summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG25
-rw-r--r--client/src/leap/soledad/client/__init__.py24
-rw-r--r--client/src/leap/soledad/client/sqlcipher.py5
-rw-r--r--client/src/leap/soledad/client/target.py3
-rw-r--r--common/MANIFEST.in4
-rw-r--r--common/setup.py5
-rw-r--r--common/src/leap/soledad/common/couch.py8
-rw-r--r--server/pkg/soledad27
-rw-r--r--server/src/leap/soledad/server/__init__.py5
9 files changed, 77 insertions, 29 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 0dce4847..4e3f2038 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,28 @@
+0.6.5 Apr 09 2015:
+Server:
+ o Remove unneeded parameters from CouchServerState initialization. Closes
+ #6833.
+
+0.6.4 Jan 23 2015:
+Common:
+ o Bail out if cdocs/ dir does not exist. Closes: #6671
+
+0.6.3 Dec 16 2014:
+Client:
+ o Fix deferred encryption/decryption parameters (#6500).
+
+0.6.2 Dec 11 2014:
+Client:
+ o Fix incorrect ssl context setup.
+
+0.6.1 Dec 08 2014:
+Client:
+ o Use TLS v1 in soledad client. Fixes partially #6437
+
+Server:
+ o Run daemon as user soledad (#6436).
+ o Avoid use of SSLv3 (#6437).
+
0.6.0 Jul 18, 2014:
Client:
o Close all connections after syncing. Fixes #5518.
diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py
index 586e3389..07255406 100644
--- a/client/src/leap/soledad/client/__init__.py
+++ b/client/src/leap/soledad/client/__init__.py
@@ -224,7 +224,7 @@ class Soledad(object):
def __init__(self, uuid, passphrase, secrets_path, local_db_path,
server_url, cert_file,
- auth_token=None, secret_id=None, defer_encryption=False):
+ auth_token=None, secret_id=None, defer_encryption=True):
"""
Initialize configuration, cryptographic keys and dbs.
@@ -1333,9 +1333,25 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
self.sock = sock
self._tunnel()
- self.sock = ssl.wrap_socket(sock,
- ca_certs=SOLEDAD_CERT,
- cert_reqs=ssl.CERT_REQUIRED)
+ highest_supported = ssl.PROTOCOL_SSLv23
+
+ try:
+ # needs python 2.7.9+
+ # negotiate the best available version,
+ # but explicitely disabled bad ones.
+ ctx = ssl.SSLContext(highest_supported)
+ ctx.options |= ssl.OP_NO_SSLv2
+ ctx.options |= ssl.OP_NO_SSLv3
+
+ ctx.load_verify_locations(cafile=SOLEDAD_CERT)
+ ctx.verify_mode = ssl.CERT_REQUIRED
+ self.sock = ctx.wrap_socket(sock)
+
+ except AttributeError:
+ self.sock = ssl.wrap_socket(
+ sock, ca_certs=SOLEDAD_CERT, cert_reqs=ssl.CERT_REQUIRED,
+ ssl_version=highest_supported)
+
match_hostname(self.sock.getpeercert(), self.host)
diff --git a/client/src/leap/soledad/client/sqlcipher.py b/client/src/leap/soledad/client/sqlcipher.py
index 2df9606e..fded2119 100644
--- a/client/src/leap/soledad/client/sqlcipher.py
+++ b/client/src/leap/soledad/client/sqlcipher.py
@@ -452,6 +452,11 @@ class SQLCipherDatabase(sqlite_backend.SQLitePartialExpandDatabase):
# XXX could mark the critical section here...
try:
+ if defer_decryption and not self.defer_encryption:
+ logger.warning("Can't defer decryption without first having "
+ "created a sync db. Falling back to normal "
+ "syncing mode.")
+ defer_decryption = False
res = syncer.sync(autocreate=autocreate,
defer_decryption=defer_decryption)
diff --git a/client/src/leap/soledad/client/target.py b/client/src/leap/soledad/client/target.py
index 70e4d3a2..1eb84e64 100644
--- a/client/src/leap/soledad/client/target.py
+++ b/client/src/leap/soledad/client/target.py
@@ -28,12 +28,10 @@ import logging
import re
import urllib
import threading
-import urlparse
from collections import defaultdict
from time import sleep
from uuid import uuid4
-from contextlib import contextmanager
import simplejson as json
from taskthread import TimerTask
@@ -44,7 +42,6 @@ from u1db.remote.http_client import _encode_query_parameter, HTTPClientBase
from zope.proxy import ProxyBase
from zope.proxy import sameProxiedObjects, setProxiedObject
-from leap.soledad.common import soledad_assert
from leap.soledad.common.document import SoledadDocument
from leap.soledad.client.auth import TokenBasedAuth
from leap.soledad.client.crypto import is_symmetrically_encrypted
diff --git a/common/MANIFEST.in b/common/MANIFEST.in
index 7f6148ef..a26a12a6 100644
--- a/common/MANIFEST.in
+++ b/common/MANIFEST.in
@@ -2,3 +2,7 @@ include pkg/*
include versioneer.py
include LICENSE
include CHANGELOG
+
+# What do we want the ddocs folder in the source package for? -- kali
+# it should be enough with having the compiled stuff.
+recursive-include src/leap/soledad/common/ddocs *
diff --git a/common/setup.py b/common/setup.py
index 6ee166ef..365006b2 100644
--- a/common/setup.py
+++ b/common/setup.py
@@ -155,6 +155,11 @@ def build_ddocs_py(basedir=None, with_src=True):
dest_prefix = join(basedir, *dest_common_path)
ddocs_prefix = join(prefix, 'ddocs')
+
+ if not isdir(ddocs_prefix):
+ print "No ddocs/ folder, bailing out..."
+ return
+
ddocs = {}
# design docs are represented by subdirectories of `ddocs_prefix`
diff --git a/common/src/leap/soledad/common/couch.py b/common/src/leap/soledad/common/couch.py
index 5658f4ce..b38b5b96 100644
--- a/common/src/leap/soledad/common/couch.py
+++ b/common/src/leap/soledad/common/couch.py
@@ -1529,20 +1529,14 @@ class CouchServerState(ServerState):
Inteface of the WSGI server with the CouchDB backend.
"""
- def __init__(self, couch_url, shared_db_name, tokens_db_name):
+ def __init__(self, couch_url):
"""
Initialize the couch server state.
:param couch_url: The URL for the couch database.
:type couch_url: str
- :param shared_db_name: The name of the shared database.
- :type shared_db_name: str
- :param tokens_db_name: The name of the tokens database.
- :type tokens_db_name: str
"""
self._couch_url = couch_url
- self._shared_db_name = shared_db_name
- self._tokens_db_name = tokens_db_name
def open_database(self, dbname):
"""
diff --git a/server/pkg/soledad b/server/pkg/soledad
index 841233d1..ccb3e9b0 100644
--- a/server/pkg/soledad
+++ b/server/pkg/soledad
@@ -19,6 +19,9 @@ CERT_PATH=/etc/leap/soledad-server.pem
PRIVKEY_PATH=/etc/leap/soledad-server.key
TWISTD_PATH=/usr/bin/twistd
HOME=/var/lib/soledad/
+SSL_METHOD=SSLv23_METHOD
+USER=soledad
+GROUP=soledad
[ -r /etc/default/soledad ] && . /etc/default/soledad
@@ -27,36 +30,38 @@ test -r /etc/leap/ || exit 0
. /lib/lsb/init-functions
-case "$1" in
+case "${1}" in
start)
echo -n "Starting soledad: twistd"
- start-stop-daemon --start --quiet --exec $TWISTD_PATH -- \
- --pidfile=$PIDFILE \
- --logfile=$LOGFILE \
+ start-stop-daemon --start --quiet \
+ --user=${USER} --group=${GROUP} \
+ --exec ${TWISTD_PATH} -- \
+ --pidfile=${PIDFILE} \
+ --logfile=${LOGFILE} \
web \
- --wsgi=$OBJ \
- --port=ssl:$HTTPS_PORT:privateKey=$PRIVKEY_PATH:certKey=$CERT_PATH
+ --wsgi=${OBJ} \
+ --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD}
echo "."
;;
stop)
echo -n "Stopping soledad: twistd"
start-stop-daemon --stop --quiet \
- --pidfile $PIDFILE
+ --pidfile ${PIDFILE}
echo "."
;;
restart)
- $0 stop
- $0 start
+ ${0} stop
+ ${0} start
;;
force-reload)
- $0 restart
+ ${0} restart
;;
status)
- status_of_proc -p $PIDFILE $TWISTD_PATH soledad && exit 0 || exit $?
+ status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?}
;;
*)
diff --git a/server/src/leap/soledad/server/__init__.py b/server/src/leap/soledad/server/__init__.py
index cd006f51..adb5b561 100644
--- a/server/src/leap/soledad/server/__init__.py
+++ b/server/src/leap/soledad/server/__init__.py
@@ -296,10 +296,7 @@ def load_configuration(file_path):
def application(environ, start_response):
conf = load_configuration('/etc/leap/soledad-server.conf')
- state = CouchServerState(
- conf['couch_url'],
- SoledadApp.SHARED_DB_NAME,
- SoledadTokenAuthMiddleware.TOKENS_DB)
+ state = CouchServerState(conf['couch_url'])
# WSGI application that may be used by `twistd -web`
application = GzipMiddleware(
SoledadTokenAuthMiddleware(SoledadApp(state)))