schleuder 3.5.3 → 4.0.2

data/lib/schleuder/conf.rb

@@ -4,14 +4,14 @@ module Schleuder
   class Conf
     include Singleton
 
-    EMAIL_REGEXP = /\A.+@[[:alnum:]_.-]+\z/i
+    EMAIL_REGEXP = URI::MailTo::EMAIL_REGEXP
     # TODO: drop v3 keys and only accept length of 40
     FINGERPRINT_REGEXP = /\A(0x)?[a-f0-9]{32}([a-f0-9]{8})?\z/i
 
     DEFAULTS = {
       'lists_dir' => '/var/lib/schleuder/lists',
       'listlogs_dir' => '/var/lib/schleuder/lists',
-      'plugins_dir' => '/etc/schleuder/plugins',
+      'keyword_handlers_dir' => '/usr/local/lib/schleuder/keyword_handlers',
       'filters_dir' => '/usr/local/lib/schleuder/filters',
       'log_level' => 'warn',
       'superadmin' => 'root@localhost',
@@ -56,8 +56,8 @@ module Schleuder
       instance.config['listlogs_dir']
     end
 
-    def self.plugins_dir
-      instance.config['plugins_dir']
+    def self.keyword_handlers_dir
+      instance.config['keyword_handlers_dir']
     end
 
     def self.filters_dir

data/lib/schleuder/errors/base.rb

@@ -1,8 +1,8 @@
 module Schleuder
   module Errors
     class Base < StandardError
-      def t(*args)
-        I18n.t(*args)
+      def t(key, **kwargs)
+        I18n.t(key, **kwargs)
       end
 
       def to_s

data/lib/schleuder/errors/decryption_failed.rb

@@ -4,7 +4,7 @@ module Schleuder
       def initialize(list)
         set_default_locale
         super t('errors.decryption_failed',
-                    { key: list.key.to_s, email: list.sendkey_address })
+                    key: list.key.to_s, email: list.sendkey_address)
       end
     end
   end

data/lib/schleuder/errors/fatal_error.rb

@@ -5,7 +5,7 @@ module Schleuder
       end
 
       def to_s
-        t("errors.fatalerror")
+        t('errors.fatalerror')
       end
     end
   end

data/lib/schleuder/errors/key_adduid_failed.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Errors
     class KeyAdduidFailed < Base
       def initialize(errmsg)
-        super t('errors.key_adduid_failed', { errmsg: errmsg })
+        super t('errors.key_adduid_failed', errmsg: errmsg)
       end
     end
   end

data/lib/schleuder/errors/key_generation_failed.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Errors
     class KeyGenerationFailed < Base
       def initialize(listdir, listname)
-        super t('errors.key_generation_failed', {listdir: listdir, listname: listname})
+        super t('errors.key_generation_failed', listdir: listdir, listname: listname)
       end
     end
   end

data/lib/schleuder/errors/message_empty.rb

@@ -3,7 +3,7 @@ module Schleuder
     class MessageEmpty < Base
       def initialize(list)
         set_default_locale
-        super t('errors.message_empty', { request_address: list.request_address })
+        super t('errors.message_empty', request_address: list.request_address)
       end
     end
   end

data/lib/schleuder/errors/message_too_big.rb

@@ -4,7 +4,7 @@ module Schleuder
       def initialize(list)
         set_default_locale
         allowed_size = list.max_message_size_kb
-        super t('errors.message_too_big', { allowed_size: allowed_size })
+        super t('errors.message_too_big', allowed_size: allowed_size)
       end
     end
   end

data/lib/schleuder/errors/too_many_keys.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Errors
     class TooManyKeys < Base
       def initialize(listdir, listname)
-        super t('errors.too_many_keys', {listdir: listdir, listname: listname})
+        super t('errors.too_many_keys', listdir: listdir, listname: listname)
       end
     end
   end

data/lib/schleuder/filters/post_decryption/10_request.rb

@@ -3,17 +3,17 @@ module Schleuder
     def self.request(list, mail)
       return if ! mail.request?
 
-      list.logger.debug "Request-message"
+      list.logger.debug 'Request-message'
 
       if ! mail.was_encrypted? || ! mail.was_validly_signed?
-        list.logger.debug "Error: Message was not encrypted and validly signed"
+        list.logger.debug 'Error: Message was not encrypted and validly signed'
         return Errors::MessageUnauthenticated.new
       end
 
       if mail.keywords.empty?
         output = I18n.t(:no_keywords_error)
       else
-        output = PluginRunners::RequestPluginsRunner.run(list, mail)
+        output = KeywordHandlersRunner.run(type: :request, list: list, mail: mail)
         output = output.flatten.map(&:presence).compact
         if output.blank?
           output = I18n.t(:no_output_result)

data/lib/schleuder/filters/post_decryption/20_max_message_size.rb

@@ -3,7 +3,7 @@ module Schleuder
 
     def self.max_message_size(list, mail)
       if (mail.raw_source.size / 1024) > list.max_message_size_kb
-        list.logger.info "Rejecting mail as too big"
+        list.logger.info 'Rejecting mail as too big'
         return Errors::MessageTooBig.new(list)
       end
     end

data/lib/schleuder/filters/post_decryption/30_forward_to_owner.rb

@@ -3,7 +3,7 @@ module Schleuder
     def self.forward_to_owner(list, mail)
       return if ! mail.to_owner?
 
-      list.logger.debug "Forwarding addressed to -owner"
+      list.logger.debug 'Forwarding addressed to -owner'
       mail.add_pseudoheader(:note, I18n.t(:owner_forward_prefix))
       cleanmail = mail.clean_copy(true)
       list.admins.each do |admin|

data/lib/schleuder/filters/post_decryption/40_receive_admin_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_admin_only(list, mail)
       if list.receive_admin_only? && ( ! mail.was_validly_signed? || ! mail.signer.admin? )
-        list.logger.info "Rejecting mail as not from admin."
+        list.logger.info 'Rejecting mail as not from admin.'
         return Errors::MessageNotFromAdmin.new
       end
     end

data/lib/schleuder/filters/post_decryption/50_receive_authenticated_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_authenticated_only(list, mail)
       if list.receive_authenticated_only? && ( ! mail.was_encrypted? || ! mail.was_validly_signed? )
-        list.logger.info "Rejecting mail as unauthenticated"
+        list.logger.info 'Rejecting mail as unauthenticated'
         return Errors::MessageUnauthenticated.new
       end
     end

data/lib/schleuder/filters/post_decryption/60_receive_signed_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_signed_only(list, mail)
       if list.receive_signed_only? && ! mail.was_validly_signed?
-        list.logger.info "Rejecting mail as unsigned"
+        list.logger.info 'Rejecting mail as unsigned'
         return Errors::MessageUnsigned.new
       end
     end

data/lib/schleuder/filters/post_decryption/70_receive_encrypted_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_encrypted_only(list, mail)
       if list.receive_encrypted_only? && ! mail.was_encrypted?
-        list.logger.info "Rejecting mail as unencrypted"
+        list.logger.info 'Rejecting mail as unencrypted'
         return Errors::MessageUnencrypted.new
       end
     end

data/lib/schleuder/filters/post_decryption/80_receive_from_subscribed_emailaddresses_only.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.receive_from_subscribed_emailaddresses_only(list, mail)
       if list.receive_from_subscribed_emailaddresses_only? && list.subscriptions.where(email: mail.from.first).blank?
-        list.logger.info "Rejecting mail as not from subscribed address."
+        list.logger.info 'Rejecting mail as not from subscribed address.'
         return Errors::MessageSenderNotSubscribed.new
       end
     end

data/lib/schleuder/filters/pre_decryption/10_forward_bounce_to_admins.rb

@@ -2,7 +2,7 @@ module Schleuder
   module Filters
     def self.forward_bounce_to_admins(list, mail)
       if mail.automated_message?
-        list.logger.info "Forwarding automated message to admins"
+        list.logger.info 'Forwarding automated message to admins'
         list.logger.notify_admin I18n.t(:forward_automated_message_to_admins), mail.original_message, I18n.t('automated_message_subject')
         exit
       end

data/lib/schleuder/filters/pre_decryption/30_send_key.rb

@@ -3,7 +3,7 @@ module Schleuder
     def self.send_key(list, mail)
       return if ! mail.sendkey_request?
 
-      list.logger.debug "Sending public key as reply."
+      list.logger.debug 'Sending public key as reply.'
 
       out = mail.reply
       out.from = list.email

data/lib/schleuder/filters/pre_decryption/40_fix_exchange_messages.rb

@@ -18,7 +18,7 @@ module Schleuder
           mail.parts[1][:content_type].content_type == 'application/pgp-encrypted' &&
           mail.parts[2][:content_type].content_type == 'application/octet-stream'
         mail.parts.delete_at(0)
-        mail.content_type = [:multipart, :encrypted, {protocol: "application/pgp-encrypted", boundary: mail.boundary}]
+        mail.content_type = [:multipart, :encrypted, {protocol: 'application/pgp-encrypted', boundary: mail.boundary}]
       end
     end
   end

data/lib/schleuder/filters/pre_decryption/50_strip_html_from_alternative.rb

@@ -8,12 +8,12 @@ module Schleuder
         return false
       end
 
-      Schleuder.logger.debug "Stripping html-part from multipart/alternative-message"
+      Schleuder.logger.debug 'Stripping html-part from multipart/alternative-message'
       mail.parts.delete_if do |part|
         part[:content_type].content_type == 'text/html'
       end
       mail.content_type = 'multipart/mixed'
-      mail.add_pseudoheader(:note, I18n.t("pseudoheaders.stripped_html_from_multialt"))
+      mail.add_pseudoheader(:note, I18n.t('pseudoheaders.stripped_html_from_multialt'))
     end
   end
 end

data/lib/schleuder/filters_runner.rb

@@ -34,7 +34,7 @@ module Schleuder
 
       def bounce?(response, mail)
         if list.bounces_drop_all
-          list.logger.debug "Dropping bounce as configurated"
+          list.logger.debug 'Dropping bounce as configurated'
           notify_admins(I18n.t('.bounces_drop_all'), mail.original_message)
           return false
         end
@@ -47,7 +47,7 @@ module Schleuder
           end
         end
 
-        list.logger.debug "Bouncing message"
+        list.logger.debug 'Bouncing message'
         true
       end
 
@@ -61,21 +61,21 @@ module Schleuder
         list.logger.debug "Loading #{filter_type}_decryption filters"
         sorted_filters.map do |filter_name|
           require all_filter_files[filter_name]
-          filter_name.split('_',2).last
+          filter_name.split('_', 2).last
         end
       end
 
       def sorted_filters
-        @sorted_filters ||= all_filter_files.keys.sort do |a,b|
-          a.split('_',2).first.to_i <=> b.split('_',2).first.to_i
+        @sorted_filters ||= all_filter_files.keys.sort do |a, b|
+          a.split('_', 2).first.to_i <=> b.split('_', 2).first.to_i
         end
       end
 
       def all_filter_files
         @all_filter_files ||= begin
           files_in_filter_dirs = Dir[*filter_dirs]
-          files_in_filter_dirs.inject({}) do |res,file|
-            filter_name = File.basename(file,'.rb')
+          files_in_filter_dirs.inject({}) do |res, file|
+            filter_name = File.basename(file, '.rb')
             res[filter_name] = file
             res
           end
@@ -83,9 +83,9 @@ module Schleuder
       end
 
       def filter_dirs
-        @filter_dirs ||= [File.join(File.dirname(__FILE__),"filters"),
+        @filter_dirs ||= [File.join(File.dirname(__FILE__), 'filters'),
                           Schleuder::Conf.filters_dir].map do |d|
-                            File.join(d,"#{filter_type}_decryption/[0-9]*_*.rb")
+                            File.join(d, "#{filter_type}_decryption/[0-9]*_*.rb")
                           end
       end
     end

data/lib/schleuder/gpgme/ctx.rb

@@ -25,10 +25,10 @@ module GPGME
           [import_status.fpr, nil]
         end
       when 0
-        [nil, "The given key material did not contain any keys!"]
+        [nil, 'The given key material did not contain any keys!']
       else
         # TODO: report import-stati of the keys?
-        [nil, "The given key material contained more than one key, could not determine which fingerprint to use. Please set it manually!"]
+        [nil, 'The given key material contained more than one key, could not determine which fingerprint to use. Please set it manually!']
       end
     end
 
@@ -78,8 +78,8 @@ module GPGME
     end
 
     def self.check_gpg_version
-      if ! sufficient_gpg_version?('2.0')
-        $stderr.puts "Error: GnuPG version >= 2.0 required.\nPlease install it and/or provide the path to the binary via the environment-variable GPGBIN.\nExample: GPGBIN=/opt/gpg2/bin/gpg ..."
+      if ! sufficient_gpg_version?('2.2')
+        $stderr.puts "Error: GnuPG version >= 2.2 required.\nPlease install it and/or provide the path to the binary via the environment-variable GPGBIN.\nExample: GPGBIN=/opt/gpg2/bin/gpg ..."
         exit 1
       end
     end
@@ -95,10 +95,7 @@ module GPGME
         sleep rand(1.0..5.0)
         refresh_key(key.fingerprint).presence
       end
-      # TODO: drop version check once we killed gpg 2.0 support.
-      if GPGME::Ctx.sufficient_gpg_version?('2.1')
-        `gpgconf --kill dirmngr`
-      end
+      `gpgconf --kill dirmngr`
       output.compact.join("\n")
     end
 
@@ -110,6 +107,8 @@ module GPGME
         # Return filtered error messages. Include gpgkeys-messages from stdout
         # (gpg 2.0 does that), which could e.g. report a failure to connect to
         # the keyserver.
+        # TODO: Revisit this once we don't do network access via GPG
+        # anymore.
         res = [
           refresh_key_filter_messages(gpgerr),
           refresh_key_filter_messages(gpgout).grep(/^gpgkeys: /)
@@ -118,8 +117,7 @@ module GPGME
         # we better kill dirmngr, so it hopefully won't suffer
         # from the same error during the next run.
         # See #309 for background
-        # TODO: drop version check once we killed gpg 2.0 support.
-        if !res.empty? && GPGME::Ctx.sufficient_gpg_version?('2.1')
+        if !res.empty?
           `gpgconf --kill dirmngr`
         end
         res.join("\n")
@@ -136,7 +134,6 @@ module GPGME
       arguments, error = fetch_key_gpg_arguments_for(input)
       return error if error
 
-      self.class.send_notice_if_gpg_does_not_know_import_filter
       gpgerr, gpgout, exitcode = self.class.gpgcli("#{import_filter_arg} #{arguments}")
 
       # Unfortunately gpg doesn't exit with code > 0 if `--fetch-key` fails.
@@ -158,7 +155,7 @@ module GPGME
         # restricted to keyservers.
         "#{keyserver_arg} --auto-key-locate keyserver --locate-key #{input}"
       else
-        [nil, I18n.t("fetch_key.invalid_input")]
+        [nil, I18n.t('fetch_key.invalid_input')]
       end
     end
 
@@ -166,8 +163,8 @@ module GPGME
       import_states = translate_import_data(gpgoutput)
       strings = import_states.map do |fingerprint, states|
         key = find_distinct_key(fingerprint)
-        I18n.t(locale_key, { key_oneline: key.oneline,
-                             states: states.to_sentence })
+        I18n.t(locale_key, key_summary: key.summary,
+                           states: states.to_sentence)
       end
       strings
     end
@@ -182,7 +179,7 @@ module GPGME
         states = []
 
         if import_status == 0
-          states << I18n.t("import_states.unchanged")
+          states << I18n.t('import_states.unchanged')
         else
           IMPORT_FLAGS.each do |text, int|
             if (import_status & int) > 0
@@ -213,7 +210,7 @@ module GPGME
       errors = []
       output = []
       base_cmd = gpg_engine.file_name
-      base_args = "--no-greeting --no-permission-warning --quiet --armor --trust-model always --no-tty --command-fd 0 --status-fd 1"
+      base_args = '--no-greeting --no-permission-warning --quiet --armor --trust-model always --no-tty --command-fd 0 --status-fd 1'
       cmd = [base_cmd, base_args, args].flatten.join(' ')
       Open3.popen3(cmd) do |stdin, stdout, stderr, thread|
         if block_given?
@@ -231,65 +228,16 @@ module GPGME
       raise 'Need gpg in $PATH or in $GPGBIN'
     end
 
-    def self.gpgcli_expect(args)
-      gpgcli(args) do |stdin, stdout, stderr|
-        counter = 0
-        while line = stdout.gets rescue nil
-          counter += 1
-          if counter > 1042
-            return "Too many input-lines from gpg, something went wrong"
-          end
-          output, error = yield(line.chomp)
-          if output == false
-            return error
-          elsif output
-            stdin.puts output
-          end
-        end
-      end
-    end
-
-    def self.spawn_daemon(name, args)
-      delete_daemon_socket(name)
-      cmd = "#{name} #{args} --daemon > /dev/null 2>&1"
-      if ! system(cmd)
-        return [false, "#{name} exited with code #{$?}"]
-      end
-    end
-
-    def self.delete_daemon_socket(name)
-      path = File.join(ENV["GNUPGHOME"], "S.#{name}")
-      if File.exist?(path)
-        File.delete(path)
-      end
-    end
-
     def keyserver_arg
       if Conf.keyserver.present?
         "--keyserver #{Conf.keyserver}"
       else
-        ""
+        ''
       end
     end
 
-    def self.gpg_knows_import_filter?
-      sufficient_gpg_version?('2.1.15')
-    end
-
     def import_filter_arg
-      if self.class.gpg_knows_import_filter?
-        %{ --import-filter drop-sig='sig_created_d > 0000-00-00'}
-      end
-    end
-
-    def self.send_notice_if_gpg_does_not_know_import_filter
-      if ! gpg_knows_import_filter?
-        Schleuder.logger.notify_superadmin(
-            subject: 'Schleuder installation problem',
-            message: "Your version of GnuPG is very old, please update!\n\nWith your version of GnuPG we can not protect your setup against signature flooding. Please update to at least version 2.1.15 to fix this problem. See <https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html> for details on the background."
-          )
-        ''
-      end
+      %{ --import-filter drop-sig='sig_created_d > 0000-00-00'}
     end
   end
 end