@item
Or it can be also run as a @command{daemontools} daemon under
- @url{http://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}:
+ @url{http://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}. In the example
+ below it uses native daemontools's logging capability:
@example
# mkdir -p /var/service/.nncp-daemon/log
# cat > run <<EOF
#!/bin/sh -e
-exec envuidgid nncpuser tcpserver -DHRU -l 0 ::0 uucp \
- /usr/local/bin/nncp-daemon -quiet -ucspi
+NNCPLOG=FD:4 exec envuidgid nncpuser tcpserver -DHRU -l 0 ::0 uucp \
+ /usr/local/bin/nncp-daemon -quiet -ucspi 4>&1
EOF
# cat > log/run <<EOF
#!/bin/sh -e
-exec setuidgid uucp multilog t ./main
+exec setuidgid uucp multilog ./main
EOF
# chmod -R 755 /var/service/.nncp-daemon
After that you should get various @command{bin/nncp-*} binaries and
@command{bin/hjson-cli} command (only for your convenience, not
-necessary installation). Documentation for example for
+necessary installation). For example, documentation for
@command{nncp-bundle} command can be get with
@command{info doc/nncp.info -n nncp-bundle}.
It uses @url{http://cr.yp.to/redo.html, redo} build system for that
-examples. You can use either dozen of various implementations, or at
-least minimalistic POSIX shell @command{contrib/do} (just replace
+examples. You can use one of its various implementations, or at least
+minimalistic POSIX shell @command{contrib/do} (just replace
@command{redo} with @command{contrib/do} in the example above) included
in tarball. Following ones are tested to work with:
@url{http://www.goredo.cypherpunks.ru/, goredo} (NNCP's author creation),
@url{https://redo.readthedocs.io/, apenwarr/redo} (@code{contrib/do} is
from that project), @url{https://github.com/leahneukirchen/redo-c, redo-c}.
-There is @command{install} target respecting @env{DESTDIR}. It will
+There is @command{install} target respecting @env{$DESTDIR}. It will
install binaries and info-documentation:
@example
@item spool
Absolute path to the @ref{Spool, spool} directory.
@item log
-Absolute path to the @ref{Log, log} file.
+Either:
+ @itemize
+ @item absolute path to the @ref{Log, log} file
+ @item @code{FD:XXX}, where @code{XXX} is a decimal file descriptor
+ to write records too
+ @end itemize
@item umask
Will force all invoked commands to override their umask to specified
octal mask. Useful for using with @ref{Shared spool, shared spool directories}.
@table @option
@item -cfg
- Path to configuration file. May be overridden by @env{NNCPCFG}
+ Path to configuration file. May be overridden by @env{$NNCPCFG}
environment variable. If file file is an encrypted @ref{EBlob,
eblob}, then ask for passphrase to decrypt it first.
@item -debug
With @verb{|-via -|} you can disable relaying at all.
@item -spool
Override path to spool directory. May be specified by
- @env{NNCPSPOOL} environment variable.
+ @env{$NNCPSPOOL} environment variable.
@item -log
- Override path to logfile. May be specified by @env{NNCPLOG}
+ Override path to logfile. May be specified by @env{$NNCPLOG}
environment variable.
@item -quiet
Print only errors, omit simple informational messages. In any case
packet creation. Pay attention that if you want to send 1 GiB of data
taken from @code{stdin}, then you have to have more than 2 GiB of disk space
for that temporary file and resulting encrypted packet. You can control
-temporary file location directory with @env{TMPDIR} environment
+temporary file location directory with @env{$TMPDIR} environment
variable. Encryption is performed in AEAD mode with
@url{https://cr.yp.to/chacha.html, ChaCha20}-@url{https://en.wikipedia.org/wiki/Poly1305, Poly1305}
algorithms. Data is divided on 128 KiB blocks. Each block is encrypted
@section Prepared tarballs
You can obtain releases source code prepared tarballs from the links below.
-Do not forget to check tarball @ref{Integrity, integrity}.
+Do not forget to check tarball @ref{Integrity, integrity}! Also there
+are @ref{Mirrors, mirrors} of this website.
Tarballs include all necessary required libraries:
@multitable {XXXXX} {XXXX-XX-XX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Date @tab Size @tab Tarball @tab SHA256 checksum
+@item @ref{Release 7_5_1, 7.5.1} @tab 2021-08-05 @tab 1147 KiB
+@tab @url{download/nncp-7.5.1.tar.xz, link} @url{download/nncp-7.5.1.tar.xz.sig, sign}
+@tab @code{B093A745 C2EB9F5F E8341ED2 A6F1EE75 701B2646 B5701BAA F4E760D9 32CDD91A}
+
@item @ref{Release 7_5_0, 7.5.0} @tab 2021-07-28 @tab 1151 KiB
@tab @url{download/nncp-7.5.0.tar.xz, link} @url{download/nncp-7.5.0.tar.xz.sig, sign}
@tab @code{14D92DC5 B8164EE4 4926D7AF 46DA9F23 0C8F6207 350CC747 6DB5CDFB 8E7C3FE4}
* Sync protocol: Sync
* MultiCast Discovery: MCD
* EBlob format: EBlob
+* Mirrors::
* Thanks::
* Contacts and feedback: Contacts
* Copying conditions: Copying
@include sp.texi
@include mcd.texi
@include eblob.texi
+@include mirrors.texi
@include thanks.texi
@include contacts.texi
used for building documentation (although tarballs already include it).
In general you must get @ref{Tarballs, the tarball}, check its
-@ref{Integrity, integrity and authenticity} and run @command{make}.
+@ref{Integrity, integrity and authenticity} and run @command{redo}.
Look for general and platform-specific @ref{Build-instructions, build
instructions}.
read by human, but it is better to use either @ref{nncp-log}, or
@command{recutils} utilities for selecting and formatting the required
fields.
+
+Two example records from it:
+
+@verbatim
+When: 2021-08-07T20:30:49.042460622Z
+Who: sp-file-done
+Node: BYRRQUULEHINPKEFN7CHMSHR5I5CK7PMX5HQNCYERTBAR4BOCG6Q
+Nice: 255
+Type: file
+XX: rx
+Pkt: VQFR6KXC5N4UGL3HKKJKPXE4TN3G4UQGFXQTEYFZ7ZZIKWUVKOGA
+Size: 5229
+FullSize: 5229
+Msg: Got packet VQFR6KXC5N4UGL3HKKJKPXE4TN3G4UQGFXQTEYFZ7ZZIKWUVKOGA 100% (5.1 KiB / 5.1 KiB): done
+
+When: 2021-08-07T20:30:49.131766306Z
+Who: rx
+Node: BYRRQUULEHINPKEFN7CHMSHR5I5CK7PMX5HQNCYERTBAR4BOCG6Q
+Pkt: VQFR6KXC5N4UGL3HKKJKPXE4TN3G4UQGFXQTEYFZ7ZZIKWUVKOGA
+Nice: 96
+Size: 4741
+Type: exec
+Dst: sendmail stargrave@stargrave.org
+Msg: Got exec from gw to sendmail stargrave@stargrave.org (4.6 KiB)
+@end verbatim
--- /dev/null
+@node Mirrors
+@unnumbered Mirrors
+
+Main NNCP website is hosted on two geographically distant servers
+located in Moscow region, Russian Federation. One of server's IPv6
+connectivity is provided by Hurricane Electric tunnel broker. Only one
+of those servers supports TLS and another just proxies the traffic to
+it. So TLS-capable version has less availability.
+
+It can be authenticated with
+@url{http://ca.cypherpunks.ru/, ca.cypherpunks.ru} certificate, through the
+@url{https://datatracker.ietf.org/doc/html/rfc6698, DANE} record, that
+in turn can be authenticated with
+@url{https://dnscurve.org/, DNSCurve}-secured
+@url{http://www.stargrave.org/Trust-anchor.html, trust anchors}.
+Both @code{ca.cypherpunks.ru} and DNSCurve trust anchors are
+signed with @code{CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF}
+@url{https://en.wikipedia.org/wiki/OpenPGP, OpenPGP}
+@url{http://www.stargrave.org/Contacts.html, public key}.
+
+@table @asis
+
+@item @url{https://nncp.mirrors.quux.org/}
+
+Its creation @url{http://lists.cypherpunks.ru/archive/nncp-devel/2108/0310.html, announcement}.
+Mirror of the whole NNCP's website with all tarballs, made by John Goerzen.
+It uses @url{https://letsencrypt.org/, Let's Encrypt} certificate
+authority, so can be more easily accessible for some people. If you have
+got NNCP-peering with
+@url{http://lists.cypherpunks.ru/archive/nncp-devel/2108/0283.html, nncp.quux.org}
+node, then you can also @ref{nncp-freq, freq} the @ref{Tarballs, tarballs}
+from it.
+
+@end table
@node Новости
@section Новости
+@node Релиз 7.6.0
+@subsection Релиз 7.6.0
+@itemize
+
+@item
+Журналирование может производиться в назначенный открытый файловый
+дескриптор (@env{$NNCPLOG=FD:5} например).
+Что дружелюбно к использованию под @command{daemontools}.
+
+@item
+Добавлены дополнительные проверки наличия публичных ключей в
+конфигурационном файле, предотвращающие падения некоторых команд.
+
+@end itemize
+
@node Релиз 7.5.1
@subsection Релиз 7.5.1
@itemize
Вы можете настраивать опции автоматического tosser для каждого вызова.
@item
-Использовать vendoring вместо переопределения @env{GOPATH} во время
+Использовать vendoring вместо переопределения @env{$GOPATH} во время
установки tarball, так как текущая минимальная версия Go это 1.12,
поддерживающая модули.
@itemize
@item
-Уважать @env{BINDIR}, @env{INFODIR} и @env{DOCDIR} переменные окружения
+Уважать @env{$BINDIR}, @env{$INFODIR} и @env{$DOCDIR} переменные окружения
в @file{config} во время установки.
@end itemize
@item
Exec команды вызываются с дополнительными переменными окружения
-@env{NNCP_NICE} и @env{NNCP_SELF}.
+@env{$NNCP_NICE} и @env{$NNCP_SELF}.
@item
Отправляемые файлы в ответ на запрос имеют приоритет указанный в запросе.
@node Релиз 0.12
@subsection Релиз 0.12
@itemize
-@item Команда sendmail вызывается с @env{NNCP_SENDER} переменной окружения.
+@item Команда sendmail вызывается с @env{$NNCP_SENDER} переменной окружения.
@end itemize
@node Релиз 0.11
See also this page @ref{Новости, on russian}.
+@node Release 7_6_0
+@section Release 7.6.0
+@itemize
+
+@item
+Logging may be done to specified opened file descriptor
+(@env{$NNCPLOG=FD:5} for example).
+That is friendly to use under @command{daemontools}.
+
+@item
+Added additional checks of public keys existence in configuration file,
+preventing some commands from failing.
+
+@end itemize
+
@node Release 7_5_1
@section Release 7.5.1
@itemize
automatic tosser options.
@item
-Use vendoring, instead of @env{GOPATH} overriding during tarball
+Use vendoring, instead of @env{$GOPATH} overriding during tarball
installation, because current minimal Go's version is 1.12 and it
supports modules.
@itemize
@item
-Respect for @env{BINDIR}, @env{INFODIR} and @env{DOCDIR} environment
+Respect for @env{$BINDIR}, @env{$INFODIR} and @env{$DOCDIR} environment
variables in @file{config} during installation.
@end itemize
as an ordinary single file.
@item
-Exec commands are invoked with additional @env{NNCP_NICE} and
-@env{NNCP_SELF} environment variables.
+Exec commands are invoked with additional @env{$NNCP_NICE} and
+@env{$NNCP_SELF} environment variables.
@item
Files, that are sent as a reply to freq, have niceness level taken from
@node Release 0_12
@section Release 0.12
@itemize
-@item Sendmail command is called with @env{NNCP_SENDER} environment variable.
+@item Sendmail command is called with @env{$NNCP_SENDER} environment variable.
@end itemize
@node Release 0_11
@itemize
@item Preferable niceness level for files sent by freq
-@item @env{NNCP_NICE} variable's value passed during @ref{CfgExec} invocation.
+@item @env{$NNCP_NICE} variable's value passed during @ref{CfgExec} invocation.
@end itemize
So plain packets can hold following paths and payloads:
to use @ref{Tarballs, tarballs} instead.
@example
-$ git clone git://git.cypherpunks.ru/nncp.git
-$ cd nncp
-$ git checkout develop
+$ git clone --branch develop git://git.cypherpunks.ru/nncp.git nncp
@end example
You can also use @url{https://git.cypherpunks.ru/nncp.git}.
feedback and NixOS package maintenance.
@item @url{mailto:jgoerzen@@complete.org, John Goerzen} for his feature
-suggestions, bugreports and Debian package maintenance.
+suggestions, bugreports, Debian package and mirror maintenance, and the
+whole project popularization.
@end itemize
cat > doc/download.texi <<EOF
@node Tarballs
@section Prepared tarballs
-You can obtain releases source code prepared tarballs on
-@url{http://www.nncpgo.org/}.
+You can obtain releases source code prepared tarballs from
+@url{http://www.nncpgo.org/} and from one of its
+@url{http://www.nncpgo.org/Mirrors.html, mirrors}.
EOF
perl -i -ne 'print unless /include pedro/' doc/index.texi doc/about.ru.texi
perl -p -i -e 's/^(.verbatiminclude) .*$/$1 PUBKEY.asc/g' doc/integrity.texi
GPG key ID: 0x2B25868E75A1A953 NNCP releases <releases@nncpgo.org>
Fingerprint: 92C2 F0AE FE73 208E 46BF F3DE 2B25 868E 75A1 A953
+There are mirrors where you can also get the source code tarballs:
+http://www.nncpgo.org/Mirrors.html
+
Please send questions regarding the use of NNCP, bug reports and patches
to mailing list: http://lists.cypherpunks.ru/nncp_002ddevel.html
EOF
Идентификатор GPG ключа: 0x2B25868E75A1A953 NNCP releases <releases@nncpgo.org>
Отпечаток: 92C2 F0AE FE73 208E 46BF F3DE 2B25 868E 75A1 A953
+Есть и зеркала где вы также можете получить архивы с исходным кодом:
+http://www.nncpgo.org/Mirrors.html
+
Пожалуйста, все вопросы касающиеся использования NNCP, отчёты об ошибках
и патчи отправляйте в nncp-devel почтовую рассылку:
http://lists.cypherpunks.ru/nncp_002ddevel.html
PORTNAME= nncp
-DISTVERSION= 7.4.0
+DISTVERSION= 7.6.0
CATEGORIES= net
MASTER_SITES= http://www.nncpgo.org/download/
)
})
isGood = true
- conn.Close() // #nosec G104
+ conn.Close()
break
} else {
ctx.LogE("call-started", les, err, func(les LEs) string {
return fmt.Sprintf("Connection to %s (%s)", node.Name, addr)
})
- conn.Close() // #nosec G104
+ conn.Close()
}
}
return
"bytes"
"encoding/json"
"errors"
+ "fmt"
"log"
"os"
"path"
copy(area.Pub[:], pub)
}
if cfg.Prv != nil {
+ if area.Pub == nil {
+ return nil, fmt.Errorf("area %s: prv requires pub presence", name)
+ }
prv, err := Base32Codec.DecodeString(*cfg.Prv)
if err != nil {
return nil, err
func CfgParse(data []byte) (*CfgJSON, error) {
var err error
if bytes.Compare(data[:8], MagicNNCPBv3.B[:]) == 0 {
- os.Stderr.WriteString("Passphrase:") // #nosec G104
+ os.Stderr.WriteString("Passphrase:")
password, err := term.ReadPassword(0)
if err != nil {
log.Fatalln(err)
}
- os.Stderr.WriteString("\n") // #nosec G104
+ os.Stderr.WriteString("\n")
data, err = DeEBlob(data, password)
if err != nil {
return nil, err
return true
}
gut, err := Check(fd, job.Size, job.HshValue[:], les, ctx.ShowPrgrs)
- fd.Close() // #nosec G104
+ fd.Close()
if err != nil {
ctx.LogE("checking", les, err, logMsg)
return true
if err == io.EOF {
break
}
- bufStdin.Discard(bufStdin.Buffered() - (len(nncp.NNCPBundlePrefix) - 1)) // #nosec G104
+ bufStdin.Discard(bufStdin.Buffered() - (len(nncp.NNCPBundlePrefix) - 1))
continue
}
if _, err = bufStdin.Discard(prefixIdx); err != nil {
if err != nil {
log.Fatalln("Invalid NODE specified:", err)
}
+ if node.NoisePub == nil {
+ log.Fatalln("Node", nodeId, "does not have online communication capability")
+ }
if len(node.Calls) == 0 {
ctx.LogD(
"caller-no-calls",
return
}
- os.Stderr.WriteString("Passphrase:") // #nosec G104
+ os.Stderr.WriteString("Passphrase:")
password1, err := term.ReadPassword(0)
if err != nil {
log.Fatalln(err)
if err != nil {
log.Fatalln(err)
}
- os.Stdout.Write(cfgRaw) // #nosec G104
+ os.Stdout.Write(cfgRaw)
return
}
- os.Stderr.WriteString("\nRepeat passphrase:") // #nosec G104
+ os.Stderr.WriteString("\nRepeat passphrase:")
password2, err := term.ReadPassword(0)
if err != nil {
log.Fatalln(err)
}
- os.Stderr.WriteString("\n") // #nosec G104
+ os.Stderr.WriteString("\n")
if bytes.Compare(password1, password2) != 0 {
log.Fatalln(errors.New("Passphrases do not match"))
}
if err != nil {
log.Fatalln(err)
}
- os.Stdout.Write(eblob) // #nosec G104
+ os.Stdout.Write(eblob)
}
ctx.Umask()
if *ucspi {
- os.Stderr.Close() // #nosec G104
+ os.Stderr.Close()
conn := &nncp.UCSPIConn{R: os.Stdin, W: os.Stdout}
nodeIdC := make(chan *nncp.NodeId)
addr := nncp.UCSPITCPRemoteAddr()
close(autoTossFinish)
<-autoTossBadCode
}
- conn.Close() // #nosec G104
+ conn.Close()
return
}
close(autoTossFinish)
<-autoTossBadCode
}
- conn.Close() // #nosec G104
+ conn.Close()
}(conn)
}
}
})
return false
}
- fd.Close() // #nosec G104
+ fd.Close()
if metaPkt.Magic == nncp.MagicNNCPMv1.B {
ctx.LogE("reass", les, nncp.MagicNNCPMv1.TooOld(), logMsg)
return false
); err != nil {
log.Fatalln(err)
}
- fd.Close() // #nosec G104
+ fd.Close()
if bytes.Compare(hsh.Sum(nil), metaPkt.Checksums[chunkNum][:]) != 0 {
ctx.LogE(
"reass-chunk",
); err != nil {
log.Fatalln(err)
}
- fd.Close() // #nosec G104
+ fd.Close()
if !keep {
if err = os.Remove(chunkPath); err != nil {
ctx.LogE(
return nil
}
fis, err := dir.Readdir(0)
- dir.Close() // #nosec G104
+ dir.Close()
if err != nil {
ctx.LogE("reass", nncp.LEs{{K: "Path", V: dirPath}}, err, logMsg)
return nil
goto Tx
}
fis, err = dir.Readdir(0)
- dir.Close() // #nosec G104
+ dir.Close()
if err != nil {
ctx.LogE("xfer-self-read", les, err, func(les nncp.LEs) string {
return logMsg(les) + ": reading"
continue
}
fisInt, err := dir.Readdir(0)
- dir.Close() // #nosec G104
+ dir.Close()
if err != nil {
ctx.LogE("xfer-rx-read", les, err, func(les nncp.LEs) string {
return logMsg(les) + ": reading"
return logMsg(les) + ": not valid packet: " + err.Error()
},
)
- fd.Close() // #nosec G104
+ fd.Close()
continue
}
if pktEnc.Nice > nice {
ctx.LogD("xfer-rx-too-nice", les, func(les nncp.LEs) string {
return logMsg(les) + ": too nice"
})
- fd.Close() // #nosec G104
+ fd.Close()
continue
}
les = append(les, nncp.LE{K: "Size", V: fiInt.Size()})
}
if !ctx.IsEnoughSpace(fiInt.Size()) {
ctx.LogE("xfer-rx", les, errors.New("is not enough space"), logMsg)
- fd.Close() // #nosec G104
+ fd.Close()
continue
}
if _, err = fd.Seek(0, 0); err != nil {
}
if err != nil {
ctx.LogE("xfer-rx", les, err, logMsg)
- w.CloseWithError(err) // #nosec G104
+ w.CloseWithError(err)
}
}()
if _, err = nncp.CopyProgressed(
ctx.LogE("xfer-rx", les, err, logMsg)
isBad = true
}
- fd.Close() // #nosec G104
+ fd.Close()
if isBad {
tmp.Cancel()
continue
ctx.LogE("xfer-tx-open", les, err, func(les nncp.LEs) string {
return logMsg(les) + ": opening"
})
- tmp.Close() // #nosec G104
+ tmp.Close()
isBad = true
continue
}
append(les, nncp.LE{K: "FullSize", V: job.Size}),
ctx.ShowPrgrs,
)
- fd.Close() // #nosec G104
+ fd.Close()
if err != nil {
ctx.LogE("xfer-tx-copy", les, err, func(les nncp.LEs) string {
return logMsg(les) + ": copying"
})
- tmp.Close() // #nosec G104
+ tmp.Close()
isBad = true
continue
}
if err = bufW.Flush(); err != nil {
- tmp.Close() // #nosec G104
+ tmp.Close()
ctx.LogE("xfer-tx-flush", les, err, func(les nncp.LEs) string {
return logMsg(les) + ": flushing"
})
continue
}
if err = tmp.Sync(); err != nil {
- tmp.Close() // #nosec G104
+ tmp.Close()
ctx.LogE("xfer-tx-sync", les, err, func(les nncp.LEs) string {
return logMsg(les) + ": syncing"
})
isBad = true
continue
}
- os.Remove(filepath.Join(dstPath, pktName+".part")) // #nosec G104
+ os.Remove(filepath.Join(dstPath, pktName+".part"))
les = les[:len(les)-1]
ctx.LogI(
"xfer-tx",
"io/ioutil"
"os"
"path/filepath"
+ "strconv"
+ "strings"
"syscall"
)
} else {
ctx.LogPath = logPath
}
+ if strings.HasPrefix(ctx.LogPath, LogFdPrefix) {
+ ptr, err := strconv.ParseUint(
+ strings.TrimPrefix(ctx.LogPath, LogFdPrefix), 10, 64,
+ )
+ if err != nil {
+ return nil, err
+ }
+ LogFd = os.NewFile(uintptr(ptr), CfgLogEnv)
+ if LogFd == nil {
+ return nil, errors.New("can not open:" + ctx.LogPath)
+ }
+ }
if showPrgrs {
ctx.ShowPrgrs = true
}
return
}
fis, err := dir.Readdir(0)
- dir.Close() // #nosec G104
+ dir.Close()
if err != nil {
return
}
ctx.LogE("lockdir-flock", LEs{{"Path", lockPath}}, err, func(les LEs) string {
return "Locking directory: locking " + lockPath
})
- dirLock.Close() // #nosec G104
+ dirLock.Close()
return nil, err
}
return dirLock, nil
func (ctx *Ctx) UnlockDir(fd *os.File) {
if fd != nil {
- unix.Flock(int(fd.Fd()), unix.LOCK_UN) // #nosec G104
- fd.Close() // #nosec G104
+ unix.Flock(int(fd.Fd()), unix.LOCK_UN)
+ fd.Close()
}
}
"golang.org/x/sys/unix"
)
+const LogFdPrefix = "FD:"
+
+var LogFd *os.File
+
type LE struct {
K string
V interface{}
}
func (ctx *Ctx) Log(rec string) {
+ if LogFd != nil {
+ LogFd.WriteString(rec)
+ return
+ }
fdLock, err := os.OpenFile(
ctx.LogPath+".lock",
os.O_CREATE|os.O_WRONLY,
fmt.Fprintln(os.Stderr, "Can not open log:", err)
return
}
- fd.WriteString(rec) // #nosec G104
- fd.Close() // #nosec G104
+ fd.WriteString(rec)
+ fd.Close()
}
func (ctx *Ctx) LogD(who string, les LEs, msg func(LEs) string) {
const Base32Encoded32Len = 52
var (
- Version string = "7.5.1"
+ Version string = "7.6.0"
Base32Codec *base32.Encoding = base32.StdEncoding.WithPadding(base32.NoPadding)
)
err = c.w.Close()
go c.cmd.Wait()
time.AfterFunc(time.Duration(10*time.Second), func() {
- c.cmd.Process.Kill() // #nosec G104
+ c.cmd.Process.Kill()
})
return
}
NicenessFmt(state.Nice),
)
})
- conn.SetWriteDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+ conn.SetWriteDeadline(time.Now().Add(DefaultDeadline))
if err = state.WriteSP(conn, buf, false); err != nil {
state.Ctx.LogE("sp-startI", les, err, func(les LEs) string {
return fmt.Sprintf(
NicenessFmt(state.Nice),
)
})
- conn.SetReadDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+ conn.SetReadDeadline(time.Now().Add(DefaultDeadline))
if buf, err = state.ReadSP(conn); err != nil {
state.Ctx.LogE("sp-startI-read", les, err, func(les LEs) string {
return fmt.Sprintf(
}
les := LEs{{"Nice", int(state.Nice)}}
state.Ctx.LogD("sp-startR", les, logMsg)
- conn.SetReadDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+ conn.SetReadDeadline(time.Now().Add(DefaultDeadline))
if buf, err = state.ReadSP(conn); err != nil {
state.Ctx.LogE("sp-startR-read", les, err, logMsg)
return err
var node *Node
for _, n := range state.Ctx.Neigh {
+ if n.NoisePub == nil {
+ continue
+ }
if subtle.ConstantTimeCompare(state.hs.PeerStatic(), n.NoisePub[:]) == 1 {
node = n
break
state.dirUnlock()
return err
}
- conn.SetWriteDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+ conn.SetWriteDeadline(time.Now().Add(DefaultDeadline))
if err = state.WriteSP(conn, buf, false); err != nil {
state.Ctx.LogE("sp-startR-write", les, err, func(les LEs) string {
return fmt.Sprintf(
break
Deadlined:
state.SetDead()
- conn.Close() // #nosec G104
+ conn.Close()
case now := <-pingTicker.C:
if now.After(state.TxLastSeen.Add(PingTimeout)) {
state.wg.Add(1)
)
}
state.Ctx.LogD("sp-sending", append(les, LE{"Size", int64(len(payload))}), logMsg)
- conn.SetWriteDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+ conn.SetWriteDeadline(time.Now().Add(DefaultDeadline))
ct, err := state.csOur.Encrypt(nil, nil, payload)
if err != nil {
state.Ctx.LogE("sp-encrypting", les, err, logMsg)
)
}
state.Ctx.LogD("sp-recv-wait", les, logMsg)
- conn.SetReadDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+ conn.SetReadDeadline(time.Now().Add(DefaultDeadline))
payload, err := state.ReadSP(conn)
if err != nil {
if err == io.EOF {
state.SetDead()
state.wg.Done()
state.SetDead()
- conn.Close() // #nosec G104
+ conn.Close()
}()
return nil
}
func (tmp *TmpFileWHash) Cancel() {
- tmp.Fd.Truncate(0) // #nosec G104
- tmp.Fd.Close() // #nosec G104
- os.Remove(tmp.Fd.Name()) // #nosec G104
+ tmp.Fd.Truncate(0)
+ tmp.Fd.Close()
+ os.Remove(tmp.Fd.Name())
}
func DirSync(dirPath string) error {
}
err = fd.Sync()
if err != nil {
- fd.Close() // #nosec G104
+ fd.Close()
return err
}
return fd.Close()
return err
}
if err = tmp.W.Flush(); err != nil {
- tmp.Fd.Close() // #nosec G104
+ tmp.Fd.Close()
return err
}
if err = tmp.Fd.Sync(); err != nil {
- tmp.Fd.Close() // #nosec G104
+ tmp.Fd.Close()
return err
}
if err = tmp.Fd.Close(); err != nil {
return err
}
if err = bufW.Flush(); err != nil {
- tmp.Close() // #nosec G104
+ tmp.Close()
ctx.LogE("rx-flush", les, err, func(les LEs) string {
return fmt.Sprintf(
"Tossing file %s/%s (%s): %s: flushing",
return err
}
if err = tmp.Sync(); err != nil {
- tmp.Close() // #nosec G104
+ tmp.Close()
ctx.LogE("rx-sync", les, err, func(les LEs) string {
return fmt.Sprintf(
"Tossing file %s/%s (%s): %s: syncing",
if areaId != nil {
area = ctx.AreaId2Area[*areaId]
if area.Prv == nil {
- return nil, errors.New("unknown area id")
+ return nil, errors.New("area has no encryption keys")
}
}
hops := make([]*Node, 0, 1+len(node.Via))
)
pktEncRaws <- pktEncRaw
errs <- err
- dst.Close() // #nosec G104
+ dst.Close()
}(curSize, src, pipeW)
curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
curSize += padSize
)
pktEncRaws <- pktEncRaw
errs <- err
- dst.Close() // #nosec G104
+ dst.Close()
}(curSize, padSize, src, pipeW)
curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
curSize += padSize
)
pktEncRaws <- pktEncRaw
errs <- err
- dst.Close() // #nosec G104
+ dst.Close()
}(curSize, pipeRPrev, pipeW)
curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
}
pktEncRaw, err := PktEncWrite(ctx.Self, node, pkt, nice, size, 0, src, dst)
pktEncRaws <- pktEncRaw
errs <- err
- dst.Close() // #nosec G104
+ dst.Close()
}(hops[i], pktTrns, curSize, pipeRPrev, pipeW)
curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
}
for i := 0; i <= wrappers; i++ {
err = <-errs
if err != nil {
- tmp.Fd.Close() // #nosec G104
+ tmp.Fd.Close()
return nil, err
}
}
nodePath := filepath.Join(ctx.Spool, lastNode.Id.String())
err = tmp.Commit(filepath.Join(nodePath, string(TTx)))
- os.Symlink(nodePath, filepath.Join(ctx.Spool, lastNode.Name)) // #nosec G104
+ os.Symlink(nodePath, filepath.Join(ctx.Spool, lastNode.Name))
if err != nil {
return lastNode, err
}
rerr = err
return
}
- os.Remove(src.Name()) // #nosec G104
+ os.Remove(src.Name())
tmpW := bufio.NewWriter(src)
tmpKey := make([]byte, chacha20poly1305.KeySize)
if _, rerr = rand.Read(tmpKey[:]); rerr != nil {
nonce[i] = 0
}
if _, err := aeadProcess(aead, nonce, nil, false, bufio.NewReader(src), w); err != nil {
- w.CloseWithError(err) // #nosec G104
+ w.CloseWithError(err)
}
}()
reader = r
}
fd, err := os.Open(e.path)
if err != nil {
- fd.Close() // #nosec G104
+ fd.Close()
return w.CloseWithError(err)
}
if _, err = io.Copy(tarWr, bufio.NewReader(fd)); err != nil {
- fd.Close() // #nosec G104
+ fd.Close()
return w.CloseWithError(err)
}
- fd.Close() // #nosec G104
+ fd.Close()
}
if err = tarWr.Close(); err != nil {
return w.CloseWithError(err)
return err
}
if _, err = io.Copy(compressor, in); err != nil {
- compressor.Close() // #nosec G104
+ compressor.Close()
return err
}
if err = compressor.Close(); err != nil {
go func() {
_, err := io.Copy(compressor, in)
if err != nil {
- compressor.Close() // #nosec G104
+ compressor.Close()
copyErr <- err
}
err = compressor.Close()
} else {
ctx.LogI("tx", append(les, LE{"Err", err}), logMsg)
}
- os.Symlink(nodePath, filepath.Join(ctx.Spool, node.Name)) // #nosec G104
+ os.Symlink(nodePath, filepath.Join(ctx.Spool, node.Name))
return err
}