From 1d7e51aad9e3cd649d0921b533669fa24cbd7ab2 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 7 Oct 2014 13:47:39 -0300 Subject: Bump version of dep on soledad.common. --- server/pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server/pkg') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index be5d156b..28717664 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -9,7 +9,7 @@ PyOpenSSL<0.14 twisted>=12.0.0 # leap deps -- bump me! -leap.soledad.common>=0.3.0 +leap.soledad.common>=0.6.0 # # Things yet to fix: -- cgit v1.2.3 From 17682563bd30e780cf7d620624a856376d257e83 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 26 Nov 2014 20:20:52 -0200 Subject: Enforce TLSv1 in soledad server (#6437). --- server/pkg/soledad | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'server/pkg') diff --git a/server/pkg/soledad b/server/pkg/soledad index 841233d1..62b7c5f8 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -19,6 +19,7 @@ CERT_PATH=/etc/leap/soledad-server.pem PRIVKEY_PATH=/etc/leap/soledad-server.key TWISTD_PATH=/usr/bin/twistd HOME=/var/lib/soledad/ +SSL_METHOD=TLSv1_METHOD [ -r /etc/default/soledad ] && . /etc/default/soledad @@ -35,7 +36,7 @@ case "$1" in --logfile=$LOGFILE \ web \ --wsgi=$OBJ \ - --port=ssl:$HTTPS_PORT:privateKey=$PRIVKEY_PATH:certKey=$CERT_PATH + --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} echo "." ;; -- cgit v1.2.3 From 93bd3fb17670c0c8db5b50028ba2b3ce811dcf5d Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 26 Nov 2014 20:23:33 -0200 Subject: Run daemon as user soledad (#6436). --- server/pkg/soledad | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'server/pkg') diff --git a/server/pkg/soledad b/server/pkg/soledad index 62b7c5f8..7f48e2c8 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -20,6 +20,8 @@ PRIVKEY_PATH=/etc/leap/soledad-server.key TWISTD_PATH=/usr/bin/twistd HOME=/var/lib/soledad/ SSL_METHOD=TLSv1_METHOD +USER=soledad +GROUP=soledad [ -r /etc/default/soledad ] && . /etc/default/soledad @@ -31,7 +33,9 @@ test -r /etc/leap/ || exit 0 case "$1" in start) echo -n "Starting soledad: twistd" - start-stop-daemon --start --quiet --exec $TWISTD_PATH -- \ + start-stop-daemon --start --quiet \ + --user=$USER --group=$GROUP \ + --exec $TWISTD_PATH -- \ --pidfile=$PIDFILE \ --logfile=$LOGFILE \ web \ -- cgit v1.2.3 From 2414b23ecdb8cfc8b8a5852243c22b6fbb89536f Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 28 Nov 2014 09:39:41 -0200 Subject: Enclose server initscript variables in curly brackets. --- server/pkg/soledad | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'server/pkg') diff --git a/server/pkg/soledad b/server/pkg/soledad index 7f48e2c8..bf24dac2 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -30,16 +30,16 @@ test -r /etc/leap/ || exit 0 . /lib/lsb/init-functions -case "$1" in +case "${1}" in start) echo -n "Starting soledad: twistd" start-stop-daemon --start --quiet \ - --user=$USER --group=$GROUP \ - --exec $TWISTD_PATH -- \ - --pidfile=$PIDFILE \ - --logfile=$LOGFILE \ + --user=${USER} --group=${GROUP} \ + --exec ${TWISTD_PATH} -- \ + --pidfile=${PIDFILE} \ + --logfile=${LOGFILE} \ web \ - --wsgi=$OBJ \ + --wsgi=${OBJ} \ --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} echo "." ;; @@ -47,21 +47,21 @@ case "$1" in stop) echo -n "Stopping soledad: twistd" start-stop-daemon --stop --quiet \ - --pidfile $PIDFILE + --pidfile ${PIDFILE} echo "." ;; restart) - $0 stop - $0 start + ${0} stop + ${0} start ;; force-reload) - $0 restart + ${0} restart ;; status) - status_of_proc -p $PIDFILE $TWISTD_PATH soledad && exit 0 || exit $? + status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?} ;; *) -- cgit v1.2.3 From 31eeafd715f407c61d8de4e6555241a1de33fba1 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 3 Dec 2014 00:22:18 +0100 Subject: Use SSL negotiation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Although the API can be misleading, PROTOCOL_SSLv23 selects the highest protocol version that both the client and server support. Despite the name, this option can select “TLS” protocols as well as “SSL”. In this way, we can use TLSv1.2 (PROTOCOL_TLSv1 will *only* give us TLS v1.0) In the client side, we try to disable SSLv2 and SSLv3 options explicitely. The python version in wheezy does not offer PROTOCOL_TLSv1_2 nor OP_NO_SSLv2 or OP_NO_SSLv3 (It's new in 2.7.9) --- server/pkg/soledad | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server/pkg') diff --git a/server/pkg/soledad b/server/pkg/soledad index bf24dac2..ccb3e9b0 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -19,7 +19,7 @@ CERT_PATH=/etc/leap/soledad-server.pem PRIVKEY_PATH=/etc/leap/soledad-server.key TWISTD_PATH=/usr/bin/twistd HOME=/var/lib/soledad/ -SSL_METHOD=TLSv1_METHOD +SSL_METHOD=SSLv23_METHOD USER=soledad GROUP=soledad -- cgit v1.2.3 From e909a218efb0ad31f413c47c90303f44f6906158 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 16 Dec 2014 14:47:21 -0200 Subject: Fix server initscript location (#6557). --- server/pkg/soledad | 73 ----------------------------------------------- server/pkg/soledad-server | 73 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 73 deletions(-) delete mode 100644 server/pkg/soledad create mode 100644 server/pkg/soledad-server (limited to 'server/pkg') diff --git a/server/pkg/soledad b/server/pkg/soledad deleted file mode 100644 index ccb3e9b0..00000000 --- a/server/pkg/soledad +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: soledad -# Required-Start: $network $named $remote_fs $syslog $time -# Required-Stop: $network $named $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start soledad daemon at boot time -# Description: Synchronization of locally encrypted data among devices -### END INIT INFO - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -PIDFILE=/var/run/soledad.pid -RUNDIR=/var/lib/soledad/ -OBJ=leap.soledad.server.application -LOGFILE=/var/log/soledad.log -HTTPS_PORT=2424 -CERT_PATH=/etc/leap/soledad-server.pem -PRIVKEY_PATH=/etc/leap/soledad-server.key -TWISTD_PATH=/usr/bin/twistd -HOME=/var/lib/soledad/ -SSL_METHOD=SSLv23_METHOD -USER=soledad -GROUP=soledad - -[ -r /etc/default/soledad ] && . /etc/default/soledad - -test -r /etc/leap/ || exit 0 - -. /lib/lsb/init-functions - - -case "${1}" in - start) - echo -n "Starting soledad: twistd" - start-stop-daemon --start --quiet \ - --user=${USER} --group=${GROUP} \ - --exec ${TWISTD_PATH} -- \ - --pidfile=${PIDFILE} \ - --logfile=${LOGFILE} \ - web \ - --wsgi=${OBJ} \ - --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} - echo "." - ;; - - stop) - echo -n "Stopping soledad: twistd" - start-stop-daemon --stop --quiet \ - --pidfile ${PIDFILE} - echo "." - ;; - - restart) - ${0} stop - ${0} start - ;; - - force-reload) - ${0} restart - ;; - - status) - status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?} - ;; - - *) - echo "Usage: /etc/init.d/soledad {start|stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/server/pkg/soledad-server b/server/pkg/soledad-server new file mode 100644 index 00000000..ccb3e9b0 --- /dev/null +++ b/server/pkg/soledad-server @@ -0,0 +1,73 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: soledad +# Required-Start: $network $named $remote_fs $syslog $time +# Required-Stop: $network $named $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start soledad daemon at boot time +# Description: Synchronization of locally encrypted data among devices +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +PIDFILE=/var/run/soledad.pid +RUNDIR=/var/lib/soledad/ +OBJ=leap.soledad.server.application +LOGFILE=/var/log/soledad.log +HTTPS_PORT=2424 +CERT_PATH=/etc/leap/soledad-server.pem +PRIVKEY_PATH=/etc/leap/soledad-server.key +TWISTD_PATH=/usr/bin/twistd +HOME=/var/lib/soledad/ +SSL_METHOD=SSLv23_METHOD +USER=soledad +GROUP=soledad + +[ -r /etc/default/soledad ] && . /etc/default/soledad + +test -r /etc/leap/ || exit 0 + +. /lib/lsb/init-functions + + +case "${1}" in + start) + echo -n "Starting soledad: twistd" + start-stop-daemon --start --quiet \ + --user=${USER} --group=${GROUP} \ + --exec ${TWISTD_PATH} -- \ + --pidfile=${PIDFILE} \ + --logfile=${LOGFILE} \ + web \ + --wsgi=${OBJ} \ + --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} + echo "." + ;; + + stop) + echo -n "Stopping soledad: twistd" + start-stop-daemon --stop --quiet \ + --pidfile ${PIDFILE} + echo "." + ;; + + restart) + ${0} stop + ${0} start + ;; + + force-reload) + ${0} restart + ;; + + status) + status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?} + ;; + + *) + echo "Usage: /etc/init.d/soledad {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 -- cgit v1.2.3 From 61a56f2ee301212d96c2d95a21d524bc06b3a677 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 9 Mar 2015 15:22:17 -0300 Subject: Fix soledad initscript uid and gid. --- server/pkg/soledad-server | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server/pkg') diff --git a/server/pkg/soledad-server b/server/pkg/soledad-server index ccb3e9b0..811ad55b 100644 --- a/server/pkg/soledad-server +++ b/server/pkg/soledad-server @@ -34,8 +34,8 @@ case "${1}" in start) echo -n "Starting soledad: twistd" start-stop-daemon --start --quiet \ - --user=${USER} --group=${GROUP} \ --exec ${TWISTD_PATH} -- \ + --uid=${USER} --gid=${GROUP} \ --pidfile=${PIDFILE} \ --logfile=${LOGFILE} \ web \ -- cgit v1.2.3 From 4b78cf9da0874501fa123a02b53d7650e8dfcdf1 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 19 Mar 2015 09:54:38 -0300 Subject: [fix] add/fix dependency on twisted Add dependency on twisted for Soledad Client. Also remove minimum twisted version for Soledad Server because debian stable currently distributes 12.0.0 and pypi currently distributes 15.0.0. Closes: #6797 --- server/pkg/requirements.pip | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'server/pkg') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index 28717664..89ec52e7 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -4,9 +4,7 @@ simplejson u1db routes PyOpenSSL<0.14 - -# TODO: maybe we just want twisted-web? -twisted>=12.0.0 +twisted # leap deps -- bump me! leap.soledad.common>=0.6.0 -- cgit v1.2.3 From 74dec41c1d99ae8d4a4a79a7cb0d5c3c9f40cbae Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 19 Mar 2015 10:57:54 -0300 Subject: [fix] add explicit dependency on leap.common In the past, we wanted dependency on leap.common to be optional, but now because of the explicit use of the config path prefix and signaling, we want to enforce dependency on leap.common. --- server/pkg/requirements.pip | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'server/pkg') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index 89ec52e7..c65ee4f5 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -9,12 +9,7 @@ twisted # leap deps -- bump me! leap.soledad.common>=0.6.0 -# -# Things yet to fix: -# - -# oauth is not strictly needed by us, but we need it -# until u1db adds it to its release as a dep. - +# XXX -- fix me! +# oauth is not strictly needed by us, but we need it until u1db adds it to its +# release as a dep. oauth - -- cgit v1.2.3 From 340b0dcfbc0a819738a28f9c803fdbf848754897 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 14 May 2015 11:52:20 -0300 Subject: [pkg] bump version of server dependency on common soledad-common versions before 0.6.5 do not contain the fix for #6833 and thus will not work with most recent server. That is why we have to bump this soledad-server dependency on soledad.common. --- server/pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server/pkg') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index c65ee4f5..df6ad95d 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -7,7 +7,7 @@ PyOpenSSL<0.14 twisted # leap deps -- bump me! -leap.soledad.common>=0.6.0 +leap.soledad.common>=0.6.5 # XXX -- fix me! # oauth is not strictly needed by us, but we need it until u1db adds it to its -- cgit v1.2.3