| Age | Commit message (Collapse) | Author |
|---|
|
== cmd/httpdfs
🌱 Add option to set base path and shutdown idle duration
The -base-path option set the URL prefix for serving HTTP request.
The -shutdown-idle option set the duration when server will stop
accepting new connections and shutting down.
== lib/dns
🪵 lib/dns: refactoring DoT and DoH to use address instead of port
Using port makes the IP address of DNS-over-TLS (DoT) and DNS-over-HTTPS
(DoH) listen on the same address with UDP. If we set ListenAddress to
0.0.0.0 and TLS termination is handled by proxy, this cause DoT and DoH
will also listen on all addresses (the ports open to public).
== lib/http
🌱 Add BasePath to the ServerOptions
The BasePath allow server to serve HTTP from custom prefix, other than
"/".
Each request that server received will remove the BasePath first from
the [http.Request.URL.Path] before passing to the handler. Each redirect
that server sent will add the BasePath as the prefix to redirect URL.
Any trailing slash in the BasePath will be removed.
🌱 Implement server auto shutdown when idle
In the ServerOptions, we add option ShutdownIdleDuration when set to
non-zero value it will start a timer. When the timer expired, the server
will stop accepting new connection and then shutting down.
This allow de-activating HTTP server when no connections received after
specific duration to reduce the system resources.
🌼 lib/http: fix possible data race in SSE connection
When server’s handler call Write or WriteRaw, there is possibility that
the worker for keeping the connection alive also call Write at the same
time, which cause the data race.
== lib/paseto
🪵 Move paseto v2 under sub directory "v2"
There are new versions of paseto standard: version 3 and version 4. To
minimize conflicts in the future, we move the old implementation of
paseto v2 to sub directory "v2" with package name "pasetov2".
🌱 lib/paseto/v4: new package that implements Paseto version 4
paseto/v4 provides a simple, ready to use, opinionated implementation of
Platform-Agnostic SEcurity TOkens (PASETO) version 4 as defined in
[paseto-v4].
[paseto-v4]: https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version4.md
== 🌱 lib/uuidv7
New package that implements UUID version 7.
The uuidv7 package provides type UUIDv7 as the container for UUID
version 7 that satisfy the [database/sql], [encoding/gob], and
[encoding/json].
The implementation follow RFC 9562.
|
|
There is an issue with current SSH client implementation.
Given a single host public key in the known_hosts file,
host ssh-ed25519 key...
Calling ssh.Dial(`tcp`, "host", ...) will return an error
knownhosts: key mismatch
from [handshakeTransport.enterKeyExchange], because only key
"mlkem768x25519-sha256" is checked on the client side.
This changes add DB interface for knownhosts that have two methods:
- HostKeyAlgorithms: return the host key that matches in known_hosts
based on the "host" name or address for
[ssh.ClientConfig.HostKeyAlgorithms].
- HostKeyCallback: return the ssh.HostKeyCallback for
[ssh.ClientConfig.HostKeyCallback].
|
|
|
|
|
|
This include updating the Go version in actions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Now that Go has type parameter, we can use it to use the same function
that accept different types for working with slice of int, int64.
|
|
We will needs slices and maps packages that are available since Go 1.23.
|
|
Instead of depends on fork of crypto with CL that needs [proposal],
implement them in here so we can update crypto to the latest release.
[proposal]: https://go-review.googlesource.com/c/crypto/+/552435
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
There are several reasons that why we move from github.com.
First, related to the name of package.
We accidentally name the package with "share" a common word in English
that does not reflect the content of repository.
By moving to other repository, we can rename it to better and unique
name, in this "pakakeh.go".
Pakakeh is Minang word for tools, and ".go" suffix indicate that the
repository related to Go programming language.
Second, supporting open source.
The new repository is hosted under sourcehut.org, the founder is known
to support open source, and all their services are licensed under AGPL,
unlike GitHub that are closed sources.
Third, regarding GitHub CoPilot.
The GitHub Terms of Service [1], allow any public content that are hosted
there granted them to parse the content.
On one side, GitHub helps and flourish the open source, but on another
side have an issues regarding scraping the copyleft license [2].
[1]: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#4-license-grant-to-us
[2]: https://githubcopilotinvestigation.com
|
|
|
|
|
|
This changes require the fork of our golang.org/x/crypto.
|
|
|
|
|
|
|
|
|
|
Using replace directive does not works well if we install binary using
"go install".
One of the case that we found is when user installing awwan [1] that use
"share" module [2] with replace directive, the binary is not build with
git.sr.ht/~shulhan/go-x-crypto.
/Users/xxx/go/bin/awwan: go1.21.0
path git.sr.ht/~shulhan/awwan/cmd/awwan
mod git.sr.ht/~shulhan/awwan v0.7.1-0.20230925173020-40b9fe9b854c h1:629djcSfqM8ITX+CtgGyrybPnKQPpwJ/EceN967bKps=
dep git.sr.ht/~shulhan/asciidoctor-go v0.5.0 h1:TfcAjv+7EwBZ83ef8OhX9vfQ4vRFcaJh0P1XXgbsJv0=
dep git.sr.ht/~shulhan/ciigo v0.10.0 h1:s1SJ3/NzBcbOLmEZ4z1Cx9Vf7ZdDIvm45b7KMCZKzEY=
dep github.com/evanw/esbuild v0.19.3 h1:foPr0xwQM3lBWKBtscauTN9FrmJzRDVI2+EGOs82H/I=
dep github.com/shuLhan/share v0.49.2-0.20230923081600-77c41ce992e6 h1:REQDC2UKLaWT1WGd/Iw/rfKLkXb7vtKtyObkeZeHZRk=
dep github.com/yuin/goldmark v1.5.6 h1:COmQAWTCcGetChm3Ig7G/t8AFAN00t+o8Mt4cf7JpwA=
dep github.com/yuin/goldmark-meta v1.1.0 h1:pWw+JLHGZe8Rk0EGsMVssiNb/AaPMHfSRszZeUeiOUc=
dep golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
dep golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
dep golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
dep golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
dep gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
build -buildmode=exe
build -compiler=gc
build DefaultGODEBUG=panicnil=1
build CGO_ENABLED=1
build CGO_CFLAGS=
build CGO_CPPFLAGS=
build CGO_CXXFLAGS=
build CGO_LDFLAGS=
build GOARCH=arm64
build GOOS=darwin
This changes require use to modify lib/cryto and lib/ssh that depends
on our patches.
[1] https://git.sr.ht/~shulhan/awwan
[2] https://github.com/shuLhan/share/commit/77c41ce992e6
|
|
This changes require update on go-x-crypto package, because the Is
method has not been merged upstream yet.
|
|
The LoadPrivateKeyInteractive load the private key from file.
If the private key file is encrypted, it will prompt for the passphrase
from terminal.
This function is taken from package lib/ssh with modification by adding
parameter io.ReadWriter and removing parameter maxAttempt.
|
|
|
|
Previously, the ssh Client always use InsecureIgnoreHostKey in
HostKeyCallback.
This may post security issue, like man-in-the-middle attack, since we
did not check the server host key with one of key that known by client
from UserKnownHostFile (for example ~/.ssh/known_hosts).
This changes use the SSH section UserKnownHostFile from configuration
(default to ~/.ssh/known_hosts) to check if the server host key is
valid.
The NewClientInteractive will return an error, "key is unknown", if host
key not exist in UserKnownHostFile or "key is mismatch" if host key
not match with one registered in UserKnownHostFile.
This changes depends on patch of golang.org/x/crypto [1] that has not
reviewed yet, so we need to replace it with one that contains the patch.
[1] https://go-review.googlesource.com/c/crypto/+/523555
|
|
|
|
|
|
|
|
|
|
The Go v1.18 has been archived.
|
|
This update use "go get all" which resolve to semver for each
dependencies.
|
|
|
|
|
|
|
|
While at it, update all dependencies.
|
|
|
|
|
|
|
|
|
|
|
