From 1d7e51aad9e3cd649d0921b533669fa24cbd7ab2 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 7 Oct 2014 13:47:39 -0300 Subject: Bump version of dep on soledad.common. --- server/pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index be5d156b..28717664 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -9,7 +9,7 @@ PyOpenSSL<0.14 twisted>=12.0.0 # leap deps -- bump me! -leap.soledad.common>=0.3.0 +leap.soledad.common>=0.6.0 # # Things yet to fix: -- cgit v1.2.3 From 17682563bd30e780cf7d620624a856376d257e83 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 26 Nov 2014 20:20:52 -0200 Subject: Enforce TLSv1 in soledad server (#6437). --- server/changes/bug_6437_avoid-sslv3 | 1 + server/pkg/soledad | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 server/changes/bug_6437_avoid-sslv3 (limited to 'server') diff --git a/server/changes/bug_6437_avoid-sslv3 b/server/changes/bug_6437_avoid-sslv3 new file mode 100644 index 00000000..5d41fbb3 --- /dev/null +++ b/server/changes/bug_6437_avoid-sslv3 @@ -0,0 +1 @@ + o Avoid use of SSLv3 (#6437). diff --git a/server/pkg/soledad b/server/pkg/soledad index 841233d1..62b7c5f8 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -19,6 +19,7 @@ CERT_PATH=/etc/leap/soledad-server.pem PRIVKEY_PATH=/etc/leap/soledad-server.key TWISTD_PATH=/usr/bin/twistd HOME=/var/lib/soledad/ +SSL_METHOD=TLSv1_METHOD [ -r /etc/default/soledad ] && . /etc/default/soledad @@ -35,7 +36,7 @@ case "$1" in --logfile=$LOGFILE \ web \ --wsgi=$OBJ \ - --port=ssl:$HTTPS_PORT:privateKey=$PRIVKEY_PATH:certKey=$CERT_PATH + --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} echo "." ;; -- cgit v1.2.3 From 93bd3fb17670c0c8db5b50028ba2b3ce811dcf5d Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 26 Nov 2014 20:23:33 -0200 Subject: Run daemon as user soledad (#6436). --- server/changes/bug_6436_run-daemon-as-user-soledad | 1 + server/pkg/soledad | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 server/changes/bug_6436_run-daemon-as-user-soledad (limited to 'server') diff --git a/server/changes/bug_6436_run-daemon-as-user-soledad b/server/changes/bug_6436_run-daemon-as-user-soledad new file mode 100644 index 00000000..886964f1 --- /dev/null +++ b/server/changes/bug_6436_run-daemon-as-user-soledad @@ -0,0 +1 @@ + o Run daemon as user soledad (#6436). diff --git a/server/pkg/soledad b/server/pkg/soledad index 62b7c5f8..7f48e2c8 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -20,6 +20,8 @@ PRIVKEY_PATH=/etc/leap/soledad-server.key TWISTD_PATH=/usr/bin/twistd HOME=/var/lib/soledad/ SSL_METHOD=TLSv1_METHOD +USER=soledad +GROUP=soledad [ -r /etc/default/soledad ] && . /etc/default/soledad @@ -31,7 +33,9 @@ test -r /etc/leap/ || exit 0 case "$1" in start) echo -n "Starting soledad: twistd" - start-stop-daemon --start --quiet --exec $TWISTD_PATH -- \ + start-stop-daemon --start --quiet \ + --user=$USER --group=$GROUP \ + --exec $TWISTD_PATH -- \ --pidfile=$PIDFILE \ --logfile=$LOGFILE \ web \ -- cgit v1.2.3 From 2414b23ecdb8cfc8b8a5852243c22b6fbb89536f Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 28 Nov 2014 09:39:41 -0200 Subject: Enclose server initscript variables in curly brackets. --- server/pkg/soledad | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'server') diff --git a/server/pkg/soledad b/server/pkg/soledad index 7f48e2c8..bf24dac2 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -30,16 +30,16 @@ test -r /etc/leap/ || exit 0 . /lib/lsb/init-functions -case "$1" in +case "${1}" in start) echo -n "Starting soledad: twistd" start-stop-daemon --start --quiet \ - --user=$USER --group=$GROUP \ - --exec $TWISTD_PATH -- \ - --pidfile=$PIDFILE \ - --logfile=$LOGFILE \ + --user=${USER} --group=${GROUP} \ + --exec ${TWISTD_PATH} -- \ + --pidfile=${PIDFILE} \ + --logfile=${LOGFILE} \ web \ - --wsgi=$OBJ \ + --wsgi=${OBJ} \ --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} echo "." ;; @@ -47,21 +47,21 @@ case "$1" in stop) echo -n "Stopping soledad: twistd" start-stop-daemon --stop --quiet \ - --pidfile $PIDFILE + --pidfile ${PIDFILE} echo "." ;; restart) - $0 stop - $0 start + ${0} stop + ${0} start ;; force-reload) - $0 restart + ${0} restart ;; status) - status_of_proc -p $PIDFILE $TWISTD_PATH soledad && exit 0 || exit $? + status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?} ;; *) -- cgit v1.2.3 From 31eeafd715f407c61d8de4e6555241a1de33fba1 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 3 Dec 2014 00:22:18 +0100 Subject: Use SSL negotiation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Although the API can be misleading, PROTOCOL_SSLv23 selects the highest protocol version that both the client and server support. Despite the name, this option can select “TLS” protocols as well as “SSL”. In this way, we can use TLSv1.2 (PROTOCOL_TLSv1 will *only* give us TLS v1.0) In the client side, we try to disable SSLv2 and SSLv3 options explicitely. The python version in wheezy does not offer PROTOCOL_TLSv1_2 nor OP_NO_SSLv2 or OP_NO_SSLv3 (It's new in 2.7.9) --- server/pkg/soledad | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/pkg/soledad b/server/pkg/soledad index bf24dac2..ccb3e9b0 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad @@ -19,7 +19,7 @@ CERT_PATH=/etc/leap/soledad-server.pem PRIVKEY_PATH=/etc/leap/soledad-server.key TWISTD_PATH=/usr/bin/twistd HOME=/var/lib/soledad/ -SSL_METHOD=TLSv1_METHOD +SSL_METHOD=SSLv23_METHOD USER=soledad GROUP=soledad -- cgit v1.2.3 From e909a218efb0ad31f413c47c90303f44f6906158 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 16 Dec 2014 14:47:21 -0200 Subject: Fix server initscript location (#6557). --- .../bug_6557_fix-server-initscript-location | 1 + server/pkg/soledad | 73 ---------------------- server/pkg/soledad-server | 73 ++++++++++++++++++++++ server/setup.py | 2 +- 4 files changed, 75 insertions(+), 74 deletions(-) create mode 100644 server/changes/bug_6557_fix-server-initscript-location delete mode 100644 server/pkg/soledad create mode 100644 server/pkg/soledad-server (limited to 'server') diff --git a/server/changes/bug_6557_fix-server-initscript-location b/server/changes/bug_6557_fix-server-initscript-location new file mode 100644 index 00000000..6032b302 --- /dev/null +++ b/server/changes/bug_6557_fix-server-initscript-location @@ -0,0 +1 @@ + o Fix server initscript location (#6557). diff --git a/server/pkg/soledad b/server/pkg/soledad deleted file mode 100644 index ccb3e9b0..00000000 --- a/server/pkg/soledad +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: soledad -# Required-Start: $network $named $remote_fs $syslog $time -# Required-Stop: $network $named $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start soledad daemon at boot time -# Description: Synchronization of locally encrypted data among devices -### END INIT INFO - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -PIDFILE=/var/run/soledad.pid -RUNDIR=/var/lib/soledad/ -OBJ=leap.soledad.server.application -LOGFILE=/var/log/soledad.log -HTTPS_PORT=2424 -CERT_PATH=/etc/leap/soledad-server.pem -PRIVKEY_PATH=/etc/leap/soledad-server.key -TWISTD_PATH=/usr/bin/twistd -HOME=/var/lib/soledad/ -SSL_METHOD=SSLv23_METHOD -USER=soledad -GROUP=soledad - -[ -r /etc/default/soledad ] && . /etc/default/soledad - -test -r /etc/leap/ || exit 0 - -. /lib/lsb/init-functions - - -case "${1}" in - start) - echo -n "Starting soledad: twistd" - start-stop-daemon --start --quiet \ - --user=${USER} --group=${GROUP} \ - --exec ${TWISTD_PATH} -- \ - --pidfile=${PIDFILE} \ - --logfile=${LOGFILE} \ - web \ - --wsgi=${OBJ} \ - --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} - echo "." - ;; - - stop) - echo -n "Stopping soledad: twistd" - start-stop-daemon --stop --quiet \ - --pidfile ${PIDFILE} - echo "." - ;; - - restart) - ${0} stop - ${0} start - ;; - - force-reload) - ${0} restart - ;; - - status) - status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?} - ;; - - *) - echo "Usage: /etc/init.d/soledad {start|stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/server/pkg/soledad-server b/server/pkg/soledad-server new file mode 100644 index 00000000..ccb3e9b0 --- /dev/null +++ b/server/pkg/soledad-server @@ -0,0 +1,73 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: soledad +# Required-Start: $network $named $remote_fs $syslog $time +# Required-Stop: $network $named $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start soledad daemon at boot time +# Description: Synchronization of locally encrypted data among devices +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +PIDFILE=/var/run/soledad.pid +RUNDIR=/var/lib/soledad/ +OBJ=leap.soledad.server.application +LOGFILE=/var/log/soledad.log +HTTPS_PORT=2424 +CERT_PATH=/etc/leap/soledad-server.pem +PRIVKEY_PATH=/etc/leap/soledad-server.key +TWISTD_PATH=/usr/bin/twistd +HOME=/var/lib/soledad/ +SSL_METHOD=SSLv23_METHOD +USER=soledad +GROUP=soledad + +[ -r /etc/default/soledad ] && . /etc/default/soledad + +test -r /etc/leap/ || exit 0 + +. /lib/lsb/init-functions + + +case "${1}" in + start) + echo -n "Starting soledad: twistd" + start-stop-daemon --start --quiet \ + --user=${USER} --group=${GROUP} \ + --exec ${TWISTD_PATH} -- \ + --pidfile=${PIDFILE} \ + --logfile=${LOGFILE} \ + web \ + --wsgi=${OBJ} \ + --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD} + echo "." + ;; + + stop) + echo -n "Stopping soledad: twistd" + start-stop-daemon --stop --quiet \ + --pidfile ${PIDFILE} + echo "." + ;; + + restart) + ${0} stop + ${0} start + ;; + + force-reload) + ${0} restart + ;; + + status) + status_of_proc -p ${PIDFILE} ${TWISTD_PATH} soledad && exit 0 || exit ${?} + ;; + + *) + echo "Usage: /etc/init.d/soledad {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/server/setup.py b/server/setup.py index 573622ce..124ddd32 100644 --- a/server/setup.py +++ b/server/setup.py @@ -35,7 +35,7 @@ if isset('VIRTUAL_ENV') or isset('LEAP_SKIP_INIT'): data_files = None else: # XXX this should go only for linux/mac - data_files = [("/etc/init.d/", ["pkg/soledad"])] + data_files = [("/etc/init.d/", ["pkg/soledad-server"])] trove_classifiers = ( -- cgit v1.2.3 From 61a56f2ee301212d96c2d95a21d524bc06b3a677 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 9 Mar 2015 15:22:17 -0300 Subject: Fix soledad initscript uid and gid. --- server/changes/bug_fix-initscript-uid-and-gid | 1 + server/pkg/soledad-server | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 server/changes/bug_fix-initscript-uid-and-gid (limited to 'server') diff --git a/server/changes/bug_fix-initscript-uid-and-gid b/server/changes/bug_fix-initscript-uid-and-gid new file mode 100644 index 00000000..d4767984 --- /dev/null +++ b/server/changes/bug_fix-initscript-uid-and-gid @@ -0,0 +1 @@ + o Fix server daemon uid and gid by passing them to twistd on the initscript. diff --git a/server/pkg/soledad-server b/server/pkg/soledad-server index ccb3e9b0..811ad55b 100644 --- a/server/pkg/soledad-server +++ b/server/pkg/soledad-server @@ -34,8 +34,8 @@ case "${1}" in start) echo -n "Starting soledad: twistd" start-stop-daemon --start --quiet \ - --user=${USER} --group=${GROUP} \ --exec ${TWISTD_PATH} -- \ + --uid=${USER} --gid=${GROUP} \ --pidfile=${PIDFILE} \ --logfile=${LOGFILE} \ web \ -- cgit v1.2.3 From cf3c5018820f982ae64c2e062391b0a3b6e52f21 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 11 Mar 2015 14:33:10 -0300 Subject: [feat] use monthly tokens database Any solead release that includes this commit will be incompatible with LEAP Platform < 0.6.1 because only from that version on the platform implements the ephemeral monthly tokens databases. Closes: #6785. --- server/changes/feature_6785_use-monthly-token-db | 1 + server/src/leap/soledad/server/auth.py | 22 +++++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) create mode 100644 server/changes/feature_6785_use-monthly-token-db (limited to 'server') diff --git a/server/changes/feature_6785_use-monthly-token-db b/server/changes/feature_6785_use-monthly-token-db new file mode 100644 index 00000000..f7987cad --- /dev/null +++ b/server/changes/feature_6785_use-monthly-token-db @@ -0,0 +1 @@ + o Use monthly token databases. Closes #6785. diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index 57f600a1..7af4e54b 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -21,10 +21,10 @@ Authentication facilities for Soledad Server. """ +import time import httplib import simplejson as json - from u1db import DBNAME_CONSTRAINTS, errors as u1db_errors from abc import ABCMeta, abstractmethod from routes.mapper import Mapper @@ -32,12 +32,8 @@ from couchdb.client import Server from twisted.python import log from hashlib import sha512 - -from leap.soledad.common import ( - SHARED_DB_NAME, - SHARED_DB_LOCK_DOC_ID_PREFIX, - USER_DB_PREFIX, -) +from leap.soledad.common import SHARED_DB_NAME +from leap.soledad.common import USER_DB_PREFIX from leap.soledad.common.errors import InvalidAuthTokenError @@ -354,7 +350,8 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware): Token based authentication. """ - TOKENS_DB = "tokens" + TOKENS_DB_PREFIX = "tokens_" + TOKENS_DB_EXPIRE = 30 * 24 * 3600 # 30 days in seconds TOKENS_TYPE_KEY = "type" TOKENS_TYPE_DEF = "Token" TOKENS_USER_ID_KEY = "user_id" @@ -414,7 +411,14 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware): invalid. """ server = Server(url=self._app.state.couch_url) - dbname = self.TOKENS_DB + # the tokens db rotates every 30 days, and the current db name is + # "tokens_NNN", where NNN is the number of seconds since epoch divided + # by the rotate period in seconds. When rotating, old and new tokens + # db coexist during a certain window of time and valid tokens are + # replicated from the old db to the new one. See: + # https://leap.se/code/issues/6785 + dbname = self.TOKENS_DB_PREFIX + \ + str(int(time.time() / self.TOKENS_DB_EXPIRE)) db = server[dbname] # lookup key is a hash of the token to prevent timing attacks. token = db.get(sha512(token).hexdigest()) -- cgit v1.2.3 From 4b78cf9da0874501fa123a02b53d7650e8dfcdf1 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 19 Mar 2015 09:54:38 -0300 Subject: [fix] add/fix dependency on twisted Add dependency on twisted for Soledad Client. Also remove minimum twisted version for Soledad Server because debian stable currently distributes 12.0.0 and pypi currently distributes 15.0.0. Closes: #6797 --- server/changes/bug_6797_add-dependency-on-twisted | 1 + server/pkg/requirements.pip | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) create mode 100644 server/changes/bug_6797_add-dependency-on-twisted (limited to 'server') diff --git a/server/changes/bug_6797_add-dependency-on-twisted b/server/changes/bug_6797_add-dependency-on-twisted new file mode 100644 index 00000000..962222b0 --- /dev/null +++ b/server/changes/bug_6797_add-dependency-on-twisted @@ -0,0 +1 @@ + o Add dependency on Twisted. Closes #6797. diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index 28717664..89ec52e7 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -4,9 +4,7 @@ simplejson u1db routes PyOpenSSL<0.14 - -# TODO: maybe we just want twisted-web? -twisted>=12.0.0 +twisted # leap deps -- bump me! leap.soledad.common>=0.6.0 -- cgit v1.2.3 From 74dec41c1d99ae8d4a4a79a7cb0d5c3c9f40cbae Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 19 Mar 2015 10:57:54 -0300 Subject: [fix] add explicit dependency on leap.common In the past, we wanted dependency on leap.common to be optional, but now because of the explicit use of the config path prefix and signaling, we want to enforce dependency on leap.common. --- server/pkg/requirements.pip | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'server') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index 89ec52e7..c65ee4f5 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -9,12 +9,7 @@ twisted # leap deps -- bump me! leap.soledad.common>=0.6.0 -# -# Things yet to fix: -# - -# oauth is not strictly needed by us, but we need it -# until u1db adds it to its release as a dep. - +# XXX -- fix me! +# oauth is not strictly needed by us, but we need it until u1db adds it to its +# release as a dep. oauth - -- cgit v1.2.3 From 5a9eac4ba0d4ddc419fdaaee4d08dbc7d8115294 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 9 Apr 2015 12:20:19 -0300 Subject: [fix] remove unneded params to CouchServerState This commit removes some leftover code from a time when Soledad Server used to check for permissions on certain databases when starting (i.e. shared and tokens databases). This was later removed as correct permissions enforcement was relayed to tapicero. Closes: #6833. --- .../changes/bug_6833_remove-unneeded-params-from-couch-server-state | 2 ++ server/src/leap/soledad/server/__init__.py | 5 +---- 2 files changed, 3 insertions(+), 4 deletions(-) create mode 100644 server/changes/bug_6833_remove-unneeded-params-from-couch-server-state (limited to 'server') diff --git a/server/changes/bug_6833_remove-unneeded-params-from-couch-server-state b/server/changes/bug_6833_remove-unneeded-params-from-couch-server-state new file mode 100644 index 00000000..2c927717 --- /dev/null +++ b/server/changes/bug_6833_remove-unneeded-params-from-couch-server-state @@ -0,0 +1,2 @@ + o Remove unneeded parameters from CouchServerState initialization. Closes + #6833. diff --git a/server/src/leap/soledad/server/__init__.py b/server/src/leap/soledad/server/__init__.py index cd006f51..adb5b561 100644 --- a/server/src/leap/soledad/server/__init__.py +++ b/server/src/leap/soledad/server/__init__.py @@ -296,10 +296,7 @@ def load_configuration(file_path): def application(environ, start_response): conf = load_configuration('/etc/leap/soledad-server.conf') - state = CouchServerState( - conf['couch_url'], - SoledadApp.SHARED_DB_NAME, - SoledadTokenAuthMiddleware.TOKENS_DB) + state = CouchServerState(conf['couch_url']) # WSGI application that may be used by `twistd -web` application = GzipMiddleware( SoledadTokenAuthMiddleware(SoledadApp(state))) -- cgit v1.2.3 From 340b0dcfbc0a819738a28f9c803fdbf848754897 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 14 May 2015 11:52:20 -0300 Subject: [pkg] bump version of server dependency on common soledad-common versions before 0.6.5 do not contain the fix for #6833 and thus will not work with most recent server. That is why we have to bump this soledad-server dependency on soledad.common. --- server/pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index c65ee4f5..df6ad95d 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -7,7 +7,7 @@ PyOpenSSL<0.14 twisted # leap deps -- bump me! -leap.soledad.common>=0.6.0 +leap.soledad.common>=0.6.5 # XXX -- fix me! # oauth is not strictly needed by us, but we need it until u1db adds it to its -- cgit v1.2.3 From 9fb1c47ca7da06d6feef6846b812aec28128ed78 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 1 Jun 2015 14:54:27 -0300 Subject: [pkg] fold in changes --- server/changes/bug_6436_run-daemon-as-user-soledad | 1 - server/changes/bug_6437_avoid-sslv3 | 1 - server/changes/bug_6557_fix-server-initscript-location | 1 - server/changes/bug_6797_add-dependency-on-twisted | 1 - server/changes/bug_6833_remove-unneeded-params-from-couch-server-state | 2 -- server/changes/bug_fix-initscript-uid-and-gid | 1 - server/changes/feature_6785_use-monthly-token-db | 1 - 7 files changed, 8 deletions(-) delete mode 100644 server/changes/bug_6436_run-daemon-as-user-soledad delete mode 100644 server/changes/bug_6437_avoid-sslv3 delete mode 100644 server/changes/bug_6557_fix-server-initscript-location delete mode 100644 server/changes/bug_6797_add-dependency-on-twisted delete mode 100644 server/changes/bug_6833_remove-unneeded-params-from-couch-server-state delete mode 100644 server/changes/bug_fix-initscript-uid-and-gid delete mode 100644 server/changes/feature_6785_use-monthly-token-db (limited to 'server') diff --git a/server/changes/bug_6436_run-daemon-as-user-soledad b/server/changes/bug_6436_run-daemon-as-user-soledad deleted file mode 100644 index 886964f1..00000000 --- a/server/changes/bug_6436_run-daemon-as-user-soledad +++ /dev/null @@ -1 +0,0 @@ - o Run daemon as user soledad (#6436). diff --git a/server/changes/bug_6437_avoid-sslv3 b/server/changes/bug_6437_avoid-sslv3 deleted file mode 100644 index 5d41fbb3..00000000 --- a/server/changes/bug_6437_avoid-sslv3 +++ /dev/null @@ -1 +0,0 @@ - o Avoid use of SSLv3 (#6437). diff --git a/server/changes/bug_6557_fix-server-initscript-location b/server/changes/bug_6557_fix-server-initscript-location deleted file mode 100644 index 6032b302..00000000 --- a/server/changes/bug_6557_fix-server-initscript-location +++ /dev/null @@ -1 +0,0 @@ - o Fix server initscript location (#6557). diff --git a/server/changes/bug_6797_add-dependency-on-twisted b/server/changes/bug_6797_add-dependency-on-twisted deleted file mode 100644 index 962222b0..00000000 --- a/server/changes/bug_6797_add-dependency-on-twisted +++ /dev/null @@ -1 +0,0 @@ - o Add dependency on Twisted. Closes #6797. diff --git a/server/changes/bug_6833_remove-unneeded-params-from-couch-server-state b/server/changes/bug_6833_remove-unneeded-params-from-couch-server-state deleted file mode 100644 index 2c927717..00000000 --- a/server/changes/bug_6833_remove-unneeded-params-from-couch-server-state +++ /dev/null @@ -1,2 +0,0 @@ - o Remove unneeded parameters from CouchServerState initialization. Closes - #6833. diff --git a/server/changes/bug_fix-initscript-uid-and-gid b/server/changes/bug_fix-initscript-uid-and-gid deleted file mode 100644 index d4767984..00000000 --- a/server/changes/bug_fix-initscript-uid-and-gid +++ /dev/null @@ -1 +0,0 @@ - o Fix server daemon uid and gid by passing them to twistd on the initscript. diff --git a/server/changes/feature_6785_use-monthly-token-db b/server/changes/feature_6785_use-monthly-token-db deleted file mode 100644 index f7987cad..00000000 --- a/server/changes/feature_6785_use-monthly-token-db +++ /dev/null @@ -1 +0,0 @@ - o Use monthly token databases. Closes #6785. -- cgit v1.2.3 From 1137bf9f4a6264b3525679da474112a04b111aca Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 28 May 2015 10:12:59 -0300 Subject: [pkg] remove PyOpenSSL version pinning Once upon a time we needed to pin the PyOpenSSL version to avoid unneeded crypto deps (see https://leap.se/code/issues/5368#note-5). Since then, jessie was released and PyOpenSSL 0.14 is now shipped with it. We have removed that pinning from the debian package, and it is not needed here. --- server/pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index df6ad95d..43088222 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -3,7 +3,7 @@ couchdb simplejson u1db routes -PyOpenSSL<0.14 +PyOpenSSL twisted # leap deps -- bump me! -- cgit v1.2.3 From 82c8989ddbcc57befca806495b7040efd0cb0d4e Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 22 Jul 2015 12:36:41 -0400 Subject: [pkg] separate leap requirements this is part of a process to make the setup of the development mode less troublesome. from now on, setting up a virtualenv in pure development mode will be as easy as telling pip to just install the external dependencies:: pip install -r pkg/requirements.pip and traversing all the leap repos for the needed leap dependencies doing:: python setup.py develop - Related: #7288 --- server/pkg/requirements-leap.pip | 1 + server/pkg/requirements.pip | 3 --- server/pkg/utils.py | 29 +++++++++++++++++++++++------ server/setup.py | 18 +++++++++++++++++- 4 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 server/pkg/requirements-leap.pip (limited to 'server') diff --git a/server/pkg/requirements-leap.pip b/server/pkg/requirements-leap.pip new file mode 100644 index 00000000..aaad340c --- /dev/null +++ b/server/pkg/requirements-leap.pip @@ -0,0 +1 @@ +leap.soledad.common>=0.6.5 diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index 43088222..53f7db57 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -6,9 +6,6 @@ routes PyOpenSSL twisted -# leap deps -- bump me! -leap.soledad.common>=0.6.5 - # XXX -- fix me! # oauth is not strictly needed by us, but we need it until u1db adds it to its # release as a dep. diff --git a/server/pkg/utils.py b/server/pkg/utils.py index deace14b..d1680102 100644 --- a/server/pkg/utils.py +++ b/server/pkg/utils.py @@ -14,20 +14,34 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . - """ Utils to help in the setup process """ - import os import re import sys +def is_develop_mode(): + """ + Returns True if we're calling the setup script using the argument for + setuptools development mode. + + This avoids messing up with dependency pinning and order, the + responsibility of installing the leap dependencies is left to the + developer. + """ + args = sys.argv + devflags = "setup.py", "develop" + if (args[0], args[1]) == devflags: + return True + return False + + def get_reqs_from_files(reqfiles): """ Returns the contents of the top requirement file listed as a - string list with the lines + string list with the lines. @param reqfiles: requirement files to parse @type reqfiles: list of str @@ -43,6 +57,9 @@ def parse_requirements(reqfiles=['requirements.txt', """ Parses the requirement files provided. + The passed reqfiles list is a list of possible locations to try, the + function will return the contents of the first path found. + Checks the value of LEAP_VENV_SKIP_PYSIDE to see if it should return PySide as a dep or not. Don't set, or set to 0 if you want to install it through pip. @@ -58,9 +75,9 @@ def parse_requirements(reqfiles=['requirements.txt', if re.match(r'\s*-e\s+', line): pass # do not try to do anything with externals on vcs - #requirements.append(re.sub(r'\s*-e\s+.*#egg=(.*)$', r'\1', - #line)) - # http://foo.bar/baz/foobar/zipball/master#egg=foobar + # requirements.append(re.sub(r'\s*-e\s+.*#egg=(.*)$', r'\1', + # line)) + # http://foo.bar/baz/foobar/zipball/master#egg=foobar elif re.match(r'\s*https?:', line): requirements.append(re.sub(r'\s*https?:.*#egg=(.*)$', r'\1', line)) diff --git a/server/setup.py b/server/setup.py index 124ddd32..e7ccb4dc 100644 --- a/server/setup.py +++ b/server/setup.py @@ -116,6 +116,22 @@ cmdclass["freeze_debianver"] = freeze_debianver # XXX add ref to docs +requirements = utils.parse_requirements() + +if utils.is_develop_mode(): + print + print ("[WARNING] Skipping leap-specific dependencies " + "because development mode is detected.") + print ("[WARNING] You can install " + "the latest published versions with " + "'pip install -r pkg/requirements-leap.pip'") + print ("[WARNING] Or you can instead do 'python setup.py develop' " + "from the parent folder of each one of them.") + print +else: + requirements += utils.parse_requirements( + reqfiles=["pkg/requirements-leap.pip"]) + setup( name='leap.soledad.server', version=VERSION, @@ -138,6 +154,6 @@ setup( namespace_packages=["leap", "leap.soledad"], packages=find_packages('src'), package_dir={'': 'src'}, - install_requires=utils.parse_requirements(), + install_requires=requirements, data_files=data_files ) -- cgit v1.2.3 From 19166618cef9cb03501d91df83a6919c3c4eda80 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Thu, 23 Jul 2015 15:08:13 -0300 Subject: [style] fixed pep8 warnings on the soledad server code --- server/src/leap/soledad/server/__init__.py | 16 +++++++++------- server/src/leap/soledad/server/_version.py | 17 ++++++++--------- server/src/leap/soledad/server/sync.py | 9 +++++---- 3 files changed, 22 insertions(+), 20 deletions(-) (limited to 'server') diff --git a/server/src/leap/soledad/server/__init__.py b/server/src/leap/soledad/server/__init__.py index adb5b561..7a03f6fb 100644 --- a/server/src/leap/soledad/server/__init__.py +++ b/server/src/leap/soledad/server/__init__.py @@ -92,16 +92,13 @@ import sys from u1db.remote import http_app, utils +from ._version import get_versions + # Keep OpenSSL's tsafe before importing Twisted submodules so we can put # it back if Twisted==12.0.0 messes with it. from OpenSSL import tsafe -old_tsafe = tsafe from twisted import version -if version.base() == "12.0.0": - # Put OpenSSL's tsafe back into place. This can probably be removed if we - # come to use Twisted>=12.3.0. - sys.modules['OpenSSL.tsafe'] = old_tsafe from leap.soledad.server.auth import SoledadTokenAuthMiddleware from leap.soledad.server.gzip_middleware import GzipMiddleware @@ -115,11 +112,18 @@ from leap.soledad.server.sync import ( from leap.soledad.common import SHARED_DB_NAME from leap.soledad.common.couch import CouchServerState +old_tsafe = tsafe + +if version.base() == "12.0.0": + # Put OpenSSL's tsafe back into place. This can probably be removed if we + # come to use Twisted>=12.3.0. + sys.modules['OpenSSL.tsafe'] = old_tsafe # ---------------------------------------------------------------------------- # Soledad WSGI application # ---------------------------------------------------------------------------- + class SoledadApp(http_app.HTTPApp): """ Soledad WSGI application @@ -303,7 +307,5 @@ def application(environ, start_response): return application(environ, start_response) - -from ._version import get_versions __version__ = get_versions()['version'] del get_versions diff --git a/server/src/leap/soledad/server/_version.py b/server/src/leap/soledad/server/_version.py index ec611c39..61bb57d9 100644 --- a/server/src/leap/soledad/server/_version.py +++ b/server/src/leap/soledad/server/_version.py @@ -1,5 +1,3 @@ - -IN_LONG_VERSION_PY = True # This file helps to compute a version number in source trees obtained from # git-archive tarball (such as those provided by githubs download-from-tag # feature). Distribution tarballs (build by setup.py sdist) and build @@ -10,12 +8,16 @@ IN_LONG_VERSION_PY = True # versioneer-0.7+ (https://github.com/warner/python-versioneer) # these strings will be replaced by git during git-archive -git_refnames = "$Format:%d$" -git_full = "$Format:%H$" - import subprocess import sys +import re +import os.path + +IN_LONG_VERSION_PY = True + +git_refnames = "$Format:%d$" +git_full = "$Format:%H$" def run_command(args, cwd=None, verbose=False): @@ -37,9 +39,6 @@ def run_command(args, cwd=None, verbose=False): return None return stdout -import re -import os.path - def get_expanded_variables(versionfile_source): # the code embedded in _version.py can just fetch the value of these @@ -85,7 +84,7 @@ def versions_from_expanded_variables(variables, tag_prefix, verbose=False): # "stabilization", as well as "HEAD" and "master". tags = set([r for r in refs if re.search(r'\d', r)]) if verbose: - print("discarding '%s', no digits" % ",".join(refs-tags)) + print("discarding '%s', no digits" % ",".join(refs - tags)) if verbose: print("likely tags: %s" % ",".join(sorted(tags))) for ref in sorted(tags): diff --git a/server/src/leap/soledad/server/sync.py b/server/src/leap/soledad/server/sync.py index 6dc99b5a..d2db9055 100644 --- a/server/src/leap/soledad/server/sync.py +++ b/server/src/leap/soledad/server/sync.py @@ -224,7 +224,6 @@ class SyncExchange(sync.SyncExchange): self._sync_state = ServerSyncState( self._db, self.source_replica_uid, sync_id) - def find_changes_to_return(self, received): """ Find changes to return. @@ -286,7 +285,8 @@ class SyncExchange(sync.SyncExchange): doc = self._db.get_doc(changed_doc_id, include_deleted=True) return_doc_cb(doc, gen, trans_id) - def insert_doc_from_source(self, doc, source_gen, trans_id, + def insert_doc_from_source( + self, doc, source_gen, trans_id, number_of_docs=None, doc_idx=None, sync_id=None): """Try to insert synced document from source. @@ -371,8 +371,9 @@ class SyncResource(http_app.SyncResource): self._sync_id = sync_id @http_app.http_method(content_as_args=True) - def post_put(self, id, rev, content, gen, trans_id, number_of_docs, - doc_idx): + def post_put( + self, id, rev, content, gen, + trans_id, number_of_docs, doc_idx): """ Put one incoming document into the server replica. -- cgit v1.2.3 From fa42397e13c5d7a70ceb961153d39e10a0d4c8f9 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 27 Jul 2015 22:17:47 -0400 Subject: [pkg] add script to install base requirements - update pip - install base reqs, with insecure flags for dirspec and u1db --- server/pkg/pip_install_requirements.sh | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100755 server/pkg/pip_install_requirements.sh (limited to 'server') diff --git a/server/pkg/pip_install_requirements.sh b/server/pkg/pip_install_requirements.sh new file mode 100755 index 00000000..71adebc7 --- /dev/null +++ b/server/pkg/pip_install_requirements.sh @@ -0,0 +1,6 @@ +#!/bin/sh +# Update pip and install LEAP base requirements. +# For convenience, u1db and dirspec are allowed with insecure flags enabled. +# Use at your own risk. +pip install -U pip +pip install --allow-external u1db --allow-unverified u1db --allow-external dirspec --allow-unverified dirspec -r pkg/requirements.pip -- cgit v1.2.3 From 0a5f33e0f1391268faf9fac48072d35a6e172b21 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 27 Jul 2015 22:21:19 -0400 Subject: [pkg] add AUTHORS file + one-liner to generate it --- server/AUTHORS | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 server/AUTHORS (limited to 'server') diff --git a/server/AUTHORS b/server/AUTHORS new file mode 100644 index 00000000..934cf129 --- /dev/null +++ b/server/AUTHORS @@ -0,0 +1,10 @@ +drebs +Tomás Touceda +Kali Kaneko +Ivan Alejandro +Micah Anderson +Victor Shyba +Bruno Wagner +Ruben Pollan +Duda Dornelles +antialias -- cgit v1.2.3 From 8682cf28de1e8e685729dbdc941c7d1cda783e9d Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 28 Jul 2015 09:59:41 -0400 Subject: [tests] add pep8 to requirements-testing --- server/requirements-testing.pip | 1 + 1 file changed, 1 insertion(+) create mode 100644 server/requirements-testing.pip (limited to 'server') diff --git a/server/requirements-testing.pip b/server/requirements-testing.pip new file mode 100644 index 00000000..94ab6e8e --- /dev/null +++ b/server/requirements-testing.pip @@ -0,0 +1 @@ +pep8 -- cgit v1.2.3 From 52c2f7258416fcd54e9aeb50656830b55d653630 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Wed, 29 Jul 2015 14:11:48 -0300 Subject: [feat] Added requirements-latest pip file With this, you can setup soledad for using locally and running the tests with the latest head in a simpler way --- server/pkg/requirements-latest.pip | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 server/pkg/requirements-latest.pip (limited to 'server') diff --git a/server/pkg/requirements-latest.pip b/server/pkg/requirements-latest.pip new file mode 100644 index 00000000..0edfbca0 --- /dev/null +++ b/server/pkg/requirements-latest.pip @@ -0,0 +1,8 @@ +--index-url https://pypi.python.org/simple/ + +--allow-external u1db --allow-unverified u1db +--allow-external dirspec --allow-unverified dirspec + +-e 'git+https://github.com/pixelated-project/leap_pycommon.git#egg=leap.common' +-e '../common' +-e . -- cgit v1.2.3 From c8fcfb452392af6b54e36a4bd0788f7b412fdc5c Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Wed, 29 Jul 2015 16:21:33 -0300 Subject: [bug] specify develop branch when using -e requirements-latest.pip will try to clone and install. Since it is meant to be latest, I added a small change to specify the branch 'develop'. --- server/pkg/requirements-latest.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/pkg/requirements-latest.pip b/server/pkg/requirements-latest.pip index 0edfbca0..a629aa57 100644 --- a/server/pkg/requirements-latest.pip +++ b/server/pkg/requirements-latest.pip @@ -3,6 +3,6 @@ --allow-external u1db --allow-unverified u1db --allow-external dirspec --allow-unverified dirspec --e 'git+https://github.com/pixelated-project/leap_pycommon.git#egg=leap.common' +-e 'git+https://github.com/pixelated-project/leap_pycommon.git@develop#egg=leap.common' -e '../common' -e . -- cgit v1.2.3 From 0d8455007283fba00fa1747a30974de12fbe251c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Fri, 31 Jul 2015 08:57:57 +0200 Subject: [feat] use wheels to install dependencies generate_wheels uses $WHEELHOUSE to generate and store the wheels for requirements.pip and requirements-testing.pip (if it exists). pip_install_requirements.sh installs requirements.pip from them if possible (if not, then it fetches them from pypi) or, if passed the --testing flag, it installs requirements-testing.pip. Related: #7327 --- server/pkg/generate_wheels.sh | 13 +++++++ server/pkg/pip_install_requirements.sh | 71 ++++++++++++++++++++++++++++++++-- server/requirements-testing.pip | 1 - 3 files changed, 80 insertions(+), 5 deletions(-) create mode 100755 server/pkg/generate_wheels.sh delete mode 100644 server/requirements-testing.pip (limited to 'server') diff --git a/server/pkg/generate_wheels.sh b/server/pkg/generate_wheels.sh new file mode 100755 index 00000000..e29c327e --- /dev/null +++ b/server/pkg/generate_wheels.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Generate wheels for dependencies +# Use at your own risk. + +if [ "$WHEELHOUSE" = "" ]; then + WHEELHOUSE=$HOME/wheelhouse +fi + +pip wheel --wheel-dir $WHEELHOUSE pip +pip wheel --wheel-dir $WHEELHOUSE --allow-external u1db --allow-unverified u1db --allow-external dirspec --allow-unverified dirspec -r pkg/requirements.pip +if [ -f pkg/requirements-testing.pip ]; then + pip wheel --wheel-dir $WHEELHOUSE -r pkg/requirements-testing.pip +fi diff --git a/server/pkg/pip_install_requirements.sh b/server/pkg/pip_install_requirements.sh index 71adebc7..c9dc3198 100755 --- a/server/pkg/pip_install_requirements.sh +++ b/server/pkg/pip_install_requirements.sh @@ -1,6 +1,69 @@ #!/bin/sh -# Update pip and install LEAP base requirements. -# For convenience, u1db and dirspec are allowed with insecure flags enabled. +# Update pip and install LEAP base/testing requirements. +# For convenience, $insecure_packages are allowed with insecure flags enabled. # Use at your own risk. -pip install -U pip -pip install --allow-external u1db --allow-unverified u1db --allow-external dirspec --allow-unverified dirspec -r pkg/requirements.pip +# See $usage for help + +insecure_packages="u1db dirspec" + +return_wheelhouse() { + if [ "$WHEELHOUSE" = "" ]; then + WHEELHOUSE=$HOME/wheelhouse + fi + + if [ ! -d "$WHEELHOUSE" ]; then + mkdir $WHEELHOUSE + fi + + echo "$WHEELHOUSE" +} + +show_help() { + usage="Usage: $0 [--testing]\n --testing\tInstall dependencies from requirements-testing.pip\n +\t\tOtherwise, it will install requirements.pip" + echo $usage + + exit 1 +} + +process_arguments() { + testing=false + while [ "$#" -gt 0 ]; do + # From http://stackoverflow.com/a/31443098 + case "$1" in + --help) show_help;; + --testing) testing=true; shift 1;; + + -h) show_help;; + -*) echo "unknown option: $1" >&2; exit 1;; + esac + done +} + +return_insecure_flags() { + for insecure_package in $insecure_packages; do + flags="$flags --allow-external $insecure_package --allow-unverified $insecure_package" + done + + echo $flags +} + +return_packages() { + if $testing ; then + packages="-r pkg/requirements-testing.pip" + else + packages="-r pkg/requirements.pip" + fi + + echo $packages +} + +process_arguments $@ +wheelhouse=`return_wheelhouse` +install_options="-U --find-links=$wheelhouse" +insecure_flags=`return_insecure_flags` +packages=`return_packages` + +pip install -U wheel +pip install $install_options pip +pip install $install_options $insecure_flags $packages diff --git a/server/requirements-testing.pip b/server/requirements-testing.pip deleted file mode 100644 index 94ab6e8e..00000000 --- a/server/requirements-testing.pip +++ /dev/null @@ -1 +0,0 @@ -pep8 -- cgit v1.2.3 From c1b99f965f248c20e19eac44b3da239a9e6828ac Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 4 Aug 2015 17:56:10 -0400 Subject: [style] added pep8 excludes+ignores --- server/setup.cfg | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 server/setup.cfg (limited to 'server') diff --git a/server/setup.cfg b/server/setup.cfg new file mode 100644 index 00000000..6b530888 --- /dev/null +++ b/server/setup.cfg @@ -0,0 +1,7 @@ +[pep8] +exclude = versioneer.py,_version.py,ddocs.py,*.egg,build +ignore = E731 + +[flake8] +exclude = versioneer.py,_version.py,ddocs.py,*.egg,build +ignore = E731 -- cgit v1.2.3 From 0b1e55d3142d7012cd7fef39b6ed77be69d5ee11 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 4 Aug 2015 17:56:35 -0400 Subject: [style] pep8 cleanup --- server/src/leap/soledad/server/sync.py | 5 ----- 1 file changed, 5 deletions(-) (limited to 'server') diff --git a/server/src/leap/soledad/server/sync.py b/server/src/leap/soledad/server/sync.py index d2db9055..18c4ee40 100644 --- a/server/src/leap/soledad/server/sync.py +++ b/server/src/leap/soledad/server/sync.py @@ -14,17 +14,12 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . - - """ Server side synchronization infrastructure. """ - import json - from leap.soledad.common.couch import CouchDatabase -from itertools import izip from u1db import sync, Document from u1db.remote import http_app -- cgit v1.2.3 From cb92f58a141f410739ae6460b7eb8aaf2daa3c65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 6 Aug 2015 08:45:42 +0200 Subject: [feat] WHEELHOUSE can be a url + --use-leap-wheels --use-leap-wheels sets --trusted-host (remove it when we have a proper cert) and WHEELHOUSE to https://ftp.lizard.leap.se Until we get ftp.lizard cname, use lizard as the wheels server. - Related: #7339 --- server/pkg/pip_install_requirements.sh | 51 ++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 18 deletions(-) (limited to 'server') diff --git a/server/pkg/pip_install_requirements.sh b/server/pkg/pip_install_requirements.sh index c9dc3198..d0479365 100755 --- a/server/pkg/pip_install_requirements.sh +++ b/server/pkg/pip_install_requirements.sh @@ -1,27 +1,17 @@ -#!/bin/sh +#!/bin/bash # Update pip and install LEAP base/testing requirements. # For convenience, $insecure_packages are allowed with insecure flags enabled. # Use at your own risk. # See $usage for help insecure_packages="u1db dirspec" - -return_wheelhouse() { - if [ "$WHEELHOUSE" = "" ]; then - WHEELHOUSE=$HOME/wheelhouse - fi - - if [ ! -d "$WHEELHOUSE" ]; then - mkdir $WHEELHOUSE - fi - - echo "$WHEELHOUSE" -} +leap_wheelhouse=https://lizard.leap.se/wheels show_help() { - usage="Usage: $0 [--testing]\n --testing\tInstall dependencies from requirements-testing.pip\n -\t\tOtherwise, it will install requirements.pip" - echo $usage + usage="Usage: $0 [--testing] [--use-leap-wheels]\n --testing\t\tInstall dependencies from requirements-testing.pip\n +\t\t\tOtherwise, it will install requirements.pip\n +--use-leap-wheels\tUse wheels from leap.se" + echo -e $usage exit 1 } @@ -33,6 +23,7 @@ process_arguments() { case "$1" in --help) show_help;; --testing) testing=true; shift 1;; + --use-leap-wheels) use_leap_wheels=true; shift 1;; -h) show_help;; -*) echo "unknown option: $1" >&2; exit 1;; @@ -40,6 +31,31 @@ process_arguments() { done } +return_wheelhouse() { + if $use_leap_wheels ; then + WHEELHOUSE=$leap_wheelhouse + elif [ "$WHEELHOUSE" = "" ]; then + WHEELHOUSE=$HOME/wheelhouse + fi + + # Tested with bash and zsh + if [[ $WHEELHOUSE != http* && ! -d "$WHEELHOUSE" ]]; then + mkdir $WHEELHOUSE + fi + + echo "$WHEELHOUSE" +} + +return_install_options() { + wheelhouse=`return_wheelhouse` + install_options="-U --find-links=$wheelhouse" + if $use_leap_wheels ; then + install_options="$install_options --trusted-host lizard.leap.se" + fi + + echo $install_options +} + return_insecure_flags() { for insecure_package in $insecure_packages; do flags="$flags --allow-external $insecure_package --allow-unverified $insecure_package" @@ -59,8 +75,7 @@ return_packages() { } process_arguments $@ -wheelhouse=`return_wheelhouse` -install_options="-U --find-links=$wheelhouse" +install_options=`return_install_options` insecure_flags=`return_insecure_flags` packages=`return_packages` -- cgit v1.2.3 From 7e72cafacd1fd12217a734b0d86de983264924f3 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 17 Aug 2015 12:18:13 -0300 Subject: [bug] add missing parameter to unauthorized error --- server/src/leap/soledad/server/auth.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'server') diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index 7af4e54b..425758f5 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -264,7 +264,8 @@ class SoledadAuthMiddleware(object): scheme, encoded = auth.split(None, 1) uuid, auth_data = encoded.decode('base64').split(':', 1) if not self._verify_authentication_scheme(scheme): - return self._unauthorized_error("Wrong authentication scheme") + return self._unauthorized_error( + start_response, "Wrong authentication scheme") # verify if user is athenticated try: -- cgit v1.2.3 From ee9ab32cd3cbe6a4fa73401a45faff6a36d16acf Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 19 Aug 2015 15:22:55 -0400 Subject: [style] pep8 cleanups --- server/setup.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'server') diff --git a/server/setup.py b/server/setup.py index e7ccb4dc..b3942551 100644 --- a/server/setup.py +++ b/server/setup.py @@ -21,6 +21,9 @@ import os import re from setuptools import setup from setuptools import find_packages +from setuptools import Command + +from pkg import utils import versioneer versioneer.versionfile_source = 'src/leap/soledad/server/_version.py' @@ -28,8 +31,6 @@ versioneer.versionfile_build = 'leap/soledad/server/_version.py' versioneer.tag_prefix = '' # tags are like 1.2.0 versioneer.parentdir_prefix = 'leap.soledad.server-' -from pkg import utils - isset = lambda var: os.environ.get(var, None) if isset('VIRTUAL_ENV') or isset('LEAP_SKIP_INIT'): data_files = None @@ -68,9 +69,6 @@ if len(_version_short) > 0: cmdclass = versioneer.get_cmdclass() -from setuptools import Command - - class freeze_debianver(Command): """ Freezes the version in a debian branch. -- cgit v1.2.3 From 66b58d3222e86916431f5c9cd534619537de5359 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 24 Aug 2015 14:38:46 -0300 Subject: [refactor] remove simplejson dep on server --- server/pkg/requirements.pip | 1 - server/src/leap/soledad/server/auth.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'server') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index 53f7db57..d75678b2 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -1,6 +1,5 @@ configparser couchdb -simplejson u1db routes PyOpenSSL diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index 425758f5..02b54cca 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -23,7 +23,7 @@ Authentication facilities for Soledad Server. import time import httplib -import simplejson as json +import json from u1db import DBNAME_CONSTRAINTS, errors as u1db_errors from abc import ABCMeta, abstractmethod -- cgit v1.2.3 From e43a2987d42a7daba94ea174798b96dd8c960121 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 24 Aug 2015 14:41:04 -0300 Subject: [refactor] add changes file about simplejson dep removal --- server/changes/refactor_remove-simplejson-dep | 1 + 1 file changed, 1 insertion(+) create mode 100644 server/changes/refactor_remove-simplejson-dep (limited to 'server') diff --git a/server/changes/refactor_remove-simplejson-dep b/server/changes/refactor_remove-simplejson-dep new file mode 100644 index 00000000..8fb59626 --- /dev/null +++ b/server/changes/refactor_remove-simplejson-dep @@ -0,0 +1 @@ + o Remove dependency on simplejson. -- cgit v1.2.3 From 20966f78951d734f100ed6a6a6feedd15dbe79e7 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 26 Aug 2015 15:42:21 -0300 Subject: [pkg] fold in changes --- server/changes/refactor_remove-simplejson-dep | 1 - 1 file changed, 1 deletion(-) delete mode 100644 server/changes/refactor_remove-simplejson-dep (limited to 'server') diff --git a/server/changes/refactor_remove-simplejson-dep b/server/changes/refactor_remove-simplejson-dep deleted file mode 100644 index 8fb59626..00000000 --- a/server/changes/refactor_remove-simplejson-dep +++ /dev/null @@ -1 +0,0 @@ - o Remove dependency on simplejson. -- cgit v1.2.3