glondu / belenios Goto Github PK
View Code? Open in Web Editor NEWVerifiable online voting system. This is a mirror of https://gitlab.inria.fr/belenios/belenios
Home Page: https://www.belenios.org
License: GNU Affero General Public License v3.0
Verifiable online voting system. This is a mirror of https://gitlab.inria.fr/belenios/belenios
Home Page: https://www.belenios.org
License: GNU Affero General Public License v3.0
All emails sent by Belenios have the sender name Belenios public server
.
I tried to customize this by setting
<server mail="MyOrg Voting Server <[email protected]>"/>
which results in
ocsigenserver.opt: ocsigen:main: Fatal - Error in configuration file: Error while parsing configuration file: Eliom: while loading _run/usr/lib/belenios-server/belenios_server.cmxs: execution of module initializers in the shared library failed: Failure("MyOrg Voting Server <[email protected]> is not a valid e-mail address")
Hi,
First at all, thanks for sharing this great project.
After a successful compilation of Belenios and some tweaks (remove demo auth and fill a correct admin user in $BELENIOS_VARDIR/password_db.csv
), I'm able to run the server with ./demo/run-server.sh
.
I've some questions :
<port>127.0.0.1:8001</port>
) and use a reverse proxy safely (nginx) to deal with Let's Encrypt ?Thanks,
Hi,
I have today tried and build belenios in a docker image build.
My last docker buidl error, obviously is due to the installation process requiring permission to create a namespace. Which is discarded by the Docker build process. Worth mentioning, I also had to force no parallel execution of make
.
I am curious to ask how can the creation of a linux namespace be required by any software build from source process?
Ma dernière erreur au build Docker
, est manifestement due au fait que le script de build demande l'autorisation de de créer un namespace, interdit dans un build image conteneur.
Requête surprenante, pour permettre le build d'une application. Puis-je vous demander comment la création d'un namespace peut-être nécesaire à la compilation / packaging / doc. gen. d'un logiciel ?
=-=-= Generation of env.sh =-=-=
=-=-= Initialization of OPAM root =-=-=
Cloning into 'opam-repository'...
HEAD is now at 0200b39689 Merge pull request #15950 from mseri/release-plplot-5.11.0-1
[WARNING] Running as root is not recommended
[NOTE] Will configure from built-in defaults.
Checking for available remotes: rsync and local, git.
- you won't be able to use mercurial repositories unless you install the hg command on your system.
- you won't be able to use darcs repositories unless you install the darcs command on your system.
<><> Fetching repository information ><><><><><><><><><><><><><><><><><><><><><>
[default] Initialised
[WARNING] Running as root is not recommended
<><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
[ocaml-base-compiler.4.08.1] downloaded from https://github.com/ocaml/ocaml/archive/4.08.1.tar.gz
<><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
-> installed base-bigarray.base
-> installed base-threads.base
-> installed base-unix.base
[ERROR] The compilation of ocaml-base-compiler failed at "/root/.belenios/opam/opam-init/hooks/sandbox.sh build ./configure --prefix=/root/.belenios/opam/4.08.1 -C".
#=== ERROR while compiling ocaml-base-compiler.4.08.1 =========================#
# context 2.0.5 | linux/x86_64 | | git+file:///root/.belenios/opam-repository
# path ~/.belenios/opam/4.08.1/.opam-switch/build/ocaml-base-compiler.4.08.1
# command ~/.belenios/opam/opam-init/hooks/sandbox.sh build ./configure --prefix=/root/.belenios/opam/4.08.1 -C
# exit-code 1
# env-file ~/.belenios/opam/log/ocaml-base-compiler-12049-c743ac.env
# output-file ~/.belenios/opam/log/ocaml-base-compiler-12049-c743ac.out
### output ###
# Creating new namespace failed: Operation not permitted
<><> Error report <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+- The following actions failed
| - build ocaml-base-compiler 4.08.1
+-
+- The following changes have been performed (the rest was aborted)
| - install base-bigarray base
| - install base-threads base
| - install base-unix base
+-
<><> ocaml-base-compiler.4.08.1 troubleshooting <><><><><><><><><><><><><><><><>
=> A failure in the middle of the build may be caused by build parallelism
(enabled by default).
Please file a bug report at https://github.com/ocaml/ocaml/issues
=> You can try installing again including --jobs=1
to force a sequential build instead.
# Run eval $(opam env) to update the current shell environment
Switch initialisation failed: clean up? ('n' will leave the switch partially installed) [Y/n] n
The command '/bin/sh -c ./opam-bootstrap.sh' returned a non-zero code: 31
jbl@pegasusio:~/dockerized-belenios$
FROM debian:9.12-slim
# ARG [email protected]:second-bureau/bellerophon/blockchain-bleue/belenios/belenios.git
ARG BELENIOS_SRC_CODE=https://github.com/glondu/belenios
ARG DEPENDENCIES='git bubblewrap build-essential libgmp-dev libpcre3-dev pkg-config m4 libssl-dev libsqlite3-dev wget ca-certificates zip unzip libncurses-dev uuid-runtime zlib1g-dev libgd-securityimage-perl cracklib-runtime'
RUN apt-get update -y && apt-get install -y ${DEPENDENCIES}
RUN mkdir -p /belenios/install_home
COPY start.sh /belenios
RUN chmod +x /belenios/*.sh
# RUN git clone $[BELENIOS_SRC_CODE} /belenios/install_home
RUN git clone https://github.com/glondu/belenios /belenios/install_home
WORKDIR /belenios/install_home
RUN chmod +x ./opam-bootstrap.sh
RUN ./opam-bootstrap.sh
RUN make --jobs=1 all
# RUN BELENIOS_DEBUG=1 make all
# ---
# To make sure the build process completed (almost) without errors
RUN make check
# ---
#
# To compile the command-line tool, you will need: (installed by 'opam' executable)
RUN opam install atdgen zarith cryptokit uuidm cmdliner
# ---
# Now commpiling belenios command line tool (Belenios CLI)
RUN make --jobs=1
# ---
# The web server has the following additional dependencies: (installed by 'opam' executable)
RUN opam install calendar eliom csv
# ---
# all the dependencies have been
# installed, the Eliom module can be
# compiled with:
RUN make all
# ---
# Documentation
# -
# To generate HTML files from .md ones, you will need Markdown
ARG DOC_MARKDOWN_DEPENDENCIES='markdown texlive-latex-extra texlive-fonts-recommended texlive-fonts-extra lmodern'
RUN apt-get install -y ${DOC_MARKDOWN_DEPENDENCIES}
# Now generating documentation
RUN make doc
WORKDIR /belenios
CMD [ "/belenios/start.sh" ]
start.sh
:#!/bin/bash
sleep 100000s
I would contrib docs maybe twice a year to this project, but it's a little complicated getting a login to inria git (I doubt other people would bother) and I'd prefer deleting my github user.
Since 1.16 Belenios responds with an 401 error code when trying to access an admin page as an unauthenticated user. The response body looks something likes the following: Error: Ocsigen_cohttp.Ocsigen_http_error(0, 324098644)
E.g: https://belenios.loria.fr/draft/election?uuid=QZHqeNr1sx1m6B
In the previous versions this was an 403 error code and a Forbidden page was displayed to the user.
Maybe we could make this more user friendly. E.g. by displaying another error message or by redirecting to the login page?
Sorry for spamming you guys lately (:
I found that election admins in our organization (and me too) had the problem of accidentally clicking the "Destroy election" button when wanting to create the election. This is rather unfortunate when working with trustees. Because then the admin would have to ask all parties to again participate in setting up the election. Even worse: The same thing can happen if the election is already running and one clicks on the "Destroy election" button.
You might say the admin should be responsible and read the captions of what she/he is clicking at. But in reality most people don't or click faster then they read ;)
The solution could be as simple as:
<script>
function confirmDestroyElection(event) {
var prompt = window.confirm("Do you really want to destroy this election?");
if (!prompt) {
event.preventDefault();
}
}
</script>
<input value="Destroy election" type="submit" onclick="confirmDestroyElection">
From the voter's perspective, it would be nice if we could skip the step of entering the credential in the booth.
Since the credential is a key part of the voting process, we could pass the credential in the voting link to the voting booth.
E.g.: We could send the following link by email: https://belenios.loria.fr/elections/:id/#credential=123-456-789-abc-deN
The credentials input could be filled in automatically and the first step of the voting process could be skipped.
Note: Query parameters do not work here because they are sent to the server, but the anchor tag is not.
What do you think about this feature? Do you think this poses some kind of risk?
I was creating and conducting elections in Belenios for finding out loopholes in it.
So, I followed the usual procedure. I first created the admin user, then some voters, questions, and sent the credentials and passwords to them. But, when it comes to the trustees, where we have to send the link for them to generate the decryption key, it seems that the link is sent in a wrong way.
The link found in the email is: https://belenios.loria.fr/draft/threshold-trustee?token=SwCan9Xj2yEB4W&uuid=Qnzd5shpFWSYhD which on opening shows "Wrong Parameters".
The actual link(which I found out as an admin) is: https://belenios.loria.fr/draft/threshold-trustee?token=SwCan9Xj2yEB4W&uuid=Qnzd5shpFWSYhD
So, as you can see, there is an "amp;" that is somehow added while sending through the mail, which causes the link to be broken.
I have used belenios for some test votes: it looks a very useful tool, thanks.
I've been using "alternative voting methods" to set up a ranked vote on https://belenios.loria.fr/ in v1.18.
After the vote is counted, participants can see the results in JSON format, in which each (ascii) answer has been assigned to an index [0, 1, ...].
As far as I can tell, there is no way in the web interface to find the mapping between index and the question it corresponds to.
When I ask for eg the condorcet result it tells me the answer in ascii, but I think the mapping must also be available to both administrator and participants, perhaps best integrated into the JSON data?
Hello,
Could you please update the package belenios-tool for Debian Buster?
When verifying or validating elections it throws an error as it still looks for threshold.json.
presently, there seem to be four pieces of info relevant to voters to participate in an election:
one challenge we face is the emails occasionally take a bit longer to arrive for some of our users, delaying our voting process during general assemblies.
we would try to account for this by sending the emails in time, then occasionally find the question wording might still change a bit, making this not a great solution.
to address this, we would prefer to ensure we can send voters credentials they can share across elections, as well as a single place to log in where they can find new elections they are eligible to vote in.
is this use-case something that has been considered?
Hello, I've cloned this repository : https://gitlab.inria.fr/belenios/belenios
The gitlab-ci.yml is :
stages:
build_and_test_with_preinstalled_image:
stage: test
image: glondu/beleniosbase:20200824-1
script:
# Initialize environment
- source ~/env.sh
- opam install --yes gettext-camomile
# Run command-line tool tests
- make check
# Compile belenios
- make build-release-server
# Start belenios web server
- ./demo/run-server.sh &
# Access the localhost web page, print page output for debug purposes, and check validity of page output
- first_access_index_page_output=$(wget --retry-connrefused --no-check-certificate -T 30 http://localhost:8001 -O-)
- echo $first_access_index_page_output
- if [ "$(echo "$first_access_index_page_output" | grep '>Belenios' | wc -l)" != "1" ]; then echo "[First page access] First page access does not show a single '>Belenios' text, but it should" && exit 1; else echo "[First page access] First page access shows a single '>Belenios' text, as expected"; fi
You have this : https://gitlab.inria.fr/belenios/belenios/-/jobs/851414
$ make check
make build-debug-tool
make[1]: Entering directory '/builds/belenios/belenios'
BELENIOS_DEBUG=1 dune build --build-dir=_build-debug -p belenios-platform,belenios-platform-native,belenios,belenios-tool
rm -rf _run/tool-debug
dune install --build-dir=_build-debug --destdir=_run/tool-debug --prefix=/ belenios-platform belenios-platform-native belenios belenios-tool 2>/dev/null
make[1]: Leaving directory '/builds/belenios/belenios'
make -C tests/tool check
make[1]: Entering directory '/builds/belenios/belenios/tests/tool'
mkdir -p data
./demo.sh
I have this error :
`Running with gitlab-runner 13.5.0 (ece86343)
on sam-dev-docker oCyD3VJJ
Preparing the "docker" executor
02:04
Using Docker executor with image glondu/beleniosbase:20200824-1 ...
Pulling docker image glondu/beleniosbase:20200824-1 ...
Using docker image sha256:998d10453e7b7391f601d8a5b4505b944aba1c3a91652ede66f3649329681d12 for glondu/beleniosbase:20200824-1 with digest glondu/beleniosbase@sha256:fecfc0082f3a13c448a367f529e8457331303a44f3d353219c75f5e439d6bda4 ...
Preparing environment
00:02
Running on runner-ocyd3vjj-project-199-concurrent-0 via ...secret.....
Getting source from Git repository
00:01
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /builds/vdirken/belenios-ci/.git/
Checking out 6d004da5 as master...
Removing _build-debug/
Removing belenios-platform.install
Removing belenios.install
Removing src/lib/.merlin
Removing src/platform/.merlin
Removing src/platform/native/.merlin
Removing src/tool/.merlin
Skipping Git submodules setup
Executing "step_script" stage of the job script
01:39
$ source ~/env.sh
$ opam install --yes gettext-camomile
[NOTE] It seems you have not updated your repositories for a while. Consider updating them with:
opam update
The following actions will be performed:
Do you know why I have this ? The code is exactly like your code (no changes).
Kind regards,
Valentin
It would be useful to be able to limit which users are allowed to manage elections when using CAS authentification for election administrators.
Without it when we configure CAS access in ocsigen.conf any user having a valid account will be able to connect and create elections :-(
Bonjour et merci pour votre application,
En espérant que l'usage du Français est autorisé, mon anglais étant quelque peu défaillant !
Pensez-vous qu'il serait possible de rajouter la fonction de séparation du poids des votes, par exemple, mon votant 1 pèse 45 voix, mon votant 2 pèse 67 voix.
Votant 1 donne 30 voix Pour et 15 voix Contre à l'option 1
Votant 1 donne 28 voix Pour et 17 voix Contre à l'option 2
Votant 2 donne 40 voix Pour et 27 voix Contre à l'option 1
Votant 2 donne 10 voix Pour et 57 voix Contre à l'option 2
Résultat des votes avec un poids total de 112 voix :
Option 1 : 70 voix Pour ; 42 voix Contre
Option 2 : 38 voix Pour ; 74 voix Contre
Merci pour votre retour et excellente journée à vous.
Patrick M
I would appreciate if the Admin Interface had a possibility to export and import the election in .json format.
This would be helpful
a) to save an election and redo the same election a year later
b) external version control system (VCS) could be used when creating the election
b1) when corrections are done
b2) (more sophisticated) collaboration among different users when creating the election: With the text format we could use version control system (VCS) and merge various contributions. Of course, the .json with its sensitivity to trailing commas will cause some trouble. Maybe there is a better format.
c) workaround for changing the order of questions
Already existing Workaround: There exists an experimental admin interface where .json can be exported and imported by copy-paste from an editor field:
https://vote.belenios.org/static/admin.html
You must be logged in from the standard login before the experimental admin interface is working, e.g. from here:
https://vote.belenios.org/login?cont=admin&service=public
The text editor does not show any whitespace, however Notepad++ with JSON Viewer plugin or PyCharm editor does beautify it.
Hi,
First at all, thanks for sharing this great project.
I'm trying to set up a production version of Belenios for our University. After some tries I decided to test the nspawn installation. I'm currently running this on a Fedora workstation.
Step 1 and 2 are OK. I've got the belenios FS and install working:
[root@cric-cig177 belenios]# systemd-nspawn --directory=/opt/belenios --user=beleniosSpawning container belenios on /home/jgay/WORK/belenios-build.
Press ^] three times within 1s to kill container.
belenios@belenios:~$
But I can't get the step3 to work. Here is my last try:
[root@cric-cig177 belenios]# systemd-nspawn --directory=/opt/belenios --user=root
Spawning container belenios on /home/jgay/WORK/belenios-build.
Press ^] three times within 1s to kill container.
root@belenios:~# /home/belenios/belenios/doc/nspawn/belenios-stage3.sh
(...)
Installing Debian prerequisites...
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
E: Failed to fetch http://deb.debian.org/debian/pool/main/s/sensible-utils/sensible-utils_0.0.12_all.deb Temporary failure resolving 'deb.debian.org'
(...)
E: Failed to fetch http://deb.debian.org/debian/pool/main/z/zlib/zlib1g-dev_1.2.11.dfsg-1_amd64.deb Temporary failure resolving 'deb.debian.org'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Any ideas, advices?
Hi,
I have an issue when compiling with make install
(even though make minimal
did not bring up any difficulty):
Here is the error:
$ make all
rm -f _build/BUILD
ocamlbuild all.otarget all-native.otarget
Finished, 0 targets (0 cached) in 00:00:00.
+ ocamlfind ocamlc -c -g -annot -safe-string -w A-4-6-29-44-45-48 -package js_of_ocaml-lwt -package js_of_ocaml-ppx -package lwt_ppx -package uuidm -package atdgen -package yojson -I src/lib -I src/tool -o src/tool/tool_js_booth.cmo src/tool/tool_js_booth.ml
File "src/tool/tool_js_booth.ml", line 423, characters 6-386:
423 | ......let%lwt raw =
424 | let%lwt x = Printf.ksprintf get "elections/%s/election.json" uuid in
425 | if x.code = 404 then (
426 | let%lwt x = Printf.ksprintf get "draft/preview/%s/election.json" uuid in
427 | Lwt.return x.content
428 | ) else Lwt.return x.content
429 | in
430 | let () = set_textarea "election_params" raw in
431 | Lwt.return (run_handler loadElection ())
Error: This expression has type bool Js_of_ocaml.Js.t Lwt.t
but an expression was expected of type unit Lwt.t
Type bool Js_of_ocaml.Js.t is not compatible with type unit
Command exited with code 2.
Compilation unsuccessful after building 284 targets (282 cached) in 00:00:01.
Makefile:9: recipe for target 'all' failed
make: *** [all] Error 10
I attach my opam list
:
Thanks for your help!
I use Belenios behind a reverse proxy (nginx on port 80/443) with a domain name, but I have many references to localhost:8001 instead my domaine name (in email template, on user interface for the vote link...).
There is a place in the config file to fill the real domain name and overwrite the localhost:8001 ?
Thanks,
I'm trying to run your ./opam-bootstrap.sh
script, but it fails fairly early with the following error:
env PATH="`pwd`/bootstrap/ocaml/bin:$PATH" make
make[1]: Entering directory '/home/hritcu/Apps/belenios-install/bootstrap/src/opam-full-2.0.0'
jbuilder build opam-installer.install opam.install
File "src/client/jbuild", line 31, characters 0-26:
Error: Unknown constructor include
make[1]: *** [Makefile:104: opam.install] Error 1
make[1]: Leaving directory '/home/hritcu/Apps/belenios-install/bootstrap/src/opam-full-2.0.0'
make: *** [Makefile:192: cold] Error 2
I'm on Manjaro Linux (a variant of Arch).
A self-contained Docker image or a Docker compose file for running the Belenios web server would be much appreciated.
Building an image from sources using completely unknown technologies is too much of an effort for running an evaluation of a software system.
Could it be as simple as adding a missing entrypoint to the glondu/beleniosbase
image?
As discussed via email:
It would be nice to have the ability to share administrator rights for an election.
The use case would be that election admins could choose a deputy to represent them in the event of the admin not being available. We already have a similar feature for trustees with the threshold mode.
This can be particularly useful for organizations that only allow login via SSO.
For a given administrator, these three setings for each election do not presumably change much
a) Public name
b) Languages
c) Contact
Ideally, the system would just remember them and prefill them from a previous election.
Alternatively, there could be an option to clone an election or with each of these, there would be a button "copy from last election".
The same could be done for "Name and description of the vote", which does change every election, but sometimes just slightly (imagine multiple rounds of the same election, for example).
I suggested these a year ago here: https://sympa.inria.fr/sympa/arc/belenios-discuss/2021-01/msg00010.html
but I guess here they will not be as easily forgotten and I can see in other issues that a new admin interface is planned.
Is there any plans to address this: https://hal.inria.fr/hal-02928953/document
Is it possible to obtain a report of people who actually voted in an election?
It is to give voters an easy way to compare total amount of votes with total amount of voters.
The shell scripts in the demo/
directory to start and stop the server behave differently whether there is a .git
directory in the current working directory.
I would expect that these scripts behave the same when they are called from the “main working tree” (in which .git
is a directory) or from a “linked working tree” (in which .git
is a plain file). However, running make build-debug-server && ./demo/run-server.sh
works fine from the root of the main worktree but fails within a linked worktree: “BELENIOS_CONFIG must be set!”
I encoutered an issue with Belenios branch stable
(last commit in branch : d0edd18) when I want to compute the results.
Clean install of Belenios from stable branch on Debian, using the demo folder with the run-server.sh.
I create an election with 1 or more voters, only one of them submit a ballot.
The ballot box must contain only 1 ballot submitted.
Close the election and try to compute the results.
When clicking the button "Compute the results", Belenios should redirect on results page.
When clicking the button "Compute the results", I have a response with status code 500 and body : Error: (Invalid_argument "Cannot compute result")
I have tested this behavior with :
I am open to any precision if needed !
After clicking the button to generate all the passwords, I am unable to delete individual voters. Clicking the button to delete them gives the error “Wrong parameters”. Is there a workaround without editing the list manually?
Hi,
It seems that the br with brackets around, added in 1.16 for name, desc ... is not working in v1.19
I used it in 1.17 but now upgrading to 1.19 it is not working
REM I use a docker file with FROM glondu/beleniosbase:20220223-1
The script ./opam_bootstrap.sh terminates with the following error message:
[...lots of output...]
[yojson.1.7.0] downloaded from https://github.com/ocaml-community/yojson/releases/download/1.7.0/yojson-1.7.0.tbz
[zarith.1.12] downloaded from https://github.com/ocaml/Zarith/archive/release-1.12.tar.gz
[ERROR] The sources of the following couldn't be obtained, aborting:
- menhir.20210419: Bad checksum
- menhirLib.20210419: Bad checksum
- menhirSdk.20210419: Bad checksum
hello, new to this software i followed the opam-bootstrap.sh procedure under a fresh new install of debian 10
belenios version 1.10 (and 1.9) failed at the last step in building dependencies.
Trying older versions, belenios v1.8 seems to install well and i success in 'make all && make check'
In v1.10, the output is:
∗ installed base-bigarray.base
∗ installed base-threads.base
∗ installed base-unix.base
∗ installed ocaml-base-compiler.4.06.1
∗ installed ocaml-config.1
∗ installed ocaml.4.06.1
Done.
# Run eval $(opam env) to update the current shell environment
=-=-= Installation of Belenios build-dependencies =-=-=
The following dependencies couldn't be met:
- eliom → js_of_ocaml-tyxml → tyxml >= 4.3
- eliom → js_of_ocaml-tyxml → js_of_ocaml (>= 3.0 & != 3.3.0) → js_of_ocaml-compiler < 3.0.1 → ocaml < 4.06.0
base of this switch (use `--unlock-base' to force)
- eliom → ocsigenserver < 2.10 → tyxml < 4.3 → ocaml < 4.06.0
base of this switch (use `--unlock-base' to force)
- eliom → ocsigenserver < 2.10 → tyxml < 4.3 → ocamlnet = 3.6.0 → ocaml < 4.01.0
base of this switch (use `--unlock-base' to force)
- eliom → ocsigenserver < 2.10 → tyxml < 4.3 → uutf < 1.0.0 → ocaml < 4.06.0
base of this switch (use `--unlock-base' to force)
- eliom → ocsigenserver < 2.10 → react < 1.0.0 → ocaml < 4.06.0
base of this switch (use `--unlock-base' to force)
- eliom → ocsigenserver < 2.10 → lwt < 3.0.0 → ocaml < 4.06.0
base of this switch (use `--unlock-base' to force)
- eliom → tyxml >= 4.0.0 → uutf < 1.0.0 → ocaml < 4.06.0
base of this switch (use `--unlock-base' to force)
- eliom → tyxml >= 4.0.0 → ocaml < 4.06
base of this switch (use `--unlock-base' to force)
Your request can't be satisfied:
- No available version of js_of_ocaml satisfies the constraints
- No available version of tyxml satisfies the constraints
No solution found, exiting
I tryed to downgrade ocaml version manually to adapt dependencies (ocaml version < 4.06.0
$opam switch create 4.05.0
and then replay the last install instruction from bootsrap without success
$opam install --yes dune=1.6.3 atdgen zarith cryptokit uuidm calendar cmdliner sqlite3 ssl=0.5.7 js_of_ocaml=3.3.0 eliom=6.3.0 csv
The following dependencies couldn't be met:
- eliom → ocaml >= 4.03.0
base of this switch (use `--unlock-base' to force)
No solution found, exiting
Then, trying (for fun, i don't think my way is orthodox) to downgrade again to get rid of dependecies
$ opam switch create 4.03.0
<><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
[ocaml-base-compiler.4.03.0] downloaded from cache at https://opam.ocaml.org/cache
<><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
∗ installed base-bigarray.base
∗ installed base-threads.base
∗ installed base-unix.base
∗ installed ocaml-base-compiler.4.03.0
∗ installed ocaml-config.1
∗ installed ocaml.4.03.0
Done.
# Run eval $(opam env) to update the current shell environment
I really don't think, even i don't have anymore failure in dependency check, i am in a correct setup.
Could you provide me clues to what could go wrong ?
Regards.
PS: By the way, after my last steps 'make all' fail
See: https://belenios.loria.fr/draft/new
Even though this shouldn't be a security problem (because form submission is authenticated), it might be more clear to handle this page like /admin or by redirecting to /login and after successful authentication redirecting back to /draft/new.
Hi @glondu ,
1.13
opam init
, the process just hangs and stays there without any stdout, and no matter how long I wait, nothing more happens, unless I kill the processDismayed by those results, I tried he following , with last commit on master of Belenios (also tried 1.13
), and I end up with the exact same problem :
mkdir -p /tmp/belenios-base-env/
git clone https://github.com/glondu/belenios /tmp/belenios-base-env/
cd /tmp/belenios-base-env/
git checkout 1.13
git checkout master
docker build -t beleni8s/base-env -f Dockerfile_base_environment .
So there, I think I can say that it is not possible to reproduce Belenios Gitlab CICD Pipeline, which is based on that Dockerfile_base_environment
: Dockerfile_base_environment
fails to build an image for Belenios 1.13
and master
, for sure.
It really seems like there is an issue with one of the dependencies, and it seems really hard to get any informations from the opam init
process : Indeed, I am pretty sure I succeded build Belenios 1.13
using my initial original automated recipe
This is very frustrating, since I managed to build a Docker image with one single belenios-tool
executable file, and I am currently implementing a Belenios REST API , see https://github.com/beleni8s/beleni8s-api/tree/feature/loopback-implttest-1
I am also worried for the stability of the belenios platform : we must be able to "replay" the build of a given Belenios version, and this replay must be stable, especially for a cryptography product.
I will collaborate gladly to help there
ps: For the record, here is my "hanging" out put :
Cloning into 'opam-repository'...
Checking out files: 100% (21207/21207), done.
HEAD is now at a0b420b216 Merge pull request #18747 from fpottier/opam-publish-sek.20201012
[NOTE] Will configure from /home/belenios/.opamrc and then from built-in defaults.
Checking for available remotes: git.
- you won't be able to use rsync and local repositories unless you install the rsync command on your system.
- you won't be able to use mercurial repositories unless you install the hg command on your system.
- you won't be able to use darcs repositories unless you install the darcs command on your system.
<><> Fetching repository information ><><><><><><><><><><><><><><><><><><><><><>
[default] Initialised
<><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
[ocaml-base-compiler.4.11.2] downloaded from https://github.com/ocaml/ocaml/archive/4.11.2.tar.gz
<><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Too long with no output (exceeded 10m0s): context deadline exceeded
(below : an execution in an Ubuntu Executor on Circle CI , finishing with a pipeline timeout, which ends up with Too long with no output (exceeded 10m0s): context deadline exceeded
)
When sending out password emails to the user, the correct hostname / port is preserved even behind a proxy, but it seems to me the scheme is always forced to http.
After adding new voters to a list of voters which already received their passwords, I am unable to send the remaining passwords using the button in /draft/voters (it brings me back to the home page of the election without doing anything. However, the button on the main page (in /draft/election) works as expected.
Questions accept the new line <br> already, but not the answers.
<b> and <i> is not supported yet.
My local server build fails to send credentials emails.
In the web UI, I'm getting the following cryptic error message
Netchannels.Command_failure(WEXITED 127)
More helpful information is displayed on the console:
/bin/sh: 1: /usr/lib/sendmail: not found
My machine does not have sendmail or any other local mail service. Email gets sent via an external bulk email service.
How can I configure Belenios to use an external SMTP service?
The election hash is not reproducible from the information given in the specification.
election.json
produced by the server contains two additional attributes administrator
and credential_authority
not defined in section 4.9.As the title says it, when one saves changes, there is no indication that they were saved - probably some javascript solution would be in order. This is of course minor.
When running Belenios locally kept getting error:
ocsigenserver.opt: ocsigen:main: Exn during page generation (sending 500): Invalid_argument("2020-07-20 -20:-08:-25 does not match the format %Y-%m-%d %H:%M:%S")
(Date was actually 2020-07-26 and negative time was being produced).
This occurred after signing in and starting to create a new election after pressing "Proceed".
Corrected this by commenting out let () = CalendarLib.Time_Zone.(change Local)
in web_main.ml.
I live in New Zealand.
Unless I have done something wrong, this code might need looking at.
When administering an election using the web server interface, there are a few steps that modify the election without making it possible to go back and change things again. Two of these come to mind:
While managing trustees, clicking on the threshold mode link transforms the election into a threshold election. At this point, it does not seem possible to go back to the default simple trustees, so if this was clicked by mistake the election would have to be set up again from scratch. There is no workaround since the threshold must be strictly smaller than the number of trustees. This is partly related to the limitations mentioned in #55.
In the main election administration page, the button to generate election credentials fixes the voter list, but even if this is stated in the text above the button it can be easy to click by mistake or expect to be sent to a separate page to perform this operation, as is the case with the other steps.
It would be useful to present a confirmation prompt to the administrator before these operations are applied.
This seems important especially since an administrator may run into a dead end once spurious information has already been sent out to the voters. In (2), this condition itself causes the problem. But also in (1), because the steps can be performed in any order, credential information could be sent out before a mistake in trustee management imposes a do-over.
According to belenios-tool validate --help
The result structure contains partial decryptions itself, so partial_decryptions.jsons can be discarded afterwards.
The output result.json
does contain the partial decryptions, but in reverse order, compared to partial_decryptions.jsons
.
Is this intentional?
The Belenios web server currently supports two kinds of trustee structures: (1) a set of Single trustees, and (2) a single Pedersen group with a threshold strictly less than the number of trustees. The server is always present as a Single trustee.
It would be desirable for the web server to support the more general trustee structures supported by belenios-tool
, e.g., instead of adding individual trustees to a list, allow the administrator to add either Single or Pedersen trustees, and manage Pedersen groups separately. This is primarily so that non-technical people can easily participate in elections with more complex structures, notably as trustees.
See also this thread: https://sympa.inria.fr/sympa/arc/belenios-discuss/2022-04/msg00002.html
For branding purposes it would be nice to have the option to change the logos displayed in the booth (left and right).
Currently we are use a kind of hacky solution to ahive this: We define custom properties in the election description using JSON
{
"description":"Wahl der Fachschaftsrats M // Election of the Student Council M",
"logos":{
"left":"https://m18.uni-weimar.de/files/2018/03/M_Logo_mitText-640x503.png",
"right":"https://m18.uni-weimar.de/files/2018/03/StuKo_Logo.png"
}
}
and than replace the default logos using a view lines of JavaScript.
One example for a native solution:
Thanks for the great work!
Hello,
Downloading the latest release from http://belenios.gforge.inria.fr/ and running ./opam-bootstrap.sh
yields some 404 errors due to missing files trying to download over the internet.
Cloning the repo and running the same command works.
I am wondering if it makes sense to make a new release.
The first verification step in section 4.4 of the specification should be corrected to
compute A = g^response / X^challenge
(replace y by X)
Step 2 of **Verifying overall_proof" uses undefined variables alpha_j and beta_j.
These should be replaced by alpha_Sigma and beta_Sigma, respectively.
I assume you have already considered it, but in the off chance that you haven't, you can try using esy to install dune.
Hi Stéphane et al.,
The belenios.loria.fr implementation has an upper limit of 2000 voters but there is no mention of this that I could find in the documentation on the website.
Many thanks for your help,
Ari
According to Section 4.7 of the specification
A secret credential c is a 15-character string
This implies that the hyphens in a secret credential like NYC-SgM-axC-fCu-pvP
are just for convenience of the human reader.
However,
belenios-tool credgen --derive=NYC-SgM-axC-fCu-pvP --group=files/groups/default.json --uuid=deT9e32LvYeDzg
does not seem to remove the hyphens or validate the credential format at all before passing the credential to the PBKDF2 function.
In fact, even nonsense like --derive=foo
does not produce an error message.
As a consequence, the generated public key differs from the value defined by the specification (which can be obtained with --derive=NYCSgMaxCfCupvP
in the given example.)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.