Stephane Glondu · Stephane Glondu · Stephane Glondu · Stephane Glondu · Stephane Glondu · Stephane Glondu
--- a/.ocamlinit
+++ b/.ocamlinit
-#use "topfind";;
-#require "zarith";;
-#require "calendar";;
-#require "uuidm";;
-#require "atdgen";;
-#require "yojson";;
-#require "cryptokit";;
-
-#camlp4o;;
-#require "lwt.unix";;
-#require "lwt.syntax";;
-
-#directory "_build/src/lib";;
-#load "lib.cma";;
-
-let pp_print_datetime ppf x =
-  Format.pp_print_string ppf (Serializable_builtin_j.string_of_datetime x)
-;;
-
-let pp_print_uuid ppf x =
-  Format.pp_print_string ppf (Serializable_builtin_j.string_of_uuid x)
-;;
-
-#install_printer Z.pp_print;;
-#install_printer pp_print_datetime;;
-#install_printer pp_print_uuid;;
--- a/AUTHORS
+++ b/AUTHORS
@@ -5,6 +5,9 @@ Comments, review:
 - Pierrick Gaudry
 - Véronique Cortier

+Continuous integration, web tests:
+- Quentin Grimaud (swergas)
+
 Logo:
 - Alicia Filipiak


--- a/CHANGES.md
+++ b/CHANGES.md
-1.8 (2018-02-04)
+1.9 (2019-05-28)
+================
+
+ * Fix use of SOURCE_DATE_EPOCH
+ * Web server:
+   + Fix a bug that seldom caused the server to not perform its
+     partial decryption
+   + Check that cookies are not blocked on ballot submission
+   + Add the possibility to temporarily hide the result from the
+     public
+
+1.8 (2019-02-04)
 ================

 * Add the possibility to override sendmail via an environment variable

--- a/INSTALL.md
+++ b/INSTALL.md
@@ -134,7 +134,7 @@ Additionnaly, you will need LaTeX to compile the specification.
 On Debian-based systems, you can install the dependencies needed to
 compile the documentation with:

-    sudo apt install markdown texlive
+    sudo apt install markdown texlive-latex-extra texlive-fonts-recommended texlive-fonts-extra lmodern

 Once all the dependencies have been installed, the documentation can
 be compiled with:

--- a/VERSION
+++ b/VERSION
-1.8
+1.9
--- a/all.itarget
+++ b/all.itarget
 minimal.otarget
-src/lib/lib.cma
 src/web/server.cma
 src/static/logo.png
 src/static/placeholder.png

--- a/debian/changelog
+++ b/debian/changelog
+belenios (1.9+dfsg-1) UNRELEASED; urgency=medium
+
+  * New upstream release
+  * Bump debhelper compat level to 12
+  * Bump Standards-Version to 4.4.0
+
+ -- Stéphane Glondu <glondu@debian.org>  Wed, 24 Jul 2019 10:21:20 +0200
+
 belenios (1.8+dfsg-1) unstable; urgency=medium

  * New upstream release

--- a/debian/compat
+++ b/debian/compat
-10
+12
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Section: misc
 Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
 Uploaders: Stéphane Glondu <glondu@debian.org>
 Build-Depends:
- debhelper (>= 10),
+ debhelper (>= 12),
 dh-ocaml,
 ocaml-findlib,
 ocamlbuild,
@@ -22,7 +22,7 @@ Build-Depends:
 texlive-fonts-extra,
 lmodern,
 uuid-runtime
-Standards-Version: 4.1.4
+Standards-Version: 4.4.0
 Homepage: http://www.belenios.org/
 Vcs-Browser: https://salsa.debian.org/ocaml-team/belenios
 Vcs-Git: https://salsa.debian.org/ocaml-team/belenios.git

--- a/debian/rules
+++ b/debian/rules
@@ -16,4 +16,5 @@ endif
 override_dh_auto_test:
 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
 	demo/demo.sh
+	demo/demo-threshold.sh
 endif
--- a/doc/Continuous_Integration.md
+++ b/doc/Continuous_Integration.md
@@ -116,11 +116,11 @@ The total duration of this Continuous Integration script is 24 min 07 sec on its

 ### Second strategy: Installation of Belenios from a Docker image that already has OCaml and Opam installed

-The classical Continuous Integration script seen un previous section downloads OCaml and Opam from their sources, compiles them and installs them. This step lasts several minutes (around 6 minutes, mainly during the construction of the "world"). It is possible to use a Docker image that has already pre-installed these tools on a linux distribution. The downloaded Docker image will then be a bit heavier than a classical linux distribution, but we save computation time.
+The classical Continuous Integration script seen in previous section downloads OCaml and Opam from their sources, compiles them and installs them. This step lasts several minutes (around 6 minutes, mainly during the construction of the "world"). It is possible to use a Docker image that has already pre-installed these tools on a linux distribution. The downloaded Docker image will then be a bit heavier than a classical linux distribution, but we save computation time.

-OCaml developers maintain Docker Hub repositories `ocaml/opam` and `ocaml/opam2` (respectively for Opam 1.x.x and Opam 2.x.x), that contain images of several different linux distributions (including Debian 9), on which som versions of OCaml and Opam have been installed.
+OCaml developers maintain Docker Hub repositories `ocaml/opam` and `ocaml/opam2` (respectively for Opam 1.x.x and Opam 2.x.x), that contain images of several different linux distributions (including Debian 9), on which some versions of OCaml and Opam have been installed.

-The classical installtion procedure of Belenios currently uses OCaml 4.02.3 and Opam 1.2.2. I have not been able to make work the installation of the Opam packages with a Docker image that has this version of Opam installed, because of an dependencies resolution error. But, with an image that has Opam 2.0.0 installed, there was no problem, so I have chosen this version (image `ocaml/opam2:debian-9`).
+The classical installtion procedure of Belenios currently uses OCaml 4.02.3 and Opam 1.2.2. I have not been able to make work the installation of the Opam packages with a Docker image that has this version of Opam installed, because of a dependencies resolution error. But, with an image that has Opam 2.0.0 installed, there was no problem, so I have chosen this version (image `ocaml/opam2:debian-9`).

 Regarding script `.gitlab-ci.yml`, the difference with the classical installation procedure (that uses a Debian 9 image), resides in the fact that instead of executing the whole `opam-bootstrap.sh` script, we execute only the part of it that installs Opam packages: ```eval `grep "opam install" ./opam-bootstrap.sh` ```

@@ -251,7 +251,7 @@ At 4 min 24 sec, it has finished running the `make all` command and has begun ru

 Total execution time: 11 min 25 sec.

-Moving from image `ocaml/opam2:debian-9` to `swergas/beleniosbase:efa5df3049f736dd34eb8289da730dd709eb99939f6511fa93ae0080a61ce4fb` changed total execution time from 7 min 31 sec à 11 min 25 sec, that is a diminution of 6 min 06 sec (diminution of 34.82 %).
+Moving from image `ocaml/opam2:debian-9` to `swergas/beleniosbase:efa5df3049f736dd34eb8289da730dd709eb99939f6511fa93ae0080a61ce4fb` changed total execution time from 17 min 31 sec to 11 min 25 sec, that is a diminution of 6 min 06 sec (diminution of 34.82 %).


 ### Using urandom instead of random
@@ -263,7 +263,7 @@ So we decided to use urandom instead of random in our Continuous Integration scr

 ### Using a fixed version of Ocaml

-We [noticed](https://github.com/glondu/belenios/pull/2#issuecomment-423271172) that Docker image `ocaml/opam2:debian-9` regularly gets re-built using a different version of OCaml (it is a kind of `latest` tag for the debian distribution). Some of these builds containe a version of OCaml that breaks the build script. So, in order to use an image that always has a version of OCaml that we know works, we stabilize the version number used, by using an image name that mentions precisely the OCaml version used, for example `ocaml/opam2:debian-9-ocaml-4.06` instead of just `ocaml/opam2:debian-9`.
+We [noticed](https://github.com/glondu/belenios/pull/2#issuecomment-423271172) that Docker image `ocaml/opam2:debian-9` regularly gets re-built using a different version of OCaml (it is a kind of `latest` tag for the debian distribution). Some of these builds contain a version of OCaml that breaks the build script. So, in order to use an image that always has a version of OCaml that we know works, we stabilize the version number used, by using an image name that mentions precisely the OCaml version used, for example `ocaml/opam2:debian-9-ocaml-4.06` instead of just `ocaml/opam2:debian-9`.


 ### Recap of total execution durations

--- a/doc/automated_tests.md
+++ b/doc/automated_tests.md
@@ -50,7 +50,7 @@ Note: We cannot run the Belenios server from a folder that is not the git reposi

 For this, we run a Docker image (built from `Dockerfile_test_scenario_environment`) that preinstalls compatible versions of `firefox-esr`, `geckodriver`, `python`, and python virtual environment.

-File `.gitlab-ci.yml` defines a task `build_and_run_automated_test_scenario_1_with_preinstalled_image` that uses this docker image, compiles belenios, creates a python virtual environment, step into it, install pip required packages, and then executes the automated test suite.
+File `.gitlab-ci.yml` defines a task `build_and_run_automated_test_scenario_1_with_preinstalled_image` that uses this docker image, compiles belenios, creates a python virtual environment, steps into it, installs pip required packages, and then executes the automated test suite.

 Note: You can execute this Continuous Integration task as if you were running GitlabCI, by executing the following command:


--- a/doc/election_test_scenario_1_specification.md
+++ b/doc/election_test_scenario_1_specification.md
@@ -113,6 +113,4 @@ Verifications all along the process is done using command line tools `belenios-t
        - For each available answer in the question, she checks that the total number of votes in favor of Answer X displayed in result page is the same as the sum of votes for Answer X in all votes of voters who voted that have been randomly generated in advance
        - She checks that each ballot content corresponds to content that of this vote that has been randomly generated in advance
 - Verify election consistency (using command line tool `belenios_tool verify`)
-
-
-
+- One voter tries to revote and faces an error message "Your ballot for Test vote after close is rejected, because the election is closed." after authentication
--- a/genversion.sh
+++ b/genversion.sh
@@ -5,7 +5,7 @@ if [ -d ../.git ] && which git >/dev/null 2>&1; then
    BUILD=${BUILD:-$(git describe)}
 else
    DATE=${SOURCE_DATE_EPOCH:-$(date +%s)}
-    DATE=$(date -d @$DATE +%Y%m%d)
+    DATE=$(date -u -d @$DATE +%Y%m%d)
    BUILD=${BUILD:-$DATE}
 fi


--- a/opam-bootstrap.sh
+++ b/opam-bootstrap.sh
@@ -74,7 +74,7 @@ eval $(opam env)
 echo
 echo "=-=-= Installation of Belenios build-dependencies =-=-="
 echo
-opam install --yes atdgen zarith cryptokit uuidm calendar cmdliner sqlite3 ssl eliom=6.3.0 csv
+opam install --yes dune=1.6.3 atdgen zarith cryptokit uuidm calendar cmdliner sqlite3 ssl js_of_ocaml=3.3.0 eliom=6.3.0 csv

 echo
 echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-="

--- a/src/lib/common.ml
+++ b/src/lib/common.ml
@@ -162,6 +162,10 @@ module List = struct
 end

 module Option = struct
+  let iter f = function
+    | None -> ()
+    | Some x -> f x
+
  let get x default_value = match x with
    | None -> default_value
    | Some x -> x
@@ -198,6 +202,7 @@ let compare_b64 a b =
    | false, false -> 0
  in loop 0

+module SSet = Set.Make(String)
 module SMap = Map.Make(String)

 (** Direct random monad *)

--- a/src/lib/common.mli
+++ b/src/lib/common.mli
@@ -55,6 +55,7 @@ module List : sig
 end

 module Option : sig
+  val iter : ('a -> unit) -> 'a option -> unit
  val get : 'a option -> 'a -> 'a
  val map : ('a -> 'b) -> 'a option -> 'b option
 end
@@ -63,6 +64,7 @@ val save_to : string -> (Bi_outbuf.t -> 'a -> unit) -> 'a -> unit

 val compare_b64 : string -> string -> int

+module SSet : Set.S with type elt = string
 module SMap : Map.S with type key = string

 val bytes_to_sample : Platform.Z.t -> int

--- a/src/lib/lib.mllib
+++ b/src/lib/lib.mllib
-src/platform/native/Platform
-Serializable_builtin_t
-Serializable_builtin_j
-Serializable_t
-Serializable_j
-Common
-Group_field
-Group
-Trustees
-Election
-Credential
--- a/src/lib/serializable_builtin_j.ml
+++ b/src/lib/serializable_builtin_j.ml
@@ -45,35 +45,3 @@ let read_number = make_read "read_number" Z.of_string
 let write_uuid = make_write raw_string_of_uuid

 let read_uuid = make_read "read_uuid" uuid_of_raw_string
-
-(** {1 Serializers for type int_or_null} *)
-
-let write_int_or_null buf = function
-  | Some n -> Bi_outbuf.add_string buf (string_of_int n)
-  | None -> Bi_outbuf.add_string buf "null"
-
-let int_or_null_of_json = function
-  | `Int i -> Some i
-  | `Null -> None
-  | _ -> invalid_arg "int_or_null_of_json: unexpected input"
-
-let read_int_or_null state buf =
-  int_or_null_of_json (Yojson.Safe.from_lexbuf ~stream:true state buf)
-
-(** {1 Serializers for type string_set} *)
-
-let write_string_set buf set =
-  `List (SSet.elements set |> List.map (fun x -> `String x)) |>
-  Yojson.Safe.to_outbuf buf
-
-let string_set_of_json = function
-  | `List xs ->
-    List.fold_left (fun accu x ->
-      match x with
-      | `String y -> SSet.add y accu
-      | _ -> invalid_arg "string_set_of_json: a string was expected"
-    ) SSet.empty xs
-  | _ -> invalid_arg "string_set_of_json: a list was expected"
-
-let read_string_set state buf =
-  Yojson.Safe.from_lexbuf ~stream:true state buf |> string_set_of_json
--- a/src/lib/serializable_builtin_j.mli
+++ b/src/lib/serializable_builtin_j.mli
@@ -30,13 +30,3 @@ val read_number : Yojson.Safe.lexer_state -> Lexing.lexbuf -> number

 val write_uuid : Bi_outbuf.t -> uuid -> unit
 val read_uuid : Yojson.Safe.lexer_state -> Lexing.lexbuf -> uuid
-
-(** {1 Serializers for type int_or_null} *)
-
-val write_int_or_null : Bi_outbuf.t -> int_or_null -> unit
-val read_int_or_null : Yojson.Safe.lexer_state -> Lexing.lexbuf -> int_or_null
-
-(** {1 Serializers for type string_set} *)
-
-val write_string_set : Bi_outbuf.t -> string_set -> unit
-val read_string_set :  Yojson.Safe.lexer_state -> Lexing.lexbuf -> string_set