Age | Commit message (Collapse) | Author |
|
- bug: we were dumping the received secrets locally to disk *before*
setting the received property for the active secret, and therefore the
'active_secret' was always marked as null.
- refactor common code into an utility method.
|
|
- Resolves: #7412
|
|
From:
[refactor] removing getters and setters from couch.py
_couch_url was a private variable with getter and setter doing the same
as a public variable. It is accessed all over the code, so being private
with getters and setters didnt make sense. This commit fixes the tests
to also follow this style from now on.
|
|
|
|
|
|
|
|
Previous to this modification, the initialization of the sync decrypter pool
could happen concurrently with other database operations. That could cause the
pool to hang because it could be waiting for something that was mistakenly
deleted because of the wrong order of database operations.
This commit implements a standard which we already use in leap.keymanager and
leap.mail which makes some methods wait for the initialization operation
before they are actually called.
Closes: #7386
|
|
|
|
SoledadCrypto had Soledad as parameter to be able to use
SoledadSecrets. SoledadSecrets had SoledadCrypto as parameter to use
*crypt_sym. This commit removes this circular dependency passing
directly the secret that SoledadCrypto cares about to the constructor
and removing the *crypt_sym methods from SoledadCrypto.
- Resolves: #7338
|
|
|
|
Because of how the incoming document queue is implemented, it could be the
case that a document was sent to async decryption queue more than once. This
commit creates a list of documents to be decrypted, so we avoid sending the
same document to the queue more than once.
|
|
The incoming documents events are meant to be used by a progress bar for
soledad sync, yet to be implemented. When deferred decryption was used, the
events were sent out of order, depending on the order of arrival of the
documents. This commit changes it so that the content of the emited events are
in order, so it is meaningful for the implementation of a progress bar.
Note that even after documents are received from the server, they will still
be decrypted asynchronously, so another signal could be implemented to signal
for the waiting of the decryption of incoming documents.
|
|
This is how a secret was stored in the secrets json file:
* each secret is symmetrically encrypted amd MACed with keys derived from
the user's passphrase.
* the encrypted secrets dictionary is then MACed with another key derived
* from the user's passphrase.
* each key is derived using scrypt and a unique random salt.
There are disadvantages to this approach:
* repeating scrypt many times is a waste of time.
* an attacker could crack whichever has weaker parameters, if they get out
of sync.
* if an attacker can modify the secret in a way it is good to decrypt the
database, then she can also modify the MAC.
The solution for this is:
* completelly eliminate the MAC from the storage secrets file.
* attempt to decrypt the database with whatever is got from the decryption
of the secret. If that is wrong, report an error.
Closes #6980.
|
|
It makes the code simpler and clearer to use a deferred instead of
having to pull on 'has_finished'.
- Related: #7234
|
|
bump leap.common min required version, new change needed
'collect_plugins'.
|
|
|
|
|
|
Tag version 0.7.0.
Conflicts:
client/pkg/requirements.pip
common/pkg/requirements.pip
|
|
Previous to this change, the actual encryption method used to run on its own
thread. When the close method was called from another thread, the queue could
be deleted after the encryption method loop had started, but before the queue
was checked for new items.
By removing that thread and moving the encryption loop to the reactor, that
race condition should disappear.
Closes: #7088.
|
|
|
|
|
|
- Related: #6359
|
|
Instead of opening one TCP connection for each HTTP request, we want to reuse
connections. Also, we need to be able to verify SSL certificates. This commit
implements both features in the twisted http client sync.
|
|
This change uses twisted deferreds for the whole syncing process and paves the
way to implementing other transport schemes. It removes a lot of threaded code
that used locks and was very difficult to maintain, and lets twisted to the
dirty work. Furthermore, all blocking network i/o is now handled
asynchronously by the twisted.
This commit removes the possibility of interrupting a sync, and we should
reimplement it using cancellable deferreds if we need it.
|
|
This commit actually does some different things:
* When doing asynchronous decryption of incoming documents in soledad client
during a sync, there was the possibility that a document corresponding to
a newer generation would be decrypted and inserted in the local database
before a document corresponding to an older generation. When this
happened, the metadata about the target database (i.e. its locally-known
generation) would be first updated to the newer generation, and then an
attempt to insert a document corresponding to an older generation would
cause the infamous InvalidGeneration error.
To fix that we use the sync-index information that is contained in the
sync stream to correctly find the insertable docs to be inserted in the
local database, thus avoiding the problem described above.
* Refactor the sync encrypt/decrypt pool to its own file.
* Fix the use of twisted adbapi with multiprocessing.
Closes: #6757.
|
|
Since we started implementing twisted api in soledad, some pieces are missing.
Accessing the sqlcipher database directly with the twisted adbapi facilities
is one of them. The async encryption/decryption was touching the database
directly, and this was causing some difficulties like having different threads
accessing the same database. This commit implements the twisted adbapi stuff
for the asynchronous encryption/decryption facilities.
Next steps would be use async adbapi for async encryption and use async adbapi
for all sqlcipher access.
|
|
|
|
We always got a log message saying "canceling sync threads" in the end of the
sync process, even when there was no error during the sync. This commit
changes that in a way that we only have that log when the sync was actually
cancelled because of an error.
|
|
Both deferred encryption and decryption rely on a special sync db. Previous to
this fix, the sync db was only initialized if a syncer was configured with
deferred encryption capabilities. This was a problem when the syncer was not
configured like so, but the actual sync method was initiated configured to do
deferred decryption.
This commit fixes this by always initializing the sync db, so we have the
option of doing all combinations of deferred encryption and decryption.
|
|
Add dependency on twisted for Soledad Client. Also remove minimum twisted
version for Soledad Server because debian stable currently distributes 12.0.0
and pypi currently distributes 15.0.0.
Closes: #6797
|
|
|
|
|
|
(#6400).
|
|
|
|
|
|
(#5975).
|
|
|
|
|
|
|
|
This reverts commit 6eeed5c116d38ebae7d9309dd2f11660f6cff37e.
|
|
|
|
'drebs/feature/4348_add-mac-verification-to-recovery-doc' into develop
|
|
|
|
into develop
|
|
|
|
|
|
|
|
* add versioneer (patched for our particular repo config)
* add parse_requirements to unify requirement handling
|
|
|