leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2017-12-21	[Feat] Use latest versions of platform components	Varac
	After release, we switch back to use origin/master for nicksever+webapp git repos, and master component for the platform apt repo.
2017-11-23	Docs: Update docs to prepare for 0.10.0 release	Micah Anderson
	Fixes: #8427, #8812
2017-10-07	feat: add v3 tor hidden service support	Micah Anderson
	Resolves: #8879
2017-10-05	Feat: Refactor tor services	Micah Anderson
	In order to refactor the tor services, we need to split them out into three different services. This adds the hidden service class that is necessary to support the previous commits. Fixes #8864.
2017-10-05	Feat: split tor service into three	elijah
	The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'.
2017-09-28	Feat: Use version branches for webapp + nickserver	Varac
	We'll release soon so we pin both git repos to there release version branches instead of pulling from master.
2017-07-27	Bug: allow old client to connect to VPN	Micah Anderson
	The old client is compatible, just the version check did not allow it. People are still relying on the old client for a while, and this prevents people from upgrading. This fixes #8850.
2017-07-18	by default, new providers will now require invites. requires leap_cli ↵	elijah
	4173154a177b00c11a36b3168b1ce12af59f04af or later (>1.9.2). resolves #8474. create new invites with `leap run invite`
2017-06-28	static - gracefully handle incorrect static site configs	elijah

2017-06-21	Use apt master component for LEAP packages	Varac
	Currently, the platform configures the `snapshots` component in /etc/apt/sources.list.d/leap.list. `snapshots` contains packages uploaded by feature branches and merge requests so we change to `master` (which contains packges built from changes to the master branches. Resolves: #8828
2017-05-30	static - support for renewing certs with let's encrypt for static sites	elijah

2017-05-10	Nickserver direct access to couchdb on same node	varac
	Depending whether couchdb is running on the same node as nickserver, couchdb is available on localhost: - When couchdb is running on a different node: Via stunnel, which is bound to 4000. - When couchdb is running on the same node: On port 5984 Resolves: #8793
2017-04-27	Merge remote-tracking branch 'origin/merge-requests/77'	varac

2017-04-25	Add single-hop hidden service capability.	Micah Anderson
	This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-03-22	webapp: add secret_key_base to config	Azul
	This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-16	Use http://deb.leap.se/platform jessie snapshots for platform CI	varac

2017-03-16	Make platform apt dist/component configurable	varac

2017-03-16	Try new packages from exerimental-gitbuildpackage	varac

2017-03-15	Direct connection when couch runs locally	varac

2017-03-15	[8144] Remove Haproxy	varac
	We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2017-01-03	Revert "Use experimental-0.9 instead of experimental-platform"	varac
	This reverts commit 44cae3cf731d29fd1e882cf35526fb0e098914d2.
2016-12-23	Use experimental-0.9 instead of experimental-platform	varac
	experimental-platform is still WIP, see https://leap.se/code/issues/8437#note-8 for more details
2016-12-22	bugfix: don't block commercial certs for mx servers	elijah

2016-12-22	COMPATIBILITY CHANGE: set platform version to 0.10 & require client 0.9.4 or ↵	elijah
	later
2016-12-19	bugfix: mx service does not require a commercial certificate	elijah

2016-12-08	Use webapp/nickserver:master on leap_platform:master (#8678)	varac

2016-11-10	Use webapp 0.9develop	varac

2016-10-20	[bug] properly set 'enrollment_policy' in provider.json	elijah

2016-10-20	upgrade: nickserver version 0.9.x	Azul

2016-10-04	[bug] fix Tor hidden service key generation	elijah

2016-09-01	added support for Let's Encrypt	elijah

2016-08-23	added 'leap vm' command	elijah

2016-08-04	switch to deb.d.o from httpredir.d.o (#8288).	Micah
	The deb.debian.org method may be a better one than httpredir: . deb.debian.org is maintained much more reliably than httpredir . httpredir is backed by the mirror network; deb.d.o is by a CDN . httpredir redirects to the mirror network. deb.d.o is a cache that sits in front of ftp.d.o (and security, and debug, and ports) . one potential disadvantage: deb.d.o's CDN is a commercial service (fastly) that donates its traffic to debian . in stretch and later, apt uses the SRV records of deb.d.o to find places instead of HTTP redirects . local peering arrangements of fastly are likely to result in mirror choices that are more local (and thus faster) to the machine Peering arrangements for the deb.d.o CDN can be seen here: https://www.peeringdb.com/asn/54113 Change-Id: I4dee089a3b2f674860bfff21eb25a6e37c491d32
2016-04-10	pin nickserver source to origin/version/0.8	elijah

2016-04-08	tests: include _api_tester partial for couchdb nodes.	elijah

2016-04-08	partials - add support for leap_cli's inheritable service partials (requires ↵	elijah
	latest develop branch leap_cli)
2016-04-08	minor: remove _api_tester.json from soledad test.	elijah

2016-04-05	testing: adds mx delivery tests	elijah

2016-02-26	plain couchdb now required, bigcouch support disabled.	elijah

2016-02-23	allow legacy plain couchdb nodes to stay couchdb nodes, although issue a ↵	elijah
	warning.
2016-02-23	added templates for `leap node add`, so that new nodes can get default ↵	elijah
	values set in their initial .json file.
2016-02-23	default to plain couchdb, unless otherwise specified.	elijah
	# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp
2016-02-23	get dkim working, closes #5924	elijah

2016-02-10	resolves #7646: leap_cli should fail when soledad and couchdb service are ↵	elijah
	seperated
2016-01-26	pin webapp to 0.8	elijah

2015-12-10	[bug] Configure default sources.platform.apt.basic	varac
	Providing a custom sources.platform.apt.basic value worked with the last commit, but without that the platform would fail. So we provide a default value now in provider_base/common.json, which can get overridden.
2015-10-27	[bug] Add leap_mx username to soledad.conf	varac
	- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-13	add clamav filtering, with sanesecurity signature updating and provider ↵	Micah
	whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-06	[feat] Remove tapicero from more places	varac
	Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-09-24	added firewall information to nodes (needed for `leap compile firewall`)	elijah