Age | Commit message (Collapse) | Author |
|
Check on every fetch of the private key if the expiration is less than
two months before it expire. And extend the expiration if needed.
- Resolves: #8217
|
|
We are not planning to regenerate keys (for now), only to extend the
expiration date.
|
|
|
|
We were considering to reset the sign_used flag to force the new key to
be resend as attachment in forthcoming emails. Although, this is not a
good solution, because we'll lose information about which keys the
client has signed.
|
|
Previously, we were sending the key attached as long as the contact
hasn't replied back. But with new key replace scenarios, we need to updated
the contact keyring with the new key.
We can implement autocrypt or similar in the future, but for now, let's
send the key attached on every email.
|
|
This was intended to offer the option of only extend the old key and
not change it for a new one. However, we don't plan to use this
behavior anymore.
|
|
|
|
|
|
This changes reflect python-gnupg naming.
With @aarni
|
|
|
|
The KEYMANAGER_FINISHED_KEY_GENERATION event is used to send a welcome
mail to the users, which was causing a new welcome mail when
regenerating a key. We removed the event from regenerate_key method.
We should implement a KEYMANAGER_FINISHED_KEY_REGENERATION event when
it's needed.
|
|
Previously, new_expiry_date was calculated by the key creation date + 1
week, but the proper behavior is today + 1 week, accordingly with gpg
behavior.
|
|
python-gnupg doesn't accept address as parameter for --edit-key
|
|
- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
rule applies
|
|
|
|
date is extended
- this is required so that the key is re-attached to the first
outgoing email to all users who already have the expired key.
|
|
- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
rule applies
|
|
|
|
|
|
is renewed
- there is only one private inactive key that is the key
expiring last among all inactive keys
- if there is an inactive key, decryption with it, is tried
if it fails with the current active key.
|
|
|
|
- this flag is used by leap.mail to attach the new key
|
|
- if current key pair is expired, it'll be extended for a day first
- new key pair will be signed by the old key
|
|
- extends key pair (unlocked from soledad)
- extension period is counted from key creation date
|
|
|
|
|
|
- Enable XTRACE output of script
- Run e2e mail test against ci.leap.se
- Remove unused POLKIT variable
- Specify MX server for e2e mail test
- Fix helo in e2e tests
Resolves: #9159
|
|
Since we are using artful for the tests it comes with gnupg2 and breaks
the e2e tests.
Also install haveged to speed up e2e tests.
- Resolves: #9159
|
|
|
|
some properties were not used as intended.
|
|
|
|
|
|
|
|
- Related: #9092
|
|
|
|
|
|
In order to run tests using tox locally with gitlab-runner we
need to run `tox -e py27-dev --notest` before using the venv.
|
|
I tried to upgrade to ubuntu packages chromedriver 2.32 (artful)
but this didn't help.
After using latest chromedriver release 2.33 from
https://sites.google.com/a/chromium.org/chromedriver/downloads
it works.
Also, build docker image from LEAP/artful.
Resolves: #9149
|
|
|
|
|
|
|
|
|
|
This adds the Contributor Covenant 1.2 from the previous guidelines,
as well as a github workaround for new contributors who run into the
0xacab 1-repo limit (or similar issues). Replaces a 404 link in the
leap-commit-template, and adds a reminders to anonymize logs for
testers.
- Documentation: #9138
Signed-off-by: Ruben Pollan <meskio@sindominio.net>
|
|
|
|
|
|
|
|
-Resolves: #9119
|
|
|
|
|
|
|