It would be useful to be able to limit which users are allowed to manage elections when using CAS authentification for election administrators.
Without it when we configure CAS access in ocsigen.conf any user having a valid account will be able to connect and create elections :-(

The Belenios web server currently supports two kinds of trustee structures: (1) a set of Single trustees, and (2) a single Pedersen group with a threshold strictly less than the number of trustees. The server is always present as a Single trustee.

It would be desirable for the web server to support the more general trustee structures supported by belenios-tool, e.g., instead of adding individual trustees to a list, allow the administrator to add either Single or Pedersen trustees, and manage Pedersen groups separately. This is primarily so that non-technical people can easily participate in elections with more complex structures, notably as trustees.

See also this thread: https://sympa.inria.fr/sympa/arc/belenios-discuss/2022-04/msg00002.html

When sending out password emails to the user, the correct hostname / port is preserved even behind a proxy, but it seems to me the scheme is always forced to http.

My local server build fails to send credentials emails.

In the web UI, I'm getting the following cryptic error message

Netchannels.Command_failure(WEXITED 127)

More helpful information is displayed on the console:

/bin/sh: 1: /usr/lib/sendmail: not found

My machine does not have sendmail or any other local mail service. Email gets sent via an external bulk email service.

How can I configure Belenios to use an external SMTP service?

Hello, I've cloned this repository : https://gitlab.inria.fr/belenios/belenios

The gitlab-ci.yml is :

stages:

• test
• deploy

build_and_test_with_preinstalled_image:
stage: test

Image glondu/beleniosbase:YYYYMMDD-N is built by Dockerfile_base_environment

image: glondu/beleniosbase:20200824-1
script:
# Initialize environment
- source ~/env.sh
- opam install --yes gettext-camomile
# Run command-line tool tests
- make check
# Compile belenios
- make build-release-server
# Start belenios web server
- ./demo/run-server.sh &
# Access the localhost web page, print page output for debug purposes, and check validity of page output
- first_access_index_page_output=$(wget --retry-connrefused --no-check-certificate -T 30 http://localhost:8001 -O-)
- echo $first_access_index_page_output
- if [ "$(echo "$first_access_index_page_output" | grep '>Belenios' | wc -l)" != "1" ]; then echo "[First page access] First page access does not show a single '>Belenios' text, but it should" && exit 1; else echo "[First page access] First page access shows a single '>Belenios' text, as expected"; fi

You have this : https://gitlab.inria.fr/belenios/belenios/-/jobs/851414

$ make check
make build-debug-tool
make[1]: Entering directory '/builds/belenios/belenios'
BELENIOS_DEBUG=1 dune build --build-dir=_build-debug -p belenios-platform,belenios-platform-native,belenios,belenios-tool
rm -rf _run/tool-debug
dune install --build-dir=_build-debug --destdir=_run/tool-debug --prefix=/ belenios-platform belenios-platform-native belenios belenios-tool 2>/dev/null
make[1]: Leaving directory '/builds/belenios/belenios'
make -C tests/tool check
make[1]: Entering directory '/builds/belenios/belenios/tests/tool'
mkdir -p data
./demo.sh

I have this error :

`Running with gitlab-runner 13.5.0 (ece86343)
on sam-dev-docker oCyD3VJJ
Preparing the "docker" executor
02:04
Using Docker executor with image glondu/beleniosbase:20200824-1 ...
Pulling docker image glondu/beleniosbase:20200824-1 ...
Using docker image sha256:998d10453e7b7391f601d8a5b4505b944aba1c3a91652ede66f3649329681d12 for glondu/beleniosbase:20200824-1 with digest glondu/beleniosbase@sha256:fecfc0082f3a13c448a367f529e8457331303a44f3d353219c75f5e439d6bda4 ...
Preparing environment
00:02
Running on runner-ocyd3vjj-project-199-concurrent-0 via ...secret.....
Getting source from Git repository
00:01
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /builds/vdirken/belenios-ci/.git/
Checking out 6d004da5 as master...
Removing _build-debug/
Removing belenios-platform.install
Removing belenios.install
Removing src/lib/.merlin
Removing src/platform/.merlin
Removing src/platform/native/.merlin
Removing src/tool/.merlin
Skipping Git submodules setup
Executing "step_script" stage of the job script
01:39
$ source ~/env.sh
$ opam install --yes gettext-camomile
[NOTE] It seems you have not updated your repositories for a while. Consider updating them with:
opam update
The following actions will be performed:

• install fileutils 0.6.3 [required by gettext]
• install camomile 1.0.2 [required by gettext-camomile]
• install gettext 0.4.2 [required by gettext-camomile]
• install gettext-camomile 0.4.2
  ===== 4 to install =====
  <><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
  [fileutils.0.6.3] downloaded from https://github.com/gildor478/ocaml-fileutils/releases/download/v0.6.3/fileutils-v0.6.3.tbz
  [gettext.0.4.2] downloaded from https://github.com/gildor478/ocaml-gettext/releases/download/v0.4.2/gettext-v0.4.2.tbz
  [gettext-camomile.0.4.2] found in cache
  [camomile.1.0.2] downloaded from https://github.com/yoriyuki/Camomile/releases/download/1.0.2/camomile-1.0.2.tbz
  <><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
  -> installed camomile.1.0.2
  -> installed fileutils.0.6.3
  -> installed gettext.0.4.2
  -> installed gettext-camomile.0.4.2
  Done.
  $ make check
  make build-debug-tool
  make[1]: Entering directory '/builds/vdirken/belenios-ci'
  BELENIOS_DEBUG=1 dune build --build-dir=_build-debug -p belenios-platform,belenios-platform-native,belenios,belenios-tool
  gen src/platform/version/belenios_version.ml (exit 128)
  (cd _build-debug/default/src/platform/version && ./gen.sh) > _build-debug/default/src/platform/version/belenios_version.ml
  fatal: No names found, cannot describe anything.
  make[1]: *** [Makefile:20: build-debug-tool] Error 1
  make[1]: Leaving directory '/builds/vdirken/belenios-ci'
  make: *** [Makefile:25: check] Error 2
  Cleaning up file based variables
  00:01
  ERROR: Job failed: exit code 1`

Do you know why I have this ? The code is exactly like your code (no changes).

Kind regards,

Valentin

According to Section 4.7 of the specification

A secret credential c is a 15-character string

This implies that the hyphens in a secret credential like NYC-SgM-axC-fCu-pvP are just for convenience of the human reader.

However,

belenios-tool credgen --derive=NYC-SgM-axC-fCu-pvP --group=files/groups/default.json --uuid=deT9e32LvYeDzg

does not seem to remove the hyphens or validate the credential format at all before passing the credential to the PBKDF2 function.

In fact, even nonsense like --derive=foo does not produce an error message.

As a consequence, the generated public key differs from the value defined by the specification (which can be obtained with --derive=NYCSgMaxCfCupvP in the given example.)

presently, there seem to be four pieces of info relevant to voters to participate in an election:

• user (can be shared across elections)
• password (as above, where applicable)
• election URL (there doesn't seem to be a general login where you can find a list of elections you are eligible to participate in)
• election credential (specific to both election and voter, distributed for each election by email or manually)

one challenge we face is the emails occasionally take a bit longer to arrive for some of our users, delaying our voting process during general assemblies.
we would try to account for this by sending the emails in time, then occasionally find the question wording might still change a bit, making this not a great solution.

to address this, we would prefer to ensure we can send voters credentials they can share across elections, as well as a single place to log in where they can find new elections they are eligible to vote in.

is this use-case something that has been considered?

As discussed via email:

It would be nice to have the ability to share administrator rights for an election.

The use case would be that election admins could choose a deputy to represent them in the event of the admin not being available. We already have a similar feature for trustees with the threshold mode.

This can be particularly useful for organizations that only allow login via SSO.

hello, new to this software i followed the opam-bootstrap.sh procedure under a fresh new install of debian 10

belenios version 1.10 (and 1.9) failed at the last step in building dependencies.
Trying older versions, belenios v1.8 seems to install well and i success in 'make all && make check'

In v1.10, the output is:

∗ installed base-bigarray.base
∗ installed base-threads.base
∗ installed base-unix.base
∗ installed ocaml-base-compiler.4.06.1
∗ installed ocaml-config.1
∗ installed ocaml.4.06.1
Done.
# Run eval $(opam env) to update the current shell environment

=-=-= Installation of Belenios build-dependencies =-=-=

The following dependencies couldn't be met:
  - eliom → js_of_ocaml-tyxml → tyxml >= 4.3
  - eliom → js_of_ocaml-tyxml → js_of_ocaml (>= 3.0 & != 3.3.0) → js_of_ocaml-compiler < 3.0.1 → ocaml < 4.06.0
      base of this switch (use `--unlock-base' to force)
  - eliom → ocsigenserver < 2.10 → tyxml < 4.3 → ocaml < 4.06.0
      base of this switch (use `--unlock-base' to force)
  - eliom → ocsigenserver < 2.10 → tyxml < 4.3 → ocamlnet = 3.6.0 → ocaml < 4.01.0
      base of this switch (use `--unlock-base' to force)
  - eliom → ocsigenserver < 2.10 → tyxml < 4.3 → uutf < 1.0.0 → ocaml < 4.06.0
      base of this switch (use `--unlock-base' to force)
  - eliom → ocsigenserver < 2.10 → react < 1.0.0 → ocaml < 4.06.0
      base of this switch (use `--unlock-base' to force)
  - eliom → ocsigenserver < 2.10 → lwt < 3.0.0 → ocaml < 4.06.0
      base of this switch (use `--unlock-base' to force)
  - eliom → tyxml >= 4.0.0 → uutf < 1.0.0 → ocaml < 4.06.0
      base of this switch (use `--unlock-base' to force)
  - eliom → tyxml >= 4.0.0 → ocaml < 4.06
      base of this switch (use `--unlock-base' to force)
Your request can't be satisfied:
  - No available version of js_of_ocaml satisfies the constraints
  - No available version of tyxml satisfies the constraints
No solution found, exiting

I tryed to downgrade ocaml version manually to adapt dependencies (ocaml version < 4.06.0
$opam switch create 4.05.0
and then replay the last install instruction from bootsrap without success

$opam install --yes dune=1.6.3 atdgen zarith cryptokit uuidm calendar cmdliner sqlite3 ssl=0.5.7 js_of_ocaml=3.3.0 eliom=6.3.0 csv

The following dependencies couldn't be met:
  - eliom → ocaml >= 4.03.0
      base of this switch (use `--unlock-base' to force)
No solution found, exiting

Then, trying (for fun, i don't think my way is orthodox) to downgrade again to get rid of dependecies
$ opam switch create 4.03.0

<><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
[ocaml-base-compiler.4.03.0] downloaded from cache at https://opam.ocaml.org/cache

<><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
∗ installed base-bigarray.base
∗ installed base-threads.base
∗ installed base-unix.base
∗ installed ocaml-base-compiler.4.03.0
∗ installed ocaml-config.1
∗ installed ocaml.4.03.0
Done.
# Run eval $(opam env) to update the current shell environment

I really don't think, even i don't have anymore failure in dependency check, i am in a correct setup.
Could you provide me clues to what could go wrong ?

Regards.

PS: By the way, after my last steps 'make all' fail

The script ./opam_bootstrap.sh terminates with the following error message:

[...lots of output...]
[yojson.1.7.0] downloaded from https://github.com/ocaml-community/yojson/releases/download/1.7.0/yojson-1.7.0.tbz
[zarith.1.12] downloaded from https://github.com/ocaml/Zarith/archive/release-1.12.tar.gz
[ERROR] The sources of the following couldn't be obtained, aborting:
          - menhir.20210419: Bad checksum
          - menhirLib.20210419: Bad checksum
          - menhirSdk.20210419: Bad checksum

Is it possible to obtain a report of people who actually voted in an election?

It is to give voters an easy way to compare total amount of votes with total amount of voters.

Hi Stéphane et al.,

The belenios.loria.fr implementation has an upper limit of 2000 voters but there is no mention of this that I could find in the documentation on the website.

• What is the reason for this upper limit?
• Is it possible to overcome this limit by downloading and compiling belenios on your own server?

Many thanks for your help,
Ari

The shell scripts in the demo/ directory to start and stop the server behave differently whether there is a .git directory in the current working directory.

I would expect that these scripts behave the same when they are called from the “main working tree” (in which .git is a directory) or from a “linked working tree” (in which .git is a plain file). However, running make build-debug-server && ./demo/run-server.sh works fine from the root of the main worktree but fails within a linked worktree: “BELENIOS_CONFIG must be set!”

See: https://belenios.loria.fr/draft/new

Even though this shouldn't be a security problem (because form submission is authenticated), it might be more clear to handle this page like /admin or by redirecting to /login and after successful authentication redirecting back to /draft/new.

According to belenios-tool validate --help

The result structure contains partial decryptions itself, so partial_decryptions.jsons can be discarded afterwards.

The output result.json does contain the partial decryptions, but in reverse order, compared to partial_decryptions.jsons.

Is this intentional?

After clicking the button to generate all the passwords, I am unable to delete individual voters. Clicking the button to delete them gives the error “Wrong parameters”. Is there a workaround without editing the list manually?

For a given administrator, these three setings for each election do not presumably change much

a) Public name
b) Languages
c) Contact

Ideally, the system would just remember them and prefill them from a previous election.

Alternatively, there could be an option to clone an election or with each of these, there would be a button "copy from last election".

The same could be done for "Name and description of the vote", which does change every election, but sometimes just slightly (imagine multiple rounds of the same election, for example).

I suggested these a year ago here: https://sympa.inria.fr/sympa/arc/belenios-discuss/2021-01/msg00010.html

but I guess here they will not be as easily forgotten and I can see in other issues that a new admin interface is planned.

Hi @glondu ,

• I have past months worked on building Belenios from within a container, and today found out that the automated recipe I had successfully tested does not work anymore. This recipe was using Belenios 1.13
• I investigated the issue, and tried :
  • mutliple fixes,
  • multiple Belenios versions
  • running the recipe on MacOS and inside an Ubuntu in a Circe CI Pipeline
  • and in all cases, I end up falling on the same exact issue : when the recipe tries to run the opam init, the process just hangs and stays there without any stdout, and no matter how long I wait, nothing more happens, unless I kill the process

Dismayed by those results, I tried he following , with last commit on master of Belenios (also tried 1.13), and I end up with the exact same problem :

mkdir -p /tmp/belenios-base-env/
git clone https://github.com/glondu/belenios /tmp/belenios-base-env/
cd /tmp/belenios-base-env/
git checkout 1.13
git checkout master
docker build -t beleni8s/base-env -f Dockerfile_base_environment .

So there, I think I can say that it is not possible to reproduce Belenios Gitlab CICD Pipeline, which is based on that Dockerfile_base_environment : Dockerfile_base_environment fails to build an image for Belenios 1.13 and master , for sure.

It really seems like there is an issue with one of the dependencies, and it seems really hard to get any informations from the opam init process : Indeed, I am pretty sure I succeded build Belenios 1.13 using my initial original automated recipe

This is very frustrating, since I managed to build a Docker image with one single belenios-tool executable file, and I am currently implementing a Belenios REST API , see https://github.com/beleni8s/beleni8s-api/tree/feature/loopback-implttest-1

I am also worried for the stability of the belenios platform : we must be able to "replay" the build of a given Belenios version, and this replay must be stable, especially for a cryptography product.

I will collaborate gladly to help there

ps: For the record, here is my "hanging" out put :

Cloning into 'opam-repository'...
Checking out files: 100% (21207/21207), done.
HEAD is now at a0b420b216 Merge pull request #18747 from fpottier/opam-publish-sek.20201012
[NOTE] Will configure from /home/belenios/.opamrc and then from built-in defaults.
Checking for available remotes: git.
  - you won't be able to use rsync and local repositories unless you install the rsync command on your system.
  - you won't be able to use mercurial repositories unless you install the hg command on your system.
  - you won't be able to use darcs repositories unless you install the darcs command on your system.


<><> Fetching repository information ><><><><><><><><><><><><><><><><><><><><><>
[default] Initialised

<><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
[ocaml-base-compiler.4.11.2] downloaded from https://github.com/ocaml/ocaml/archive/4.11.2.tar.gz

<><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Too long with no output (exceeded 10m0s): context deadline exceeded

(below : an execution in an Ubuntu Executor on Circle CI , finishing with a pipeline timeout, which ends up with Too long with no output (exceeded 10m0s): context deadline exceeded )

From the voter's perspective, it would be nice if we could skip the step of entering the credential in the booth.

Since the credential is a key part of the voting process, we could pass the credential in the voting link to the voting booth.
E.g.: We could send the following link by email: https://belenios.loria.fr/elections/:id/#credential=123-456-789-abc-deN
The credentials input could be filled in automatically and the first step of the voting process could be skipped.

Note: Query parameters do not work here because they are sent to the server, but the anchor tag is not.

What do you think about this feature? Do you think this poses some kind of risk?

Hello,

Could you please update the package belenios-tool for Debian Buster?

When verifying or validating elections it throws an error as it still looks for threshold.json.

Is there any plans to address this: https://hal.inria.fr/hal-02928953/document

Hello,

Downloading the latest release from http://belenios.gforge.inria.fr/ and running ./opam-bootstrap.sh
yields some 404 errors due to missing files trying to download over the internet.

Cloning the repo and running the same command works.

I am wondering if it makes sense to make a new release.

Hi,
First at all, thanks for sharing this great project.

I'm trying to set up a production version of Belenios for our University. After some tries I decided to test the nspawn installation. I'm currently running this on a Fedora workstation.
Step 1 and 2 are OK. I've got the belenios FS and install working:

[root@cric-cig177 belenios]# systemd-nspawn --directory=/opt/belenios --user=beleniosSpawning container belenios on /home/jgay/WORK/belenios-build.
Press ^] three times within 1s to kill container.
belenios@belenios:~$ 

But I can't get the step3 to work. Here is my last try:

[root@cric-cig177 belenios]# systemd-nspawn --directory=/opt/belenios --user=root
Spawning container belenios on /home/jgay/WORK/belenios-build.
Press ^] three times within 1s to kill container.
root@belenios:~# /home/belenios/belenios/doc/nspawn/belenios-stage3.sh
(...)
Installing Debian prerequisites...
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
E: Failed to fetch http://deb.debian.org/debian/pool/main/s/sensible-utils/sensible-utils_0.0.12_all.deb  Temporary failure resolving 'deb.debian.org'
(...)
E: Failed to fetch http://deb.debian.org/debian/pool/main/z/zlib/zlib1g-dev_1.2.11.dfsg-1_amd64.deb  Temporary failure resolving 'deb.debian.org'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Any ideas, advices?

As the title says it, when one saves changes, there is no indication that they were saved - probably some javascript solution would be in order. This is of course minor.

I encoutered an issue with Belenios branch stable (last commit in branch : d0edd18) when I want to compute the results.

Environment

Clean install of Belenios from stable branch on Debian, using the demo folder with the run-server.sh.

Description

I create an election with 1 or more voters, only one of them submit a ballot.
The ballot box must contain only 1 ballot submitted.
Close the election and try to compute the results.

Expected behavior

When clicking the button "Compute the results", Belenios should redirect on results page.

Actual behavior

When clicking the button "Compute the results", I have a response with status code 500 and body : Error: (Invalid_argument "Cannot compute result")

Tests

I have tested this behavior with :

• 1 voters with 1 ballot in the ballot box -> Bug happens
• 3 voters with 1 ballot in the ballot box -> Bug happens
• 3 voters with 2 ballots in the ballot box -> No bug happens

Screens

I am open to any precision if needed !

I'm trying to run your ./opam-bootstrap.sh script, but it fails fairly early with the following error:

env PATH="`pwd`/bootstrap/ocaml/bin:$PATH" make
make[1]: Entering directory '/home/hritcu/Apps/belenios-install/bootstrap/src/opam-full-2.0.0'
jbuilder build  opam-installer.install opam.install
File "src/client/jbuild", line 31, characters 0-26:
Error: Unknown constructor include
make[1]: *** [Makefile:104: opam.install] Error 1
make[1]: Leaving directory '/home/hritcu/Apps/belenios-install/bootstrap/src/opam-full-2.0.0'
make: *** [Makefile:192: cold] Error 2

I'm on Manjaro Linux (a variant of Arch).

Questions accept the new line <br> already, but not the answers.

<b> and <i> is not supported yet.

Hi,
It seems that the br with brackets around, added in 1.16 for name, desc ... is not working in v1.19
I used it in 1.17 but now upgrading to 1.19 it is not working
REM I use a docker file with FROM glondu/beleniosbase:20220223-1

The election hash is not reproducible from the information given in the specification.

1. election.json produced by the server contains two additional attributes administrator and credential_authority not defined in section 4.9.
2. The details of JSON serialization are undefined (property order, whitespace).
3. Base64 encoding must be performed without padding.

The first verification step in section 4.4 of the specification should be corrected to

compute A = g^response / X^challenge

(replace y by X)

Hi,

I have today tried and build belenios in a docker image build.
My last docker buidl error, obviously is due to the installation process requiring permission to create a namespace. Which is discarded by the Docker build process. Worth mentioning, I also had to force no parallel execution of make.

I am curious to ask how can the creation of a linux namespace be required by any software build from source process?

Ma dernière erreur au build Docker, est manifestement due au fait que le script de build demande l'autorisation de de créer un namespace, interdit dans un build image conteneur.

Requête surprenante, pour permettre le build d'une application. Puis-je vous demander comment la création d'un namespace peut-être nécesaire à la compilation / packaging / doc. gen. d'un logiciel ?

=-=-= Generation of env.sh =-=-=


=-=-= Initialization of OPAM root =-=-=

Cloning into 'opam-repository'...
HEAD is now at 0200b39689 Merge pull request #15950 from mseri/release-plplot-5.11.0-1
[WARNING] Running as root is not recommended
[NOTE] Will configure from built-in defaults.
Checking for available remotes: rsync and local, git.
  - you won't be able to use mercurial repositories unless you install the hg command on your system.
  - you won't be able to use darcs repositories unless you install the darcs command on your system.


<><> Fetching repository information ><><><><><><><><><><><><><><><><><><><><><>
[default] Initialised
[WARNING] Running as root is not recommended

<><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
[ocaml-base-compiler.4.08.1] downloaded from https://github.com/ocaml/ocaml/archive/4.08.1.tar.gz

<><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
-> installed base-bigarray.base
-> installed base-threads.base
-> installed base-unix.base
[ERROR] The compilation of ocaml-base-compiler failed at "/root/.belenios/opam/opam-init/hooks/sandbox.sh build ./configure --prefix=/root/.belenios/opam/4.08.1 -C".

#=== ERROR while compiling ocaml-base-compiler.4.08.1 =========================#
# context              2.0.5 | linux/x86_64 |  | git+file:///root/.belenios/opam-repository
# path                 ~/.belenios/opam/4.08.1/.opam-switch/build/ocaml-base-compiler.4.08.1
# command              ~/.belenios/opam/opam-init/hooks/sandbox.sh build ./configure --prefix=/root/.belenios/opam/4.08.1 -C
# exit-code            1
# env-file             ~/.belenios/opam/log/ocaml-base-compiler-12049-c743ac.env
# output-file          ~/.belenios/opam/log/ocaml-base-compiler-12049-c743ac.out
### output ###
# Creating new namespace failed: Operation not permitted



<><> Error report <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+- The following actions failed
| - build ocaml-base-compiler 4.08.1
+- 
+- The following changes have been performed (the rest was aborted)
| - install base-bigarray base
| - install base-threads  base
| - install base-unix     base
+- 

<><> ocaml-base-compiler.4.08.1 troubleshooting <><><><><><><><><><><><><><><><>
=> A failure in the middle of the build may be caused by build parallelism
      (enabled by default).
      Please file a bug report at https://github.com/ocaml/ocaml/issues
=> You can try installing again including --jobs=1
      to force a sequential build instead.
# Run eval $(opam env) to update the current shell environment
Switch initialisation failed: clean up? ('n' will leave the switch partially installed) [Y/n] n
The command '/bin/sh -c ./opam-bootstrap.sh' returned a non-zero code: 31
jbl@pegasusio:~/dockerized-belenios$ 

My Dockerfile

FROM debian:9.12-slim


# ARG [email protected]:second-bureau/bellerophon/blockchain-bleue/belenios/belenios.git
ARG BELENIOS_SRC_CODE=https://github.com/glondu/belenios

ARG DEPENDENCIES='git bubblewrap build-essential libgmp-dev libpcre3-dev pkg-config m4 libssl-dev libsqlite3-dev wget ca-certificates zip unzip libncurses-dev uuid-runtime zlib1g-dev libgd-securityimage-perl cracklib-runtime'

RUN apt-get update -y  && apt-get install -y ${DEPENDENCIES}

RUN mkdir -p /belenios/install_home

COPY start.sh /belenios

RUN chmod +x /belenios/*.sh

# RUN git clone $[BELENIOS_SRC_CODE} /belenios/install_home
RUN git clone https://github.com/glondu/belenios /belenios/install_home
WORKDIR /belenios/install_home

RUN chmod +x ./opam-bootstrap.sh
RUN ./opam-bootstrap.sh
RUN make  --jobs=1 all
# RUN BELENIOS_DEBUG=1 make all
# ---
# To make sure the build process completed (almost) without errors
RUN make check
# ---
# 
# To compile the command-line tool, you will need: (installed by 'opam' executable)
RUN opam install atdgen zarith cryptokit uuidm cmdliner
# ---
# Now commpiling belenios command line tool (Belenios CLI)
RUN make  --jobs=1
# ---
# The web server has the following additional dependencies: (installed by 'opam' executable)
RUN opam install calendar eliom csv
# ---
# all the dependencies have been
# installed, the Eliom module can be
# compiled with:
RUN make all

# ---
# Documentation
# -
# To generate HTML files from .md ones, you will need Markdown
ARG DOC_MARKDOWN_DEPENDENCIES='markdown texlive-latex-extra texlive-fonts-recommended texlive-fonts-extra lmodern'
RUN apt-get install -y ${DOC_MARKDOWN_DEPENDENCIES}
# Now generating documentation
RUN make doc




WORKDIR /belenios

CMD [ "/belenios/start.sh" ]

• start.sh :

#!/bin/bash

sleep 100000s

Step 2 of **Verifying overall_proof" uses undefined variables alpha_j and beta_j.

These should be replaced by alpha_Sigma and beta_Sigma, respectively.

Bonjour et merci pour votre application,

En espérant que l'usage du Français est autorisé, mon anglais étant quelque peu défaillant !

Pensez-vous qu'il serait possible de rajouter la fonction de séparation du poids des votes, par exemple, mon votant 1 pèse 45 voix, mon votant 2 pèse 67 voix.

Votant 1 donne 30 voix Pour et 15 voix Contre à l'option 1
Votant 1 donne 28 voix Pour et 17 voix Contre à l'option 2

Votant 2 donne 40 voix Pour et 27 voix Contre à l'option 1
Votant 2 donne 10 voix Pour et 57 voix Contre à l'option 2

Résultat des votes avec un poids total de 112 voix :

Option 1 : 70 voix Pour ; 42 voix Contre
Option 2 : 38 voix Pour ; 74 voix Contre

Merci pour votre retour et excellente journée à vous.

Patrick M

For branding purposes it would be nice to have the option to change the logos displayed in the booth (left and right).

Example:

Currently we are use a kind of hacky solution to ahive this: We define custom properties in the election description using JSON

{
    "description":"Wahl der Fachschaftsrats M // Election of the Student Council M",
    "logos":{
        "left":"https://m18.uni-weimar.de/files/2018/03/M_Logo_mitText-640x503.png",
        "right":"https://m18.uni-weimar.de/files/2018/03/StuKo_Logo.png"
    }
}

and than replace the default logos using a view lines of JavaScript.

One example for a native solution:

Thanks for the great work!

I would contrib docs maybe twice a year to this project, but it's a little complicated getting a login to inria git (I doubt other people would bother) and I'd prefer deleting my github user.

I would appreciate if the Admin Interface had a possibility to export and import the election in .json format.
This would be helpful
a) to save an election and redo the same election a year later
b) external version control system (VCS) could be used when creating the election
b1) when corrections are done
b2) (more sophisticated) collaboration among different users when creating the election: With the text format we could use version control system (VCS) and merge various contributions. Of course, the .json with its sensitivity to trailing commas will cause some trouble. Maybe there is a better format.
c) workaround for changing the order of questions

Already existing Workaround: There exists an experimental admin interface where .json can be exported and imported by copy-paste from an editor field:
https://vote.belenios.org/static/admin.html
You must be logged in from the standard login before the experimental admin interface is working, e.g. from here:
https://vote.belenios.org/login?cont=admin&service=public
The text editor does not show any whitespace, however Notepad++ with JSON Viewer plugin or PyCharm editor does beautify it.

I use Belenios behind a reverse proxy (nginx on port 80/443) with a domain name, but I have many references to localhost:8001 instead my domaine name (in email template, on user interface for the vote link...).

There is a place in the config file to fill the real domain name and overwrite the localhost:8001 ?

Thanks,

When administering an election using the web server interface, there are a few steps that modify the election without making it possible to go back and change things again. Two of these come to mind:

1. While managing trustees, clicking on the threshold mode link transforms the election into a threshold election. At this point, it does not seem possible to go back to the default simple trustees, so if this was clicked by mistake the election would have to be set up again from scratch. There is no workaround since the threshold must be strictly smaller than the number of trustees. This is partly related to the limitations mentioned in #55.

2. In the main election administration page, the button to generate election credentials fixes the voter list, but even if this is stated in the text above the button it can be easy to click by mistake or expect to be sent to a separate page to perform this operation, as is the case with the other steps.

It would be useful to present a confirmation prompt to the administrator before these operations are applied.

This seems important especially since an administrator may run into a dead end once spurious information has already been sent out to the voters. In (2), this condition itself causes the problem. But also in (1), because the steps can be performed in any order, credential information could be sent out before a mistake in trustee management imposes a do-over.

All emails sent by Belenios have the sender name Belenios public server.

I tried to customize this by setting

<server mail="MyOrg Voting Server <[email protected]>"/>

which results in

ocsigenserver.opt: ocsigen:main: Fatal - Error in configuration file: Error while parsing configuration file: Eliom: while loading _run/usr/lib/belenios-server/belenios_server.cmxs: execution of module initializers in the shared library failed: Failure("MyOrg Voting Server <[email protected]> is not a valid e-mail address")

Since 1.16 Belenios responds with an 401 error code when trying to access an admin page as an unauthenticated user. The response body looks something likes the following: Error: Ocsigen_cohttp.Ocsigen_http_error(0, 324098644)

E.g: https://belenios.loria.fr/draft/election?uuid=QZHqeNr1sx1m6B

In the previous versions this was an 403 error code and a Forbidden page was displayed to the user.

Maybe we could make this more user friendly. E.g. by displaying another error message or by redirecting to the login page?

Sorry for spamming you guys lately (:

I found that election admins in our organization (and me too) had the problem of accidentally clicking the "Destroy election" button when wanting to create the election. This is rather unfortunate when working with trustees. Because then the admin would have to ask all parties to again participate in setting up the election. Even worse: The same thing can happen if the election is already running and one clicks on the "Destroy election" button.

You might say the admin should be responsible and read the captions of what she/he is clicking at. But in reality most people don't or click faster then they read ;)

The solution could be as simple as:

<script>
function confirmDestroyElection(event) {
  var prompt = window.confirm("Do you really want to destroy this election?");
  if (!prompt) {
    event.preventDefault();
  }
}
</script>

<input value="Destroy election" type="submit" onclick="confirmDestroyElection">

Hi,
First at all, thanks for sharing this great project.
After a successful compilation of Belenios and some tweaks (remove demo auth and fill a correct admin user in $BELENIOS_VARDIR/password_db.csv), I'm able to run the server with ./demo/run-server.sh.

I've some questions :

• this is the correct way to deploy a production server ?
• do you have any snippet for a systemd config file ? I've some trouble to deal with env variables and user path (default directory where Belenios is).
• Can I restrict ocsigenserver on localhost only (<port>127.0.0.1:8001</port>) and use a reverse proxy safely (nginx) to deal with Let's Encrypt ?

Thanks,

I have used belenios for some test votes: it looks a very useful tool, thanks.

I've been using "alternative voting methods" to set up a ranked vote on https://belenios.loria.fr/ in v1.18.
After the vote is counted, participants can see the results in JSON format, in which each (ascii) answer has been assigned to an index [0, 1, ...].
As far as I can tell, there is no way in the web interface to find the mapping between index and the question it corresponds to.

When I ask for eg the condorcet result it tells me the answer in ascii, but I think the mapping must also be available to both administrator and participants, perhaps best integrated into the JSON data?

Hi,

I have an issue when compiling with make install (even though make minimal did not bring up any difficulty):

Here is the error:

$ make all
rm -f _build/BUILD
ocamlbuild all.otarget all-native.otarget
Finished, 0 targets (0 cached) in 00:00:00.
+ ocamlfind ocamlc -c -g -annot -safe-string -w A-4-6-29-44-45-48 -package js_of_ocaml-lwt -package js_of_ocaml-ppx -package lwt_ppx -package uuidm -package atdgen -package yojson -I src/lib -I src/tool -o src/tool/tool_js_booth.cmo src/tool/tool_js_booth.ml
File "src/tool/tool_js_booth.ml", line 423, characters 6-386:
423 | ......let%lwt raw =
424 |         let%lwt x = Printf.ksprintf get "elections/%s/election.json" uuid in
425 |         if x.code = 404 then (
426 |           let%lwt x = Printf.ksprintf get "draft/preview/%s/election.json" uuid in
427 |           Lwt.return x.content
428 |         ) else Lwt.return x.content
429 |       in
430 |       let () = set_textarea "election_params" raw in
431 |       Lwt.return (run_handler loadElection ())
Error: This expression has type bool Js_of_ocaml.Js.t Lwt.t
       but an expression was expected of type unit Lwt.t
       Type bool Js_of_ocaml.Js.t is not compatible with type unit
Command exited with code 2.
Compilation unsuccessful after building 284 targets (282 cached) in 00:00:01.
Makefile:9: recipe for target 'all' failed
make: *** [all] Error 10

I attach my opam list:

dep.txt

Thanks for your help!

I assume you have already considered it, but in the off chance that you haven't, you can try using esy to install dune.

After adding new voters to a list of voters which already received their passwords, I am unable to send the remaining passwords using the button in /draft/voters (it brings me back to the home page of the election without doing anything. However, the button on the main page (in /draft/election) works as expected.

I was creating and conducting elections in Belenios for finding out loopholes in it.
So, I followed the usual procedure. I first created the admin user, then some voters, questions, and sent the credentials and passwords to them. But, when it comes to the trustees, where we have to send the link for them to generate the decryption key, it seems that the link is sent in a wrong way.

The link found in the email is: https://belenios.loria.fr/draft/threshold-trustee?token=SwCan9Xj2yEB4W&amp;uuid=Qnzd5shpFWSYhD which on opening shows "Wrong Parameters".

The actual link(which I found out as an admin) is: https://belenios.loria.fr/draft/threshold-trustee?token=SwCan9Xj2yEB4W&uuid=Qnzd5shpFWSYhD

So, as you can see, there is an "amp;" that is somehow added while sending through the mail, which causes the link to be broken.

A self-contained Docker image or a Docker compose file for running the Belenios web server would be much appreciated.

Building an image from sources using completely unknown technologies is too much of an effort for running an evaluation of a software system.

Could it be as simple as adding a missing entrypoint to the glondu/beleniosbase image?

When running Belenios locally kept getting error:
ocsigenserver.opt: ocsigen:main: Exn during page generation (sending 500): Invalid_argument("2020-07-20 -20:-08:-25 does not match the format %Y-%m-%d %H:%M:%S")

(Date was actually 2020-07-26 and negative time was being produced).

This occurred after signing in and starting to create a new election after pressing "Proceed".

Corrected this by commenting out let () = CalendarLib.Time_Zone.(change Local) in web_main.ml.

I live in New Zealand.

Unless I have done something wrong, this code might need looking at.