From da5371f30ffa0e864fd645425e588a0a1406679f Mon Sep 17 00:00:00 2001 From: aitzol Date: Sun, 5 May 2024 16:40:57 +0200 Subject: [PATCH] 2024-05-05 eguneraketa --- CHANGELOG.md | 11 +++++++++++ Dockerfile | 8 ++++---- conf.d/05-vhost.cfg.lua | 6 +++--- prosody.cfg.lua | 4 +--- tests/bats/bats-assert | 1 + tests/bats/bats-core | 1 + tests/bats/bats-support | 1 + tests/docker-compose.yml | 8 +++----- tests/tests.bats | 16 +++++++++++++--- 9 files changed, 38 insertions(+), 18 deletions(-) create mode 160000 tests/bats/bats-assert create mode 160000 tests/bats/bats-core create mode 160000 tests/bats/bats-support diff --git a/CHANGELOG.md b/CHANGELOG.md index 78c28ba..742f3b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +## Unreleased 2024-05-05 + +### Adjust config + +* Replace deprecated legacy_ssl with c2s_direct_tls. +* Removed use_libevent = true. This means the default is now used which is epoll. + +### Test + +Added a test to check that no deprecated config settings are used. + ## v1.3.2 * Added Firewall module with optional custom blacklist diff --git a/Dockerfile b/Dockerfile index 0328936..ba9b491 100644 --- a/Dockerfile +++ b/Dockerfile @@ -102,13 +102,13 @@ COPY *.bash /usr/local/bin/ RUN download-prosody-modules.bash \ && docker-prosody-module-install.bash \ - bookmarks `# XEP-0411: Bookmarks Conversion` \ - carbons `# message carbons (XEP-0280)` \ + #bookmarks `# XEP-0411: Bookmarks Conversion` \ + #carbons `# message carbons (XEP-0280)` \ cloud_notify `# XEP-0357: Push Notifications` \ - csi `# client state indication (XEP-0352)` \ + #csi `# client state indication (XEP-0352)` \ e2e_policy `# require end-2-end encryption` \ filter_chatstates `# disable "X is typing" type messages` \ - smacks `# stream management (XEP-0198)` \ + #smacks `# stream management (XEP-0198)` \ throttle_presence `# presence throttling in CSI` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ firewall `# anti-spam firewall` \ diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index e5c66ac..283f225 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB") -- XEP-0368: SRV records for XMPP over TLS -- https://compliance.conversations.im/test/xep0368/ -legacy_ssl_ssl = { - certificate = "certs/" .. domain .. "/fullchain.pem"; +c2s_direct_tls_ssl = { + certificate = "certs/" .. domain .. "/fullchain.pem"; key = "certs/" .. domain .. "/privkey.pem"; } -legacy_ssl_ports = { 5223 } +c2s_direct_tls_ports = { 5223 } -- https://prosody.im/doc/certificates#service_certificates -- https://prosody.im/doc/ports#ssl_configuration diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 2993131..1d09b4f 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -1,14 +1,12 @@ -- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist -- easily extendable by putting into different config files within conf.d folder -local stringy = require "stringy" +local stringy = require "stringy" admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); pidfile = "/var/run/prosody/prosody.pid" -use_libevent = true; -- improves performance - allow_registration = os.getenv("ALLOW_REGISTRATION"); c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); diff --git a/tests/bats/bats-assert b/tests/bats/bats-assert new file mode 160000 index 0000000..e2d855b --- /dev/null +++ b/tests/bats/bats-assert @@ -0,0 +1 @@ +Subproject commit e2d855bc78619ee15b0c702b5c30fb074101159f diff --git a/tests/bats/bats-core b/tests/bats/bats-core new file mode 160000 index 0000000..a751f3d --- /dev/null +++ b/tests/bats/bats-core @@ -0,0 +1 @@ +Subproject commit a751f3d3da4b7db830612322a068a18379c78d09 diff --git a/tests/bats/bats-support b/tests/bats/bats-support new file mode 160000 index 0000000..9bf10e8 --- /dev/null +++ b/tests/bats/bats-support @@ -0,0 +1 @@ +Subproject commit 9bf10e876dd6b624fe44423f0b35e064225f7556 diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index d2cc6d2..c0bf651 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -1,8 +1,6 @@ -version: "3.9" - services: prosody: - image: prosody + image: prosody/xmpp:latest restart: unless-stopped ports: - "5000:5000" @@ -19,7 +17,7 @@ services: - ./certs:/usr/local/etc/prosody/certs prosody_postgres: - image: prosody + image: prosody/xmpp:latest restart: unless-stopped ports: - "5000:5000" @@ -53,7 +51,7 @@ services: POSTGRES_PASSWORD: prosody prosody_ldap: - image: prosody + image: prosody/xmpp:latest restart: unless-stopped ports: - "5000:5000" diff --git a/tests/tests.bats b/tests/tests.bats index 7c9f176..1f88f04 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -57,8 +57,8 @@ load 'bats/bats-assert/load' assert_output } -@test "Should activate legacy_ssl" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" +@test "Should activate c2s_direct_tls" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" assert_success assert_output } @@ -82,7 +82,17 @@ load 'bats/bats-assert/load' } @test "Should show upload URL" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\"" assert_success assert_output } + +@test "Should not use deprecated config" { + run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3" + assert_failure +} + +@test "Should not have warnings in log" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\"" + assert_failure +}