Firefox Sync Server

Contents

Firefox Sync Server

About

Some notes:

You still need a Mozilla Firefox account! You can circumvent this by hosting your own firefox account- and content-servers.

Installation

Prepare build environment

   1 aptitude install git-core \
   2         python-dev python-virtualenv \
   3         g++ make default-libmysqlclient-dev

Download, build and test it

   1 cd /opt
   2 git clone https://github.com/mozilla-services/syncserver
   3 cd syncserver
   4 make build
   5 make test

Workarounds

Current requirement.txt

Maybe it helps somebody.

/opt/syncserver/requirements.txt

   1 gevent==1.4.0
   2 greenlet==0.4.14
   3 #greenlet>=0.4.13
   4 cornice==0.16.2
   5 #cornice==3.5.1
   6 gunicorn==19.10.0
   7 pyramid==1.10.4
   8 WebOb==1.8.5
   9 requests==2.22.0
  10 SQLAlchemy==1.3.3
  11 unittest2==1.1
  12 zope.component==4.2.1
  13 configparser==3.7.4
  14 mozsvc==0.10
  15 futures==3.2
  16 soupsieve==1.9.5
  17 umemcache==1.6.3
  18 google-cloud-spanner==1.18.0
  19 #https://github.com/mozilla-services/tokenserver/archive/bf5f232ed78fb4eb89909ec5be40f135945aa514.zip
  20 #https://github.com/mozilla-services/tokenserver/archive/39239dd7a8d6b8270e22c9b6fef3f6be147e0df4.zip
  21 /opt/tokenserver-39239dd7a8d6b8270e22c9b6fef3f6be147e0df4
  22 https://github.com/mozilla-services/server-syncstorage/archive/d370a488155adeb80ee6f1bc016a4aa9d009f181.zip

/opt/tokenserver-39239dd7a8d6b8270e22c9b6fef3f6be147e0df4/requirements.txt

   1 alembic==1.0.9
   2 asn1crypto==0.24.0
   3 boto==2.49.0
   4 certifi==2019.3.9
   5 # Handle older cffi versions in circleci
   6 cffi==1.14.0; platform_python_implementation == "CPython"
   7 chardet==3.0.4
   8 configparser==3.7.4
   9 #cornice==3.5.1
  10 cornice==0.16.2
  11 cryptography==2.6.1
  12 enum34==1.1.6
  13 gevent==1.4.0
  14 greenlet==0.4.14
  15 gunicorn==19.10.0
  16 hawkauthlib==2.0.0
  17 hupper==1.6.1
  18 idna==2.8
  19 ipaddress==1.0.22
  20 konfig==1.1
  21 Mako==1.0.9
  22 MarkupSafe==1.1.1
  23 mozsvc==0.10
  24 mysqlclient==1.4.6
  25 Paste==3.0.8
  26 PasteDeploy==2.0.1
  27 plaster==1.0
  28 plaster-pastedeploy==0.7
  29 PyBrowserID==0.14.0
  30 pycparser==2.19
  31 PyFxA==0.7.7
  32 PyJWT==1.7.1
  33 PyMySQL==0.9.3
  34 pymysql-sa==1.0
  35 pyramid==1.10.4
  36 python-dateutil==2.8.0
  37 python-editor==1.0.4
  38 repoze.lru==0.7
  39 requests==2.22.0
  40 simplejson==3.16.0
  41 six==1.14.0
  42 SQLAlchemy==1.3.3
  43 testfixtures==6.7.0
  44 tokenlib==2.0.0
  45 translationstring==1.3
  46 urllib3==1.25.2
  47 venusian==1.2.0
  48 WebOb==1.8.5
  49 zope.deprecation==4.4.0
  50 zope.interface==4.6.0

ConverterMapping

The import of function ConverterMapping fails as stated in this issue on github

I had to adjust requirements.txt

-configparser==3.5
+configparser==3.5.0b2

I guess you have to make also sure the right python-interpreter (from the venv) is used.

Database needs migration after upgrade

OperationalError: (sqlite3.OperationalError) no such column: keys_changed_at

   1 sqlite3 /var/lib/syncserver/data/syncserver.db
   2 ALTER TABLE users ADD keys_changed_at BIGINT;
   3 ALTER TABLE users ADD node VARCHAR(255);

Configure

Syncserver

Configuration will reside in /opt/syncserver/syncserver.ini

Create a server secret and write it into the configuration

   1 head -c 20 /dev/urandom | sha1sum
   2 db8a203aed5fe3e4594d4b75990acb76242efd35  -

/opt/syncserver/syncserver.ini

   1 [syncserver]
   2 ...other settings...
   3 secret = db8a203aed5fe3e4594d4b75990acb76242efd35

Create a user to run this service as, which has a home directory, a path for persistent variable data (e.g. a sqlite-database).

   1 addgroup --system syncserver
   2 adduser --system --ingroup syncserver \
   3         --home /var/lib/syncserver \
   4         --gecos "Mozilla Firefox Sync Server,," \
   5         syncserver

Create directory for the sqlite database within the new home-directory.

   1 install -o syncserver -g syncserver -m 2750 \
   2         -d /var/lib/syncserver/data

Apache2 as reverse proxy

Create configuration for apache2 and enable it /etc/apache2/sites-available/wiki.rockstable.it_8443.conf

   1 <IfModule mod_ssl.c>
   2     <VirtualHost _default_:8443>
   3         Define      SERVER_NAME wiki.rockstable.it
   4         ServerName  ${SERVER_NAME}
   5         ServerAlias wiki1.rockstable.it
   6         ServerAdmin webmaster@rockstable.it
   7 
   8         DocumentRoot    /opt/syncserver
   9 
  10         # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
  11         # error, crit, alert, emerg.
  12         # It is also possible to configure the loglevel for particular
  13         # modules, e.g.
  14         #LogLevel info ssl:warn
  15 
  16         ErrorLog ${APACHE_LOG_DIR}/syncserver_error.log
  17         CustomLog ${APACHE_LOG_DIR}/syncserver_access.log combined
  18 
  19         #   SSL Engine Switch:
  20         #   Enable/Disable SSL for this virtual host.
  21         SSLEngine on
  22 
  23         #   A self-signed (snakeoil) certificate can be created by installing
  24         #   the ssl-cert package. See
  25         #   /usr/share/doc/apache2/README.Debian.gz for more info.
  26         #   If both key and certificate are stored in the same file, only the
  27         #   SSLCertificateFile directive is needed.
  28         #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  29         #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
  30         SSLCertificateFile      /etc/letsencrypt/live/wiki.rockstable.it/fullchain.pem
  31         SSLCertificateKeyFile   /etc/letsencrypt/live/wiki.rockstable.it/privkey.pem
  32 
  33         <Directory /opt/syncserver>                                                                                                                                          
  34             Require all granted                                                            
  35         </Directory>
  36 
  37         WSGIProcessGroup syncserver
  38         WSGIDaemonProcess syncserver user=syncserver group=syncserver \
  39              processes=2 threads=25 maximum-requests=1000 umask=0007 \
  40              python-path=/opt/syncserver/local/lib/python2.7/site-packages/ \
  41              python-home=/opt/syncserver/local/
  42         WSGIPassAuthorization On
  43         WSGIScriptAlias / /opt/syncserver/syncserver.wsgi                                                                                                                    
  44 
  45         # Always ensure Cookies have "Secure" set (JAH 2012/1)
  46         #Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"                                                                                        
  47     </VirtualHost>                                                                                                                                                           
  48 </IfModule>

Configure apache2 to listen on this "alternative" https-port 8443, too.
/etc/apache2/ports.conf

   1 # If you just change the port or add more ports here, you will likely also
   2 # have to change the VirtualHost statement
   3 
   4 Listen 80
   5 
   6 <IfModule ssl_module>
   7     Listen 443
   8     Listen 8443
   9 </IfModule>
  10 
  11 <IfModule mod_gnutls.c>
  12     Listen 443
  13     Listen 8443
  14 </IfModule>
  15 
  16 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Enable and test the new site in front of reloading the webserver

   1 a2ensite wiki.rockstable.it_8443.conf
   2 apache2ctl configtest
   3 systemctl restart apache2

Test the connection

   1 nc -zv wiki.rockstable.it 8443
   2 Connection to wiki.rockstable.it 8443 port [tcp/*] succeeded!

Change syncserver

Now proceed by changing the syncserver

Firefox#Change_syncserver

Protocols

Technologies

Configurations

Services

Misc

Navigation