This project is mirrored from Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
  1. 28 Oct, 2019 1 commit
  2. 05 Aug, 2019 1 commit
    • Max Beckett's avatar
      Update stunnel idle timeout. · 46286ce0
      Max Beckett authored
      The default stunnel idle timeout is many hours. By setting it to a value based
      on the NFS lease length we can recover from network partitions sooner.
  3. 23 Jul, 2019 2 commits
  4. 09 Apr, 2019 5 commits
    • Matthias Gerstner's avatar
      version bump to 1.7 · 563efc29
      Matthias Gerstner authored
    • Matthias Gerstner's avatar
      watchdog: be robust against unrelated localhost based nfs mounts · 7beab6c0
      Matthias Gerstner authored
      While a bit exotic there can exist mounts of locally exported nfs
      shares that aren't related to EFS. In this case the watchdog fails,
      because it tries to access the port option that is not present in these
      unrelated mount entries.
      To fix this discard entries from /proc/mounts that don't carry a port
    • Matthias Gerstner's avatar
      choose_tls_port(): reuse socket and explicitly close it in all cases · 8a71316e
      Matthias Gerstner authored
      This function only closes the socket on success, i.e. for each
      unsuccessful bind attempt a socket "leaks". It does not actually leak,
      because the Python interface implements reference counting. Still it is
      unclean, because after successful bind the socket is explicitly closed.
      So either the application is responsible for closing the socket, or not.
      Since it is better not to rely on the implementation of the Python
      interpreter and the socket module it should be prefered to always
      explicitly close the socket.
      Also this function opens a new socket for each port to try. This is
      inefficient, since the same socket can be reused for testing. Therefore
      only open and close a single socket.
    • Matthias Gerstner's avatar
      state_file_dir: choose safe default mode, make mode configurable · 9a98bd6f
      Matthias Gerstner authored
      `os.makedirs()` uses default mode 0777 in Python2. Therefore the
      protection level of the state_file_dir depends on the inherited umask. A
      default mode of 0750 is a good conservative default for this. To allow
      admins and system integrators to tune this setting it is configurable
      via the new config file setting 'state_file_dir_mode'.
      This also requires to adjust test_bootstrap_tls to cover the new config
    • Matthias Gerstner's avatar
      subprocess usage: explicitly pass `close_fds = True` · 1e83596b
      Matthias Gerstner authored
      In python2 the default for `close_fds` is still False, therefore it is
      possible that open file descriptors like the logfile are inherited to
      child processes. This is prevented by explicitly passing this parameter
      to all subprocess invocations.
  5. 07 Mar, 2019 1 commit
  6. 06 Mar, 2019 1 commit
  7. 11 Oct, 2018 1 commit
  8. 25 Sep, 2018 1 commit
    • Ian Patel's avatar
      Disable stunnel dns-caching · 98eb8852
      Ian Patel authored
      Make "delay = yes" a default stunnel option. Also permit non-root users to view
      the help text again.
  9. 27 Aug, 2018 5 commits
    • Pit Kleyersburg's avatar
      Bump application version to 1.4 · 7ba8784d
      Pit Kleyersburg authored
    • Pit Kleyersburg's avatar
      Fix wrong URL · 97ba5faa
      Pit Kleyersburg authored
    • Pit Kleyersburg's avatar
    • Pit Kleyersburg's avatar
      Incorporate PR review by maxbecke · 07423ed9
      Pit Kleyersburg authored
      This includes the following changes:
      * Reduce inline comments that were mostly redundant to the code it
      * Added another example to the man-page to make clear that TLS is
      supported for CNAMEs. For that matter, all other options will also work
      without change, given that internally the CNAME will only be resolved to
      an FS-ID before handing back over to the same logic that is already in
      * Small modifications to better adhere to the given codestyle.
      * Adjusted log messages as suggested.
    • Pit Kleyersburg's avatar
      Allow a CNAME DNS-name in addition to the EFS ID · e9af4aa4
      Pit Kleyersburg authored
      This change introduces additional logic which allows the user to specify
      either a fully-qualified EFS DNS name, or a custom DNS name that
      resolves to a fully-qualified EFS DNS name via a CNAME record.
      The EFS DNS name will then be compared to the EFS name we would have
      expected for the given EFS ID. If it doesn't match, we'll show the user
      a readable error message for this to aid in troubleshooting.
      Once the EFS DNS name has been verified, the rest of the logic is
      untouched. This means that this change only impacts the parameter logic
      at the very start and does not touch anything of the already tested,
      more critical logic.
      Important: the usage and internal logic to mount by EFS ID is unchanged,
      making this change fully backwards compatible.
      Fixes #9.
  10. 10 Jul, 2018 1 commit
  11. 09 Jul, 2018 1 commit
  12. 19 Apr, 2018 1 commit
    • Ian Patel's avatar
      Improve default stunnel behavior · e1673be6
      Ian Patel authored
      * Improve detection of root user
      * Require OCSPaia and checkHost options for stunnel
      * Install and use a hand-managed trust store
  13. 02 Apr, 2018 1 commit
    • Max Beckett's avatar
      Initial commit of mount.efs · 555154b7
      Max Beckett authored
      Includes a mount helper utility (mount.efs), an associated watchdog
      process, unit tests, and build scripts.
      The utility simplifies mounting and using EFS file systems and
      optionally enables clients to mount over a TLS tunnel.