mirror of
https://github.com/mjl-/mox.git
synced 2024-12-27 08:53:48 +03:00
28fae96a9b
getting mox to compile required changing code in only a few places where package "syscall" was used: for accessing file access times and for umask handling. an open problem is how to start a process as an unprivileged user on windows. that's why "mox serve" isn't implemented yet. and just finding a way to implement it now may not be good enough in the near future: we may want to starting using a more complete privilege separation approach, with a process handling sensitive tasks (handling private keys, authentication), where we may want to pass file descriptors between processes. how would that work on windows? anyway, getting mox to compile for windows doesn't mean it works properly on windows. the largest issue: mox would normally open a file, rename or remove it, and finally close it. this happens during message delivery. that doesn't work on windows, the rename/remove would fail because the file is still open. so this commit swaps many "remove" and "close" calls. renames are a longer story: message delivery had two ways to deliver: with "consuming" the (temporary) message file (which would rename it to its final destination), and without consuming (by hardlinking the file, falling back to copying). the last delivery to a recipient of a message (and the only one in the common case of a single recipient) would consume the message, and the earlier recipients would not. during delivery, the already open message file was used, to parse the message. we still want to use that open message file, and the caller now stays responsible for closing it, but we no longer try to rename (consume) the file. we always hardlink (or copy) during delivery (this works on windows), and the caller is responsible for closing and removing (in that order) the original temporary file. this does cost one syscall more. but it makes the delivery code (responsibilities) a bit simpler. there is one more obvious issue: the file system path separator. mox already used the "filepath" package to join paths in many places, but not everywhere. and it still used strings with slashes for local file access. with this commit, the code now uses filepath.FromSlash for path strings with slashes, uses "filepath" in a few more places where it previously didn't. also switches from "filepath" to regular "path" package when handling mailbox names in a few places, because those always use forward slashes, regardless of local file system conventions. windows can handle forward slashes when opening files, so test code that passes path strings with forward slashes straight to go stdlib file i/o functions are left unchanged to reduce code churn. the regular non-test code, or test code that uses path strings in places other than standard i/o functions, does have the paths converted for consistent paths (otherwise we would end up with paths with mixed forward/backward slashes in log messages). windows cannot dup a listening socket. for "mox localserve", it isn't important, and we can work around the issue. the current approach for "mox serve" (forking a process and passing file descriptors of listening sockets on "privileged" ports) won't work on windows. perhaps it isn't needed on windows, and any user can listen on "privileged" ports? that would be welcome. on windows, os.Open cannot open a directory, so we cannot call Sync on it after message delivery. a cursory internet search indicates that directories cannot be synced on windows. the story is probably much more nuanced than that, with long deep technical details/discussions/disagreement/confusion, like on unix. for "mox localserve" we can get away with making syncdir a no-op.
223 lines
6.6 KiB
Text
223 lines
6.6 KiB
Text
This file has notes useful for mox developers.
|
|
|
|
# Code style & guidelines
|
|
|
|
- Keep the same style as existing code.
|
|
- For Windows: use package "path/filepath" when dealing with files/directories.
|
|
Test code can pass forward-slashed paths directly to standard library functions,
|
|
but use proper filepath functions when parameters are passed and in non-test
|
|
code. Mailbox names always use forward slash, so use package "path" for mailbox
|
|
name/path manipulation. Do not remove/rename files that are still open.
|
|
|
|
|
|
# TLS certificates
|
|
|
|
https://github.com/cloudflare/cfssl is useful for testing with TLS
|
|
certificates. Create a CA and configure it in mox.conf TLS.CA.CertFiles, and
|
|
sign host certificates and configure them in the listeners TLS.KeyCerts.
|
|
|
|
Setup a local CA with cfssl, run once:
|
|
|
|
```sh
|
|
go install github.com/cloudflare/cfssl/cmd/cfssl@latest
|
|
go install github.com/cloudflare/cfssl/cmd/cfssljson@latest
|
|
|
|
mkdir -p local/cfssl
|
|
cd local/cfssl
|
|
|
|
cfssl print-defaults config > ca-config.json # defaults are fine
|
|
|
|
# Based on: cfssl print-defaults csr > ca-csr.json
|
|
cat <<EOF >ca-csr.json
|
|
{
|
|
"CN": "mox ca",
|
|
"key": {
|
|
"algo": "ecdsa",
|
|
"size": 256
|
|
},
|
|
"names": [
|
|
{
|
|
"C": "NL"
|
|
}
|
|
]
|
|
}
|
|
EOF
|
|
|
|
cfssl gencert -initca ca-csr.json | cfssljson -bare ca - # Generate ca key and cert.
|
|
|
|
# Generate wildcard certificates for one or more domains, add localhost for use with pebble, see below.
|
|
domains="moxtest.example localhost"
|
|
for domain in $domains; do
|
|
cat <<EOF >wildcard.$domain.csr.json
|
|
{
|
|
"key": {
|
|
"algo": "ecdsa",
|
|
"size": 256
|
|
},
|
|
"names": [
|
|
{
|
|
"O": "mox"
|
|
}
|
|
],
|
|
"hosts": [
|
|
"$domain",
|
|
"*.$domain"
|
|
]
|
|
}
|
|
EOF
|
|
cfssl gencert -ca ca.pem -ca-key ca-key.pem -profile=www wildcard.$domain.csr.json | cfssljson -bare wildcard.$domain
|
|
done
|
|
```
|
|
|
|
Now configure mox.conf to add the cfssl CA root certificate:
|
|
|
|
```
|
|
TLS:
|
|
CA:
|
|
AdditionalToSystem: true
|
|
CertFiles:
|
|
# Assuming local/<env>/config/mox.conf and local/cfssl/.
|
|
- ../../cfssl/ca.pem
|
|
|
|
[...]
|
|
|
|
Listeners:
|
|
public:
|
|
TLS:
|
|
KeyCerts:
|
|
# Assuming local/<env>/config/mox.conf and local/cfssl/.
|
|
CertFile: ../../cfssl/wildcard.$domain.pem
|
|
KeyFile: ../../cfssl/wildcard.$domain-key.pem
|
|
```
|
|
|
|
# ACME
|
|
|
|
https://github.com/letsencrypt/pebble is useful for testing with ACME. Start a
|
|
pebble instance that uses the localhost TLS cert/key created by cfssl for its
|
|
TLS serving. Pebble generates a new CA certificate for its own use each time it
|
|
is started. Fetch it from https://localhost:15000/roots/0, write it to a file, and
|
|
add it to mox.conf TLS.CA.CertFiles. See below.
|
|
|
|
Setup pebble, run once:
|
|
|
|
```sh
|
|
go install github.com/letsencrypt/pebble/cmd/pebble@latest
|
|
|
|
mkdir -p local/pebble
|
|
cat <<EOF >local/pebble/config.json
|
|
{
|
|
"pebble": {
|
|
"listenAddress": "localhost:14000",
|
|
"managementListenAddress": "localhost:15000",
|
|
"certificate": "local/cfssl/localhost.pem",
|
|
"privateKey": "local/cfssl/localhost-key.pem",
|
|
"httpPort": 80,
|
|
"tlsPort": 443,
|
|
"ocspResponderURL": "",
|
|
"externalAccountBindingRequired": false
|
|
}
|
|
}
|
|
EOF
|
|
```
|
|
|
|
Start pebble, this generates a new temporary pebble CA certificate:
|
|
|
|
```sh
|
|
pebble -config local/pebble/config.json
|
|
```
|
|
|
|
Write new CA bundle that includes pebble's temporary CA cert:
|
|
|
|
```sh
|
|
export CURL_CA_BUNDLE=local/ca-bundle.pem # for curl
|
|
export SSL_CERT_FILE=local/ca-bundle.pem # for go apps
|
|
cat /etc/ssl/certs/ca-certificates.crt local/cfssl/ca.pem >local/ca-bundle.pem
|
|
curl https://localhost:15000/roots/0 >local/pebble/ca.pem # fetch temp pebble ca, DO THIS EVERY TIME PEBBLE IS RESTARTED!
|
|
cat /etc/ssl/certs/ca-certificates.crt local/cfssl/ca.pem local/pebble/ca.pem >local/ca-bundle.pem # create new list that includes cfssl ca and temp pebble ca.
|
|
rm -r local/*/data/acme/keycerts/pebble # remove existing pebble-signed certs in acme cert/key cache, they are invalid due to newly generated temp pebble ca.
|
|
```
|
|
|
|
Edit mox.conf, adding pebble ACME and its ca.pem:
|
|
|
|
```
|
|
ACME:
|
|
pebble:
|
|
DirectoryURL: https://localhost:14000/dir
|
|
ContactEmail: root@mox.example
|
|
TLS:
|
|
CA:
|
|
AdditionalToSystem: true
|
|
CertFiles:
|
|
# Assuming local/<env>/config/mox.conf and local/pebble/ca.pem and local/cfssl/ca.pem.
|
|
- ../../pebble/ca.pem
|
|
- ../../cfssl/ca.pem
|
|
|
|
[...]
|
|
|
|
Listeners:
|
|
public:
|
|
TLS:
|
|
ACME: pebble
|
|
```
|
|
|
|
For mail clients and browsers to accept pebble-signed certificates, you must add
|
|
the temporary pebble CA cert to their trusted root CA store each time pebble is
|
|
started (e.g. to your thunderbird/firefox testing profile). Pebble has no option
|
|
to not regenerate its CA certificate, presumably for fear of people using it for
|
|
non-testing purposes. Unfortunately, this also makes it inconvenient to use for
|
|
testing purposes.
|
|
|
|
|
|
# Messages for testing
|
|
|
|
For compatibility and preformance testing, it helps to have many messages,
|
|
created a long time ago and recently, by different mail user agents. A helpful
|
|
source is the Linux kernel mailing list. Archives are available as multiple git
|
|
repositories (split due to size) at
|
|
https://lore.kernel.org/lkml/_/text/mirror/. The git repo's can be converted
|
|
to compressed mbox files (about 800MB each) with:
|
|
|
|
```
|
|
# 0 is the first epoch (with over half a million messages), 12 is last
|
|
# already-complete epoch at the time of writing (with a quarter million
|
|
# messages). The archives are large, converting will take some time.
|
|
for i in 0 12; do
|
|
git clone --mirror http://lore.kernel.org/lkml/$i lkml-$i.git
|
|
(cd lkml-$i.git && time ./tombox.sh | gzip >../lkml-$i.mbox.gz)
|
|
done
|
|
```
|
|
|
|
With the following "tobmox.sh" script:
|
|
|
|
```
|
|
#!/bin/sh
|
|
pre=''
|
|
for rev in $(git rev-list master | reverse); do
|
|
printf "$pre"
|
|
echo "From sender@host $(date '+%a %b %e %H:%M:%S %Y' -d @$(git show -s --format=%ct $rev))"
|
|
git show ${rev}:m | sed 's/^>*From />&/'
|
|
pre='\n'
|
|
done
|
|
```
|
|
|
|
|
|
# Release proces
|
|
|
|
- Gather feedback on recent changes.
|
|
- Check if dependencies need updates.
|
|
- Check code if there are deprecated features that can be removed.
|
|
- Update features & roadmap in README.md
|
|
- Write release notes.
|
|
- Build and run tests with previous major Go release.
|
|
- Run tests, including with race detector.
|
|
- Run integration and upgrade tests.
|
|
- Run fuzzing tests for a while.
|
|
- Deploy to test environment. Test the update instructions.
|
|
- Send and receive email through the major webmail providers, check headers.
|
|
- Send and receive email with imap4/smtp clients.
|
|
- Check DNS check admin page.
|
|
- Check with https://internet.nl
|
|
- Create git tag, push code.
|
|
- Publish new docker image.
|
|
- Publish signed release notes for updates.xmox.nl and update DNS record.
|
|
- Create new release on the github page, so watchers get a notification.
|