Age | Commit message (Collapse) | Author |
|
Fixes: #8427, #8812
|
|
Resolves: #8879
|
|
In order to refactor the tor services, we need to split them out into three
different services. This adds the hidden service class that is necessary to
support the previous commits. Fixes #8864.
|
|
The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'.
|
|
We'll release soon so we pin both git repos
to there release version branches instead of
pulling from master.
|
|
The old client is compatible, just the version check did not allow
it. People are still relying on the old client for a while, and this
prevents people from upgrading. This fixes #8850.
|
|
4173154a177b00c11a36b3168b1ce12af59f04af or later (>1.9.2). resolves #8474. create new invites with `leap run invite`
|
|
|
|
Currently, the platform configures the `snapshots` component in
/etc/apt/sources.list.d/leap.list.
`snapshots` contains packages uploaded by feature branches and merge
requests so we change to `master` (which contains packges built from
changes to the master branches.
Resolves: #8828
|
|
|
|
Depending whether couchdb is running on the same node as
nickserver, couchdb is available on localhost:
- When couchdb is running on a different node: Via stunnel, which is
bound to 4000.
- When couchdb is running on the same node: On port 5984
Resolves: #8793
|
|
|
|
This cuts the number of hops for a tor onion service from 6 to 3,
speeding it up considerably. This removes the anonymity aspect of the
service, so it must be enabled intentionally, knowing that the server's
location no longer is hidden.
|
|
This replaces the secret_token from rails 4.1 on.
Both are used for securing cookies in the browser. The secret_key_base
will also encrypt the cookies while the token will only sign them.
Keeping the token in there for now allows us to migrate existing sessions
/ cookies to the new secrets. We can remove it in the next version once
all providers have run with secret_key_base for a while.
|
|
|
|
|
|
|
|
|
|
We used haproxy because we had multiple bigcouch nodes but now
with a single couchdb node this is not needed anymore.
- Resolves: #8144
|
|
This reverts commit 44cae3cf731d29fd1e882cf35526fb0e098914d2.
|
|
experimental-platform is still WIP,
see https://leap.se/code/issues/8437#note-8 for more details
|
|
|
|
later
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The deb.debian.org method may be a better one than httpredir:
. deb.debian.org is maintained much more reliably than httpredir
. httpredir is backed by the mirror network; deb.d.o is by a CDN
. httpredir redirects to the mirror network. deb.d.o is a cache
that sits in front of ftp.d.o (and security, and debug, and ports)
. one potential disadvantage: deb.d.o's CDN is a commercial
service (fastly) that donates its traffic to debian
. in stretch and later, apt uses the SRV records of deb.d.o to find
places instead of HTTP redirects
. local peering arrangements of fastly are likely to result in mirror
choices that are more local (and thus faster) to the machine
Peering arrangements for the deb.d.o CDN can be seen here:
https://www.peeringdb.com/asn/54113
Change-Id: I4dee089a3b2f674860bfff21eb25a6e37c491d32
|
|
|
|
|
|
latest develop branch leap_cli)
|
|
|
|
|
|
|
|
warning.
|
|
values set in their initial .json file.
|
|
# Conflicts:
# puppet/modules/site_couchdb/manifests/plain.pp
|
|
|
|
seperated
|
|
|
|
Providing a custom sources.platform.apt.basic value worked
with the last commit, but without that the platform would fail.
So we provide a default value now in provider_base/common.json,
which can get overridden.
|
|
- Tested: [unstable.pixelated-project.org]
- Related: https://github.com/pixelated/pixelated-platform/issues/127
|
|
whitelisting (#3625)
Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
|
|
Remove from:
- platform white-box tests (couchdb user ACLs, tapicero daemon test)
- provider_base/ dir that handles the compilation of the hiera config
file
- Resolves: #7501
|
|
|
|
|