Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

chore: Revise utility install scripts + add Smallstep step CLI #4376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Mar 3, 2025
Merged

chore: Revise utility install scripts + add Smallstep step CLI #4376

merged 6 commits into from
Mar 3, 2025

Conversation

polarathene
Copy link
Member

@polarathene polarathene commented Feb 17, 2025
edited
Loading

Description

step isn't used for anything yet, so no rush for this PR, but it won't introduce any breakage into DMS v15 😅

Changes:

  • jaq should probably live in /usr/local/bin with other third-party sourced binaries.
  • swaks install properly with just tar, no mv + rm needed.
  • Added Smallstep step CLI. This serves similar purpose to openssl commands, but is generally nicer for usage with generation and inspection of certs/keys. I've talked up using in DMS a few times in the past for our TLS helper and unifying DKIM support (instead of separate OpenDKIM/Rspamd generators).
  • Including step for both AMD64 / ARM64 archs needs the alternate naming convention that it's published to GH releases with.
  • Added commentary about the tar usage. The ownership is a common one, technically a non-issue when running as root 🤷‍♂️ Let me know if it's overkill and you prefer the mv + rm approach with a additional chown.

Type of change

  • Improvement (non-breaking change that does improve existing functionality)

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • New and existing unit tests pass locally with my changes
  • I have added information about changes made in this PR to CHANGELOG.md

@polarathene polarathene self-assigned this Feb 17, 2025
@polarathene polarathene changed the title chore: Install jaq to /usr/local/bin + install swaks via tar chore: Revise utility install scripts + add Smallstep step CLI Feb 17, 2025
@polarathene polarathene marked this pull request as ready for review February 17, 2025 05:08
@georglauterbach georglauterbach added the meta/feature freeze On hold due to upcoming release process label Feb 18, 2025
@georglauterbach
Copy link
Member

georglauterbach commented Feb 18, 2025
edited
Loading

step isn't used for anything yet

No need to cram this into v15.0.0.

I also lack background for this change, it seems. What's the rationale here?

@georglauterbach georglauterbach added the kind/new feature A new feature is requested in this issue or implemeted with this PR label Feb 18, 2025
@georglauterbach georglauterbach added this to the v15.1.0 milestone Feb 18, 2025
@polarathene
Copy link
Member Author

I also lack background for this change, it seems. What's the rationale here?

For step? I explained this in the "changes" list regarding it.

I think it's a more user friendly openssl alternative that we can use for both TLS/X.509 certs and public-key cryptography (DKIM/ARC). It'd be useful for docs, troubleshooting advice (nicer output vs openssl, can output results as JSON too), self-signed cert and key generation.

As such it can replace the separate opendkim/rspamd DKIM key generators. Your rspamd script for example appears to start rspamd in the background just to generate the keys.

We could technically not add step into the image, but given the image already weighs over 700MB, 13MB isn't a big ask for the convenience to users and our docs.

Or were you asking about the other changes unrelated to step? Those should also be explained under the "changes" list I provided?

@georglauterbach
Copy link
Member

Sorry, I was blind I guess... I somehow missed it in the PR description.

I really like these modern tools! And I also appreciate this replacing the horrible openssl command ❤️👍🏼

@casperklein
Copy link
Member

casperklein commented Feb 19, 2025
edited
Loading

LGTM 👍 If there are more tools in the future, we should put them in own functions.

casperklein
casperklein previously approved these changes Feb 19, 2025
View reviewed changes
@georglauterbach georglauterbach removed the meta/feature freeze On hold due to upcoming release process label Mar 1, 2025
@georglauterbach georglauterbach modified the milestones: v15.1.0, v15.0.1 Mar 3, 2025
@georglauterbach georglauterbach moved this from New Feature Request to Implementation Phase in DMS Features & Tasks Mar 3, 2025
@georglauterbach
Copy link
Member

IMO we can put this into v15.0.1 too @polarathene if you update CHANGELOG.md.

@polarathene polarathene enabled auto-merge (squash) March 3, 2025 21:38
@polarathene polarathene merged commit d0629f4 into master Mar 3, 2025
7 checks passed
@polarathene polarathene deleted the chore/install-stepcli branch March 3, 2025 21:58
@github-project-automation github-project-automation bot moved this from Implementation Phase to Done in DMS Features & Tasks Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@georglauterbach georglauterbach georglauterbach approved these changes

@casperklein casperklein casperklein left review comments

Assignees

@polarathene polarathene

Labels

area/scripts kind/new feature A new feature is requested in this issue or implemeted with this PR

Projects

DMS Features & Tasks
Status: Done

Milestone

v15.0.1

Development

Successfully merging this pull request may close these issues.

3 participants

@polarathene @georglauterbach @casperklein
Morty Proxy This is a proxified and sanitized view of the page, visit original site.