Sync against taskchampion-sync-server (GothenburgBitFactory#3118)

This removes use of gnutls and the TLS implementation, which is no
longer needed (task synchronization is handled via Taskchampion, which
uses `reqwest`, which handles TLS via other Rust dependencies). This
incidentally removes the following config options:
 * `debug.tls`
 * `taskd.ca`
 * `taskd.certificate`
 * `taskd.ciphers`
 * `taskd.credentials`
 * `taskd.key`
 * `taskd.server`
 * `taskd.trust`

CMakeLists.txt

@@ -20,15 +20,6 @@ if (ENABLE_WASM)
   set(CMAKE_EXECUTABLE_SUFFIX ".js")
 endif (ENABLE_WASM)
 
-OPTION (ENABLE_SYNC "Enable 'task sync' support" ON)
-
-if (ENABLE_SYNC)
-  set (USE_GNUTLS ON CACHE BOOL "Build gnutls support." FORCE)
-else (ENABLE_SYNC)
-  set (USE_GNUTLS OFF CACHE BOOL "Build gnutls support." FORCE)
-  message (WARNING "ENABLE_SYNC=OFF. Not building sync support.")
-endif (ENABLE_SYNC)
-
 message ("-- Looking for libshared")
 if (EXISTS ${CMAKE_SOURCE_DIR}/src/libshared/src)
   message ("-- Found libshared")
@@ -71,20 +62,6 @@ SET (TASK_BINDIR  bin            CACHE STRING "Installation directory for the bi
 # rust libs require these
 set (TASK_LIBRARIES dl pthread)
 
-if (USE_GNUTLS)
-   message ("-- Looking for GnuTLS")
-   find_package (GnuTLS)
-   if (GNUTLS_FOUND)
-     set (HAVE_LIBGNUTLS true)
-     set (TASK_INCLUDE_DIRS ${TASK_INCLUDE_DIRS} ${GNUTLS_INCLUDE_DIR})
-     set (TASK_LIBRARIES    ${TASK_LIBRARIES}    ${GNUTLS_LIBRARIES})
-   endif (GNUTLS_FOUND)
-endif (USE_GNUTLS)
-
-if (ENABLE_SYNC AND NOT GNUTLS_FOUND)
-  message (FATAL_ERROR "Cannot find GnuTLS. Use -DENABLE_SYNC=OFF to build Taskwarrior without sync support. See INSTALL for more information.")
-endif (ENABLE_SYNC AND NOT GNUTLS_FOUND)
-
 check_function_exists (timegm  HAVE_TIMEGM)
 check_function_exists (get_current_dir_name HAVE_GET_CURRENT_DIR_NAME)
 check_function_exists (wordexp HAVE_WORDEXP)

ChangeLog

@@ -1,3 +1,16 @@
+- [BREAKING CHANGE] sync is now performed against taskchampion-sync-server,
+  instead of taskd. The following config options are no longer supported:
+  - `debug.tls`
+  - `taskd.ca`
+  - `taskd.certificate`
+  - `taskd.ciphers`
+  - `taskd.credentials`
+  - `taskd.key`
+  - `taskd.server`
+  - `taskd.trust`
+
+The Taskwarrior build no longer requires GnuTLS.
+
 ------ current release ---------------------------
 2.6.2 -
 

INSTALL

@@ -20,7 +20,6 @@ You will need a C++ compiler that supports full C++17, which includes:
 
 You will need the following libraries:
   - libuuid (not needed for OSX)
-  - gnutls  (can be optional - see '"sync" command' below)
 
 
 Basic Installation
@@ -89,20 +88,6 @@ get absolute installation directories:
   CMAKE_INSTALL_PREFIX/TASK_MAN5DIR  /usr/local/share/man/man5
 
 
-"sync" command
---------------
-
-By default, GnuTLS support is required, which enables the "sync" command.
-For Debian based distributions, installing "libgnutls-dev" is sufficient.
-
-In order to build Taskwarrior without "sync" support, call cmake with the
-"-DENABLE_SYNC=OFF" flag:
-
-   $ cmake . -DENABLE_SYNC=OFF
-
-and proceed as described in "Basic Installation".
-
-
 Uninstallation
 --------------
 
@@ -161,7 +146,7 @@ OpenBSD
 WASM
   Using the Emscripten compiler, you can achieve it like this:
 
-    cmake -DCMAKE_CXX_COMPILER=emcc -DENABLE_SYNC=OFF -DCMAKE_BUILD_TYPE=release -DENABLE_WASM=ON \
+    cmake -DCMAKE_CXX_COMPILER=emcc -DCMAKE_BUILD_TYPE=release -DENABLE_WASM=ON \
           -DCMAKE_EXE_LINKER_FLAGS="-m32 -s NO_DYNAMIC_EXECUTION=1 -s WASM=1 -s NO_EXIT_RUNTIME=1 -s INVOKE_RUN=0" \
           -DCMAKE_CXX_FLAGS_RELEASE="-O2 -m32"
 

README.md

@@ -82,7 +82,6 @@ There are many binary packages available, but to install from source requires:
 * make
 * C++ compiler, currently gcc 7.1+ or clang 5.0+ for full C++17 support
 * libuuid
-* GnuTLS (optional, required for sync)
 
 Download the tarball, and expand it:
 

cmake.h.in

@@ -38,9 +38,6 @@
 #cmakedefine GNUHURD
 #cmakedefine UNKNOWN
 
-/* Found the GnuTLS library */
-#cmakedefine HAVE_LIBGNUTLS
-
 /* Found tm_gmtoff */
 #cmakedefine HAVE_TM_GMTOFF
 

doc/man/task-sync.5.in

@@ -1,127 +1,104 @@
 .TH task-sync 5 2016-02-24 "${PACKAGE_STRING}" "User Manuals"
 
 .SH NAME
-task-sync \- A discussion and tutorial for the various task(1) data
-synchronization capabilities.
+task-sync \- A discussion and tutorial for the various
+.BR task (1)
+data synchronization capabilities.
 
 .SH INTRODUCTION
-Taskwarrior has several sync options, both external and built in.  If you wish
-to sync your data, choose one method only; mixing methods is going to lead to
-problems.  Each of the methods discussed have their own strengths.
 
-.SH ALTERNATIVES
-There are three alternatives for syncing data, which are:
-
-1) Version control systems, such as git, hg, svn
+Taskwarrior can synchronize your tasks to a server. This has a few benefits:
+.br
+  - Makes your tasks accessible from multiple systems, called "replicas".
 .br
-2) File sharing systems, such as DropBox, Google Drive
+  - Provides a backup of your tasks.
 .br
-3) Using the Taskserver and the 'sync' command
+  - Saves disk space.
 
+For example, you might want a replica of your tasks on your laptop and on your phone.
 
-.SH OPTION 1: VERSION CONTROL SYSTEMS
-There are several good, distributed VCS systems (git, hg, ...) and centralized
-VCS systems (svn, cvs ...), and they all function in a similar fashion for our
-purposes.
+NOTE: A side-effect of synchronization is that once changes have been
+synchronized, they cannot be undone. This means that each time synchronization
+is run, it is no longer possible to undo previous operations.
 
-Setup is straightforward.  You place your .task directory under revision
-control.  You then need to perform a regular commit/push/pull/update to make
-sure that the data is propagated when needed.  You can even do this using shell
-scripts so that every task command is preceded by a 'pull' and followed by
-a 'push'.
+.SH CONFIGURATION
 
-Strengths:
-.br
-  - Good data transport mechanisms
-.br
-  - Secure transport options
+To synchronize your tasks to a sync server, you will need the following
+information from the server administrator:
 
-Weaknesses:
 .br
-  - You need proficiency with VCS tools
+  - The server's URL ("origin", such as "https://tw.example.com")
 .br
-  - You will need to manually resolve conflicts frequently
+  - A client key ("client_key") identifying your tasks
 .br
-  - You need to provide the mechanism for making sure copies are up to date
+  - An encryption secret ("encryption_secret") used to encrypt and decrypt your tasks. This can be any secret string, and must match for all replicas using the same client key.
 
+Tools such as
+.BR pwgen (1)
+can generate suitable secret values.
 
-.SH OPTION 2: FILE SHARING SERVICES
-There are many file sharing services, such as DropBox, Amazon S3, Google Drive,
-SkyDrive and more.  This technique involves storing your .task directory in a
-shared directory under the control of the file hosting services.
+Configure Taskwarrior with these details:
 
-Syncing happens quickly, although it is possible to run into conflict situations
-when there is no network connectivity, and the tasks are modified in two
-separate locations.  This is because the file hosting service knows only about
-files, and it has no idea how to merge tasks.  Avoid this problem by never
-modifying the same task on two machines, without an intervening sync.
+    $ task config sync.server.origin            <origin>
+    $ task config sync.server.client_key        <client_key>
+    $ task config sync.server.encryption_secret <encryption_secret>
 
-Setup simply involves creating the directory and modifying your data.location
-configuration variable like this:
+.SS Adding a Replica
 
-    $ task config data.location /path/to/shared/directory
+To add a new replica, configure a new, empty replica identically to
+the existing replica, and run `task sync`.
 
-Strengths:
-.br
-  - Good client support
-.br
-  - Easy setup
-.br
-  - Transparent use
+.SS When to Synchronize
 
-Weaknesses:
-.br
-  - Tasks are not properly merged
+Taskwarrior can perform a sync operation at every garbage collection (gc) run.
+This is the default, and is appropriate for local synchronization.
 
+For synchronization to a server, a better solution is to run
 
-.SH OPTION 3: TASKSERVER
-The Taskserver was designed for this purpose to be secure, fast and conflict-
-free, allowing data interchange between assorted Taskwarrior clients, and
-tolerant of network connectivity problems.
+    $ task sync
 
-There is a 'sync' command built in to Taskwarrior (provided the GnuTLS library
-is installed), and with a server account and client configuration, syncing is
-done on demand.
+periodically, such as via
+.BR cron (8) .
 
-Setup is a matter of creating an account on a Taskserver (see your Taskserver
-provider or operate your own - see
-https://taskwarrior.org/docs/taskserver/setup.html)
+.SS Local Synchronization
 
-Once you have an account, you'll receive a certificate, key, and credentials.
-You'll need to put the certificate and key somewhere like this:
+In order to take advantage of synchronization's side effect of saving disk
+space without setting up a remote server, it is possible to sync tasks locally.
+To configure local sync:
 
-    $ cp <name>.cert.pem ~/.task
-    $ cp <name>.key.pem ~/.task
+    $ task config sync.local.server_dir /path/to/sync
 
-Then you configure Taskwarrior, using the provided details:
+The default configuration is to sync to a database in the task directory
+("data.location").
 
-    $ task config taskd.certificate ~/.task/<name>.cert.pem
-    $ task config taskd.key         ~/.task/<name>.key.pem
-    $ task config taskd.credentials <organization>/<name>/<UUID>
-    $ task config taskd.server      <server domain>:<port>
+.SH RUNNING TASKCHAMPION-SYNC-SERVER
 
-If you are using a private server, you are likely also using a self-signed
-certificate, which means you will need one of the following additional entries:
+The Taskchampion sync server is an HTTP server supporting multiple users.
+Users are identified by a client key, and users with different client keys are
+entirely independent.  Task data is encrypted by Taskwarrior, and the sync
+server never sees un-encrypted data.
 
-    $ task config taskd.ca          ~/.task/ca.cert.pem
+To start the server, run it in your preferred HTTP hosting environment, using
+`--port` to set the TCP port on which it should listen.  It is recommended to
+use TLS to protect communications with the server, but this is not required.
 
-The CA (Certificate Authority) will be used to verify the server certificate.
+The server stores its data in a database, the path to which is given by the
+`--data-dir` argument, defaulting to "/var/lib/taskchampion-sync-server".
 
-After setup, you run a one-time sync initialization, like this:
+For example:
 
-    $ task sync init
+    $ taskchampion-sync-server --port 8443 --data-dir /storage/taskdata
 
-This will make sure your client and the server are properly in sync to begin
-with.  From this point on, you never run the 'initialize' command again, just
-go about your business, and when you want to sync, run this:
+.SS Adding a New User
 
-    $ task sync
+To add a new user to the server, invent a new client key with a tool like
+`uuidgen` or an online UUID generator. There is no need to configure the server
+for this new client key: the sync server will automatically create a new user
+whenever presented with a new client key.  Supply the key, along with the
+origin, to the user for inclusion in their Taskwarrior config. The user should
+invent their own "encryption_secret".
 
-You'll see a summary of how many tasks were uploaded and downloaded.  You can
-safely run the command as often as you like.  When there are no changes to sync,
-nothing happens.  If you do not have connectivity, your task changes accumulate
-so that when you next run 'sync' with proper connectivity, the changes are
-properly handled, in the right order.
+.SH AVOIDING DUPLICATE RECURRING TASKS
 
 If you run multiple clients that sync to the same server, you will need to run
 this command on your primary client (the one you use most often):
@@ -134,17 +111,35 @@ And on the other clients, run:
 
 This protects you against the effects of a sync/duplication bug.
 
+.SH ALTERNATIVE: FILE SHARING SERVICES
+
+There are many file sharing services, such as DropBox, Amazon S3, Google Drive,
+SkyDrive and more.  This technique involves storing your .task directory in a
+shared directory under the control of the file hosting services.
+
+Syncing happens quickly, although it is possible to run into conflict situations
+when there is no network connectivity, and the tasks are modified in two
+separate locations.  This is because the file hosting service knows only about
+files, and it has no idea how to merge tasks.  Avoid this problem by never
+modifying the same task on two machines, without an intervening sync.
+
+Setup simply involves creating the directory and modifying your data.location
+configuration variable like this:
+
+    $ task config data.location /path/to/shared/directory
+
 Strengths:
 .br
-  - Secure communication
+  - Good client support
 .br
-  - Minimal bandwidth
+  - Easy setup
 .br
-  - Tolerates connectivity outage
+  - Transparent use
 
 Weaknesses:
 .br
-  - You need to manage your own server, or gain access to a hosted server.
+  - Tasks are not properly merged
+
 
 .SH "CREDITS & COPYRIGHTS"
 Copyright (C) 2006 \- 2021 T. Babej, P. Beckingham, F. Hernandez.

doc/man/task.1.in

@@ -538,13 +538,9 @@ Shows statistics of the tasks defined by the filter. Is affected by the context.
 Shows a report of aggregated task status by project. Is affected by the context.
 
 .TP
-.B task sync [init]
+.B task sync
 The sync command synchronizes data with the Taskserver, if configured.
 
-The init subcommand should only ever be run once, and only on one client, because
-it sends all data to the Taskserver. This allows all the subsequent sync commands
-to only send small deltas.
-
 Note: If you use multiple sync clients, make sure this setting (which is the default)
 is on your primary client: