Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark_elasticsearch
  • master default protected
  • 8978
  • 8938
  • benchmark-all-commits
  • debian_package
  • onepython
  • buildpackage
  • debian/platform-0.9
  • release/0.9.x
  • feature/streaming-transfer
  • debian/experimental-0.9
  • debian/experimental
  • debian/platform-0.8
  • bug/remove-unicode-conversion
  • release/0.8.x
  • release/0.7.x
  • release/bitmask-0.9.x-alpha
  • debian/platform-0.7
  • release/0.6.x
  • 0.10.5
  • 0.10.4
  • 0.9.6post3
  • 0.10.3
  • 0.10.2
  • 0.10.1
  • 0.10.0
  • 0.9.3post3
  • 0.9.6post2
  • 0.9.6post1
  • 0.9.6
  • 0.9.5
  • 0.9.3
  • 0.9.2
  • 0.9.1
  • 0.9.0
  • 0.9.0rc1
  • 0.8.1
  • 0.8.0
  • 0.7.4
40 results

soledad

  • Clone with SSH
  • Clone with HTTPS
    • varac's avatar
    Post benchmark results to elastticsearch
    Varac authored and drebs committed 
    In order to do this from CI, please create a secret variable
(at i.e. https://0xacab.org/varac/soledad/settings/ci_cd)
called PYTEST_OPTS and use this example:

    --benchmark-autosave --benchmark-storage="elasticsearch+https://USER:PASSWORD@moose.leap.se:9200"
    358c4dfb
    History
    varac's avatar 358c4dfb
    History
    Name Last commit Last update
    client
    common
    docs
    scripts
    server
    testing
    .gitignore
    .gitlab-ci.yml
    CHANGELOG.rst
    HISTORY
    README.rst
    setup.cfg
    README.rst

    Soledad

    Synchronization Of Locally Encrypted Data Among Devices

    Soledad is the part of LEAP that allows application data to be securely shared among devices. It provides, to other parts of the LEAP project, an API for data storage and sync.

    This software is under development.

    There are currently three python packages maintained under this repository:

    leap.soledad.common common pieces.

    leap.soledad.client where the soledad client lives.

    leap.soledad.server oh surprise! bits needed for the soledad server.

    Compatibility

    • Soledad Server >= 0.7.0 is incompatible with client < 0.7.0 because of modifications on encrypted document MAC calculation.
    • Soledad Server >= 0.7.0 is incompatible with LEAP Platform < 0.6.1 because that platform version implements ephemeral tokens databases and Soledad Server needs to act accordingly.

    Tests

    System dependencies:

    python3-venv

    Install local dependencies:

    $ cd testing
$ pyvenv test-env
$ source test-env/bin/activate
$ pip3 install -U -r requirements-testing.pip

    Soledad tests use tox, and they live in the testing folder:

    $ tox

    Note that to run CouchDB tests, be sure you have CouchDB installed on your system.

    Privileges

    In order to prevent privilege escalation, Soledad should not be run as a database administrator. This implies the following side effects:

    Database creation:

    Can be done via a script located in server/pkg/create-user-db It reads a netrc file that should be placed on /etc/couchdb/couchdb-admin.netrc. That file holds the admin credentials in netrc format and should be accessible only by 'soledad-admin' user.

    The debian package will do the following in order to automate this:

    • create a user soledad-admin
    • make this script available as create-user-db in /usr/bin
    • grant restricted sudo access, that only enables user soledad to call this exact command via soledad-admin user.

    The server side process, configured via /etc/soledad/soledad-server.conf, will then use a parameter called 'create_cmd' to know which command is used to allocate new databases. All steps of creation process is then handled automatically by the server, following the same logic as u1db server.

    Database deletion:

    No code at all handles this and privilege to do so needs to be removed as explained before. This can be automated via a simple cron job.