Skip to content

WIP: run CI for #836 #839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
missytake wants to merge 12 commits into from
Closed

WIP: run CI for #836 #839

missytake wants to merge 12 commits into from

Conversation

@missytake
Copy link
Contributor

@missytake missytake commented Feb 8, 2026

don't merge, it's only the CI for #836

@Retengart
chore: fix ruff formatting in acmetool, dovecot, postfix deployers
ea52fde
@Retengart
fix: use msg.path instead of nonexistent msg.relpath in fsreport
0443965 
FileEntry namedtuple has (path, mtime, size), not relpath.
Crashes with AttributeError when --mdir flag is used.
@Retengart
fix: return tuple from get_dkim_entry on CalledProcessError
a5dc1d8 
Bare return yielded None, causing TypeError on tuple unpacking
in perform_initial_checks on fresh servers without DKIM keys.
@Retengart
fix: handle build_webpages returning None in WebsiteDeployer
3ad8e5a 
Exception in _build_webpages was silently caught, returning None.
rsync then received "None/" as source path, silently breaking deploy.
@Retengart
fix: remove dead code and potential NameError in run_cmd
0148ecd 
check_call always returns 0 or raises, making retcode!=0 branches
unreachable. Also remote_data was undefined with --skip-dns-check.
@Retengart
fix: guard against IndexError in dovecot_recalc_quota
93eb996 
doveadm output ends with empty line, parts=[] causes parts[2] crash.
@Retengart
fix(security): use secrets.choice instead of random.choices for username
c48a7d8 
Per Python docs, secrets module should be used for security-sensitive
data. random.choices uses Mersenne Twister PRNG which is predictable.
secrets.choice was already used for password generation in the same file.
@Retengart
fix(security): remove deprecated TLS 1.0/1.1 from nginx config
0d3cde9 
TLS 1.0/1.1 deprecated by RFC 8996. Nginx default is TLSv1.2 TLSv1.3.
Aligns with postfix (>=TLSv1.2) and dovecot (TLSv1.3) in the same stack.
@Retengart
fix(security): validate localpart chars and fix account creation race
e32816b 
- Reject localparts with chars outside [a-z0-9._-] to prevent
  filesystem issues from crafted usernames via IMAP/SMTP auth
- Use filelock to serialize concurrent account creation for same
  address, preventing TOCTOU race where two threads both create
  an account and last writer wins
@Retengart
fix: add 5s timeout to TURN credential socket
47c9586 
Hung TURN daemon would block dict proxy handler thread indefinitely.
Per Python docs, settimeout() raises TimeoutError on expiry.
@Retengart
fix: handle turn_credentials exceptions in metadata proxy
447c0ee 
ConnectionRefusedError/FileNotFoundError/TimeoutError from
turn_credentials() would kill the dict proxy connection.
Return N (not found) response instead and log the error.
@Retengart
test: add error-path tests for all bug fixes
1d8e44a 
- test_doveauth: invalid localpart chars rejected, concurrent same-account creation
- test_expire: --mdir filtering uses msg.path correctly
- test_metadata: TURN exception returns N\n, success returns credentials
- test_turnserver: socket timeout, connection refused, happy path
- test_dns: get_dkim_entry returns (None, None) on CalledProcessError
- test_rshell: dovecot_recalc_quota handles empty/malformed output
@missytake missytake temporarily deployed to staging2.testrun.org February 8, 2026 08:13 — with GitHub Actions Inactive
@missytake missytake temporarily deployed to staging-ipv4.testrun.org February 8, 2026 08:13 — with GitHub Actions Inactive
@missytake missytake closed this Feb 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@missytake @Retengart