schleuder-cli issueshttps://0xacab.org/schleuder/schleuder-cli/-/issues2023-08-01T20:11:35Zhttps://0xacab.org/schleuder/schleuder-cli/-/issues/44Crash: undefined method `escape' for URI:Module (NoMethodError)2023-08-01T20:11:35ZmissytakeCrash: undefined method `escape' for URI:Module (NoMethodError)## Expected Behavior:
I can use the schleuder-cli to list key subscriptions.
## Actual Behavior:
The CLI crashes, and it doesn't work:
```
schleuder-cli32 subscriptions list asdf@schleuder.example.org
Calling `DidYou...## Expected Behavior:
I can use the schleuder-cli to list key subscriptions.
## Actual Behavior:
The CLI crashes, and it doesn't work:
```
schleuder-cli32 subscriptions list asdf@schleuder.example.org
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
/usr/local/lib/ruby/gems/3.2/gems/schleuder-cli-0.1.0/lib/schleuder-cli/helper.rb:22:in `block in url': undefined method `escape' for URI:Module (NoMethodError)
"#{URI.escape(k.to_s)}=#{URI.escape(v.to_s)}"
^^^^^^^
from /usr/local/lib/ruby/gems/3.2/gems/schleuder-cli-0.1.0/lib/schleuder-cli/helper.rb:21:in `each'
from /usr/local/lib/ruby/gems/3.2/gems/schleuder-cli-0.1.0/lib/schleuder-cli/helper.rb:21:in `map'
from /usr/local/lib/ruby/gems/3.2/gems/schleuder-cli-0.1.0/lib/schleuder-cli/helper.rb:21:in `url'
from /usr/local/lib/ruby/gems/3.2/gems/schleuder-cli-0.1.0/lib/schleuder-cli/subscriptions.rb:8:in `list'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor/invocation.rb:115:in `invoke'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor.rb:238:in `block in subcommand'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
from /usr/local/lib/ruby/gems/3.2/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
from /usr/local/lib/ruby/gems/3.2/gems/schleuder-cli-0.1.0/bin/schleuder-cli:7:in `<top (required)>'
from /usr/local/bin/schleuder-cli32:25:in `load'
from /usr/local/bin/schleuder-cli32:25:in `<main>'
```
## Hotfix:
If anyone just needs a quick fix, this worked for me. Just change line 22 in `/usr/local/lib/ruby/gems/3.2/gems/schleuder-cli-0.1.0/lib/schleuder-cli/helper.rb` to:
```
"#{(k.to_s)}=#{(v.to_s)}"
```
Simply removing the `URI.escape` calls worked for me. You need to take care what commands you enter in the future though.schleuder-cli 0.1.1https://0xacab.org/schleuder/schleuder-cli/-/issues/43schleuder-cli on debian bullseye Deprecation warnings on incomplete commands2022-07-16T13:42:32Zfleishschleuder-cli on debian bullseye Deprecation warnings on incomplete commandsI've been testing schleuder 3.6.0 on Debian Bullseye/11.4 in preparation for an upgrade from Buster on Debian Buster/10.12 and am seeing these warnings on when calling schleuder-cli without all required options:
>Deprecation warning: Th...I've been testing schleuder 3.6.0 on Debian Bullseye/11.4 in preparation for an upgrade from Buster on Debian Buster/10.12 and am seeing these warnings on when calling schleuder-cli without all required options:
>Deprecation warning: Thor exit with status 0 on errors. To keep this behavior, you must define `exit_on_failure?` in `SchleuderCli::Base`
>You can silence deprecations warning by setting the environment variable THOR_SILENCE_DEPRECATION.
Here are some of the commands I found this on so far but I suspect there are others:
`schleuder-cli lists set <LIST> set_reply_to_to_sender`
`schleuder-cli lists new`
The Deprecation warning follows ERROR & Usage lines like these:
> ERROR: "schleuder-cli lists new" was called with no arguments
> Usage: "schleuder-cli lists new <list@hostname> <adminaddress> [</path/to/publickeys.asc>]"https://0xacab.org/schleuder/schleuder-cli/-/issues/36proper syntax for setting keywords_admin_only/notify list-options with schleu...2021-05-04T13:38:30Zfleishproper syntax for setting keywords_admin_only/notify list-options with schleuder-cliCan someone please confirm the proper syntax for setting the list-options keywords_admin_only & keywords_admin_notify? It requires a JSON input, but I have been unable to craft one that is accepted and processed correctly. Thanks in adva...Can someone please confirm the proper syntax for setting the list-options keywords_admin_only & keywords_admin_notify? It requires a JSON input, but I have been unable to craft one that is accepted and processed correctly. Thanks in advance.https://0xacab.org/schleuder/schleuder-cli/-/issues/34schleuder-cli treats e-mail addresses as case-sensitive2020-01-20T19:39:16ZMichał "rysiek" Woźniakschleuder-cli treats e-mail addresses as case-sensitiveE-mail addresses are not case-sensitive, but `schleuder-cli` (and perhaps Schleuder itself?) treats them as case-sensitive:
```
root@508a3853dc01:/# schleuder-cli subscriptions list test@occrp.org
a***@occrp.org 9****************...E-mail addresses are not case-sensitive, but `schleuder-cli` (and perhaps Schleuder itself?) treats them as case-sensitive:
```
root@508a3853dc01:/# schleuder-cli subscriptions list test@occrp.org
a***@occrp.org 9**************************************b admin
c***@occrp.org 1**************************************6 admin
d***@occrp.org 2**************************************7 admin
r***@hackerspace.pl D**************************************E
r***@occrp.org 1**************************************1 admin
root@508a3853dc01:/# schleuder-cli subscriptions list Test@occrp.org
Not found
root@508a3853dc01:/# schleuder-cli subscriptions show test@occrp.org a***@occrp.org admin
true
root@508a3853dc01:/# schleuder-cli subscriptions show test@occrp.org A***@occrp.org admin
Not found
```https://0xacab.org/schleuder/schleuder-cli/-/issues/33lists show all2019-08-08T09:47:42Zalexlists show allCurrently, `schleuder-cli lists show` needs single options as arguments:
```
# schleuder-cli lists show
ERROR: "schleuder-cli lists show" was called with no arguments
Usage: "schleuder-cli lists show <list@hostname> <option>"
```
Few p...Currently, `schleuder-cli lists show` needs single options as arguments:
```
# schleuder-cli lists show
ERROR: "schleuder-cli lists show" was called with no arguments
Usage: "schleuder-cli lists show <list@hostname> <option>"
```
Few people always remember all options.
It would be awesome to have a feature `schleuder-cli lists show all` showing the values of all options.https://0xacab.org/schleuder/schleuder-cli/-/issues/32"absent" keys should show up in the output of "schleuder-cli keys check"2019-02-02T10:44:01Zdkg"absent" keys should show up in the output of "schleuder-cli keys check"Somehow i've seen a couple different schleuder lists get into a state where a key that they had is no longer present in the GnuPG keyring.
in the logs (`/var/log/schleuder/lists/mail.example.org/listname/list.log`) when messages are bei...Somehow i've seen a couple different schleuder lists get into a state where a key that they had is no longer present in the GnuPG keyring.
in the logs (`/var/log/schleuder/lists/mail.example.org/listname/list.log`) when messages are being delivered, i see:
WARN -- : Not sending to alice@example.org: key is unusable because it is absent and sending plain text not allowed
But when connecting `schleuder-cli` to the same system, i see a fingerprint from:
schleuder-cli keys list listname@mail.example.org | grep 'alice@example\.org$'
But when i do:
schleuder-cli keys check listname@mail.example.org
it produces no output about `alice@example.org`.
digging deeper, i also see no output as the schleuder user from:
gpg --homedir /var/lib/schleuder/lists/mail.example.org/listname --list-keys '<alice@example.org>'
so the key in question is really absent, though I'm not even sure how the key ends up gone from the keyring. at the very least the reporting should clearer when investigatng via schleuder-clihttps://0xacab.org/schleuder/schleuder-cli/-/issues/31schleuder only associates keys with the e-mail address on their primary (or f...2019-02-02T10:42:48Zdkgschleuder only associates keys with the e-mail address on their primary (or first?) user ID (maybe *no* e-mail address!)When i run `schleuder-cli keys list list@example.org` it shows fingerprints and e-mail addresses for each loaded certificate.
If a certificate has multiple e-mail addresses associated with it, only the e-mail address from the first User...When i run `schleuder-cli keys list list@example.org` it shows fingerprints and e-mail addresses for each loaded certificate.
If a certificate has multiple e-mail addresses associated with it, only the e-mail address from the first User ID (probably the primary?) is associated.
This is particularly problematic for certificates which have a primary User ID that has no e-mail address in it, like 25FC1614B8F87B52FF2F99B962AF4031C82E0039, because it runs into a similar issue as https://0xacab.org/schleuder/schleuder/issues/395 -- the key appears to become associated with *no* e-mail address, despite the fact that some User IDs do have e-mail addresses in them.
Note that OpenPGP certificates can get updated over time (maybe just from a keyserver refresh), and each update can potentially change the e-mail address associated with the key (e.g. by switching the primary flag).
Of course, it would also be pretty weird for schleuder to just take the OpenPGP certificate entirely at its word -- anyone can add any e-mail address to their own certificate, and it would be very strange if such an update would take over some other e-mail address, so i'm not sure how to resolve this.
But at the very least, someone with a key like 25FC1614B8F87B52FF2F99B962AF4031C82E0039 ought to be able to subscribe to a schleuder mailing list and have their key correctly associated with one of the e-mail addresses that they have listed, as opposed to the empty string.
Perhaps the right solution is to explicitly bind an OpenPGP key to an e-mail address subscribed to a list within schleuder (maybe also *requiring* that the e-mail address in question is in *some* UID), but not arbitrarily accepting any e-mail address that happens to show up in the UID.https://0xacab.org/schleuder/schleuder-cli/-/issues/30schleuder should properly handle OpenPGP keys with raw e-mail addresses as th...2019-02-02T10:42:22Zdkgschleuder should properly handle OpenPGP keys with raw e-mail addresses as the User IDGiven a key generated with:
gpg --batch --quick-gen-key 'alice@example.com'
Its user ID doesn't have any angle brackets in it.
If such an OpenPGP certificate gets imported to schleuder, schleuder does some weird things.
For one t...Given a key generated with:
gpg --batch --quick-gen-key 'alice@example.com'
Its user ID doesn't have any angle brackets in it.
If such an OpenPGP certificate gets imported to schleuder, schleuder does some weird things.
For one thing, it doesn't appear to associate that key with any e-mail address.
For another, when you do:
schleuder-cli list list@example.net
then the list duplicates the fingerprint in question on the first line of the output list. So before the import it shows:
6789012345678901234567890123456789012345 subscriber1@example.org
1234567890123456789012345678901234567890 subscriber2@example.biz
and after it shows:
3456789012345678901234567890123456789012 6789012345678901234567890123456789012345 subscriber1@example.org
1234567890123456789012345678901234567890 subscriber2@example.biz
yikes!
These kinds of User IDs are not wide-spread. [Autocrypt recommends](https://autocrypt.org/level1.html#openpgp-based-key-data) using `<foo@example.org>` instead of `foo@example.org` and schleuder#146 also suggests wrapping addresses in angle brackets (`<>`). But some user IDs like that do exist in the wild, and schleuder should handle them more gracefully.https://0xacab.org/schleuder/schleuder-cli/-/issues/29Introduce and ship apparmor profile2018-10-30T00:26:52ZgeorgIntroduce and ship apparmor profilegeorggeorghttps://0xacab.org/schleuder/schleuder-cli/-/issues/28Check Compatibility between schleuder-cli and schleuder API versoin2018-10-28T13:46:12ZNinaCheck Compatibility between schleuder-cli and schleuder API versoinWhen adapting schleuder-cli to the new API (#27) we need to have a compatibility check between the schleuder-cli version and the API-Version.
The idea was to introduce a new subcommand, e.g.
`check-compatibility`
that gets version o...When adapting schleuder-cli to the new API (#27) we need to have a compatibility check between the schleuder-cli version and the API-Version.
The idea was to introduce a new subcommand, e.g.
`check-compatibility`
that gets version of the API and compares with the installed cli version.https://0xacab.org/schleuder/schleuder-cli/-/issues/27Adapt application to The Big API Change2023-11-06T20:50:15ZNinaAdapt application to The Big API Changeschleuder#281 & schleuder#94schleuder#281 & schleuder#94https://0xacab.org/schleuder/schleuder-cli/-/issues/26make commandline-tab-completion available2018-09-21T12:59:02Zinit voidmake commandline-tab-completion availableHere is a quick script that spits out options for tab-completion of most of the schleuder-cli commands.
It will live-query the list of lists, subscriptions or keys to suggest possible values.
Not sure if this can be added to a debian-...Here is a quick script that spits out options for tab-completion of most of the schleuder-cli commands.
It will live-query the list of lists, subscriptions or keys to suggest possible values.
Not sure if this can be added to a debian-package? A quick search yielded no results on what the policy or strategy would be?
There are some hints on how to set completion up for a local user in BASH and ZSH on top of the script.
I'm thankful for all kind of feedback, since this is my very first attempt in shell-completion.
File: [schleuder-cli-completion.rb](/uploads/f87080dbfc6a2c935a31420611121d9d/schleuder-cli-completion.rb)
```ruby
#!/usr/bin/env ruby
# activate via:
# in BASH
# complete -C "/path/to/schleuder-cli-completion.rb" -o default schleuder-cli
# in ZSH
# function _schleueder-cli-completion() {
# read -l
# local cl="$REPLY"
# reply=(`COMP_LINE="$cl" /path/to/schleuder-cli-completion.rb`)
# }
# compctl -K _schleueder-cli-completion schleuder-cli
class SchleuderCliCompletion
def initialize(command_line)
@tokens = command_line.split(/\s+/).drop(1)
@command = extract_command(@tokens)
@subcommand = extract_subcommand(@tokens)
@listname = extract_listname(@tokens)
@value_after_listname = extract_value_after_listname(@tokens)
end
def extract_command(tokens)
return unless tokens.size >= 1
if tree.keys.include?(tokens.first)
tokens.first
else
@filter_string = tokens.first
nil
end
end
def extract_subcommand(tokens)
return unless tokens.size >= 2 && @command
if tree[@command].keys.include?(tokens[1])
tokens[1]
else
@filter_string = tokens[1]
nil
end
end
def extract_listname(tokens)
return unless tokens.size >= 3 && @command && @subcommand
if tokens[2] =~ /^.+@.+\.[^.]+/
tokens[2]
else
@filter_string = tokens[2]
nil
end
end
def extract_value_after_listname(tokens)
return unless tokens.size >= 4 && @command && @subcommand && @listname
if tokens[3] =~ /^.+@.+\.[^.]+/ || list_options.include?(tokens[3])
tokens[3]
else
@filter_string = tokens[3]
nil
end
end
def suggestions
# puts "c: #{@command}, s: #{@subcommand}, l: #{@listname}, val: #{@value_after_listname}, fs: #{@filter_string}"
return '' unless options.to_a.any?
@filter_string ? options.grep(/^#{@filter_string}/) : options
end
def options
if @command && @subcommand && @listname
return options_after_listname(@command, @subcommand, @listname)
end
if @command && @subcommand
return options_for_subcommand(@command, @subcommand)
end
return tree[@command].keys if @command
tree.keys
end
def options_for_subcommand(command, subcommand)
next_argument = tree[command][subcommand]
if next_argument == 'listname' ||
(next_argument.is_a?(Hash) && next_argument.keys.first == 'listname')
return list_of_lists
end
if next_argument == 'command'
return tree[command].keys - ['help']
end
end
def options_after_listname(command, subcommand, listname)
if command == 'subscriptions' &&
%w[set show].include?(subcommand) &&
@value_after_listname
@filter_string = @tokens[4]
return subscription_options
end
if command == 'subscriptions' && %w[set show delete].include?(subcommand)
return list_of_subscriptions(listname)
end
if command == 'lists' && %w[set show].include?(subcommand)
return list_options
end
if command == 'keys' && %w[delete export].include?(subcommand)
return list_of_fingerprints(listname)
end
end
def list_of_lists
`schleuder-cli lists list`.split(/\n/)
# %w[abc@listserver.com cde@listserver.de efg@listserver.org]
end
def list_of_subscriptions(listname)
`schleuder-cli subscriptions list #{listname}`
.split(/\n/)
.map { |l| l.sub(/\s.*\z/, '') }
# %w[abc@usermail.com cde@usermail.de efg@usermail.org]
end
def list_of_fingerprints(listname)
`schleuder-cli keys list #{listname}`
.split(/\n/)
.map { |l| l.sub(/\s.*\z/, '') }
# %w[acab bcda acad]
end
def tree
{
'help' => {
'keys' => nil,
'lists' => nil,
'subscriptions' => nil
},
'keys' => {
'check' => 'listname',
'delete' => { 'listname' => 'fingerprint' },
'export' => { 'listname' => 'fingerprint' },
'help' => 'command',
'import' => 'listname',
'list' => 'listname'
},
'lists' => {
'delete' => 'listname',
'help' => 'command',
'list' => nil,
'list-options' => nil,
'new' => nil,
'send-list-key-to-subscriptions' => 'listname',
'set' => { 'listname' => { 'option' => 'value' } },
'show' => { 'listname' => 'option' }
},
'subscriptions' => {
'delete' => { 'listname' => 'username' },
'help' => 'command',
'list' => 'listname',
'list-options' => nil,
'new' => 'listname',
'set' => { 'listname' => { 'username' => { 'option' => 'value' } } },
'show' => { 'listname' => { 'username' => 'option' } }
},
'version' => {}
}
end
def list_options
%w[
bounces_drop_all
bounces_drop_on_headers
bounces_notify_admins
forward_all_incoming_to_admins
headers_to_meta
include_list_headers
include_openpgp_header
internal_footer
keep_msgid
keywords_admin_notify
keywords_admin_only
language
log_level
logfiles_to_keep
max_message_size_kb
openpgp_header_preference
public_footer
receive_admin_only
receive_authenticated_only
receive_encrypted_only
receive_from_subscribed_emailaddresses_only
receive_signed_only
send_encrypted_only
subject_prefix
subject_prefix_in
subject_prefix_out
]
end
def subscription_options
%w[
fingerprint
admin
delivery_enabled
]
end
end
command_line = ENV.fetch('COMP_LINE')
puts SchleuderCliCompletion.new(command_line).suggestions
```https://0xacab.org/schleuder/schleuder-cli/-/issues/25Fix rake release upload task to make it work with schleuder.org2018-04-25T12:57:00ZgeorgFix rake release upload task to make it work with schleuder.orgWe've changed the machine hosting schleuder.org, accordingly, the rake task to upload the release files should be fixed.We've changed the machine hosting schleuder.org, accordingly, the rake task to upload the release files should be fixed.https://0xacab.org/schleuder/schleuder-cli/-/issues/24Improve output and format of listings2019-02-02T10:38:43ZpazImprove output and format of listingsFor both, key listings and subscription listings:
* We should use the "oneline" format to describe keys when listing them.
* The columns should have headlines.For both, key listings and subscription listings:
* We should use the "oneline" format to describe keys when listing them.
* The columns should have headlines.https://0xacab.org/schleuder/schleuder-cli/-/issues/21schleuder-cli should support "refresh_keys"2017-12-11T10:50:56Zdkgschleuder-cli should support "refresh_keys"apparently there is a `schleuder refresh_keys` subcommand, but it is not available from `schleuder-cli`.
Is there any reason we shouldn't have that in `schleuder-cli`? I'd like to encourage all schleuder management to be done through t...apparently there is a `schleuder refresh_keys` subcommand, but it is not available from `schleuder-cli`.
Is there any reason we shouldn't have that in `schleuder-cli`? I'd like to encourage all schleuder management to be done through the cli.https://0xacab.org/schleuder/schleuder-cli/-/issues/20Move gems and tarballs out of git repo2017-12-03T10:08:32ZgeorgMove gems and tarballs out of git repoAs discussed during the sprint: The gems and tarballs should be moved out of the git repo, to not bloat the repo size further in the future.As discussed during the sprint: The gems and tarballs should be moved out of the git repo, to not bloat the repo size further in the future.https://0xacab.org/schleuder/schleuder-cli/-/issues/19send-list-key-to-subscriptions command (or schleuder-cli in general) should h...2017-12-03T10:07:46Zngsend-list-key-to-subscriptions command (or schleuder-cli in general) should have better output about commandsAt the moment it looks like:
```
# schleuder-cli lists send-list-key-to-subscriptions list1@example.com
true
```
I think it should be at least something like "Operation successfull" or so. I guess it's a general idea on how schleuder-...At the moment it looks like:
```
# schleuder-cli lists send-list-key-to-subscriptions list1@example.com
true
```
I think it should be at least something like "Operation successfull" or so. I guess it's a general idea on how schleuder-cli should report back to stdout/stderr.https://0xacab.org/schleuder/schleuder-cli/-/issues/16TLS: pin to fingerprint of public key, not certificate2017-09-30T10:26:42ZdkgTLS: pin to fingerprint of public key, not certificateCurrently, it looks like `schleuder-cli` pins to the fingerprint of the certificate:
fingerprint = OpenSSL::Digest::SHA256.new(cert.to_der).to_s
this is strictly worse than pinning to the public key material contained in...Currently, it looks like `schleuder-cli` pins to the fingerprint of the certificate:
fingerprint = OpenSSL::Digest::SHA256.new(cert.to_der).to_s
this is strictly worse than pinning to the public key material contained in the certificate itself. Certificates have expiration dates, metadata, and other markers that may make them (over time) less useful to clients that might in the future use a more flexible and robust certificate verification mechanism than a raw pin. By pinning to the certificate, you're holding all the non-key information immutable.
If you pin to the public key material, it's possible to get new certificates issued over the same public key material, so that one pinned client doesn't keep the server from ever updating its cert. (e.g. asking let's encrypt to provide a refreshed certificate over the same public key material)
the simplest fix would be to extract the subject public key information from the cert, transform it to DER encoding, and fingerprint that. I don't know enough ruby to know how to extract the public key info, but i'm happy to review a proposed change if you can point me to the docs.
if you have to deal with older clients, though, they might get upset that an upgrade to schleuder-cli broke their stored. You can do a phased upgrade by picking a future version `X` of `schleuder-cli` that will remove cert-matching. Then starting as soon as possible, test the stated pin against both the cert and the public key. If it matches the public key, all is good. If it matches the cert, then warn that the matching is currently deprecated and due to be removed in version `X`, and offer to replace the pin automatically with value that should be used to pin the public key.
Note that schleuder itself should probably also be updated to announce its public key fingerprint, not its certificate fingerprint.https://0xacab.org/schleuder/schleuder-cli/-/issues/14Please make a "subshell" interface2019-02-16T18:58:29ZdkgPlease make a "subshell" interfaceIt would be nice to have a "subshell" interface that could be launched into directly, e.g.:
schleuder-cli shell
and from there all the subcommands would be available.It would be nice to have a "subshell" interface that could be launched into directly, e.g.:
schleuder-cli shell
and from there all the subcommands would be available.