a6af6c54ba
Avoid inclusive end bound until last possible moment
...
Inclusive end bounds are the devil.
2025-05-06 14:52:36 -04:00
8119925c16
Store issuers cache under os.UserCacheDir
2025-05-06 14:25:41 -04:00
6151cb26da
Cache issuer certificates retrieved from static-ct-api logs
2025-05-06 14:19:25 -04:00
958e7a9efb
Avoid relying on STH timestamp during monitoring
...
Instead use the time at which the STH was observed (which for
FilesystemState is assumed to be the mtime of the STH file). This is
easier to reason about: we don't have to worry about logs lying about
the time; we don't have to take into account the delay between STH fetch
and healthcheck; we won't raise spurious health checks about logs with
MMDs longer than the healthcheck interval.
2025-05-06 10:41:33 -04:00
00fd77f6ed
Rename certspotter-specific loglist fields, again
2025-05-05 10:29:20 -04:00
56b190f7c0
Rename DownloadWorkers, revert to old defaults
2025-05-05 10:15:09 -04:00
bc199bca4b
Rename DownloadJobSize to GetEntriesSize
2025-05-05 10:04:50 -04:00
c967253f80
monitor: fsync state files before renaming them
...
Without fsync, there's a risk of zero-length files being persisted if
there's a power failure.
Don't bother fsyncing the parent directory because it's OK if the data rolls
back to the previous version; we only need to avoid data corruption.
Closes : #101
2025-05-04 20:44:36 -04:00
b856d7f163
static-ct-api support, parallel downloading
2025-05-04 20:41:33 -04:00
3765b4240b
Add a useful comment
2025-05-01 11:21:13 -04:00
3a609ea037
Remove unnecessary Printf
2025-01-11 11:35:31 -05:00
06ce937097
Improve some comments
2024-05-24 09:08:17 -04:00
cd4d796a7c
Respect $EMAIL when sending emails
...
Envelope sender and RFC5322.From address are set to $EMAIL if it's non-empty.
Requested in #87
2024-05-21 15:11:22 -04:00
93ca622a37
Add NotifyError to StateProvider
2024-04-04 08:09:00 -04:00
7bb5602d09
Refine interface for malformed log entries
2024-04-04 07:55:44 -04:00
73327f0c2c
Refine interface for healthcheck failures
2024-04-04 07:53:35 -04:00
5e0737353c
Abstract state storage and notification logic behind an interface
2024-04-04 07:47:25 -04:00
740bf5ac55
Apply gofmt
2024-04-03 16:51:02 -04:00
e2b5a8c8ea
Fix bug when fetching entries
...
This bug caused certspotter to always request 1000 entries even if
went beyond the size of the log. This would have prevented
certspotter from downloading entries near the end of the log, if the log was
strict with get-entries bounds.
In practice, none of the active CT logs are strict with get-entries bounds,
and even if a log were strict, certspotter would have been able to successfully
download the entries later once the log grew.
2023-11-13 16:33:17 -05:00
b957791a5f
Add a helper function
2023-10-29 08:17:58 -04:00
07bf0cfe2f
Include `Message-ID` and `Date` in outbound emails
...
Closes : #82
2023-10-29 08:17:58 -04:00
5fae49a971
Simplify some code
2023-10-29 07:45:23 -04:00
74fb03b579
make sendmail path configurable using an env var
...
Closes : #80
2023-10-24 11:32:59 -04:00
e3d8e99143
Add a comment
2023-10-21 14:29:37 -04:00
6ae7ae1f9a
Update dependencies
2023-09-01 10:56:05 -04:00
fd0a2a4d44
Execute scripts under $CERTSPOTTER_CONFIG_DIR/hooks.d, if it exists
2023-02-20 10:02:48 -05:00
a242f6be26
Use same code to produce $SUMMARY and email subject
2023-02-19 08:48:30 -05:00
152f4341d6
Save failed healthchecks, and put path in $TEXT_FILENAME
...
To allow scripts to access them.
2023-02-19 08:45:46 -05:00
bd2bab5fcb
Save malformed entries, and put paths in environment variables
...
To allow scripts to access them.
2023-02-19 08:45:32 -05:00
ee8ae0c1f3
Add helper functions for writing files
2023-02-18 21:15:40 -05:00
9c61d83ca2
Remove an errant log statement
2023-02-07 10:13:52 -05:00
2dc99f8d23
Fix notification suppression
2023-02-07 09:23:01 -05:00
a8af849c9f
Remove fields from JSON file that I am not ready to stabilize
2023-02-06 10:10:58 -05:00
52949d8ea3
Apply gofmt
2023-02-06 09:18:53 -05:00
2a24abaa31
Make health check interval configurable
2023-02-06 09:18:37 -05:00
6c798699f8
Apply gofmt
2023-02-05 21:08:13 -05:00
e27e355b75
Implement monitor health check
2023-02-05 21:08:01 -05:00
9ec3c74400
Rename LeafSHA256 to avoid confusion with Merkle leafs
2023-02-05 08:41:17 -05:00
7a8a770d99
Apply gofmt
2023-02-05 08:30:53 -05:00
c68cf401a3
Add $TBS_SHA256 and tbs_sha256 to script environment and JSON
2023-02-05 08:30:45 -05:00
bc36175a53
Ensure that precertificates match the Merkle leaf input
2023-02-05 08:18:28 -05:00
03c21ed118
Add PubkeySHA256 to discoveredCert
2023-02-05 08:08:07 -05:00
05bf3d0c62
Fix typo in script environment variable
2023-02-05 07:56:42 -05:00
e044aae1df
Set proper intervals for monitoring
2023-02-03 17:12:48 -05:00
2366c06ca6
Support ETag/Last-Modified when fetching loglist
2023-02-03 15:21:24 -05:00
6bb03865fb
Modernize loglist fetching, add context support
2023-02-03 14:55:09 -05:00
897c861451
Remove redundant information in an error message
2023-02-03 14:38:02 -05:00
35555b769a
Remove script directory support (for now)
...
The implementation was no good because it broke $PATH lookups.
I still like this feature but will defer it to a future version.
2023-02-03 14:35:26 -05:00
ef2a7698d7
Update a TODO comment
2023-02-03 14:32:44 -05:00
a5a9008de2
Add .v1 to file suffix of JSON files
...
If we add fields in the future this will make it clear that old
files don't have the new fields
2023-02-03 14:32:35 -05:00
Andrew Ayer