leap_pycommon.git/src/leap, branch 0.6.0

[docs] add note about refactor

2017-07-14T13:05:47+00:00

[refactor] remove heuristic to check for usable platformRoot

2017-07-14T12:36:54+00:00

the rationale here is that, in debian, certifi will always return a
working platform trust, since the package points to the system
certificates. in osx and windows, certifi will load an usable trustRoot
that is kept up to date.

another detail we didn't like about the heuristic is that the bundled
certificate for testing will eventually expire, so that introduces the
duty of keeping it up-to-date.

[feat] add fallback on trust sources for ssl verification

2017-07-11T13:59:32+00:00

With the merge of platformTrust in twisted, the situation for cert chain
verification in linux improved a lot.

This patch implements fallbacks to do the following:

- Try to use whatever trust sources are found in the system. This means
that if ca-certificates is installed, pyopenssl will have a valid set of
root certificates and verification will likely work (twisted uses
platformTrust for this).

- If that fails, try to use certifi. We could/should depend on that from
now on, *but* it's not packaged before stretch.

- So, I'm not deprecating its usage right now, but this one should be
the last cacert.pem bundle that we ship with leap.common.

- If the cacert.pem from leap.common fails to be found, well, there's
nothing you can do. Your TOFU attempt with a cert coming from the
CArtel will fail.

Most of this MR should be sent as a patch upstream, see https://twistedmatrix.com/trac/ticket/6934
Also related: https://twistedmatrix.com/trac/ticket/9209

I think proper testing will depend on merging https://github.com/pyca/pyopenssl/pull/473

- Resolves: #8958
- Release: 0.6.0

[feat] update the certificate bundle

2017-07-08T17:37:50+00:00

[feature] add bonafide auth event

2017-04-20T13:02:50+00:00

[feat] add VPN_STATUS_CHANGED event

2017-03-16T23:32:20+00:00

[refactor] Improve python3 compatibility

2017-03-15T22:31:12+00:00

This commit is required for `soledad` tests re-collection.

Signed-off-by: Ruben Pollan

[feat] add MAIL_STATUS_CHANGED event

2017-03-13T19:36:42+00:00

[pkg] remove dependency on dirspec

2016-07-11T14:41:53+00:00

This commit removes the dep introduced in 5e12233 by just importing some tiny
bit of dirspec code.

The previous change was introduced because:

  * pyxdg did not account for Mac OS specifics, i.e. using ~/Library/
    directory structure instead of .config (see:
    https://leap.se/code/issues/3574).

  * dirspec does the correct thing for xdg on Mac OS.

  * u1db depends on dirspec anyway.

The problem is that dirspec is not maintained and published on pypi, what
forces us to download it from an URL and add exceptions to be able to pip
install it.

As we are removing dependence on u1db on other modules, we can also remove it
here. To workaround the Mac OS problem, we just add some code from dirspec to
ensure we get the correct directory on Mac OS.

[test] toxify tests

2016-07-11T14:41:50+00:00