X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=gocheese.go;h=cc30de23dfc84596f7980a2fef81fc370827521c;hb=cc8232897ceab7f8dcfb7fce13de6ca75f1bdb74;hp=ed7e55d4646d93ab7530388d7810c9185adff1a4;hpb=bc21d669c622770aa3b02afc24a5963863780dcb;p=gocheese.git diff --git a/gocheese.go b/gocheese.go index ed7e55d..cc30de2 100644 --- a/gocheese.go +++ b/gocheese.go @@ -46,7 +46,7 @@ import ( ) const ( - Version = "2.6.0" + Version = "3.0.0" HTMLBegin = ` @@ -99,9 +99,9 @@ var ( gpgUpdateURLPath = flag.String("gpgupdate", "/gpgupdate/", "GPG forceful refreshing URL path") pypiURL = flag.String("pypi", "https://pypi.org/simple/", "Upstream (PyPI) URL") pypiCertHash = flag.String("pypi-cert-hash", "", "Authenticate upstream by its X.509 certificate's SPKI SHA256 hash") - passwdPath = flag.String("passwd", "passwd", "Path to file with authenticators") logTimestamped = flag.Bool("log-timestamped", false, "Prepend timestmap to log messages") - passwdCheck = flag.Bool("passwd-check", false, "Test the -passwd file for syntax errors and exit") + passwdPath = flag.String("passwd", "", "Path to FIFO for upload authentication") + passwdCheck = flag.Bool("passwd-check", false, "Run password checker") fsck = flag.Bool("fsck", false, "Check integrity of all packages (errors are in stderr)") maxClients = flag.Int("maxclients", 128, "Maximal amount of simultaneous clients") version = flag.Bool("version", false, "Print version information") @@ -288,8 +288,24 @@ func main() { } if *passwdCheck { - refreshPasswd() - return + if passwdReader(os.Stdin) { + os.Exit(0) + } else { + os.Exit(1) + } + } + + if *passwdPath != "" { + go func() { + for { + fd, err := os.OpenFile(*passwdPath, os.O_RDONLY, os.FileMode(0666)) + if err != nil { + log.Fatalln(err) + } + passwdReader(fd) + fd.Close() + } + }() } if (*tlsCert != "" && *tlsKey == "") || (*tlsCert == "" && *tlsKey != "") { @@ -301,24 +317,26 @@ func main() { if err != nil { log.Fatalln(err) } - refreshPasswd() - if *pypiCertHash == "" { - pypiHTTPTransport = http.Transport{} - } else { + tlsConfig := tls.Config{ + ClientSessionCache: tls.NewLRUClientSessionCache(16), + NextProtos: []string{"h2", "http/1.1"}, + } + pypiHTTPTransport = http.Transport{ + ForceAttemptHTTP2: true, + TLSClientConfig: &tlsConfig, + } + if *pypiCertHash != "" { ourDgst, err := hex.DecodeString(*pypiCertHash) if err != nil { log.Fatalln(err) } - pypiHTTPTransport = http.Transport{ - TLSClientConfig: &tls.Config{ - VerifyConnection: func(s tls.ConnectionState) error { - spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo - theirDgst := sha256.Sum256(spki) - if bytes.Compare(ourDgst, theirDgst[:]) != 0 { - return errors.New("certificate's digest mismatch") - } - return nil - }}, + tlsConfig.VerifyConnection = func(s tls.ConnectionState) error { + spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo + theirDgst := sha256.Sum256(spki) + if bytes.Compare(ourDgst, theirDgst[:]) != 0 { + return errors.New("certificate's SPKI digest mismatch") + } + return nil } } @@ -337,17 +355,9 @@ func main() { http.HandleFunc(*gpgUpdateURLPath, handler) } - needsRefreshPasswd := make(chan os.Signal, 0) needsShutdown := make(chan os.Signal, 0) exitErr := make(chan error, 0) - signal.Notify(needsRefreshPasswd, syscall.SIGHUP) signal.Notify(needsShutdown, syscall.SIGTERM, syscall.SIGINT) - go func() { - for range needsRefreshPasswd { - log.Println("refreshing passwords") - refreshPasswd() - } - }() go func(s *http.Server) { <-needsShutdown killed = true