caucase:e5e13cd03fadaf9d3144f7c2558c0933ceda8d53 commitshttps://lab.nexedi.com/nexedi/caucase/-/commits/e5e13cd03fadaf9d3144f7c2558c0933ceda8d532021-02-12T16:24:57+09:00https://lab.nexedi.com/nexedi/caucase/-/commit/e5e13cd03fadaf9d3144f7c2558c0933ceda8d53.shellchrckrc: Silence unassigned uppercase variables.2021-02-12T16:24:57+09:00Vincent Pelletiervincent@nexedi.com
The only one present is not intended to be internally assigned.https://lab.nexedi.com/nexedi/caucase/-/commit/f0606a8fa450bd316ecb0f6be079d1e3a416a4fcall: Use utils.timestamp2datetime .2021-02-03T19:19:21+09:00Vincent Pelletiervincent@nexedi.com
datetime.datetime.fromtimestamp applies timezones, which is unintended.
Fixes a time drift on revoked certificates.https://lab.nexedi.com/nexedi/caucase/-/commit/849a7e37f7ea5c028a35ced671a0a7886de5f7c8test: Consistently update post-shift user CA in testCACertRenewal.2021-02-03T15:10:16+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/edfe5b61e5e2fd08d2dd44ca47ecd73442d9c924storage: Factorise self._table_prefix application.2021-02-03T15:08:35+09:00Vincent Pelletiervincent@nexedi.com
Also, this provides a handy location to log all queries when debugging.
Also, some minor cleanups.https://lab.nexedi.com/nexedi/caucase/-/commit/9c772060b3b489f8531571d73cdc4cd0119b65a8utils: Genericise getCertList and saveCertList.2021-02-03T12:25:05+09:00Vincent Pelletiervincent@nexedi.com
So they can be reused for more PEM-encoded types.https://lab.nexedi.com/nexedi/caucase/-/commit/05ca7a95ffa0e9ddd5b194c0a9c8855c0d67303fpylint: Get rid of the last disable=unused-argument places.2021-02-03T12:25:05+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/39cf48a0cda03df84b52256242a93d789fc012cestorage: Exclude subtransaction detector from coverage.2021-02-02T16:04:04+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/b5eab640960d30fd586d4118b146737fd8dbaf4bclient: Catch SSL errors.2021-02-02T15:19:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/3751896f7be10f787847fd3fc7f74e21ab7fc7cehttp.manage: Try to reuse a previously-input passphrase before asking.2021-02-02T15:19:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/88e9b8d0761dfddadf748c62b233dedadb8d855dhttp.manage: Fix passphrase prompt caption in --import-ca .2021-02-02T15:19:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/3f04238d9be4317c3211e605e753a484c8f29e1bhttp.manage: Do not prune expired certificates from ca table.2021-02-02T15:19:37+09:00Vincent Pelletiervincent@nexedi.com
Because this is not the job of an import/export tool.https://lab.nexedi.com/nexedi/caucase/-/commit/7a7d038313a058993c2419ed1f6aa1f8e5b3b4cbhttp.manage: Avoid overwriting an existing file with --export-ca.2021-02-02T15:19:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/3de956d354a9e0473359d6f63fb5915075b66f75http.manage: Ask passphrase twice during --export-ca.2021-02-02T15:19:30+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/c2aa954a22b27def448846fccc747244d407ba72shell/caucase.sh: Make caucased verbose in tests.2021-02-02T10:43:41+09:00Vincent Pelletiervincent@nexedi.com
Tests are supposed to help spot errors, and caucased access traces help
with this too.https://lab.nexedi.com/nexedi/caucase/-/commit/49dd6e318d34c4eb691ea3208a50ef0e0e29c663shell/caucase.sh: Emit CRL signature check errors to stderr.2021-02-02T10:43:41+09:00Vincent Pelletiervincent@nexedi.com
So that stdout may be more reliably used for scripting.https://lab.nexedi.com/nexedi/caucase/-/commit/2eb358be00d6b37700bb0290307a74d2e98f5b05caucase: Simplify pylint rules.2021-02-02T10:12:32+09:00Vincent Pelletiervincent@nexedi.com
bad-option-value has an effect on the "disable" line, but somehow none on the
"enable" line. So remove it altogether.https://lab.nexedi.com/nexedi/caucase/-/commit/d14f02226555c5a9228a2a603db17bad60c4aedeall: Make modern pylint happier.2021-02-01T12:12:08+09:00Vincent Pelletiervincent@nexedi.com
python2.7 with pylint 1.9.5
python3.9 with pylint 2.6.0
Also, reduce the script of unused argument silencing.https://lab.nexedi.com/nexedi/caucase/-/commit/e8fa4135f97b96337a073c2a9f9933b2cc0c4218doc: Fix PUT /crt/{crt-id} definition.2021-02-01T10:40:42+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/e19d8ab4c2a879e069431b5e22aa654448d8fc1fcaucase.test: Rename shell test to something easier to understand.2021-02-01T10:40:42+09:00Vincent Pelletiervincent@nexedi.com
It is redundant, but regular runner output does not display the test class.https://lab.nexedi.com/nexedi/caucase/-/commit/b0c1a756401b6e643e79aacc8c0f94a6f9f703c6caucase.wsgi: Fix CORS cookie path.2021-02-01T10:40:42+09:00Vincent Pelletiervincent@nexedi.com
Thanks, modern pylint !https://lab.nexedi.com/nexedi/caucase/-/commit/4c1fc32535cbc904c32c853114d91f4d113019b3caucase.http: Accept user certificates signed by non-current CA.2021-01-29T12:18:59+09:00Vincent Pelletiervincent@nexedi.com
Otherwise, client certificates issued before a new CA is used get rejected
once the new CA becomes current.https://lab.nexedi.com/nexedi/caucase/-/commit/03807a536129314d2b8965ccbde309e5aa42f5bccaucase.ca: Add Authority Key Identifier extension in produced CRLs.2021-01-29T11:39:42+09:00Vincent Pelletiervincent@nexedi.com
This extension is required by rfc5280 (see section 5.2.1) but was
overlooked.https://lab.nexedi.com/nexedi/caucase/-/commit/256f945507a8a63104cb94e08dd1c0363642253etest: Try harder to locate caucase.sh .2020-11-25T18:32:56+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/f21de8130822ff98381e67948a3daa9b599a8542ca: Do not rebuild CA certificate chain on each call.2020-11-25T18:32:56+09:00Vincent Pelletiervincent@nexedi.com
The result only changes when CA certificates are reloaded, so prepare this
valuein _loadCAKeyPairList.https://lab.nexedi.com/nexedi/caucase/-/commit/4d0641ac0d2928a697d72f477ecbaff7c7b209b0wsgi: Fix CORS cookie lifespan.2020-11-25T18:32:56+09:00Vincent Pelletiervincent@nexedi.com
"expires" takes an absolute date, "max-age" takes a number of seconds until
expiration.
So switch to "max-age": according to Mozilla Developer Network, it is
supported by all major browsers, and by IE since version 8.https://lab.nexedi.com/nexedi/caucase/-/commit/eacf073a214d29212217d818eb3cf035b8247682wsgi: Fix typo in comment.2020-11-25T18:32:56+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/da1950759cac916d29f6ac5519903a21c89afac5shell/caucase.sh: Fail sooner when caucased exits on start.2020-11-25T18:32:56+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/02c687afdd54c12f97f5f9f0b60a832f0c45eea7shell/caucase.sh: Make test failues easier to debug.2020-11-25T18:32:56+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/c44fd3a8b641128c92b410b3c05103964c86e897CHANGES: Update.2020-06-29T12:25:27+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/1c713f9781a9f0334d9cb73238721f74f3797bb1caucase.test: Make pylint happier.2020-06-27T22:29:47+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/d94e44a7b077383d35627f8ad1add17f4739e70dall: Bump copyright year.2020-06-27T22:20:56+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/228e01d73e40032f6301edd27e06d85e95c7214acaucase.client: Make coverage a bit happier.2020-06-27T20:59:39+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/2f97ed32ac6acc8e526140b45005533ae768d6dacaucase.cli: Remove a bit of dead code.2020-06-27T20:59:38+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/527cb56b1c41ef9ff6eac68078fc882b145bc66fcaucase.test: Remove coverage expectation on a few code paths.2020-06-26T19:22:10+09:00Vincent Pelletiervincent@nexedi.com
4 branches depend on how tests are written, and are indeed not currently
used.
1 branch depend on test process environment.https://lab.nexedi.com/nexedi/caucase/-/commit/fa365d89b428ca4d74ff23d53008d44c864356fecaucase.test: Tolerate a slow port-restoration caucased start.2020-06-26T19:20:47+09:00Vincent Pelletiervincent@nexedi.com
caucase.http will be re-generating its https certificate, so it can be
slower than a normal non-initial start.https://lab.nexedi.com/nexedi/caucase/-/commit/a89040b54383d34a4dc9ef9cf87932b0f44e61d8caucase.wsgi: Missing "method" in path_entry_dict is a server issue.2020-06-26T19:19:42+09:00Vincent Pelletiervincent@nexedi.com
It would be the sign of a inconsistency in the dispatcher dict.
Do not transform it into a user error (404).https://lab.nexedi.com/nexedi/caucase/-/commit/ba6e8dfb7a9e20e75147a14f08ec0a32e571edc1caucase.{cli,client,utils},shell/caucase.sh: Add support for CA cert director...2020-06-26T11:37:11+09:00Vincent Pelletiervincent@nexedi.com
Not all programs support having multiple CA certificates per file, so add
support for creating and maintaining certificate directories containing
a single certificate each.https://lab.nexedi.com/nexedi/caucase/-/commit/cdd35a124e3d8953eb9f8bf8f9d7cc4577cec79ecaucase.test: Recalibrate tests delays to pass on a low-end machine.2020-06-26T11:37:11+09:00Vincent Pelletiervincent@nexedi.com
Reference machine: Raspberry Pi 1 B+.
caucased can take around 40s to start (CA generation, ...).https://lab.nexedi.com/nexedi/caucase/-/commit/44a29702db7a5469dca3ffbd36d850c76c9c9ef4caucase.test: Reuse caucased datadir when running multiple tests.2020-06-26T10:16:03+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/208bb644207db058675c06990325ecf7983b532ccaucase.test: Honour CAUCASE_NETLOC in CaucaseShellTest.2020-06-26T10:16:03+09:00Vincent Pelletiervincent@nexedi.com