetry and run poetry install --with=dev.

You can create a test key for signing using:

make test-key

which will create test-key.jwk in your current working directory.

Updating Rulesets

Adding a new organization

  1. Ensure they are in the official SecureDrop directory. If they are not, go through the IVF process with the organization.

  2. Add their domain name and the requested URL to the onboarded.txt via PR into this repository. We match the domain based on the landing page of the organization, comparing the netloc in a URL with structure scheme://netloc/path;parameters?query#fragment.

  3. Next, generate and sign the update ruleset using the following command (requires signing key, please ping a key holder for assistance):

make rules
  1. Commit all files generated by the script above and open a Pull Request to this repository. Once the PR is merged, the rulesets will automatically be deployed to production.

Verifying changes

Inspect the diff. If it looks good, commit the resulting index.html and all files to be served. To test locally, run

make serve

And configure your browser to use http://localhost:4080/https-everywhere/.

Deployment

Upon merge the container will be published to quay.io/freedomofpress and the new tag will be deployed automatically.

About

HTTPS Everywhere ruleset for human-readable Onion URLs for SecureDrop instances

securedrop.org/https-everywhere/

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 59.8%
  • Shell 21.9%
  • Makefile 11.2%
  • Dockerfile 5.0%
  • HTML 2.1%