Add onion name for CNN

[conorsch]

Status

Ready for review. Contains two changes:

• Removes iROZHLAS (closes #83)
• Adds CNN (closes #85)

Review Checklist

• [x] Changes to onboarded.txt are accurate
• [x] The file default.rulesets.TIMESTAMP.gz has been updated, extracting that file and inspecting the contents of the JSON file produces the expected rules
• [x] The ruleset has been verified by modifying the HTTPS Everywhere configuration in a Tor Browser instance pointing to Path Prefix: https://raw.githubusercontent.com/freedomofpress/securedrop-https-everywhere-ruleset/$BRANCH_NAME
• [x] index.html has been updated using ./update_index.sh

Post-Deployment Checklist

• [x] Added/modified onion names have been updated in the SecureDrop Directory

[conorsch]

Without a doubt, not sure how that happened. Will fix and regenerate.

[conorsch]

The problem only occurs for the CNN entry because the API is returning a protocol for only that entry:

$ curl -s https://securedrop.org/api/v1/directory/ | jq -r '.[].onion_address' | grep http | wc -l
1

and the onboarding script assumes there's no protocol on the onion field. See related discussion in https://github.com/freedomofpress/securedrop.org/pull/878. While we could easily update the onboarding script to be more forgiving, in this case, I'm going to edit the db entry so that the API returns consistent results across the board. At a later date, we can decide whether we want to enforce stronger validation on that field for future updates.

After updating, I'll regenerate and resign, as stated above.

[conorsch]

@eloquence Updated as described. Please test again, it should work now.

[conorsch]

:facepalm: I never rm'd the irozhlas file. Merely removing from onboarding allows the script to complete successfully, but doesn't change the contents of the tarball. Fixing...

[conorsch]

@eloquence Once more, I beseech you: test.