leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2013-08-27	updated submodule couchdb	varac

2013-08-27	updated submodule couchdb	varac

2013-08-22	Merge branch 'bug/3339' into develop	Micah Anderson

2013-08-22	install a preliminary firewall that blocks everything, except ssh for the ↵	Micah Anderson
	cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339) Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38
2013-08-22	add HSTS if hiera value for webapp['secure'] is set (#3514)	Micah Anderson
	Change-Id: Idd413349ec0b99835a1cbb4fb4c4fcef1a8fdeab
2013-08-22	Merge branch 'bug/3342' into develop	Micah Anderson

2013-08-21	Set apache header X-Frame-Options: "DENY"	Micah Anderson
	The LEAP web application can be displayed inside other pages using an HTML iframe. Therefore, an attacker can embed parts of the LEAP application inside of a webpage they control. They can then use special style properties to disguise the embedded page. By tricking a user in to clicking in the iframe, the attacker can coerce the user in to performing unintended actions within the LEAP web application. An attacker creates a website that embeds the LEAP web application in an iframe. They then create an HTML /JavaScript game on the same page that involves clicking and dragging sprites. When a user plays the game, they are in fact dragging new text values in to the ‘‘Change Password’’ form in the LEAP web app, which is hidden behind the game using As long as iframe embedding is not required in the normal usage of the application, the X-Frame-Options header should be added to prevent browsers from displaying the web application in frames on other origins. This has also been set in the webapp Change-Id: I9e26ae32de4b7b6a327196838d0fa410648f107d
2013-08-21	Disable verbose, identifying apache headers (#3462):	Micah Anderson
	. Disable ServerSignature . Set ServerTokens Prod . unset the X-Powered-By and X-Runtime apache headers Change-Id: Iddb2cb9a0465bc7f657581adaacbbf748479fd7a
2013-08-21	update couchdb module to resolve #3459	Micah Anderson
	Change-Id: Icad17de812392d7c587e5bcbf60cd5242c1241e9
2013-08-16	update couchdb submodule to fix #3481	Micah Anderson
	Change-Id: I474cc691fcfc892b7aff4a3a0e3954155bf5ee30
2013-08-15	Revert "temp hack: deploy the webapp as couch user 'admin'"	Micah Anderson
	This reverts commit 8c038fea91adc87adf9e408c16e2f0ec9838e3d2.
2013-08-15	Because both soledad and leap-mx do not function with twisted 12, we had to ↵	Micah Anderson
	backport twisted 13. In order to install the backported dependencies we need an apt preferences_snippet installed for the backported twisted packages Change-Id: I886bb735eeb3abe7955c7cf054b749554ab84746
2013-08-14	add START=yes to /etc/default/soledad to start the daemon, new package ↵	Micah Anderson
	requires this to start. Closes: #3474 Change-Id: I921dcf0d6571cd60d2705ae4925d0a4318c84fa2
2013-08-14	Merge branch 'feature/webapp_production_log' into develop	Micah Anderson

2013-08-14	require that the couchdb::query::setup has been run before any attempts are ↵	Micah Anderson
	made to create databases or add users as these would fail otherwise. Closes: #3466 Change-Id: Ifa8b3da5858ce858fd319c4a659e70d20a65d3e0
2013-08-14	update couchdb submodule to the latest version - fixes #3447	Micah Anderson
	Change-Id: Ib6458b962c624fdb75f514dbd4c2129581fc2bb7
2013-08-14	Fix problem where webapp production.log had the wrong permissions - #3471	Micah Anderson
	Change-Id: I20a6ecc43e36fc1e8416c46f7e4d14726995d2f2
2013-08-14	vagrant: Install squid-deb-proxy on clients (optional) (Feature #3330)	varac
	squashed commits: site_squid_deb_proxy::client: include shorewall::rules::mdns for avahi discovery added submodule squid_deb_proxy from git://code.leap.se/puppet_squid_deb_proxy updated submodule squid_deb_proxy use squid_deb_proxy::client
2013-08-13	require that the couchdb::query::setup has been run before any attempts are ↵	Micah Anderson
	made to create databases or add users as these would fail otherwise. Closes: #3466 Change-Id: Ifa8b3da5858ce858fd319c4a659e70d20a65d3e0
2013-08-13	update couchdb submodule to the latest version - fixes #3447	Micah Anderson
	Change-Id: Ib6458b962c624fdb75f514dbd4c2129581fc2bb7
2013-08-01	run soledad daemon using the configured port.	elijah

2013-08-01	make site_shorewall::soledad use the hiera value for the soledad port	Micah Anderson
	Change-Id: I923f15de807f907d6246c3a83df1e59c39d4e920
2013-08-01	add a requirement to soledad.json that soledad service is found on a couchdb	Micah Anderson
	node, if it is not, it will fail to compile this requires a newer leap_cli, so I've bumped the compatibility requirement Change-Id: Ie1061798d058087126163793b216dd5938eb95a6
2013-08-01	For now, soledad will only exist on couchdb nodes (but not every couchdb has	Micah Anderson
	soledad), so fix the port to be the local couchdb port. In the future, we may want to separate them out. There is no need to do haproxy with soledad, because the client is supposed to try a different soledad node if it can't connect Change-Id: I87e2c5079ba361634336316721c4358a0917fb09
2013-08-01	fix #3291: set the soledad port properly in the json and as a temporary ↵	Micah Anderson
	work-around, use the couchdb admin/passwd Change-Id: Ibb1cd8416d00552f8ca1716e42a08137a4b461aa
2013-08-01	Merge branch 'feature/issue/3278' into develop	varac

2013-08-01	Merge branch 'feature/issue/3347' into develop	varac

2013-07-31	add haproxy servers to services/mx.json	varac

2013-07-31	use smtpd_tls_security_level = may in postfix config (Bug #3348)	varac

2013-07-31	fix /etc/leap/mx.conf doesn't contain any user credentials (Feature #3347)	varac

2013-07-31	fix Could not find dependent Service[leap-mx] (Bug #3331)	varac

2013-07-31	Revert "Site_webapp/Try::File: Could not find command 'git' (Bug #3202)"	varac
	This reverts commit 9e83de3497ec55f4910de099917387d500b8f4b4.
2013-07-31	Site_webapp/Try::File: Could not find command 'git' (Bug #3202)	varac

2013-07-30	webapp - use hiera config "webapp.admins" for the list of admin usernames, ↵	elijah
	default to empty list.
2013-07-30	added webapp.secure flag (turns on secure cookies and HSTS)	elijah

2013-07-30	site_webapp - add support for haproxy weights and backup servers (resolves ↵	elijah
	#3278)
2013-07-29	site_webapp bugfix - get compile_assets to run by ensuring .scss files are ↵	elijah
	created beforehand and have the correct permissions.
2013-07-29	try::file bugfixes -- add refreshonly to chmod/chown, ensure old file is ↵	elijah
	replaced even if it is a link
2013-07-26	Merge branch 'feature/mx' into develop	Micah Anderson

2013-07-26	Merge branch 'feature/soledad' into feature/leap_mx	Micah Anderson

2013-07-26	Merge branch 'varac/feature/mx' into feature/leap_mx	Micah Anderson
	Conflicts: provider_base/services/mx.json puppet/manifests/site.pp puppet/modules/site_mx/manifests/init.pp puppet/modules/site_postfix/manifests/mx.pp Change-Id: Ib2952f6cb972c40a998f20d7bbdb23bb35bef419
2013-07-26	added haproxy weights to webapp hiera (at haproxy.servers)	elijah

2013-07-26	fix cert generation bug: was creating 2024 bit keys instead of 2048 bit keys ↵	elijah
	by default.
2013-07-25	initial leap_mx configuration	Micah Anderson
	Change-Id: Iddca4cf52706bf2f612d20ba19a53fbbe6b28479
2013-07-25	initial soledad configuration	Micah Anderson
	Change-Id: I19e91887c3f8e90764b4baef8c5e29e25658e190
2013-07-25	updated submodule apache	varac

2013-07-25	updated submodule couchdb	varac

2013-07-25	updated submodule apt	varac

2013-07-25	beginning of smtp_auth config with client certs	varac

2013-07-25	smtpd_recipient_restrictions: +permit_tls_all_clientcerts	varac