Age | Commit message (Collapse) | Author |
|
It is not clear why the pinning was made in the first place, and we need
to downgrade because the current pyzmq version packaged for jessie is
14.4.0. Pinning to a higher version that is not available in debian
causes problems when using python entrypoints for Soledad Server (as we
do now).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
the rationale here is that, in debian, certifi will always return a
working platform trust, since the package points to the system
certificates. in osx and windows, certifi will load an usable trustRoot
that is kept up to date.
another detail we didn't like about the heuristic is that the bundled
certificate for testing will eventually expire, so that introduces the
duty of keeping it up-to-date.
|
|
With the merge of platformTrust in twisted, the situation for cert chain
verification in linux improved a lot.
This patch implements fallbacks to do the following:
- Try to use whatever trust sources are found in the system. This means
that if ca-certificates is installed, pyopenssl will have a valid set of
root certificates and verification will likely work (twisted uses
platformTrust for this).
- If that fails, try to use certifi. We could/should depend on that from
now on, *but* it's not packaged before stretch.
- So, I'm not deprecating its usage right now, but this one should be
the last cacert.pem bundle that we ship with leap.common.
- If the cacert.pem from leap.common fails to be found, well, there's
nothing you can do. Your TOFU attempt with a cert coming from the
CArtel will fail.
Most of this MR should be sent as a patch upstream, see https://twistedmatrix.com/trac/ticket/6934
Also related: https://twistedmatrix.com/trac/ticket/9209
I think proper testing will depend on merging https://github.com/pyca/pyopenssl/pull/473
- Resolves: #8958
- Release: 0.6.0
|
|
|
|
|
|
|
|
When https://0xacab.org/leap/platform/issues/8826
is fixed we can reenable Ubuntu packaging again.
|
|
See https://0xacab.org/leap/platform/issues/8825
|
|
see https://0xacab.org/leap/leap_pycommon/builds/9055
make[1]: Entering directory '/builds/leap/leap_pycommon/source'
dh_installchangelogs CHANGELOG.rst
make[1]: Leaving directory '/builds/leap/leap_pycommon/source'
dh_python2 -O--buildsystem=python_distutils
W: dh_python2:479: Please add dh-python package to Build-Depends
|
|
|
|
|
|
|
|
This reverts commit c951e94167f1aa333537571a192476973e81bde7.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This commit is required for `soledad` tests re-collection.
Signed-off-by: Ruben Pollan <meskio@sindominio.net>
|
|
|
|
|
|
0.5.2
|
|
|
|
|
|
This commit removes the dep introduced in 5e12233 by just importing some tiny
bit of dirspec code.
The previous change was introduced because:
* pyxdg did not account for Mac OS specifics, i.e. using ~/Library/
directory structure instead of .config (see:
https://leap.se/code/issues/3574).
* dirspec does the correct thing for xdg on Mac OS.
* u1db depends on dirspec anyway.
The problem is that dirspec is not maintained and published on pypi, what
forces us to download it from an URL and add exceptions to be able to pip
install it.
As we are removing dependence on u1db on other modules, we can also remove it
here. To workaround the Mac OS problem, we just add some code from dirspec to
ensure we get the correct directory on Mac OS.
|