| Age | Commit message (Collapse) | Author |
|---|
|
This fix the issue on play command where remote server only has one
public key in the known_hosts file with the following error:
initSSHClient: NewClientInteractive: dialWithSigners: \
ssh: handshake failed: knownhosts: key mismatch with known_hosts \
files [/home/ms/.ssh/known_hosts]
This changes require replacing golang.org/x/crypto module with our
own forks that implement the fix on the [ssh/knownhosts] package.
|
|
When the Play command executed from the web user interface, there is a
possibility that concurrent requests set the sshConfig field in Awwan
struct at the same time.
In the integration tests for TestAwwan_Play_withLocal and
TestExecLocal_sudo, the data race happens when writing to the same
buffer for stdout and stderr, so we split them into separate buffers.
There is also data race in SSE connection, when handler for ExecuteTail
write to the same buffer with worker keep alive.
This has been fixed on pakakeh.go module.
|
|
The `-shutdown-idle` option set the duration when server will stop
accepting new connections and shutting down.
|
|
This update affect the [ciigo.Serve] call in internal/cmd/www-awwan.
|
|
This fix the IsBinary that return true when file size is less than 1024.
|
|
This allow us to run www-awwan only when its activated in the local
environment.
|
|
In the internal/, fix the "reuse lint" warnings due to embedded SPDX
headers string that contains "\n" considered as invalid.
Realign struct Statement based on fieldaligment check.
|
|
|
|
This commit also test WebHook on SourceHut.
|
|
|
|
|
|
|
|
This changes remove the replace module and back to upstream.
Maintaining fork is not easy and take a lot of time.
As we seen in crypto fork, we are 10 minor version behind upstream.
|
|
|
|
|
|
The "share" project has been moved to SourceHut with new name
"pakakeh.go".
|
|
|
|
The "env-keys" command print list of environment variables under a
directory.
This command is internal, not documented, used by bash completion.
|
|
|
|
The update on share module fix several issues in "lib/ssh/config".
Including,
* Fix on SSH Config the default values.
Using Host with different Port now working as expected.
* Refactoring the Config merge.
Using IdentityFile or UserKnownHostsFile with relative path in
".ssh/config", for example
UserKnownHostsFile known_hosts
will now load the known_hosts in the same directory as config file.
|
|
This changes require us to replace golang.org/x/crypto with our fork,
since the [ssh.Session.Run] with context is not available yet in
upstream.
Implements: https://todo.sr.ht/~shulhan/awwan/9
|
|
This update is for security fixes in x/crypto on related to
Prefix Truncation Attack.
|
|
This fix fetching SSH config where Hostname is not set but host name
may match with Host with wildcard.
|
|
If the file to be copied contains sensitive data, putting them in
"/tmp" considered a security risk, even though it will be moved to
destination later.
The issue is when the "#put" command failed, the plain file is left
on "/tmp" directory.
This changes add additional advantage where we did not need to remove
the temporary directory on remote when execution completed, since the
temporary directory should be accessible by user only.
Implements: https://todo.sr.ht/~shulhan/awwan/8
|
|
|
|
See https://github.com/evanw/esbuild/pull/3534
|
|
|
|
Previously, the HTTP endpoint for "GET /awwan/api/fs" return the content
of files when the requested node is a directory.
This is cause unnecessary load because when requesting directory we
only need list of file names not the content.
This changes reduce the response by returning only list of node child
without its content, which require update on share module on [Node.JSON].
|
|
|
|
In "/awwan/api/execute/tail" SSE endpoint, in order for client to be able
to reconnect and start streaming from the last know output, we need to
send the ID for each message that we send.
The ID is the index of Output in slice.
If client does not send Last-Event-ID, we send all Output from beginning,
otherwise, we send only message start from index in Last-Event-ID.
|
|
The new API is "GET /awwan/api/execute/tail" that implement Server-sent
events, not a normal GET request.
Its accept the query parameter "id" with value is the execution ID
from "/awwan/api/execute".
Once called with valid ID, it will streaming the command output
to client.
By using this new API, the WUI can receive the output of command
immediately without waiting for all commands to be completed.
Implements: https://todo.sr.ht/~shulhan/awwan/5
Signed-off-by: Shulhan <ms@kilabit.info>
|
|
The contabostorage have an issues with cache.
The file that we upload today, when downloaded by user may not the latest
one.
This changes require update on share module to use the latest
[memfs.MemFS#Merge] method.
|
|
This fix scanning directory that contains broken symlink.
|
|
The latest share module, in lib/crypto, handle loading SSH private key
with passphrase interactively using a program defined in SSH_ASKPASS.
This allow "awwan serve" that run without stdin, for example under
systemd service, works seamlessly by setting environment variable
SSH_ASKPASS to /usr/lib/ssh/x11-ssh-askpass.
Implements: https://todo.sr.ht/~shulhan/awwan/3
Signed-off-by: Shulhan <ms@kilabit.info>
|
|
The latest update on share module create file in lib/ini.Open when
file does not exist.
|
|
The update fix lib/memfs.Get with empty path.
|
|
Similar to the CLI, the HTTP API accept the path of file and return the
path to encrypted file.
|
|
|
|
|
|
The latest share module fix the generated embedded Go regarding
regex for Includes and Excludes not compiled, which causes some files
get included when running the instance with Watch method.
|
|
Previously, the HTTP API for deleting node only remove the file but
not the node in the memfs.
This changes remove the child node from memfs, so the next refresh on
directory will not contains the removed file.
|
|
Previously, if the source file to be copied is not exist, awwan will
output only error for the ".vault" file, twice, for example
!!! Copy: <source>.vault: open <source>.vault not exist
Local: Copy: <source>.vault: open <source>.vault not exist
This changes make the first line output to print the original source
file first, the non-ecrypted one, and then followed by encrypted one,
??? loadFileInput "<source>": not exist
Local: Copy "<source>.vault": not exist
|
|
|
|
|
|
Using api.BuildContext [1] is more efficient than building again because
some of the data from the previous build is cached and can be reused
if the original files haven't changed since the previous build.
While at it, we update the github.com/evanw/esbuild module to latest
release.
[1] https://esbuild.github.io/api/#rebuild
|
|
|
|
This fix "go install" on cmd/awwan that does build with the replace
directive in share module which cause awwan not working properly.
|
|
|
|
The rsa.EncryptAOEP function has a maximum message size that they can
encrypt (public key size - 2*hash.Size - 2).
To fix this limitation we replace them with the one in libcrypto
that extend the functions to allow encrypting and decrypting a larger
message.
|
|
The Encrypt method encrypt the file using private key from file
"{{.BaseDir}}/.awwan.key".
The encrypted file output will be on the same file path with ".vault"
extension.
|
