Synchronization Of Locally Encrypted Data Among Devices
Soledad is the part of LEAP that allows application data to be securely shared among devices. It provides, to other parts of the LEAP project, an API for data storage and sync.
This software is under development.
Soledad is distributed as a single package, with extra dependencies for the client and the server backends. To install the main package from pypi, do the following:
pip install leap.soledad
To use Soledad Client, make sure to install client-specific dependencies:
pip install "leap.soledad[client]"
To use Soledad Server, also install server-specific dependencies:
pip install "leap.soledad[server]"
If you want to install from the repository, you can do so like this:
git clone https://0xacab.org/leap/soledad cd soledad/ pip install . pip install ".[client]" pip install ".[server]"
See the documentation page about compatibility for information about compatibility between different versions of Soledad Server and Client and with the LEAP Plaform.
Soledad's test suite depends on tox, which creates virtual environments and installs all needed dependencies to run tests. Currently, some tests also depend on availability of a CouchDB server (see :ref:`dependency-on-couchdb` for more information).
Once you have both tox and CouchDB installed in your system, just run the
tox command in the root of the repository to get started running tests.
See the documentation pages about tests for more details.
Currently, some tests depend on availability of a CouchDB server. This will change in the future and only integration tests will depend on CouchDB.
By default, tests will try to access couch at http://127.0.0.1:5984/. If
you have a CouchDB server running elsewhere, you can pass a custom url to
pytest by using the --couch-url option after two dashes (--) when
running tox:
tox -- --couch-url http://couch_host:5984
Tests that depend on couchdb are marked as such with the needs_couch pytest
marker. You can skip them by avoiding tests with that marker:
tox -- -m 'not needs_couch'
In order to prevent privilege escalation, Soledad should not be run as a database administrator. This implies the following side effects:
Can be done via a script located in pkg/server/soledad-create-userdb
It reads a netrc file that should be placed on
/etc/couchdb/couchdb-admin.netrc.
That file holds the admin credentials in netrc format and should be accessible
only by 'soledad-admin' user.
The debian package will do the following in order to automate this:
- create a user
soledad-admin - make this script available as
soledad-create-userdbin/usr/bin - grant restricted sudo access, that only enables user
soledadto call this exact command viasoledad-adminuser.
The server side process, configured via /etc/soledad/soledad-server.conf, will
then use a parameter called 'create_cmd' to know which command is used to
allocate new databases. All steps of creation process is then handled
automatically by the server, following the same logic as u1db server.
No code at all handles this and privilege to do so needs to be removed as explained before. This can be automated via a simple cron job.