Some systems, like GitHub, can use `docs/SECURITY.md` to inform users on
how to report security issues.
This patch adds one to the tree. It is not linked explicitly in mkdocs
because the same information is already covered in the doc index and
README already.
It is not expected that the user modifies the domaininfo database behind
chasquid's back, and reloading it can be somewhat expensive.
So this patch removes the periodic reload, and instead makes it triggered
by SIGHUP so the user can trigger a reload manually if needed.
Some MTAs reject client connections unless the local name (used in the
HELO/EHLO command) looks like an FQDN. Currently, smtp-check always uses
`localhost`, which does not look like an FQDN.
This patch adds a command line flag to smtp-check to specify the
local name to be used.
Fixes https://github.com/albertito/chasquid/issues/37.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Minor edits to the commit message, adjust flag name, go fmt.
The current badge, which covers all the branch checks doesn't work, it
always says "pending".
This patch replaces it with the gotest workflow status. It is much more
narrow, but at least it works and gives a decent indication of the
testing status.
This patch updates tests.md to reflect the recent changes around
coverage testing, specifically we no longer have coverage issues with
fatal/non-zero exits, so remove that section from the docs.
Also while at it, add links to the software we reference, for
convenience.
This patch regenerates the auto-generated files.
There are no significant changes, the protobuf just get an updated
comment due to protoc version change, but it is just informational.
Two new TLS ciphers are added, matching the new IANA assignments.
When the SMTP courier gets an error on STARTTLS (either because the
command itself failed, or because there was a low-level TLS negotiation
error), today we just fail that attempt.
This can cause messages to never be delivered if the underlying reason
is a server misconfiguration (e.g. a server certificate that Go cannot
parse). This is quite rare in practice, but it can happen.
To prevent this situation, this patch adds logic so that the SMTP
courier retries over plaintext when STARTTLS fails.
This is still subject to security level checks, so this type of failures
cannot be used to downgrade connections to domains we successfully
established a TLS connection previously.
Note that certificate validation issues are NOT included in this
type of failure, so they will not trigger a retry. The certificate
validation handling is unchanged by this patch.
This patch does a general pass updating Go modules to recent versions.
This should fix a minor security advisories around http/2 handling. Even
though chasquid doesn't directly expose http/2, the monitoring server
could be affected.
Reference: https://pkg.go.dev/vuln/GO-2023-1495.
Currently, chasquid gets version information from build-time flags that
have to be passed by the user.
This patch extends this logic so, if no flags are given, Go's build
information will be used to construct a synthetic version string.
This patch updates the minimum supported Go version from 1.17 to 1.18,
and also the versions of our dependencies.
Go 1.18 is now 2 releases old, and easily available in most Linux
distributions, including Debian stable (via backports).
Go 1.20 finally includes proper support for instrumenting binaries for
coverage. This allows us to drop quite a few hacks and workarounds that
we used for it, and we can now also test exiting cases.
The downside is that coverage tests now require Go 1.20, but it is an
acceptable price to pay for the more accurate results.
Normal integration tests are unchanged.
This patch updates the coverage testing infrastructure to make use of
the new Go 1.20 features.
We're running against the usage limits in Gitlab CI (500), and Github
Actions should have more (2000).
So this patch replaces Gitlab CI with Github actions for running
integration tests, and build and push Docker images (to Dockerhub and
Gitlab registry).
We'll see how the usage levels are in a few months.
This patch updates the shell scripts with some of the common best
practices, which should make them more resilient to unusual failures and
unexpected environments (in particular, directories with spaces).
Most of these were identified by shellcheck.
Cirrus CI runs golangci-lint, which is often way too noisy with false
positives and irrelevant checks. Last one was errcheck on
http.ResponseWriter.Write, but there have been others before.
Disable it for now, since it doesn't add enough value to justify the
introduced friction.
The integration tests spend a lot of time on some ancilliary actions,
which slows them down: generating certificates, adding users, and
waiting for things to happen.
To improve the performance of those actions, this patch:
- Makes (most) tests use plain passwords (-20%)
- Adds a certificate cache to reuse certs (-10%)
- Tightens the sleep loops (-5%)
In aggregate, this patch results in a speedup of the integration tests
of ~30-40%.
Note that some of the tests required adjusting the username, because
`chasquid-util user-add` would convert them to lowercase as per PRECIS
mapping.
This patch changes several internal packages to receive and pass tracing
annotations, making use of the new tracing library, so we can have
better debugging information.
This commit introduces a new tracing library, that replaces
golang.org/x/net/trace, and supports (amongts other thing) nested
traces.
This is a minimal change, future patches will make use of the new
functionality.
ioutil package was deprecated in Go 1.16, replace all uses with their
respective replacements.
This patch was generated with a combination of `gofmt -r`, `eg`, and
manually (for `ioutil.ReadDir`).
The latest version of some packages we depend on (golang.org/x/sys,
indirectly) do not support 1.15 anymore.
We kept 1.15 because it's the version on Debian stable, but that release
is more than 2y old, and newer versions are readily available in Debian
stable backports.
So this patch updates the minimum supported Go version to 1.17.
govulncheck will complain when run on older Go versions that are known
to have security issues. Github setup-go action has a cache for the
"latest" go version and sometimes the latest isn't really used.
So sometimes, this generates false positives because govulncheck is run
on an older Go version, which is not a problem in chasquid itself.
To prevent those false positives, this patch asks the Github CI to
always check for the latest Go version when running govulncheck.
Newer versions of msmtp now set In-Reply-To and References header,
causing t-16-spf test to fail because we expect them to be empty (for no
particular reason).
So this patch changes our expected DSN used for testing to ignore their
values.
This patch does a general pass updating Go modules to recent versions.
The main purpose is to make sure people building from source are using
relatively recent versions of our dependencies.
Having systemd open sockets and pass them to chasquid is neat, but also
adds some complexity to the default config, for very little value in
practice.
This patch simplifies the default config by having chasquid open the
sockets instead.
Note that systemd file descriptor passing continues to be supported, and
existing installations will not be affected.
By default, `git describe` uses only annotated tags. Since some may not
be annotated (like v1.10) this causes some scripts to pick a confusing
version identifier.
This patch fixes the issue by passing `--tags`, which means all tags
will be considered.
This patch is the result of running Go 1.19's `gofmt` on the codebase,
which automatically updates all Go doc comments to the new format.
https://tip.golang.org/doc/go1.19#go-doc
When running a diff for dkimpy's output, we expect that diff to exit with
non-zero code.
Unfortunately, the way we set that expectation (by prefixing the diff
invocation with `!` is incorrect.
Running `! diff ...` will not cause the hook to fail if diff exits with
0, instead `!` will cause the exit code to be ignored.
This patch fixes the problem by running `diff ... && exit 1` instead.
This was caught by shellcheck, https://www.shellcheck.net/wiki/SC2251.
We've accumulated a few linter issues around comments and a couple of
variable names.
While none of them is major, this patch cleans them up so it's easier to
go through the linter output, and we can start being more strict about
it.
This patch does a general pass updating Go modules to recent versions, and
regenerates the protobufs accordingly.
The main purpose is to make sure people building from source are using
relatively recent versions of our dependencies.
The current generate_cert helper was originally taken from Go's source,
and is more complex than we need it to be.
This patch replaces it with our own version, rewritten from scratch
independently.
This patch moves the test helper binaries to a "one directory per
helper" layout, and also makes them to be ignored in the coverage build
instead of all builds.
With this change, "go build ./..." will build all binaries including the
test helpers, which helps make sure that module manage automation also
considers them. In particular, this makes "go mod tidy" work fine.
Today, we do setfacl unconditionally; this can be a problem for
user-provided certificates because they may be located somewhere else.
This patch fixes the problem by only doing setfacl after renewing the
certificates.
Externally provided certificates will be untouched, and the user is
responsible for ensuring that chasquid can read them.
Thanks to Alex Ellwein (aellwein@github) for reporting this in
https://github.com/albertito/chasquid/issues/29!
Dovecot's `state_dir` usually defaults to be at `/var/lib/dovecot`, or a
similar system-wide path.
Under some conditions, our test Dovecot instance can fail, because it's
wanting to write to state_dir, but it is not writeable by us in the test
environment.
This was reported by foxcpp in
https://github.com/albertito/chasquid/issues/28.
This patch fixes the problem by setting a custom state_dir to be within
our testing directory.
Thanks to foxcpp for reporting this problem and suggesting a fix.
This patch updates the dependency on blitiri.com.ar/go/spf from v1.3.0
to v1.4.0.
There are no code changes needed, but the new version contains some
important fixes around lookup limits counting.
Some dkimpy versions have a bug where it can't parse the keys generated
by its own key generator. That causes the dkimpy test to fail.
See https://bugs.launchpad.net/dkimpy/+bug/1978835 for more details.
This patch adds a workaround which detects the buggy version, and skip
the test if needed.
This patch implements support for catch-all aliases, where users can add
a `*: destination` alias. Mails sent to unknown users (or other aliases)
will not be rejected, but sent to the indicated destination instead.
Please see https://github.com/albertito/chasquid/issues/23 and
https://github.com/albertito/chasquid/pull/24 for more discussion and
background.
Thanks to Alex Ellwein (aellwein@github) for the alternative patch and
help with testing; and to ThinkChaos (ThinkChaos@github) for help with
testing.
