Skip to content

Lucas-Developer/soledad

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,883 Commits

debian

debian

 
 

docs

docs

 
 

pkg

pkg

 
 

scripts

scripts

 
 

src/leap

src/leap

 
 

testing

testing

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

.readthedocs.yaml

.readthedocs.yaml

 
 

AUTHORS

AUTHORS

 
 

CHANGELOG.rst

CHANGELOG.rst

 
 

HISTORY

HISTORY

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

Makefile

Makefile

 
 

README.rst

README.rst

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

versioneer.py

versioneer.py

 
 

Repository files navigation

Soledad

Synchronization Of Locally Encrypted Data Among Devices

Soledad is the part of LEAP that allows application data to be securely shared among devices. It provides, to other parts of the LEAP project, an API for data storage and sync.

This software is under development.

From version 0.9.7 on, soledad is a single package, with extra dependencies for the client and the server backends.

leap.soledad

image

image

Installing extra dependencies

The client backend is based on sqlcipher:

pip install ".[client]"

The server depends on CouchDB:

pip install ".[server]"

Compatibility

  • Soledad Server >= 0.7.0 is incompatible with client < 0.7.0 because of modifications on encrypted document MAC calculation.
  • Soledad Server >= 0.7.0 is incompatible with LEAP Platform < 0.6.1 because that platform version implements ephemeral tokens databases and Soledad Server needs to act accordingly.

Tests

System dependencies:

python3-venv

Install local dependencies:

$ cd testing
$ pyvenv test-env
$ source test-env/bin/activate
$ pip3 install -U -r requirements-testing.pip

Soledad tests use tox, and they live in the testing folder:

$ tox

Note that to run CouchDB tests, be sure you have CouchDB installed on your system.

Privileges

In order to prevent privilege escalation, Soledad should not be run as a database administrator. This implies the following side effects:

-----------------Database creation: -----------------

Can be done via a script located in pkg/server/soledad-create-userdb It reads a netrc file that should be placed on /etc/couchdb/couchdb-admin.netrc. That file holds the admin credentials in netrc format and should be accessible only by 'soledad-admin' user.

The debian package will do the following in order to automate this:

  • create a user soledad-admin
  • make this script available as soledad-create-userdb in /usr/bin
  • grant restricted sudo access, that only enables user soledad to call this exact command via soledad-admin user.

The server side process, configured via /etc/soledad/soledad-server.conf, will then use a parameter called 'create_cmd' to know which command is used to allocate new databases. All steps of creation process is then handled automatically by the server, following the same logic as u1db server.

Database deletion:

No code at all handles this and privilege to do so needs to be removed as explained before. This can be automated via a simple cron job.

About

Synchronization Of Locally Encrypted Data Among Devices

leap.se/en/docs/design/soledad

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

40 tags

Packages

No packages published

Languages

  • Python 98.3%
  • Shell 1.6%
  • Makefile 0.1%