Andrew Ayer
73327f0c2c
Refine interface for healthcheck failures
2024-04-04 07:53:35 -04:00
Andrew Ayer
5e0737353c
Abstract state storage and notification logic behind an interface
2024-04-04 07:47:25 -04:00
Andrew Ayer
740bf5ac55
Apply gofmt
2024-04-03 16:51:02 -04:00
Andrew Ayer
e2b5a8c8ea
Fix bug when fetching entries
...
This bug caused certspotter to always request 1000 entries even if
went beyond the size of the log. This would have prevented
certspotter from downloading entries near the end of the log, if the log was
strict with get-entries bounds.
In practice, none of the active CT logs are strict with get-entries bounds,
and even if a log were strict, certspotter would have been able to successfully
download the entries later once the log grew.
2023-11-13 16:33:17 -05:00
Andrew Ayer
b957791a5f
Add a helper function
2023-10-29 08:17:58 -04:00
Andrew Ayer
07bf0cfe2f
Include `Message-ID` and `Date` in outbound emails
...
Closes : #82
2023-10-29 08:17:58 -04:00
Andrew Ayer
5fae49a971
Simplify some code
2023-10-29 07:45:23 -04:00
chayleaf
74fb03b579
make sendmail path configurable using an env var
...
Closes : #80
2023-10-24 11:32:59 -04:00
Andrew Ayer
e3d8e99143
Add a comment
2023-10-21 14:29:37 -04:00
Andrew Ayer
6ae7ae1f9a
Update dependencies
2023-09-01 10:56:05 -04:00
Andrew Ayer
fd0a2a4d44
Execute scripts under $CERTSPOTTER_CONFIG_DIR/hooks.d, if it exists
2023-02-20 10:02:48 -05:00
Andrew Ayer
a242f6be26
Use same code to produce $SUMMARY and email subject
2023-02-19 08:48:30 -05:00
Andrew Ayer
152f4341d6
Save failed healthchecks, and put path in $TEXT_FILENAME
...
To allow scripts to access them.
2023-02-19 08:45:46 -05:00
Andrew Ayer
bd2bab5fcb
Save malformed entries, and put paths in environment variables
...
To allow scripts to access them.
2023-02-19 08:45:32 -05:00
Andrew Ayer
ee8ae0c1f3
Add helper functions for writing files
2023-02-18 21:15:40 -05:00
Andrew Ayer
9c61d83ca2
Remove an errant log statement
2023-02-07 10:13:52 -05:00
Andrew Ayer
2dc99f8d23
Fix notification suppression
2023-02-07 09:23:01 -05:00
Andrew Ayer
a8af849c9f
Remove fields from JSON file that I am not ready to stabilize
2023-02-06 10:10:58 -05:00
Andrew Ayer
52949d8ea3
Apply gofmt
2023-02-06 09:18:53 -05:00
Andrew Ayer
2a24abaa31
Make health check interval configurable
2023-02-06 09:18:37 -05:00
Andrew Ayer
6c798699f8
Apply gofmt
2023-02-05 21:08:13 -05:00
Andrew Ayer
e27e355b75
Implement monitor health check
2023-02-05 21:08:01 -05:00
Andrew Ayer
9ec3c74400
Rename LeafSHA256 to avoid confusion with Merkle leafs
2023-02-05 08:41:17 -05:00
Andrew Ayer
7a8a770d99
Apply gofmt
2023-02-05 08:30:53 -05:00
Andrew Ayer
c68cf401a3
Add $TBS_SHA256 and tbs_sha256 to script environment and JSON
2023-02-05 08:30:45 -05:00
Andrew Ayer
bc36175a53
Ensure that precertificates match the Merkle leaf input
2023-02-05 08:18:28 -05:00
Andrew Ayer
03c21ed118
Add PubkeySHA256 to discoveredCert
2023-02-05 08:08:07 -05:00
Andrew Ayer
05bf3d0c62
Fix typo in script environment variable
2023-02-05 07:56:42 -05:00
Andrew Ayer
e044aae1df
Set proper intervals for monitoring
2023-02-03 17:12:48 -05:00
Andrew Ayer
2366c06ca6
Support ETag/Last-Modified when fetching loglist
2023-02-03 15:21:24 -05:00
Andrew Ayer
6bb03865fb
Modernize loglist fetching, add context support
2023-02-03 14:55:09 -05:00
Andrew Ayer
897c861451
Remove redundant information in an error message
2023-02-03 14:38:02 -05:00
Andrew Ayer
35555b769a
Remove script directory support (for now)
...
The implementation was no good because it broke $PATH lookups.
I still like this feature but will defer it to a future version.
2023-02-03 14:35:26 -05:00
Andrew Ayer
ef2a7698d7
Update a TODO comment
2023-02-03 14:32:44 -05:00
Andrew Ayer
a5a9008de2
Add .v1 to file suffix of JSON files
...
If we add fields in the future this will make it clear that old
files don't have the new fields
2023-02-03 14:32:35 -05:00
Andrew Ayer
6848316a5b
Make the .notified file a hidden file
...
Since it's an implementation detail that users shouldn't need
to know about.
2023-02-03 14:29:58 -05:00
Andrew Ayer
5e7fa8c079
Remove some TODOs that I'v decided not to do
2023-02-03 14:29:24 -05:00
Andrew Ayer
209cdb181b
Convert to a daemon and make many other improvements
...
Specifically, certspotter no longer terminates unless it receives SIGTERM
or SIGINT or there is a serious error.
Although using cron made sense in the early days of Certificate
Transparency, certspotter now needs to run continuously to reliably keep
up with the high growth rate of contemporary CT logs, and to gracefully
handle the many transient errors that can arise when monitoring CT.
Closes : #63
Closes : #37
Closes : #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES)
Closes : #21 (with $WATCH_ITEM)
Closes : #25
2023-02-03 14:12:03 -05:00