From cfaf794ec639571bdb69c4e1bab5cf96089495d9 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 02:26:36 +0100 Subject: [PATCH 1/9] update changelog, bump version --- CHANGELOG.md | 4 +++- mix.exs | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f63fa540c..5cd48b07c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [Unreleased] +## 2022.09 ### Added - support for fedibird-fe, and non-breaking API parity for it to function @@ -13,9 +13,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - the ability to obfuscate domains in your MRF descriptions - automatic translation of statuses via DeepL or LibreTranslate - ability to edit posts +- ability to react with remote emoji ### Changed - MFM parsing is now done on the backend by a modified version of ilja's parser -> https://akkoma.dev/AkkomaGang/mfm-parser +- InlineQuotePolicy is now on by default ### Fixed - Compatibility with latest meilisearch diff --git a/mix.exs b/mix.exs index ef038ce74..19e6fd045 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("3.1.0"), + version: version("3.2.0"), elixir: "~> 1.12", elixirc_paths: elixirc_paths(Mix.env()), compilers: [:phoenix, :gettext] ++ Mix.compilers(), -- 2.34.1 From b8e86a546db8c42e61d05cd0616203f8e0b0d884 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 02:57:21 +0100 Subject: [PATCH 2/9] Add signing key --- SIGNING_KEY.pub | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 SIGNING_KEY.pub diff --git a/SIGNING_KEY.pub b/SIGNING_KEY.pub new file mode 100644 index 000000000..7d8b48da8 --- /dev/null +++ b/SIGNING_KEY.pub @@ -0,0 +1,2 @@ +untrusted comment: Akkoma Signing Key public key +RWQRlw8Ex/uTbvo1wB1yK75tQ5nXKilB/vrKdkL41bgZHL9aKP+7fSS5 -- 2.34.1 From 155b5a549686214209f40683ae38870e8afbb663 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 03:14:36 +0100 Subject: [PATCH 3/9] add signing of stable releases --- .woodpecker.yml | 2 + .../installation/verifying_otp_releases.md | 57 +++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 docs/docs/installation/verifying_otp_releases.md diff --git a/.woodpecker.yml b/.woodpecker.yml index 32db2f1c5..1fdd79228 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -3,6 +3,7 @@ variables: - SCW_ACCESS_KEY - SCW_SECRET_KEY - SCW_DEFAULT_ORGANIZATION_ID + - SIGNIFY_PRIV_KEY - &setup-hex "mix local.hex --force && mix local.rebar --force" - &on-release when: @@ -21,6 +22,7 @@ variables: branch: - develop - stable + - 202209-stable-release - &on-pr-open when: event: diff --git a/docs/docs/installation/verifying_otp_releases.md b/docs/docs/installation/verifying_otp_releases.md new file mode 100644 index 000000000..4b3fb9c94 --- /dev/null +++ b/docs/docs/installation/verifying_otp_releases.md @@ -0,0 +1,57 @@ +# Verifying OTP release integrity + +All OTP releases are cryptographically signed, to allow +you to verify the integrity if you choose to. + +Releases are signed with [Signify](https://man.openbsd.org/signify.1), +with [the public key in the main repository](https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/SIGNING_KEY.pub) + +Release URLs will always be of the form + +``` +https://akkoma-updates.s3-website.fr-par.scw.cloud/{branch}/akkoma-{flavour}.zip +``` + +Where branch is usually `stable` or `develop`, and `flavour` is +the one [that you detect on install](../otp_en/#detecting-flavour). + +So, for an AMD64 stable install, your update URL will be + +``` +https://akkoma-updates.s3-website.fr-par.scw.cloud/stable/akkoma-amd64.zip +``` + +To verify the integrity of this file, we have two helper files + +``` +# Checksums +https://akkoma-updates.s3-website.fr-par.scw.cloud/{branch}/akkoma-{flavour}.zip.sha256 + +# Signify signature of the hashes +https://akkoma-updates.s3-website.fr-par.scw.cloud/{branch}/akkoma-{flavour}.zip.sha256.sig +``` + +Thus, to upgrade manually, with integrity checking, consider the following script: + +```bash +#!/bin/sh +set -eo pipefail + +export FLAVOUR=amd64 +export BRANCH=stable + +# Fetch signing key +wget https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/SIGNING_KEY.pub -o AKKOMA_SIGNING_KEY.pub + +# Download zip file and sig files +wget https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR{.zip,.zip.sha256,.zip.sha256.sig} + +# Verify zip file's sha256 integrity +sha256sum --check akkoma-$FLAVOUR.zip.sha256 + +# Verify hash file's integrity +signify -V -p AKKOMA_SIGNING_KEY.pub -m akkoma-$FLAVOUR.zip.sha256.sig + +# We're good, use that URL +./bin/pleroma_ctl update --zip-url https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR.zip +``` -- 2.34.1 From d98f72a2c4153fde5eeec7784d2adb80ed6fd4ca Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 03:15:12 +0100 Subject: [PATCH 4/9] test signing --- .woodpecker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 1fdd79228..ad6c00535 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -15,6 +15,7 @@ variables: - stable - refs/tags/v* - refs/tags/stable-* + - 202209-stable-release - &on-point-release when: event: @@ -22,7 +23,6 @@ variables: branch: - develop - stable - - 202209-stable-release - &on-pr-open when: event: -- 2.34.1 From 4d76554ed19fcd711d558c28fb2c7d8a51bfb4f3 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 03:37:52 +0100 Subject: [PATCH 5/9] just skip build --- .woodpecker.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index ad6c00535..3ea9bf93a 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -100,8 +100,10 @@ pipeline: - echo "import Config" > config/prod.secret.exs - *setup-hex - *tag-build - - mix deps.get --only prod - - mix release --path release + #- mix deps.get --only prod + #- mix release --path release + - mkdir release + - echo "test" >> release/test - zip akkoma-ubuntu-jammy.zip -r release release-ubuntu22: -- 2.34.1 From cd3920c4891125725b867ce74a0fafac579db3a5 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 03:42:23 +0100 Subject: [PATCH 6/9] don't sign automatically --- .woodpecker.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 3ea9bf93a..c31b4c001 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -3,7 +3,6 @@ variables: - SCW_ACCESS_KEY - SCW_SECRET_KEY - SCW_DEFAULT_ORGANIZATION_ID - - SIGNIFY_PRIV_KEY - &setup-hex "mix local.hex --force && mix local.rebar --force" - &on-release when: @@ -100,10 +99,8 @@ pipeline: - echo "import Config" > config/prod.secret.exs - *setup-hex - *tag-build - #- mix deps.get --only prod - #- mix release --path release - - mkdir release - - echo "test" >> release/test + - mix deps.get --only prod + - mix release --path release - zip akkoma-ubuntu-jammy.zip -r release release-ubuntu22: -- 2.34.1 From db326af846d932417d4bd4f113004b11980fcbbe Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 04:07:16 +0100 Subject: [PATCH 7/9] correct verification script --- .../docs/installation/verifying_otp_releases.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/docs/installation/verifying_otp_releases.md b/docs/docs/installation/verifying_otp_releases.md index 4b3fb9c94..1b8d247fb 100644 --- a/docs/docs/installation/verifying_otp_releases.md +++ b/docs/docs/installation/verifying_otp_releases.md @@ -1,6 +1,6 @@ # Verifying OTP release integrity -All OTP releases are cryptographically signed, to allow +All stable OTP releases are cryptographically signed, to allow you to verify the integrity if you choose to. Releases are signed with [Signify](https://man.openbsd.org/signify.1), @@ -41,7 +41,7 @@ export FLAVOUR=amd64 export BRANCH=stable # Fetch signing key -wget https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/SIGNING_KEY.pub -o AKKOMA_SIGNING_KEY.pub +curl https://akkoma.dev/AkkomaGang/akkoma/raw/branch/develop/SIGNING_KEY.pub -o AKKOMA_SIGNING_KEY.pub # Download zip file and sig files wget https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR{.zip,.zip.sha256,.zip.sha256.sig} @@ -50,8 +50,17 @@ wget https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR{ sha256sum --check akkoma-$FLAVOUR.zip.sha256 # Verify hash file's integrity -signify -V -p AKKOMA_SIGNING_KEY.pub -m akkoma-$FLAVOUR.zip.sha256.sig +# Signify might be under the `signify` command, depending on your distribution +signify-openbsd -V -p AKKOMA_SIGNING_KEY.pub -m akkoma-$FLAVOUR.zip.sha256 # We're good, use that URL -./bin/pleroma_ctl update --zip-url https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR.zip +echo "Update URL contents verified" +echo "use" +echo "./bin/pleroma_ctl update --zip-url https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR" +echo "to update your instance" + +# Clean up +rm akkoma-$FLAVOUR.zip +rm akkoma-$FLAVOUR.zip.sha256 +rm akkoma-$FLAVOUR.zip.sha256.sig ``` -- 2.34.1 From 48a0ed1046c2e66de15c18b32b08bb48a0f8b257 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 04:07:57 +0100 Subject: [PATCH 8/9] revert test build --- .woodpecker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index c31b4c001..32db2f1c5 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -14,7 +14,6 @@ variables: - stable - refs/tags/v* - refs/tags/stable-* - - 202209-stable-release - &on-point-release when: event: -- 2.34.1 From 711745fcf2faa1a3569078237439dab682bed4b1 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 9 Sep 2022 04:32:11 +0100 Subject: [PATCH 9/9] use bash --- docs/docs/installation/verifying_otp_releases.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/docs/installation/verifying_otp_releases.md b/docs/docs/installation/verifying_otp_releases.md index 1b8d247fb..86dacfec2 100644 --- a/docs/docs/installation/verifying_otp_releases.md +++ b/docs/docs/installation/verifying_otp_releases.md @@ -34,17 +34,17 @@ https://akkoma-updates.s3-website.fr-par.scw.cloud/{branch}/akkoma-{flavour}.zip Thus, to upgrade manually, with integrity checking, consider the following script: ```bash -#!/bin/sh +#!/bin/bash set -eo pipefail export FLAVOUR=amd64 export BRANCH=stable # Fetch signing key -curl https://akkoma.dev/AkkomaGang/akkoma/raw/branch/develop/SIGNING_KEY.pub -o AKKOMA_SIGNING_KEY.pub +curl --silent https://akkoma.dev/AkkomaGang/akkoma/raw/branch/$BRANCH/SIGNING_KEY.pub -o AKKOMA_SIGNING_KEY.pub # Download zip file and sig files -wget https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR{.zip,.zip.sha256,.zip.sha256.sig} +wget -q https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR{.zip,.zip.sha256,.zip.sha256.sig} # Verify zip file's sha256 integrity sha256sum --check akkoma-$FLAVOUR.zip.sha256 -- 2.34.1