Synchronization Of Locally Encrypted Data Among Devices
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
debian [pkg] bump debian changelog Jul 3, 2018
docs [docs] bump version in docs Jul 3, 2018
pkg [pkg] add man page for soledad-server Nov 14, 2017
scripts [test] account for first timers in outlier calculation Dec 19, 2017
src/leap
tests Mark tests that need couch Jun 2, 2018
.gitattributes [pkg] use stock versioneer Jun 23, 2017
.gitignore
.gitlab-ci.yml Remove benchmark templates and jobs from CI Nov 15, 2018
AUTHORS [pkg] unify client and server into a single python package Jun 23, 2017
CHANGELOG.rst [pkg] fix author in debian changelog Jul 3, 2018
HISTORY
LICENSE [pkg] unify client and server into a single python package Jun 23, 2017
MANIFEST.in
Makefile [doc] add script to build docs Oct 11, 2017
README.rst [doc] add pipeline badge to readme Oct 9, 2017
pytest.ini [refactor] move tests to root of repository Sep 17, 2017
readthedocs.yml [doc] fix readthedocs yaml file name Sep 28, 2017
requirements-testing.pip [refactor] move tests to root of repository Sep 17, 2017
setup.cfg [refactor] factor server twisted app to it's own .py file Nov 14, 2017
setup.py
tox.ini
versioneer.py [pkg] use stock versioneer Jun 23, 2017

README.rst

Soledad

Synchronization Of Locally Encrypted Data Among Devices

Soledad is the part of LEAP that allows application data to be securely shared among devices. It provides, to other parts of the LEAP project, an API for data storage and sync.

This software is under development.

Installing

Soledad is distributed as a single package, with extra dependencies for the client and the server backends. To install the main package from pypi, do the following:

pip install leap.soledad

To use Soledad Client, make sure to install client-specific dependencies:

pip install "leap.soledad[client]"

To use Soledad Server, also install server-specific dependencies:

pip install "leap.soledad[server]"

If you want to install from the repository, you can do so like this:

git clone https://0xacab.org/leap/soledad
cd soledad/
pip install .
pip install ".[client]"
pip install ".[server]"

Compatibility

See the documentation page about compatibility for information about compatibility between different versions of Soledad Server and Client and with the LEAP Plaform.

Tests

Soledad's test suite depends on tox, which creates virtual environments and installs all needed dependencies to run tests. Currently, some tests also depend on availability of a CouchDB server (see :ref:`dependency-on-couchdb` for more information).

Once you have both tox and CouchDB installed in your system, just run the tox command in the root of the repository to get started running tests.

See the documentation pages about tests for more details.

Dependency on CouchDB

Currently, some tests depend on availability of a CouchDB server. This will change in the future and only integration tests will depend on CouchDB.

By default, tests will try to access couch at http://127.0.0.1:5984/. If you have a CouchDB server running elsewhere, you can pass a custom url to pytest by using the --couch-url option after two dashes (--) when running tox:

tox -- --couch-url http://couch_host:5984

Tests that depend on couchdb are marked as such with the needs_couch pytest marker. You can skip them by avoiding tests with that marker:

tox -- -m 'not needs_couch'

Privileges

In order to prevent privilege escalation, Soledad should not be run as a database administrator. This implies the following side effects:

Database creation

Can be done via a script located in pkg/server/soledad-create-userdb It reads a netrc file that should be placed on /etc/couchdb/couchdb-admin.netrc. That file holds the admin credentials in netrc format and should be accessible only by 'soledad-admin' user.

The debian package will do the following in order to automate this:

  • create a user soledad-admin
  • make this script available as soledad-create-userdb in /usr/bin
  • grant restricted sudo access, that only enables user soledad to call this exact command via soledad-admin user.

The server side process, configured via /etc/soledad/soledad-server.conf, will then use a parameter called 'create_cmd' to know which command is used to allocate new databases. All steps of creation process is then handled automatically by the server, following the same logic as u1db server.

Database deletion

No code at all handles this and privilege to do so needs to be removed as explained before. This can be automated via a simple cron job.