)
const (
- Version = "2.6.0"
+ Version = "3.0.0"
HTMLBegin = `<!DOCTYPE html>
<html>
<head>
norefreshURLPath = flag.String("norefresh", "/norefresh/", "Non-refreshing URL path")
refreshURLPath = flag.String("refresh", "/simple/", "Auto-refreshing URL path")
gpgUpdateURLPath = flag.String("gpgupdate", "/gpgupdate/", "GPG forceful refreshing URL path")
- pypiURL = flag.String("pypi", "https://pypi.org/simple/", "Upstream PyPI URL")
- pypiCertHash = flag.String("pypi-cert-hash", "", "Authenticate PyPI by its X.509 certificate's SHA256 hash")
- passwdPath = flag.String("passwd", "passwd", "Path to file with authenticators")
+ pypiURL = flag.String("pypi", "https://pypi.org/simple/", "Upstream (PyPI) URL")
+ pypiCertHash = flag.String("pypi-cert-hash", "", "Authenticate upstream by its X.509 certificate's SPKI SHA256 hash")
logTimestamped = flag.Bool("log-timestamped", false, "Prepend timestmap to log messages")
- passwdCheck = flag.Bool("passwd-check", false, "Test the -passwd file for syntax errors and exit")
+ passwdPath = flag.String("passwd", "", "Path to FIFO for upload authentication")
+ passwdCheck = flag.Bool("passwd-check", false, "Run password checker")
fsck = flag.Bool("fsck", false, "Check integrity of all packages (errors are in stderr)")
maxClients = flag.Int("maxclients", 128, "Maximal amount of simultaneous clients")
version = flag.Bool("version", false, "Print version information")
}
if *passwdCheck {
- refreshPasswd()
- return
+ if passwdReader(os.Stdin) {
+ os.Exit(0)
+ } else {
+ os.Exit(1)
+ }
+ }
+
+ if *passwdPath != "" {
+ go func() {
+ for {
+ fd, err := os.OpenFile(*passwdPath, os.O_RDONLY, os.FileMode(0666))
+ if err != nil {
+ log.Fatalln(err)
+ }
+ passwdReader(fd)
+ fd.Close()
+ }
+ }()
}
if (*tlsCert != "" && *tlsKey == "") || (*tlsCert == "" && *tlsKey != "") {
if err != nil {
log.Fatalln(err)
}
- refreshPasswd()
- if *pypiCertHash == "" {
- pypiHTTPTransport = http.Transport{}
- } else {
+ tlsConfig := tls.Config{
+ ClientSessionCache: tls.NewLRUClientSessionCache(16),
+ NextProtos: []string{"h2", "http/1.1"},
+ }
+ pypiHTTPTransport = http.Transport{
+ ForceAttemptHTTP2: true,
+ TLSClientConfig: &tlsConfig,
+ }
+ if *pypiCertHash != "" {
ourDgst, err := hex.DecodeString(*pypiCertHash)
if err != nil {
log.Fatalln(err)
}
- pypiHTTPTransport = http.Transport{
- TLSClientConfig: &tls.Config{
- VerifyConnection: func(s tls.ConnectionState) error {
- spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo
- theirDgst := sha256.Sum256(spki)
- if bytes.Compare(ourDgst, theirDgst[:]) != 0 {
- return errors.New("certificate's digest mismatch")
- }
- return nil
- }},
+ tlsConfig.VerifyConnection = func(s tls.ConnectionState) error {
+ spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo
+ theirDgst := sha256.Sum256(spki)
+ if bytes.Compare(ourDgst, theirDgst[:]) != 0 {
+ return errors.New("certificate's SPKI digest mismatch")
+ }
+ return nil
}
}
http.HandleFunc(*gpgUpdateURLPath, handler)
}
- needsRefreshPasswd := make(chan os.Signal, 0)
needsShutdown := make(chan os.Signal, 0)
exitErr := make(chan error, 0)
- signal.Notify(needsRefreshPasswd, syscall.SIGHUP)
signal.Notify(needsShutdown, syscall.SIGTERM, syscall.SIGINT)
- go func() {
- for range needsRefreshPasswd {
- log.Println("refreshing passwords")
- refreshPasswd()
- }
- }()
go func(s *http.Server) {
<-needsShutdown
killed = true