mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
b64ea720fc
Closes: Debian bug #1088760. - OpenSSL.crypto.sign has been deprecated and in the current version of python3-openssl in Debian testing, it has been dropped. The recommended alternative is cryptography.hazmat.primitives. So, use this instead. - The entire OpenSSL.crypto module is planned to be deprecated in the future. So, stop using it entirely by using cryptography.hazmat.primitives. - sso app does not use openssl anymore, so drop dependency on it. Other apps such as Let's Encrypt do depend on it and but they have their own dependency declared. The freedombox package on the overall retains on 'openssl' package. - We are not using the python OpenSSL module anywhere else, so drop dependency on it. - Use pathlib to simplify some code. - Ensure proper permissions on private and public keys as they are being written to. Tests: - Freshly setup container and ensure that first run succeeds. Permission on the public/private key files and the parent directly are correct. Users are able login to FreedomBox. SSO works when accessing apps such as transmission. - Without patches, setup freedombox container. Apply patches. Permission for keys directory is updated but keys are not overwritten. Login to FreedomBox works. SSO works when accessing apps such as transmission. - Run code to perform signatures using old code and ensure that newer code generates bit-identical signatures. - Running ./run --list-dependencies show 'openssl' and python3-cryptography. - Running unit tests works. - Building debian package works. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>