Closed defuse closed 10 years ago
I'll do this today.
/home/mlab_ooni/lib/python2.6/site-packages/Twisted-14.0.0-py2.6-linux-i686.egg/twisted/internet/_sslverify.py:184: UserWarning: You do not have the service_identity module installed. Please install it from <https://pypi.python.org/pypi/service_identity>. Without the service_identity module and a recent enough pyOpenSSL tosupport it, Twisted can perform only rudimentary TLS client hostnameverification. Many valid certificate/hostname mappings may be rejected.
verifyHostname, VerificationError = _selectVerifyImplementation()
Just add service_identity to Oonib's requirements.txt
Since this is a problem with ooni-backend itself, I created this ticket to track progress on fixing it:
https://trac.torproject.org/projects/tor/ticket/12643#ticket
Since this is a security issue, I'm leaving this ticket open for M-Lab to close when it's fixed.
This is now fixed. I think this ticket can now be closed.
One more step is needed -- to advance the submodule in ooni-support
to include the fix. I'm trying to figure out how to test it before I do, but it seems checking out master before building the rpm
isn't enough.
Ah, I think I accidentally scp
d the wrong rpm.
I tried to test the newer version and I got:
Traceback (most recent call last):
File "/home/mlab_ooni/bin/oonib", line 5, in <module>
pkg_resources.run_script('oonib==1.0.2', 'oonib')
File "/home/mlab_ooni/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg/pkg_resources.py", line 489, in run_script
File "/home/mlab_ooni/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg/pkg_resources.py", line 1214, in run_script
File "/home/mlab_ooni/lib/python2.6/site-packages/oonib-1.0.2-py2.6.egg/EGG-INFO/scripts/oonib", line 39, in <module>
File "build/bdist.linux-i686/egg/oonib/runner.py", line 21, in <module>
File "build/bdist.linux-i686/egg/oonib/oonibackend.py", line 47, in <module>
KeyError: 'dns_discovery'
That's probably because the oonib.conf
in embedded into initialize.sh
doesn't have that new test helper.
I fixed the config file and it now works. I'll close this after I put it all in a new pull request.
Opened #66 so this can be closed.
After installing ooni, there's a scary warning message about missing something or other that has to do with SSL certificates. Apparently all you have to do is install
service_identity
. So make the deployment scripts do that.