Merge tag '0.6.5'

Tag version 0.6.5.
author: drebs <drebs@leap.se> 2015-05-12 17:49:14 -0300
committer: drebs <drebs@leap.se> 2015-05-12 17:49:14 -0300
commit: fa7708e256ba56cd1e9913993d68611b4ae95824 (patch)
tree: 3149d5547b015baf0ca37ecd9421829feff5f45c
parent: 365fa1603a977040a1891880a66118f196a54ac0 (diff)
parent: bbb19ed9a755a079da5b79567cb98a921c02f2f4 (diff)
9 files changed, 77 insertions, 29 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 0dce4847..4e3f2038 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,28 @@
+0.6.5 Apr 09 2015:
+Server:
+  o Remove unneeded parameters from CouchServerState initialization. Closes
+    #6833.
+
+0.6.4 Jan 23 2015:
+Common:
+  o Bail out if cdocs/ dir does not exist. Closes: #6671
+
+0.6.3 Dec 16 2014:
+Client:
+  o Fix deferred encryption/decryption parameters (#6500).
+
+0.6.2 Dec 11 2014:
+Client:
+  o Fix incorrect ssl context setup.
+
+0.6.1 Dec 08 2014:
+Client:
+  o Use TLS v1 in soledad client. Fixes partially #6437
+
+Server:
+  o Run daemon as user soledad (#6436).
+  o Avoid use of SSLv3 (#6437).
+
 0.6.0 Jul 18, 2014:
 Client:
   o Close all connections after syncing. Fixes #5518.
diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py
index 586e3389..07255406 100644
--- a/client/src/leap/soledad/client/__init__.py
+++ b/client/src/leap/soledad/client/__init__.py
@@ -224,7 +224,7 @@ class Soledad(object):
 
     def __init__(self, uuid, passphrase, secrets_path, local_db_path,
                  server_url, cert_file,
-                 auth_token=None, secret_id=None, defer_encryption=False):
+                 auth_token=None, secret_id=None, defer_encryption=True):
         """
         Initialize configuration, cryptographic keys and dbs.
 
@@ -1333,9 +1333,25 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
             self.sock = sock
             self._tunnel()
 
-        self.sock = ssl.wrap_socket(sock,
-                                    ca_certs=SOLEDAD_CERT,
-                                    cert_reqs=ssl.CERT_REQUIRED)
+        highest_supported = ssl.PROTOCOL_SSLv23
+
+        try:
+            # needs python 2.7.9+
+            # negotiate the best available version,
+            # but explicitely disabled bad ones.
+            ctx = ssl.SSLContext(highest_supported)
+            ctx.options |= ssl.OP_NO_SSLv2
+            ctx.options |= ssl.OP_NO_SSLv3
+
+            ctx.load_verify_locations(cafile=SOLEDAD_CERT)
+            ctx.verify_mode = ssl.CERT_REQUIRED
+            self.sock = ctx.wrap_socket(sock)
+
+        except AttributeError:
+            self.sock = ssl.wrap_socket(
+                sock, ca_certs=SOLEDAD_CERT, cert_reqs=ssl.CERT_REQUIRED,
+                ssl_version=highest_supported)
+
         match_hostname(self.sock.getpeercert(), self.host)
 
 
diff --git a/client/src/leap/soledad/client/sqlcipher.py b/client/src/leap/soledad/client/sqlcipher.py
index 2df9606e..fded2119 100644
--- a/client/src/leap/soledad/client/sqlcipher.py
+++ b/client/src/leap/soledad/client/sqlcipher.py
@@ -452,6 +452,11 @@ class SQLCipherDatabase(sqlite_backend.SQLitePartialExpandDatabase):
 
             # XXX could mark the critical section here...
             try:
+                if defer_decryption and not self.defer_encryption:
+                    logger.warning("Can't defer decryption without first having "
+                                   "created a sync db. Falling back to normal "
+                                   "syncing mode.")
+                    defer_decryption = False
                 res = syncer.sync(autocreate=autocreate,
                                   defer_decryption=defer_decryption)
 
diff --git a/client/src/leap/soledad/client/target.py b/client/src/leap/soledad/client/target.py
index 70e4d3a2..1eb84e64 100644
--- a/client/src/leap/soledad/client/target.py
+++ b/client/src/leap/soledad/client/target.py
@@ -28,12 +28,10 @@ import logging
 import re
 import urllib
 import threading
-import urlparse
 
 from collections import defaultdict
 from time import sleep
 from uuid import uuid4
-from contextlib import contextmanager
 
 import simplejson as json
 from taskthread import TimerTask
@@ -44,7 +42,6 @@ from u1db.remote.http_client import _encode_query_parameter, HTTPClientBase
 from zope.proxy import ProxyBase
 from zope.proxy import sameProxiedObjects, setProxiedObject
 
-from leap.soledad.common import soledad_assert
 from leap.soledad.common.document import SoledadDocument
 from leap.soledad.client.auth import TokenBasedAuth
 from leap.soledad.client.crypto import is_symmetrically_encrypted
diff --git a/common/MANIFEST.in b/common/MANIFEST.in
index 7f6148ef..a26a12a6 100644
--- a/common/MANIFEST.in
+++ b/common/MANIFEST.in
@@ -2,3 +2,7 @@ include pkg/*
 include versioneer.py
 include LICENSE
 include CHANGELOG
+
+# What do we want the ddocs folder in the source package for? -- kali
+# it should be enough with having the compiled stuff.
+recursive-include src/leap/soledad/common/ddocs *
diff --git a/common/setup.py b/common/setup.py
index 6ee166ef..365006b2 100644
--- a/common/setup.py
+++ b/common/setup.py
@@ -155,6 +155,11 @@ def build_ddocs_py(basedir=None, with_src=True):
         dest_prefix = join(basedir, *dest_common_path)
 
     ddocs_prefix = join(prefix, 'ddocs')
+
+    if not isdir(ddocs_prefix):
+        print "No ddocs/ folder, bailing out..."
+        return
+
     ddocs = {}
 
     # design docs are represented by subdirectories of `ddocs_prefix`
diff --git a/common/src/leap/soledad/common/couch.py b/common/src/leap/soledad/common/couch.py
index 5658f4ce..b38b5b96 100644
--- a/common/src/leap/soledad/common/couch.py
+++ b/common/src/leap/soledad/common/couch.py
@@ -1529,20 +1529,14 @@ class CouchServerState(ServerState):
     Inteface of the WSGI server with the CouchDB backend.
     """
 
-    def __init__(self, couch_url, shared_db_name, tokens_db_name):
+    def __init__(self, couch_url):
         """
         Initialize the couch server state.
 
         :param couch_url: The URL for the couch database.
         :type couch_url: str
-        :param shared_db_name: The name of the shared database.
-        :type shared_db_name: str
-        :param tokens_db_name: The name of the tokens database.
-        :type tokens_db_name: str
         """
         self._couch_url = couch_url
-        self._shared_db_name = shared_db_name
-        self._tokens_db_name = tokens_db_name
 
     def open_database(self, dbname):
         """
diff --git a/server/pkg/soledad b/server/pkg/soledad
index 841233d1..ccb3e9b0 100644
--- a/server/pkg/soledad
+++ b/server/pkg/soledad
@@ -19,6 +19,9 @@ CERT_PATH=/etc/leap/soledad-server.pem
 PRIVKEY_PATH=/etc/leap/soledad-server.key
 TWISTD_PATH=/usr/bin/twistd
 HOME=/var/lib/soledad/
+SSL_METHOD=SSLv23_METHOD
+USER=soledad
+GROUP=soledad
 
 [ -r /etc/default/soledad ] && . /etc/default/soledad
 
@@ -27,36 +30,38 @@ test -r /etc/leap/ || exit 0
 . /lib/lsb/init-functions
 
 
-case "$1" in
+case "${1}" in
     start)
         echo -n "Starting soledad: twistd"
-          start-stop-daemon --start --quiet --exec $TWISTD_PATH -- \
-            --pidfile=$PIDFILE \
-            --logfile=$LOGFILE \
+          start-stop-daemon --start --quiet \
+            --user=${USER} --group=${GROUP} \
+            --exec ${TWISTD_PATH} -- \
+            --pidfile=${PIDFILE} \
+            --logfile=${LOGFILE} \
             web \
-            --wsgi=$OBJ \
-            --port=ssl:$HTTPS_PORT:privateKey=$PRIVKEY_PATH:certKey=$CERT_PATH
+            --wsgi=${OBJ} \
+            --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD}
         echo "."
     ;;
 
     stop)
         echo -n "Stopping soledad: twistd"
         start-stop-daemon --stop --quiet  \
-            --pidfile $PIDFILE
+            --pidfile ${PIDFILE}
         echo "."
     ;;
 
     restart)
-        $0 stop
-        $0 start
+        ${0} stop
+        ${0} start
     ;;
 
     force-reload)
-        $0 restart
+        ${0} restart
     ;;
 
     status)
-        status_of_proc -p $PIDFILE $TWISTD_PATH soledad && exit 0 || exit $?
+        status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?}
     ;;
 
     *)
diff --git a/server/src/leap/soledad/server/__init__.py b/server/src/leap/soledad/server/__init__.py
index cd006f51..adb5b561 100644
--- a/server/src/leap/soledad/server/__init__.py
+++ b/server/src/leap/soledad/server/__init__.py
@@ -296,10 +296,7 @@ def load_configuration(file_path):
 
 def application(environ, start_response):
     conf = load_configuration('/etc/leap/soledad-server.conf')
-    state = CouchServerState(
-        conf['couch_url'],
-        SoledadApp.SHARED_DB_NAME,
-        SoledadTokenAuthMiddleware.TOKENS_DB)
+    state = CouchServerState(conf['couch_url'])
     # WSGI application that may be used by `twistd -web`
     application = GzipMiddleware(
         SoledadTokenAuthMiddleware(SoledadApp(state)))
author	drebs <drebs@leap.se>	2015-05-12 17:49:14 -0300
committer	drebs <drebs@leap.se>	2015-05-12 17:49:14 -0300
commit	fa7708e256ba56cd1e9913993d68611b4ae95824 (patch)
tree	3149d5547b015baf0ca37ecd9421829feff5f45c
parent	365fa1603a977040a1891880a66118f196a54ac0 (diff)
parent	bbb19ed9a755a079da5b79567cb98a921c02f2f4 (diff)