schleuder issueshttps://0xacab.org/schleuder/schleuder/-/issues2022-04-13T10:59:12Zhttps://0xacab.org/schleuder/schleuder/-/issues/513specs: unit: keyword_handlers/key_management: expected, hardcoded key expiry ...2022-04-13T10:59:12Zgeorgspecs: unit: keyword_handlers/key_management: expected, hardcoded key expiry dates makes Schleuder build unreproducibleSource: https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/schleuder_4.0.2-1.rbuild.log.gz
```
Failures:
1) Schleuder::KeywordHandlers::KeyManagement.delete_key deletes multiple keys that each distinctly match one arg...Source: https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/schleuder_4.0.2-1.rbuild.log.gz
```
Failures:
1) Schleuder::KeywordHandlers::KeyManagement.delete_key deletes multiple keys that each distinctly match one argument
Failure/Error: expect(output).to eql("This key was deleted:\n0xC4D60F8833789C7CAA44496FD3FFA6613AB10ECE schleuder2@example.org 2016-12-12\n\n\nThis key was deleted:\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-20]\n")
expected: "This key was deleted:\n0xC4D60F8833789C7CAA44496FD3FFA6613AB10ECE schleuder2@example.org 2016-12-12\...was deleted:\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-20]\n"
got: "This key was deleted:\n0xC4D60F8833789C7CAA44496FD3FFA6613AB10ECE schleuder2@example.org 2016-12-12\...was deleted:\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-19]\n"
(compared using eql?)
Diff:
@@ -3,5 +3,5 @@
This key was deleted:
-0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-20]
+0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-19]
# ./spec/schleuder/unit/keyword_handlers/key_management_spec.rb:173:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
2) Schleuder::KeywordHandlers::KeyManagement.add_key updates a key
Failure/Error: expect(output).to eql("This key was updated:\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-20]\n")
expected: "This key was updated:\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-20]\n"
got: "This key was updated:\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-19]\n"
(compared using eql?)
Diff:
@@ -1,3 +1,3 @@
This key was updated:
-0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-20]
+0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo 2010-08-13 [expired: 2017-01-19]
# ./spec/schleuder/unit/keyword_handlers/key_management_spec.rb:129:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
```
Ref #268
Ref !1184.0.3georggeorghttps://0xacab.org/schleuder/schleuder/-/issues/512CI: changelog job: fails on non-fast-forward changes of the target branch2022-04-04T09:16:36ZgeorgCI: changelog job: fails on non-fast-forward changes of the target branchExample of a problematic job: https://0xacab.org/schleuder/schleuder/-/jobs/262083
```
$ git fetch --depth=1 https://0xacab.org/schleuder/schleuder.git/ $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
From http...Example of a problematic job: https://0xacab.org/schleuder/schleuder/-/jobs/262083
```
$ git fetch --depth=1 https://0xacab.org/schleuder/schleuder.git/ $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
From https://0xacab.org/schleuder/schleuder
! [rejected] main -> main (non-fast-forward)
```4.0.3georggeorghttps://0xacab.org/schleuder/schleuder/-/issues/511Test with Ruby 3.12022-04-16T22:00:49ZpazTest with Ruby 3.1Depends on schleuder/schleuder-ci-images#1Depends on schleuder/schleuder-ci-images#15.0.0https://0xacab.org/schleuder/schleuder/-/issues/510Drop Ruby 2.5 and 2.6 support2022-09-11T18:23:27ZgeorgDrop Ruby 2.5 and 2.6 support5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/509spec: cli #refresh_keys updates keys from the keyserver: Failed to open TCP c...2022-04-12T18:51:03Zgeorgspec: cli #refresh_keys updates keys from the keyserver: Failed to open TCP connection to localhost:9999 (Cannot assign requested address - connect(2) for "localhost" port 9999)This test did fail in https://0xacab.org/schleuder/schleuder/-/jobs/257991 via:
```
Failures:
1) cli #refresh_keys updates keys from the keyserver
Failure/Error: Net::HTTP.get(uri)
Errno::EADDRNOTAVAIL:
Failed to open...This test did fail in https://0xacab.org/schleuder/schleuder/-/jobs/257991 via:
```
Failures:
1) cli #refresh_keys updates keys from the keyserver
Failure/Error: Net::HTTP.get(uri)
Errno::EADDRNOTAVAIL:
Failed to open TCP connection to localhost:9999 (Cannot assign requested address - connect(2) for "localhost" port 9999)
# ./spec/spec_helper.rb:99:in `with_sks_mock'
# ./spec/schleuder/integration/cli_spec.rb:11:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:49:in `block (3 levels) in <top (required)>'
# /usr/local/bundle/gems/database_cleaner-core-2.0.1/lib/database_cleaner/strategy.rb:30:in `cleaning'
# /usr/local/bundle/gems/database_cleaner-core-2.0.1/lib/database_cleaner/cleaners.rb:34:in `block (2 levels) in cleaning'
# /usr/local/bundle/gems/database_cleaner-core-2.0.1/lib/database_cleaner/cleaners.rb:35:in `cleaning'
# ./spec/spec_helper.rb:48:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# Errno::EADDRNOTAVAIL:
# Cannot assign requested address - connect(2) for "localhost" port 9999
# ./spec/spec_helper.rb:99:in `with_sks_mock'
```4.0.3pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/508bounces_drop_all=true does not bounce but circumvents all filters2022-04-12T18:50:28Zabc defbounces_drop_all=true does not bounce but circumvents all filters## Expected Behavior
`bounces_drop_all=true` should result in all bounces being dropped and not interfere with other filters
(e.g. in case `receive_encrypted_only=true` and someone sends in non-encrypted message, there should be no bounc...## Expected Behavior
`bounces_drop_all=true` should result in all bounces being dropped and not interfere with other filters
(e.g. in case `receive_encrypted_only=true` and someone sends in non-encrypted message, there should be no bounce message to that person notifying them that they have to encrypt the message AND the message should *not* be sent to the list)
## Actual Behavior
There is no bounce, which is okay. But the unencrypted message will then be distributed to the list even with `receive_encrypted_only=true`, which is not okay.
## Steps to Reproduce the Problem
1. Set `receive_encrypted_only=true`. Test that this results in a bounce if someone sends an unencrypted message. The message is correctly *not* distributed to the list.
2. Set `bounces_drop_all=true` additionally. Test again with same unencrypted message. No bounce which is okay, but the unencrypted message will be processed and distributed to the list, which should not be the case.
## Specifications
- Version: 4.0.2 (and also reproducable in 3.5.3)
- Installation method (package, gem...): package/gem
- Mail client version: all
## Other information
I quickly debugged it and I think, maybe it is because of `bounces_drop_all=true` causes:
https://0xacab.org/schleuder/schleuder/-/blob/main/lib/schleuder/filters_runner.rb#L39 to return false
This causes run() to return nil:
https://0xacab.org/schleuder/schleuder/-/blob/main/lib/schleuder/filters_runner.rb#L19
Which causes this to return nil:
https://0xacab.org/schleuder/schleuder/-/blob/main/lib/schleuder/runner.rb#L89
I think this then causes this no error return:
https://0xacab.org/schleuder/schleuder/-/blob/main/lib/schleuder/runner.rb#L34
```
error = run_filters('post')
return error if error
```
Which means, as the run() does not return early, the message is still being sent to everyone.
Is it possible for you to reproduce? Does my debugging makes sense?
I can work on a fix if you can reproduce it and think this is not intended.4.0.3abc defabc defhttps://0xacab.org/schleuder/schleuder/-/issues/507Carriage-return (^M) added to end of all lines when email sent to Schleuder ...2022-09-13T17:18:00ZCody BrownsteinCarriage-return (^M) added to end of all lines when email sent to Schleuder using Mutt## Expected Behavior
When using Mutt (and all other MUAs) to send an email to Schleuder, Schleuder will send the email unmodified.
## Actual Behavior
When using Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27...## Expected Behavior
When using Mutt (and all other MUAs) to send an email to Schleuder, Schleuder will send the email unmodified.
## Actual Behavior
When using Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27 (and older versions of gpg) to send an email to Schleuder, Schleuder will send the email with a carriage-return (^M) added to the end of every line. This starts with the very first line of the email (the beginning of the email headers) and ends with the very last line of the email.
## Steps to Reproduce the Problem
1. Use Mutt + gpg to send an email to Schleuder.
## Specifications
- Version: 3.4.0
- Installation method (package, gem...): `apt install`
- Mail client version: Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27 (and older versions of gpg)
## Other information
I can provide samples of original emails sent to Schleuder and the same emails modified and sent by Schleuder.https://0xacab.org/schleuder/schleuder/-/issues/506Deprecated pgp keyserver2021-11-07T20:00:04Zabc defDeprecated pgp keyserverThe standard configuration still has `pool.sks-keyservers.net` set as keyserver: https://0xacab.org/schleuder/schleuder/-/blob/main/etc/schleuder.yml#L34
However, the keyserver is deprecated due to GDPR ([source](https://sks-keyservers....The standard configuration still has `pool.sks-keyservers.net` set as keyserver: https://0xacab.org/schleuder/schleuder/-/blob/main/etc/schleuder.yml#L34
However, the keyserver is deprecated due to GDPR ([source](https://sks-keyservers.net/)).
Maybe this could be changed to https://keys.openpgp.org/ or another new type of keyserver.https://0xacab.org/schleuder/schleuder/-/issues/505ActiveRecord SQLite3 >= 6.0 represents boolean values as integers by default,...2022-03-17T20:43:57ZPhilipActiveRecord SQLite3 >= 6.0 represents boolean values as integers by default, leads to errors after upgrade## Expected Behavior
Mail should be delivered.
## Actual Behavior
I recently updated our schleuder instance from 3.4 to 3.6. After that mail delivery to schleuder fails with the following error message:
```
List has no admins configured...## Expected Behavior
Mail should be delivered.
## Actual Behavior
I recently updated our schleuder instance from 3.4 to 3.6. After that mail delivery to schleuder fails with the following error message:
```
List has no admins configured, cannot run! (In `/var/lib/schleuder/lists/foo/bar`.)
```
Every list has one or more configured admin addresses.
## Steps to Reproduce the Problem
1. Upgrade Debian version from Buster to Bullseye
2. Send a mail to an already exisiting and working mailing list
3. With for an error mail
## Specifications
- Version: 3.6
- Installation method: Debian Bullseye package
## Other information
Manual re-enabling every admin address works:
```
schleuder-cli subscriptions set foo@bar.org admin false
schleuder-cli subscriptions set foo@bar.org admin true
```4.0.3georggeorghttps://0xacab.org/schleuder/schleuder/-/issues/504Decide how to handle keys with one or more blanks within the mail addr part o...2021-07-14T14:11:05ZgeorgDecide how to handle keys with one or more blanks within the mail addr part of a uidSchleuder is currently not capable to find the correct key, if the lookup searches for a mail addr, e.g. if resending messages, if the key in question contains one or more blanks within the mail addr part of a uid.
The spec defines ...Schleuder is currently not capable to find the correct key, if the lookup searches for a mail addr, e.g. if resending messages, if the key in question contains one or more blanks within the mail addr part of a uid.
The spec defines this part as an UTF-8 string, which, it seems, leaves room for interpretation.
Different implementations handle this differently: some do accept this, others do not. I just learnt that it's possible to create such keys via Thunderbird, while it's not via `gpg`.
We could either disallow such keys to be added to the keyring, although that might seem drastic, and would do 'harm' if people use such keys only for subscribers, e.g. resending is not of a concern.
Personally, I would like to get both (subscription vs. resending) 'in sync': Allowing such keys in general, or disallowing them; I'm leaning towards the later. If so, this might be a breaking change.
Any opinions wrt this topic?https://0xacab.org/schleuder/schleuder/-/issues/503Test issues with 4.0.1 and patch from !3772021-06-21T08:16:21ZAndreas SchleiferTest issues with 4.0.1 and patch from !377Out of nowhere I suddenly have again issues with the tests of schleuder while running them during packaging schleuder for archlinux:
```
Created database 'db/test.sqlite3'
Randomized with seed 248
.........................................Out of nowhere I suddenly have again issues with the tests of schleuder while running them during packaging schleuder for archlinux:
```
Created database 'db/test.sqlite3'
Randomized with seed 248
...........................................................................................................................................................................................................F...............................................................................................................................................................................................................................................................F................................................................................
Failures:
1) user sends keyword x-fetch-key with email address
Failure/Error: expect(list.keys.size).to eql(list_keys_num + 1)
expected: 2
got: 1
(compared using eql?)
# ./spec/schleuder/integration/keywords_spec.rb:1291:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
2) Schleuder::List#fetch_keys fetches one key by email address
Failure/Error: expect(output).to match(/This key was fetched \(new key\):\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo \d{4}-\d{2}-\d{2} \[expired: \d{4}-\d{2}-\d{2}\]/)
expected "Fetching admin@example.org did not succeed:\ngpg: error retrieving 'admin@example.org' via keyserver: Invalid user ID\n\ngpg: error reading key: Invalid user ID\n" to match /This key was fetched \(new key\):\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo \d{4}-\d{2}-\d{2} \[expired: \d{4}-\d{2}-\d{2}\]/
Diff:
@@ -1,4 +1,7 @@
-/This key was fetched \(new key\):\n0x98769E8A1091F36BD88403ECF71A3F8412D83889 bla@foo \d{4}-\d{2}-\d{2} \[expired: \d{4}-\d{2}-\d{2}\]/
+Fetching admin@example.org did not succeed:
+gpg: error retrieving 'admin@example.org' via keyserver: Invalid user ID
+
+gpg: error reading key: Invalid user ID
# ./spec/schleuder/unit/list_spec.rb:558:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
Finished in 5 minutes 51 seconds (files took 1.83 seconds to load)
540 examples, 2 failures
Failed examples:
rspec ./spec/schleuder/integration/keywords_spec.rb:1258 # user sends keyword x-fetch-key with email address
rspec ./spec/schleuder/unit/list_spec.rb:546 # Schleuder::List#fetch_keys fetches one key by email address
Randomized with seed 248
```
I'm using release https://0xacab.org/schleuder/schleuder/-/tags/schleuder-4.0.1 and a self-written patch file containing the changes from !377 ( https://aur.archlinux.org/cgit/aur.git/tree/rspec.patch?h=schleuder ).
These tests were working, when I released the 4.0.1 package ( https://aur.archlinux.org/packages/schleuder/ ), but now that I want to do some improvements to the package I'm faced with above errors.https://0xacab.org/schleuder/schleuder/-/issues/502signature validation fails2022-09-27T21:18:41Zpony hütchensignature validation failsI'm having trouble with signature validation.
## Expected Behavior
When I send an validly signed and encrypted openpgp/mime message to a lists request address, it should process the request. When I send such a message to a lists normal...I'm having trouble with signature validation.
## Expected Behavior
When I send an validly signed and encrypted openpgp/mime message to a lists request address, it should process the request. When I send such a message to a lists normal address, it should put the pseudo-header 'Sig: Good signature [...]'.
## Actual Behavior
It outputs "Messages to this address must be encrypted and signed by the key associated with a subscribed address [...]". It replies with a email with the same text. It says "Bad signature" in the pseudo header.
## Steps to Reproduce the Problem
1. set up list with one subscriber who is admin of that list.
2. pipe a signed and encrypted message from the subscriber to the list into schleuder
## Specifications
- Version: schleuder 4.0.1
- Installation method (package, gem...): gem
- Mail client version: I used KMail to create the messages.
## Other information
This is the test message I send to the list:
```
From admin@a Wed Jun 09 16:14:08 2021
From: admin@a
To: list@a
Subject: test
Date: Wed, 09 Jun 2021 18:14:08 +0200
Message-ID: <6066403.5e4LmiuuCV@deepthought>
MIME-Version: 1.0
Content-Type: multipart/encrypted; boundary="nextPart2013499.KfxGTPaf5f"; protocol="application/pgp-encrypted"
--nextPart2013499.KfxGTPaf5f
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Content-Transfer-Encoding: 7Bit
Version: 1
--nextPart2013499.KfxGTPaf5f
Content-Type: application/octet-stream
Content-Disposition: inline; filename="msg.asc"
Content-Transfer-Encoding: 7Bit
-----BEGIN PGP MESSAGE-----
hQIMAx0nShUMaPCRAQ//f0l0D6hTAYsNxuD5dOCSdio6pniKNXWu+bJnZQG1eGEs
4tG2NreH7VpX9qCDd9ZXb4Dh2tFyhVS0NO/nza/bOjqwI7luLlr7QbaxSemyY06+
d7GVITKVbo/d/iO5UyK8MyOESyLe/u3LydsDKm9aJP/sYjtjatuW9iQyEy9KLkTi
8v2IjAMlK28lcuX0PiXOelU+V6jg5humUT11GWmC3iP7IjUxaPMbdbUNdqnZ2CI3
ZW2N50/AF6CS4laRG1xawNy5c3TyoBR/Owd5tHvjGN7PMTSPE99K6VETMV+RfK3n
ouPYm952mSybmIkZE/uU9SvfPS0vYxAgo+BcnfzpHEKAm5UpEBK3LZ7AJizaCOXK
LAYkK6dR2/38jCLjGm187p2IiJGy57AT2e4rsSXTqW9ywz0ukTC3xzGKuq9NPAu4
LH6dXvEutmFBo1SWObEksYSOmPzCOdcknWl5xhlgPBMzG1mOXaWgkogITl2F/Cta
vuWGSuOZLo+3WEmpSYGKddrrQM0AiWMlPN/Xjh6icIyxNzjFTYP5iRdDCqlGQEPV
s9AAhYDB0sPYDyd03JSAdZrrZOCKu8ezW8KAsiYLoypfTGSbqvLeWPXyAAZcoFTX
dhdZoSPiKsdb9MQ1saAgPS+Gt6RKu/i2tV2ZRhlgUi7VQWeiSPawS8poyNurY3GE
jAMCZeuxTV+KPgEEAIlDW20JIWC/3DQ6j2GJfzosfpYb2FBycohIpJawmvf5b5hH
hTWGwrYlSBrA3xIiC3EFc9EgCJ8vhicDe+xD5dmKywGS7xRqU2a+hNp8k/CA6FLZ
FO4rGtwBGRNor/DN20nwx6PEC9baD0W0SPwqt2CHi6XRomyyMfCarQ7XiA4Y0ukB
rPf+FIIuhYLFRZs1Od6s4uatPZxAjh8yZQ6GAiJ7H2BaT5vERBIXvWDqrGQmA44Q
t35Ey2MFIIx1KQyaeHthlE++loPSEtzSerV+4pAqEz+NiCv4BOxybNHk9S9evOZo
k6fuiLBCw6ezDzSgvQbxVrO3q0wNx2KAe0WWunaVaebQ2iTsOiVKhsL1XANmdta6
rA4avZHHsf+OAFbSyWG9k0tb5PBeQJZCqctKbVgyL2psWDpgHLYkYbMPH58RV1W8
8nM83o1ecSDqswVrUYWVNiTYXKeZf/FUbJJUd996EL7NTm3Y610EtaAXOmmGnjKc
rRnCILQiRHc83/tPMw57qMN7Zf2cwZUU8iPuxnJxlOzapppPrOHA9vllGYj73uxu
MKYJvNpar+pQ/HeyWaz0xlwGLn4qpTUkCVtul0YhsIaErrZi1hNIGlxueYeOtCdr
Z5VOvxvEgLxUnUQwdH5re65xM0cLQaMIDYbOkyAtILUoHEaO0hal76XaI7Ene3wL
iPP7RLIasdj6PgeupuX8pzsGbFnlZatC4jrtoO807k0AYDNpd6RmRzwCONbm3fkH
Hg/ethyjqxwsJjcF65ckW+ofTWgtuFsheujqNQuJ97NAFZPssxPcPLjP94vt9R+J
uXF7bdBqn03qCcMJNJE8p7SPJzhbbkcm2BumTcZec5dMWY4x/IBfJS2vtzJ8RKAw
hZ4EWKsg7t8uXqKyPWuOy+5dOZbm4AyP7TB9jaLN82Jtn+MAy4VDskR+vIa7Gn4Y
ZOHRVMe9lpyLZ1R7yXmO+v/nBAoStBt2jZ2VvLH5SQEIaBmfqxAtZksONhs8nKNo
83SPmpzacXmdbQELy+bRqrgxWTuapmmCI7cMArdXyGxXOzIoYCiV
=Q/1n
-----END PGP MESSAGE-----
--nextPart2013499.KfxGTPaf5f--
```
This is the decrypted message:
```
Content-Type: multipart/signed; boundary="nextPart2918540.ARZk9SpqV6"; micalg="pgp-sha256"; protocol="application/pgp-signature"
--nextPart2918540.ARZk9SpqV6
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"; protected-headers="v1"
From: admin@a
To: list@a
Subject: test
Date: Wed, 09 Jun 2021 18:14:07 +0200
Message-ID: <6066403.5e4LmiuuCV@deepthought>
x-list-name: list@a
x-list-keys
--nextPart2918540.ARZk9SpqV6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit
-----BEGIN PGP SIGNATURE-----
iLMEAAEIAB0WIQSfKcpM8aR1YUksBzfHpUV6NcUAggUCYMDozwAKCRDHpUV6NcUA
go21A/0aprlyFNaG5R82y3eUw24brBzWRSaokE1oTqGO48sjernuCUsInRMobEXi
GRdwZ/oYwzWCtIXtYmxXREsnvtVl1OrNLKxxNJfsuicdvCqZhGQPH5llVb27sueX
90sIJ+vxg1/WtG7zlx/3lZiWw9SggbXgVoDjkJVzllms2fNE5w==
=u5Tv
-----END PGP SIGNATURE-----
--nextPart2918540.ARZk9SpqV6--
```
Here is information about the test list
```
me@server:~ $ schleuder-cli keys list list@a
9F29CA4CF1A47561492C0737C7A5457A35C50082 admin@a
7EDF3336CB8BC6D15D461DB5FFF7A04251E7D112 list@a
me@server:~ $ schleuder-cli subscriptions list list@a
admin@a 9F29CA4CF1A47561492C0737C7A5457A35C50082 admin
```
This is how I put the message into schleuder:
```
me@server:~ $ cat mailtolist.mbox | sudo -u schleuder schleuder work list-request@a
Error: Messages to this address must be encrypted and signed by the key associated with a subscribed address.
Kind regards,
Your Schleuder system.
```
This is from /var/log/mail.log
```
Jun 9 19:00:46 server Schleuder[17753]: Loading list 'list-request@a'
Jun 9 19:00:46 server Schleuder[17753]: (9.5ms) SELECT sqlite_version(*)
Jun 9 19:00:46 server Schleuder[17753]: Schleuder::List Load (2.6ms) SELECT "lists".* FROM "lists" WHERE "lists"."email" = ? ORDER BY "lists"."email" ASC LIMIT ? [["email", "list@a"], ["LIMIT", 1]]
Jun 9 19:00:47 server Schleuder[17753]: Schleuder::Subscription Load (1.9ms) SELECT "subscriptions".* FROM "subscriptions" WHERE "subscriptions"."list_id" = ? AND "subscriptions"."admin" = ? ORDER BY "subscriptions"."email" ASC [["list_id", 12], ["admin", 1]]
Jun 9 19:00:47 server Schleuder[17753]: Schleuder::Subscription Load (1.0ms) SELECT "subscriptions".* FROM "subscriptions" WHERE "subscriptions"."list_id" = ? AND "subscriptions"."admin" = ? ORDER BY "subscriptions"."email" ASC [["list_id", 12], ["admin", 1]]
Jun 9 19:00:50 server Schleuder[17753]: Schleuder::Subscription Load (3.1ms) SELECT "subscriptions".* FROM "subscriptions" WHERE "subscriptions"."list_id" = ? AND "subscriptions"."fingerprint" = ? ORDER BY "subscriptions"."email" ASC LIMIT ? [["list_id", 12], ["fingerprint", "9F29CA4CF1A47561492C0737C7A5457A35C50082"], ["LIMIT", 1]]
```
This is the lists log:
```
D, [2021-06-09T18:46:02.136140 #16993] DEBUG -- : Setting GNUPGHOME to /var/lib/schleuder/lists/a/list
I, [2021-06-09T18:46:02.136829 #16993] INFO -- : Parsing incoming email.
D, [2021-06-09T18:46:04.245871 #16993] DEBUG -- : Loading pre_decryption filters
D, [2021-06-09T18:46:04.259098 #16993] DEBUG -- : Calling filter forward_bounce_to_admins
D, [2021-06-09T18:46:04.356335 #16993] DEBUG -- : Calling filter forward_all_incoming_to_admins
D, [2021-06-09T18:46:04.357047 #16993] DEBUG -- : Calling filter send_key
D, [2021-06-09T18:46:04.357378 #16993] DEBUG -- : Calling filter fix_exchange_messages
D, [2021-06-09T18:46:04.357698 #16993] DEBUG -- : Calling filter strip_html_from_alternative
D, [2021-06-09T18:46:05.138321 #16993] DEBUG -- : Loading post_decryption filters
D, [2021-06-09T18:46:05.165974 #16993] DEBUG -- : Calling filter request
D, [2021-06-09T18:46:05.166580 #16993] DEBUG -- : Request-message
D, [2021-06-09T18:46:05.167848 #16993] DEBUG -- : Error: Message was not encrypted and validly signed
D, [2021-06-09T18:46:05.170170 #16993] DEBUG -- : Bouncing message
```
It started this strange behaviour about a month ago, but I didn't immediately noticed. I don't know what caused it to stop working properly. Could be that it came with an system update. I also tried to resend and old E-Mail to an existing mailing list that I had sent earlier which haven't caused any problems, but it produces this error now.[adminata-private-nopass.asc](/uploads/ded08598eae3d6b6f849e7d9dda6ed18/adminata-private-nopass.asc)
**update:**
The password of the subscribers private key is 'pass'https://0xacab.org/schleuder/schleuder/-/issues/501Notice mails because of expired keys send attachments2021-06-01T19:06:54ZxkeyNotice mails because of expired keys send attachments## Expected Behavior
Notice mails because of expired keys should neither send mail contents nor attachments.
## Actual Behavior
Notice mails because of expired keys do not send mail contents but do send attachments.
## Steps to Repro...## Expected Behavior
Notice mails because of expired keys should neither send mail contents nor attachments.
## Actual Behavior
Notice mails because of expired keys do not send mail contents but do send attachments.
## Steps to Reproduce the Problem
1. Let key expire.
2. Send mail with another account and attachment to schleuder-list.
3. Receive schleuder notice because of expired key and missed mails, with a correct attachment of the missed mail.
## Specifications
- Version: *Not known because I am no admin of the list, but will ask and submit later.*
- Installation method (package, gem...): *Not known because I am no admin of the list, but will ask and submit later.*
- Mail client version: Thunderbird 78.10.2 (64-bit)
## Other informationhttps://0xacab.org/schleuder/schleuder/-/issues/500Tighten umask2021-05-31T06:37:32ZpazTighten umaskWe currently use a umask of `027`. This is due to historical reasons, when some people preferred a (pre-database) setup in which each list ran as a different unix-user while a "meta user" needed access for maintenance work.
These days w...We currently use a umask of `027`. This is due to historical reasons, when some people preferred a (pre-database) setup in which each list ran as a different unix-user while a "meta user" needed access for maintenance work.
These days we are not aware of anyone still running such a setup, and if someone does it could still work without group readable list directories.
Using a umask of `077` on the other hand has two obviuos advantages:
* a generally reduces chance to accidentally reveal private keys,
* we can get rid of the flag `--no-permission-warning` for gpg when accessing it through the shell. Gpg's warnings might be debateable, but bluntly silencing them isn't a good way, either.pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/499Keeping original email's TO and CC2021-06-08T17:25:54Zabc defKeeping original email's TO and CCAs discovered during testing of !374 and commented in #497, outlook does not seem to use `MAIL-FOLLOWUP-TO`.
"Keeping" the original email's `TO` and `CC` could solve this.
So an email sent to the schleuder list `schleuderlist@abc.de` l...As discovered during testing of !374 and commented in #497, outlook does not seem to use `MAIL-FOLLOWUP-TO`.
"Keeping" the original email's `TO` and `CC` could solve this.
So an email sent to the schleuder list `schleuderlist@abc.de` like this:
```
From: sender@xyz.de
To: schleuderlist@abc.de, person1@def.de
CC: ccperson@ghi@de
```
could result in schleuder sending to its recipient `recipient@jkl.de` an email like this:
```
From: schleuderlist@abc.de
To: schleuderlist@abc.de, person1@def.de
CC: ccperson@ghi@de
Reply-To: sender@xyz.de
```
This means, the envelope should then only contain `recipient@jkl.de`, but the `TO` header contains all the original `TO`.
- Do you see any problems (e.g. DMARC, other protocol stuff) when implemented like this?
- Would this make sense as a global configurable option in your opinion? Or would you rather have it only when reply-to is set to original sender?https://0xacab.org/schleuder/schleuder/-/issues/498undefined method `has_content_type?' for nil:NilClass2022-04-11T21:47:51Zngundefined method `has_content_type?' for nil:NilClassthis looks similar to #458 but it was seen on a 3.5.3 schleuder installation.
```
undefined method `has_content_type?' for nil:NilClass
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/sign_part.rb:22:in `verify_signat...this looks similar to #458 but it was seen on a 3.5.3 schleuder installation.
```
undefined method `has_content_type?' for nil:NilClass
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/sign_part.rb:22:in `verify_signature'
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/mime_signed_message.rb:9:in `setup'
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg.rb:144:in `verify'
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/message_patch.rb:91:in `verify'
/opt/schleuder/lib/schleuder/mail/message.rb:31:in `setup'
/opt/schleuder/lib/schleuder/runner.rb:38:in `run'
/opt/schleuder/lib/schleuder/cli.rb:36:in `work'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
/opt/schleuder/bin/schleuder:13:in `<top (required)>'
/opt/schleuder/bundler/ruby/2.7.0/bin/schleuder:23:in `load'
/opt/schleuder/bundler/ruby/2.7.0/bin/schleuder:23:in `<top (required)>'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `load'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `kernel_load'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:28:in `run'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:476:in `exec'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor.rb:399:in `dispatch'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:30:in `dispatch'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/base.rb:476:in `start'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:24:in `start'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:46:in `block in <top (required)>'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/friendly_errors.rb:123:in `with_friendly_errors'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:34:in `<top (required)>'
/opt/rh/rh-ruby27/root/usr/bin/bundle:23:in `load'
/opt/rh/rh-ruby27/root/usr/bin/bundle:23:in `<main>'
```
Original email is available. Will need to validate it with schleuder 4 and then also whether I can easily reproduce it.ngnghttps://0xacab.org/schleuder/schleuder/-/issues/497Consider setting Mail-Followup-To header when Reply-To is set to original sender2021-06-01T19:57:48Zabc defConsider setting Mail-Followup-To header when Reply-To is set to original senderWhen REPLY-TO is set to the original sender, users have complained that when they hit "Reply-All" (Reply-To-All) in their clients, they expect to send a mail to the original sender AND the list (`FROM(list)+REPLY-TO(original sender)+TO(r...When REPLY-TO is set to the original sender, users have complained that when they hit "Reply-All" (Reply-To-All) in their clients, they expect to send a mail to the original sender AND the list (`FROM(list)+REPLY-TO(original sender)+TO(recipient)+CC`). Instead, the TO header is set to `REPLY-TO(original sender)+TO(recipient)+CC` and thus not including the list.
I investigated this and it seems that most mail clients [follow this procedure](https://wiki.mozilla.org/Thunderbird:Help_Documentation:Mail-Followup-To_and_Mail-Reply-To) for "Reply All":
```
if MAIL-FOLLOWUP-TO in received mail then use MAIL-FOLLOWUP-TO as TO
else if MAIL-REPLY-TO in received mail then use MAIL-REPLY-TO + TO + CC as TO
else if REPLY-TO in received mail then use REPLY-TO + TO + CC as TO # this
else use FROM + TO + CC as TO
```
This means, when schleuder is configured to set REPLY-TO to the original sender, the clients will set TO to `REPLY-TO (original sender) + TO (recipient) + CC`, which does NOT include the mailing list.
Thus I would suggest to add a MAIL-FOLLOWUP-TO header **when REPLY-TO is set to the original sender**. The MAIL-FOLLOWUP-TO header then includes:
- list
- original sender
- CC
If you don't see any problems, I would implement this and open a MR. Please let me know :)https://0xacab.org/schleuder/schleuder/-/issues/496gpg: insecure memory warnings for tests2022-09-13T14:50:27ZAndreas Schleifergpg: insecure memory warnings for testsHello,
while trying to package schleuder for Archlinux I get the following errors when running the tests during the packaging step:
```
Created database 'db/test.sqlite3'
Randomized with seed 63950
.......................................Hello,
while trying to package schleuder for Archlinux I get the following errors when running the tests during the packaging step:
```
Created database 'db/test.sqlite3'
Randomized with seed 63950
.....................................................................................................................................................................................................................................................................................................................................................................................................................................FFF.F.FF..............................................................................................................
Failures:
1) Schleuder::ListBuilder creates a listdir for the list
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:41:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
2) Schleuder::ListBuilder creates a new, valid list
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:9:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
3) Schleuder::ListBuilder subscribes the adminaddress and ignores the adminfingerprint if an adminkey was given
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:85:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
4) Schleuder::ListBuilder subscribes the adminaddress and respects the given adminfingerprint
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:72:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
5) Schleuder::ListBuilder subscribes the adminaddress and imports the adminkey
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:60:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
6) Schleuder::ListBuilder creates a list-key with all required UIDs
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:49:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
Finished in 4 minutes 20.7 seconds (files took 1.94 seconds to load)
539 examples, 6 failures
Failed examples:
rspec ./spec/schleuder/unit/list_builder_spec.rb:37 # Schleuder::ListBuilder creates a listdir for the list
rspec ./spec/schleuder/unit/list_builder_spec.rb:5 # Schleuder::ListBuilder creates a new, valid list
rspec ./spec/schleuder/unit/list_builder_spec.rb:81 # Schleuder::ListBuilder subscribes the adminaddress and ignores the adminfingerprint if an adminkey was given
rspec ./spec/schleuder/unit/list_builder_spec.rb:69 # Schleuder::ListBuilder subscribes the adminaddress and respects the given adminfingerprint
rspec ./spec/schleuder/unit/list_builder_spec.rb:56 # Schleuder::ListBuilder subscribes the adminaddress and imports the adminkey
rspec ./spec/schleuder/unit/list_builder_spec.rb:45 # Schleuder::ListBuilder creates a list-key with all required UIDs
Randomized with seed 63950
```
During these tests I don't really care about such errors and therefor I tried to ignore them. My current code for running the tests looks like this:
```
export GNUPGHOME=.gnupg
mkdir -p "${GNUPGHOME}"
echo "no-secmem-warning" >> "${GNUPGHOME}/gpg.conf"
export CHECK_CODE_COVERAGE=false
export SCHLEUDER_CONFIG=spec/schleuder.yml
export SCHLEUDER_ENV=test
bundle exec rake db:init
bundle exec rspec
```
Any idea how I can ignore these errors in my tests?
I can't use setuid, as the build environment has no permissions to do that.
Best regards5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/495x-add-key fails for binary attachments2023-10-28T10:15:11Zgeorgx-add-key fails for binary attachmentsx-add-key fails for binary attachments, Schleuder tells 'no keys could be found'.x-add-key fails for binary attachments, Schleuder tells 'no keys could be found'.4.0.1georggeorghttps://0xacab.org/schleuder/schleuder/-/issues/519`list.send_list_key_to_subscriptions` fails if `deliver_selfsent` is set to f...2022-09-13T14:49:52Zfleish`list.send_list_key_to_subscriptions` fails if `deliver_selfsent` is set to falseI recently changed my list defaults to set deliver_selfsent to false to avoid having messages reflected back to senders who are also subscribers. The next time I tried to create a list using schleuder-cli, I was unable to use the send-li...I recently changed my list defaults to set deliver_selfsent to false to avoid having messages reflected back to senders who are also subscribers. The next time I tried to create a list using schleuder-cli, I was unable to use the send-list-key-to-subscriptions command to send myself the list's key. Temporarily setting deliver_selfsent to true resolved this issue. Debug logs attached for attempting to call send-list-key-to-subscriptions both times. Somewhat ironically, the 2 errors generated were successfully sent to me as the list admin (and only subscriber) via signed+encrypted mail to the same address.
[list.log.send-list-key-to-subscriptions_selfsent.false.txt](/uploads/f1c51b2f18213f4b36f7cb290b3e0468/list.log.send-list-key-to-subscriptions_selfsent.false.txt)
[list.log.send-list-key-to-subscriptions_selfsent.true.txt](/uploads/1fbf4e90ba20d02f65600fb206831b1f/list.log.send-list-key-to-subscriptions_selfsent.true.txt)5.0.0pazpaz