Skip to content

freedomofpress/securedrop-https-everywhere-ruleset

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

297 Commits
.github
.github
 
 
docker
docker
 
 
rulesets
rulesets
 
 
scripts
scripts
 
 
upstream
upstream
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
default.rulesets.1625068418.gz
default.rulesets.1625068418.gz
 
 
default.rulesets.1625864047.gz
default.rulesets.1625864047.gz
 
 
default.rulesets.1625865001.gz
default.rulesets.1625865001.gz
 
 
default.rulesets.1637775141.gz
default.rulesets.1637775141.gz
 
 
default.rulesets.1640130986.gz
default.rulesets.1640130986.gz
 
 
default.rulesets.1642634848.gz
default.rulesets.1642634848.gz
 
 
default.rulesets.1644257599.gz
default.rulesets.1644257599.gz
 
 
default.rulesets.1644258093.gz
default.rulesets.1644258093.gz
 
 
default.rulesets.1647556836.gz
default.rulesets.1647556836.gz
 
 
default.rulesets.1649867750.gz
default.rulesets.1649867750.gz
 
 
default.rulesets.1650641408.gz
default.rulesets.1650641408.gz
 
 
default.rulesets.1662127899.gz
default.rulesets.1662127899.gz
 
 
default.rulesets.1665153006.gz
default.rulesets.1665153006.gz
 
 
default.rulesets.1667947775.gz
default.rulesets.1667947775.gz
 
 
default.rulesets.1669822464.gz
default.rulesets.1669822464.gz
 
 
default.rulesets.1671034888.gz
default.rulesets.1671034888.gz
 
 
default.rulesets.1678138922.gz
default.rulesets.1678138922.gz
 
 
default.rulesets.1679933350.gz
default.rulesets.1679933350.gz
 
 
default.rulesets.1688046105.gz
default.rulesets.1688046105.gz
 
 
default.rulesets.1695855234.gz
default.rulesets.1695855234.gz
 
 
default.rulesets.1699316853.gz
default.rulesets.1699316853.gz
 
 
default.rulesets.1705008530.gz
default.rulesets.1705008530.gz
 
 
default.rulesets.1706124696.gz
default.rulesets.1706124696.gz
 
 
default.rulesets.1707500622.gz
default.rulesets.1707500622.gz
 
 
default.rulesets.1718736717.gz
default.rulesets.1718736717.gz
 
 
default.rulesets.1721856971.gz
default.rulesets.1721856971.gz
 
 
default.rulesets.1726774415.gz
default.rulesets.1726774415.gz
 
 
default.rulesets.1727371235.gz
default.rulesets.1727371235.gz
 
 
index.html
index.html
 
 
jwk.py
jwk.py
 
 
latest-rulesets-timestamp
latest-rulesets-timestamp
 
 
onboarded.txt
onboarded.txt
 
 
pgppubkey_to_jwk.py
pgppubkey_to_jwk.py
 
 
poetry.lock
poetry.lock
 
 
public_release.pem
public_release.pem
 
 
pyproject.toml
pyproject.toml
 
 
release-pubkey.jwk
release-pubkey.jwk
 
 
rulesets-signature.1625068418.sha256
rulesets-signature.1625068418.sha256
 
 
rulesets-signature.1625864047.sha256
rulesets-signature.1625864047.sha256
 
 
rulesets-signature.1625865001.sha256
rulesets-signature.1625865001.sha256
 
 
rulesets-signature.1637775141.sha256
rulesets-signature.1637775141.sha256
 
 
rulesets-signature.1640130986.sha256
rulesets-signature.1640130986.sha256
 
 
rulesets-signature.1642634848.sha256
rulesets-signature.1642634848.sha256
 
 
rulesets-signature.1644257599.sha256
rulesets-signature.1644257599.sha256
 
 
rulesets-signature.1644258093.sha256
rulesets-signature.1644258093.sha256
 
 
rulesets-signature.1647556836.sha256
rulesets-signature.1647556836.sha256
 
 
rulesets-signature.1649867750.sha256
rulesets-signature.1649867750.sha256
 
 
rulesets-signature.1650641408.sha256
rulesets-signature.1650641408.sha256
 
 
rulesets-signature.1662127899.sha256
rulesets-signature.1662127899.sha256
 
 
rulesets-signature.1665153006.sha256
rulesets-signature.1665153006.sha256
 
 
rulesets-signature.1667947775.sha256
rulesets-signature.1667947775.sha256
 
 
rulesets-signature.1669822464.sha256
rulesets-signature.1669822464.sha256
 
 
rulesets-signature.1671034888.sha256
rulesets-signature.1671034888.sha256
 
 
rulesets-signature.1678138922.sha256
rulesets-signature.1678138922.sha256
 
 
rulesets-signature.1679933350.sha256
rulesets-signature.1679933350.sha256
 
 
rulesets-signature.1688046105.sha256
rulesets-signature.1688046105.sha256
 
 
rulesets-signature.1695855234.sha256
rulesets-signature.1695855234.sha256
 
 
rulesets-signature.1699316853.sha256
rulesets-signature.1699316853.sha256
 
 
rulesets-signature.1705008530.sha256
rulesets-signature.1705008530.sha256
 
 
rulesets-signature.1706124696.sha256
rulesets-signature.1706124696.sha256
 
 
rulesets-signature.1707500622.sha256
rulesets-signature.1707500622.sha256
 
 
rulesets-signature.1718736717.sha256
rulesets-signature.1718736717.sha256
 
 
rulesets-signature.1721856971.sha256
rulesets-signature.1721856971.sha256
 
 
rulesets-signature.1726774415.sha256
rulesets-signature.1726774415.sha256
 
 
rulesets-signature.1727371235.sha256
rulesets-signature.1727371235.sha256
 
 
sddir.py
sddir.py
 
 
test_rulesets.py
test_rulesets.py
 
 
update_index.sh
update_index.sh
 
 

Repository files navigation

By contributing to this project, you agree to abide by our Code of Conduct.

HTTPS-Everywhere Rulesets for SecureDrop

securedrop-https-everywhere-ruleset is used to create a signed HTTPS Everywhere ruleset that maps full-length .onion addresses to user-friendly onion names for some news organizations listed in the SecureDrop directory. Any time a new onion name is approved, we add its mapping to our HTTPS Everywhere ruleset and deploy it to https://securedrop.org/https-everywhere-2021/ . Tor Browser automatically includes our ruleset in the default HTTPS Everywhere extension and checks for updates on startup.

Development

First, install poetry and run poetry install --with=dev.

You can create a test key for signing using:

make test-key

which will create test-key.jwk in your current working directory.

Updating Rulesets

Adding a new organization

  1. Ensure they are in the official SecureDrop directory. If they are not, go through the IVF process with the organization.

  2. Add their domain name and the requested URL to the onboarded.txt via PR into this repository. We match the domain based on the landing page of the organization, comparing the netloc in a URL with structure scheme://netloc/path;parameters?query#fragment.

  3. Next, generate the updated ruleset with make generate and review the output.

  4. Once satisfied, you can sign it with make sign (requires signing key, please ping a key holder for assistance).

  5. Commit all files generated by the script above and open a Pull Request to this repository. Once the PR is merged, the rulesets will automatically be deployed to production.

Verifying changes

Inspect the diff. If it looks good, commit the resulting index.html and all files to be served. To test locally, run

make serve

And configure your browser to use http://localhost:4080/https-everywhere/.

Deployment

Upon merge the container will be published to quay.io/freedomofpress and the new tag will be deployed automatically.

About

HTTPS Everywhere ruleset for human-readable Onion URLs for SecureDrop instances

securedrop.org/https-everywhere/

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

10 stars

Watchers

8 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 16

+ 2 contributors

Languages