debug.ReadBuildInfo() doesn't work for the Debian package, where there
is no git repository (at best; could be the Debian packaging one). The
go module doesn't have a version either.
Add a quick shortcut at the top, that sets the version to main.Version
if it's non-empty -- which is by default, so no change in behavior.
Effectively, this allows one to use the standard
-ldflags=-X=main.Version to set the version, like we intend to do in the
Debian package.
Specifically, certspotter no longer terminates unless it receives SIGTERM
or SIGINT or there is a serious error.
Although using cron made sense in the early days of Certificate
Transparency, certspotter now needs to run continuously to reliably keep
up with the high growth rate of contemporary CT logs, and to gracefully
handle the many transient errors that can arise when monitoring CT.
Closes: #63Closes: #37Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES)
Closes: #21 (with $WATCH_ITEM)
Closes: #25
Watchlist is now read from ~/.certspotter/watchlist by default, or from
the file specified by -watchlist (- for stdin).
By default, only exact DNS names are matched. To match both the domain
itself and all sub-domains, prefix with a dot (e.g. .example.com).
Comments are now allowed in watchlist files.