- Changes in configuration file:
<uuid>,<spool>and<accounts>elements are now children of a new<storage>element (see example indemo/ocsigenserver.conf.in)- in
<auth>children, values ofdbandallowlistattributes must be mapped to explicit files in the<storage>element <gdpr>has been renamed to<tos>- Replace
<prefix>and<rewrite-prefix>by a single<public-url>tag
- This version changes some JSON structures in an incompatible way:
old elections won't be checkable by new version. However, old
validated elections should be able to survive on a new server,
which allows an in-place upgrade. Care must be taken with
belenios-tool-based monitoring, though.
- If nspawn-based containers are used, the
belenios-nspawnscript should be updated on the host.
- The spool format has changed in an incompatible way. A migration
tool,
belenios-migrate, is provided to convert from the 1.20 format. It expects a matchingbelenios-toolin the same directory, and anOCAMLFIND_CONFenvironment variable set to the path of afindlib.conffile (that can be copied as is from the OPAM directory). To update an existing instance:- stop the instance
- make a backup of the spool directory
- run
belenios-migratewith the path to the spool directory (make sure permissions are correct) - perform the rest of the update as usual
- If you use the scripts in
doc/nspawn, you must:- update
belenios-nspawnin your deployment environment - in the
/srv/belenios-containers/$NAMEdirectory:mv belenios belenios-varmkdir -p belenios/etcchown -R 1000:1000 beleniosmv belenios-var belenios/varmv belenios/var/ocsigenserver.conf.in belenios/etc- move other relevant files from
belenios/vartobelenios/etc
- update
- To use the
belenios-serverexecutable, the syntax ofocsigenserver.conf.inchanges. Please review the changes to this file since version 1.16. - With the new version of the crypto, giving all parameters of a
group with an external file is no longer supported. Allowed groups
are hardcoded in the source code and identified by short strings
such as
BELENIOS-2048orRFC-3526-2048. These strings must now be used in the configuration file. - The new notion of administrator accounts:
- adds a new
accountsdirectory, configured inocsigenserver.conf.in - changes the format of the
ownerfield ofdraft.json,metadata.jsonanddeleted.json, which is now the account id (an integer) for new elections. The old format based on the authentication method will continue to be supported for a while, but this support may be dropped in the future.
- adds a new
- All authentication systems available for voters must be explicitly
listed in the configuration file with the new
<auth-export>directive. Look atdemo/ocsigenserver.conf.infor examples. In particular, password and (generic) CAS authentications are not shown by default.
- The switch to unified trustees changed:
- the format of the pool: instead of one of
public_keys.jsonsorthreshold.json, only a singletrustees.jsonis expected. The spool will be automatically converted during the first run of this version of the web server. Next versions will only support the new scheme. - the format of
deleted.jsonfiles:nb_trusteesandtrustees_thresholdfields have been replaced by a newtrusteesfield reflectingtrustees.jsonstructure. No provisions were made to convert existing files.
- the format of the pool: instead of one of
- To upgrade a web server running version 1.6, you need to delete the
Ocsipersist store (by default the
ocsidbfile referred in the configuration file). This will archive all validated elections, and delete all draft elections. Additionally, you should clean up the data directory (the one referred in the<spool>directive in the configuration file) by removing all temporary files (runrm *.*in this directory) and private keys (rm */private_key*.json*).
- To upgrade a web server running version 1.0, you need to delete the
Ocsipersist store (by default the
ocsidbfile referred in the configuration file). This will archive all finalized elections, and delete all unfinalized elections (i.e. the elections being prepared). Additionally, you should clean up the data directory (the one referred in the<spool>directive in the configuration file) by removing all temporary files (runrm *.*in this directory) and private keys (rm */private_key.json).