Age | Commit message (Collapse) | Author |
|
With the merge of platformTrust in twisted, the situation for cert chain
verification in linux improved a lot.
This patch implements fallbacks to do the following:
- Try to use whatever trust sources are found in the system. This means
that if ca-certificates is installed, pyopenssl will have a valid set of
root certificates and verification will likely work (twisted uses
platformTrust for this).
- If that fails, try to use certifi. We could/should depend on that from
now on, *but* it's not packaged before stretch.
- So, I'm not deprecating its usage right now, but this one should be
the last cacert.pem bundle that we ship with leap.common.
- If the cacert.pem from leap.common fails to be found, well, there's
nothing you can do. Your TOFU attempt with a cert coming from the
CArtel will fail.
Most of this MR should be sent as a patch upstream, see https://twistedmatrix.com/trac/ticket/6934
Also related: https://twistedmatrix.com/trac/ticket/9209
I think proper testing will depend on merging https://github.com/pyca/pyopenssl/pull/473
- Resolves: #8958
- Release: 0.6.0
|
|
|
|
|
|
|
|
When https://0xacab.org/leap/platform/issues/8826
is fixed we can reenable Ubuntu packaging again.
|
|
See https://0xacab.org/leap/platform/issues/8825
|
|
see https://0xacab.org/leap/leap_pycommon/builds/9055
make[1]: Entering directory '/builds/leap/leap_pycommon/source'
dh_installchangelogs CHANGELOG.rst
make[1]: Leaving directory '/builds/leap/leap_pycommon/source'
dh_python2 -O--buildsystem=python_distutils
W: dh_python2:479: Please add dh-python package to Build-Depends
|
|
|
|
|
|
|
|
This reverts commit c951e94167f1aa333537571a192476973e81bde7.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This commit is required for `soledad` tests re-collection.
Signed-off-by: Ruben Pollan <meskio@sindominio.net>
|
|
|
|
|
|
0.5.2
|
|
|
|
|
|
This commit removes the dep introduced in 5e12233 by just importing some tiny
bit of dirspec code.
The previous change was introduced because:
* pyxdg did not account for Mac OS specifics, i.e. using ~/Library/
directory structure instead of .config (see:
https://leap.se/code/issues/3574).
* dirspec does the correct thing for xdg on Mac OS.
* u1db depends on dirspec anyway.
The problem is that dirspec is not maintained and published on pypi, what
forces us to download it from an URL and add exceptions to be able to pip
install it.
As we are removing dependence on u1db on other modules, we can also remove it
here. To workaround the Mac OS problem, we just add some code from dirspec to
ensure we get the correct directory on Mac OS.
|
|
|
|
|
|
|
|
|
|
Tag leap.bitmask version 0.5.1
|
|
Tag leap.bitmask version 0.5.1
# gpg: Signature made Mon 18 Apr 2016 10:52:44 AM BOT
# gpg: using RSA key 1CAF6C5B9F720808
# gpg: Good signature from "Kaliyuga <kaliyuga@riseup.net>" [ultimate]
# gpg: aka "Kali Kaneko (leap communications) <kali@leap.se>" [ultimate]
|
|
|
|
|
|
|
|
|
|
otherwise the context.term() does not return
|
|
ad-hoc register/trigger mechanism used for service composition.
to be used in bitmask.core and bitmask.bonafide in the first place.
|
|
|
|
Also added dirspec directly to the setuptools for now,
because it needs the dependency along with the url, but pip
would break if it had both
|
|
Leap pycommon will now be installed in editable mode
when you use pip install, so that you can run the tests
and develop using only pip
|
|
I also added a conditional to the setup.py so
that python setup.py develop can be used even
with the dirspec url
|
|
|
|
|
|
We don't really need a thread to make use of the ZAP authenticator.
Document bug fix after authenticator thread is gone
|
|
1. refactor the zmq_connect/bind methods to use the txzmq addEndpoints
mechanism, which cleans up the code a bit. it uses the underlying
bindOrConnect method.
2. wrap the addEndpoints call in a helper function that ensures that
doRead is called afterward.
I'm not fully comfortable with us still using the AuthenticatorThread, I
believe we could go witha txzmq-based authenticator for curve.
|
|
|
|
Always use tcp channels and disable curve encryption on the zmq
connections.
- Closes: #7899, #7239
- Related: #7919
|
|
Reorder blocks of events, and comment about which user-specific info
it's being emitted with them.
|