53 Commits

Author	SHA1	Message	Date
Andrew Ayer	a6af6c54ba	Avoid inclusive end bound until last possible moment ... Inclusive end bounds are the devil.	2025-05-06 14:52:36 -04:00
Andrew Ayer	8119925c16	Store issuers cache under os.UserCacheDir	2025-05-06 14:25:41 -04:00
Andrew Ayer	6151cb26da	Cache issuer certificates retrieved from static-ct-api logs	2025-05-06 14:19:25 -04:00
Andrew Ayer	958e7a9efb	Avoid relying on STH timestamp during monitoring ... Instead use the time at which the STH was observed (which for FilesystemState is assumed to be the mtime of the STH file). This is easier to reason about: we don't have to worry about logs lying about the time; we don't have to take into account the delay between STH fetch and healthcheck; we won't raise spurious health checks about logs with MMDs longer than the healthcheck interval.	2025-05-06 10:41:33 -04:00
Andrew Ayer	00fd77f6ed	Rename certspotter-specific loglist fields, again	2025-05-05 10:29:20 -04:00
Andrew Ayer	56b190f7c0	Rename DownloadWorkers, revert to old defaults	2025-05-05 10:15:09 -04:00
Andrew Ayer	bc199bca4b	Rename DownloadJobSize to GetEntriesSize	2025-05-05 10:04:50 -04:00
Andrew Ayer	c967253f80	monitor: fsync state files before renaming them ... Without fsync, there's a risk of zero-length files being persisted if there's a power failure. Don't bother fsyncing the parent directory because it's OK if the data rolls back to the previous version; we only need to avoid data corruption. Closes: #101	2025-05-04 20:44:36 -04:00
Andrew Ayer	b856d7f163	static-ct-api support, parallel downloading	2025-05-04 20:41:33 -04:00
Andrew Ayer	3765b4240b	Add a useful comment	2025-05-01 11:21:13 -04:00
Andrew Ayer	3a609ea037	Remove unnecessary Printf	2025-01-11 11:35:31 -05:00
Andrew Ayer	06ce937097	Improve some comments	2024-05-24 09:08:17 -04:00
Andrew Ayer	cd4d796a7c	Respect $EMAIL when sending emails ... Envelope sender and RFC5322.From address are set to $EMAIL if it's non-empty. Requested in #87	2024-05-21 15:11:22 -04:00
Andrew Ayer	93ca622a37	Add NotifyError to StateProvider	2024-04-04 08:09:00 -04:00
Andrew Ayer	7bb5602d09	Refine interface for malformed log entries	2024-04-04 07:55:44 -04:00
Andrew Ayer	73327f0c2c	Refine interface for healthcheck failures	2024-04-04 07:53:35 -04:00
Andrew Ayer	5e0737353c	Abstract state storage and notification logic behind an interface	2024-04-04 07:47:25 -04:00
Andrew Ayer	740bf5ac55	Apply gofmt	2024-04-03 16:51:02 -04:00
Andrew Ayer	e2b5a8c8ea	Fix bug when fetching entries ... This bug caused certspotter to always request 1000 entries even if went beyond the size of the log. This would have prevented certspotter from downloading entries near the end of the log, if the log was strict with get-entries bounds. In practice, none of the active CT logs are strict with get-entries bounds, and even if a log were strict, certspotter would have been able to successfully download the entries later once the log grew.	2023-11-13 16:33:17 -05:00
Andrew Ayer	b957791a5f	Add a helper function	2023-10-29 08:17:58 -04:00
Andrew Ayer	07bf0cfe2f	Include Message-ID and Date in outbound emails ... Closes: #82	2023-10-29 08:17:58 -04:00
Andrew Ayer	5fae49a971	Simplify some code	2023-10-29 07:45:23 -04:00
chayleaf	74fb03b579	make sendmail path configurable using an env var ... Closes: #80	2023-10-24 11:32:59 -04:00
Andrew Ayer	e3d8e99143	Add a comment	2023-10-21 14:29:37 -04:00
Andrew Ayer	6ae7ae1f9a	Update dependencies	2023-09-01 10:56:05 -04:00
Andrew Ayer	fd0a2a4d44	Execute scripts under $CERTSPOTTER_CONFIG_DIR/hooks.d, if it exists	2023-02-20 10:02:48 -05:00
Andrew Ayer	a242f6be26	Use same code to produce $SUMMARY and email subject	2023-02-19 08:48:30 -05:00
Andrew Ayer	152f4341d6	Save failed healthchecks, and put path in $TEXT_FILENAME ... To allow scripts to access them.	2023-02-19 08:45:46 -05:00
Andrew Ayer	bd2bab5fcb	Save malformed entries, and put paths in environment variables ... To allow scripts to access them.	2023-02-19 08:45:32 -05:00
Andrew Ayer	ee8ae0c1f3	Add helper functions for writing files	2023-02-18 21:15:40 -05:00
Andrew Ayer	9c61d83ca2	Remove an errant log statement	2023-02-07 10:13:52 -05:00
Andrew Ayer	2dc99f8d23	Fix notification suppression	2023-02-07 09:23:01 -05:00
Andrew Ayer	a8af849c9f	Remove fields from JSON file that I am not ready to stabilize	2023-02-06 10:10:58 -05:00
Andrew Ayer	52949d8ea3	Apply gofmt	2023-02-06 09:18:53 -05:00
Andrew Ayer	2a24abaa31	Make health check interval configurable	2023-02-06 09:18:37 -05:00
Andrew Ayer	6c798699f8	Apply gofmt	2023-02-05 21:08:13 -05:00
Andrew Ayer	e27e355b75	Implement monitor health check	2023-02-05 21:08:01 -05:00
Andrew Ayer	9ec3c74400	Rename LeafSHA256 to avoid confusion with Merkle leafs	2023-02-05 08:41:17 -05:00
Andrew Ayer	7a8a770d99	Apply gofmt	2023-02-05 08:30:53 -05:00
Andrew Ayer	c68cf401a3	Add $TBS_SHA256 and tbs_sha256 to script environment and JSON	2023-02-05 08:30:45 -05:00
Andrew Ayer	bc36175a53	Ensure that precertificates match the Merkle leaf input	2023-02-05 08:18:28 -05:00
Andrew Ayer	03c21ed118	Add PubkeySHA256 to discoveredCert	2023-02-05 08:08:07 -05:00
Andrew Ayer	05bf3d0c62	Fix typo in script environment variable	2023-02-05 07:56:42 -05:00
Andrew Ayer	e044aae1df	Set proper intervals for monitoring	2023-02-03 17:12:48 -05:00
Andrew Ayer	2366c06ca6	Support ETag/Last-Modified when fetching loglist	2023-02-03 15:21:24 -05:00
Andrew Ayer	6bb03865fb	Modernize loglist fetching, add context support	2023-02-03 14:55:09 -05:00
Andrew Ayer	897c861451	Remove redundant information in an error message	2023-02-03 14:38:02 -05:00
Andrew Ayer	35555b769a	Remove script directory support (for now) ... The implementation was no good because it broke $PATH lookups. I still like this feature but will defer it to a future version.	2023-02-03 14:35:26 -05:00
Andrew Ayer	ef2a7698d7	Update a TODO comment	2023-02-03 14:32:44 -05:00
Andrew Ayer	a5a9008de2	Add .v1 to file suffix of JSON files ... If we add fields in the future this will make it clear that old files don't have the new fields	2023-02-03 14:32:35 -05:00