Skip to content

Remove host port mappings for backend containers and isolate them with networks#53

Merged
theyoyojo merged 8 commits into
masterfrom
unport
Mar 26, 2024
Merged

Remove host port mappings for backend containers and isolate them with networks#53
theyoyojo merged 8 commits into
masterfrom
unport

Conversation

@charliemirabile

Copy link
Copy Markdown
Contributor

The backend containers do not need to have exposed ports on the host when nginx can instead just connect directly to them. The prior state of the art was necessitated primarily by the kludge for mail auth where having one hostname to resolve (the host instead of pop/smtp containers) made things more palatable.

The backend containers also do not need to be able to communicate with each other, only with nginx. Using networks can allows for this sort of isolation.

nginx should not start until the other containers already have started.
Since the containers are networked together, the orbit
container can be reached from nginx directly without having
to pass through the host.
Now that nginx connects directly to the orbit container, there is
no need to expose the port on the host.
Since the containers are networked together, the pop
container can be reached from nginx directly without having
to pass through the host.
Now that nginx connects directly to the pop container, there is
no need to expose the port on the host.
Since the containers are networked together, the smtp
container can be reached from nginx directly without having
to pass through the host.
Now that nginx connects directly to the smtp container, there is
no need to expose the port on the host.
nginx needs to reach the backend servers, but they do not need to
be able to talk amoungst themselves. Introduce networks so that
while nginx is part of all of them, each backend is only part of
its own isolated one so it cannot reach any of the other backend
servers.

@theyoyojo theyoyojo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

@theyoyojo

Copy link
Copy Markdown
Contributor

PASS

sudo ./test.sh
+ rm -rf test email/logs/2.1711424547.1 email/mail/2.1711424547.0
+ mkdir -p test
+ chcon -R -t container_file_t email
+ DEVEL=
+ STAGING=
+ PORT=443
+ POP_PORT=995
+ SMTP_PORT=465
+ EMAIL_HOSTNAME=kdlp.underground.software
+ export 'DOCKER=sudo podman'
+ DOCKER='sudo podman'
+ export CONTAINER=singularity_orbit_1
+ CONTAINER=singularity_orbit_1
+ '[' '!' -z '' ']'
+ '[' '!' -z '' ']'
+ curl --url https://localhost:443/register --verbose --insecure --fail --no-progress-meter --data student_id=1234
+ tee test/register_fail_no_user
+ grep 'msg = no such student'
* processing: https://localhost:443/register
*   Trying [::1]:443...
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: localhost
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 15
> Content-Type: application/x-www-form-urlencoded
>
} [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 26 Mar 2024 03:55:56 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1160 bytes data]
* Connection #0 to host localhost left intact
        <code>msg = no such student</code><br>
+ curl --url https://localhost:443/login --verbose --insecure --no-progress-meter --data 'username=user&password=pass'
+ tee test/login_fail_no_user
+ grep 'msg = authentication failure'
* processing: https://localhost:443/login
*   Trying [::1]:443...
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
} [5 bytes data]
> POST /login HTTP/1.1
> Host: localhost
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 27
> Content-Type: application/x-www-form-urlencoded
>
} [27 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 26 Mar 2024 03:55:56 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1365 bytes data]
* Connection #0 to host localhost left intact
        <code>msg = authentication failure</code><br>
+ orbit/warpdrive.sh -u user -p pass -i 1234 -n
+ tee test/create_user
+ grep 'credentials(username: user, password:pass)'
credentials(username: user, password:pass)
+ tee test/register_fail_wrong
+ grep 'msg = no such student'
+ curl --url https://localhost:443/register --verbose --insecure --fail --no-progress-meter --data student_id=123
* processing: https://localhost:443/register
*   Trying [::1]:443...
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: localhost
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 14
> Content-Type: application/x-www-form-urlencoded
>
} [14 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 26 Mar 2024 03:55:57 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1160 bytes data]
* Connection #0 to host localhost left intact
        <code>msg = no such student</code><br>
+ curl --url https://localhost:443/register --verbose --insecure --fail --no-progress-meter --data student_id=1234
+ tee test/register_success
+ grep 'msg = welcome to the classroom'
* processing: https://localhost:443/register
*   Trying [::1]:443...
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: localhost
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 15
> Content-Type: application/x-www-form-urlencoded
>
} [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 26 Mar 2024 03:55:57 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1070 bytes data]
* Connection #0 to host localhost left intact
        <code>msg = welcome to the classroom</code><br>
+ curl --url https://localhost:443/register --verbose --insecure --fail --no-progress-meter --data student_id=1234
+ tee test/register_fail_duplicate
+ grep 'msg = no such student'
* processing: https://localhost:443/register
*   Trying [::1]:443...
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: localhost
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 15
> Content-Type: application/x-www-form-urlencoded
>
} [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 26 Mar 2024 03:55:57 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1160 bytes data]
* Connection #0 to host localhost left intact
        <code>msg = no such student</code><br>
+ curl --url https://localhost:443/login --verbose --insecure --no-progress-meter --data 'username=user&password=invalid'
+ tee test/login_fail_invalid
+ grep 'msg = authentication failure'
* processing: https://localhost:443/login
*   Trying [::1]:443...
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
} [5 bytes data]
> POST /login HTTP/1.1
> Host: localhost
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 30
> Content-Type: application/x-www-form-urlencoded
>
} [30 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 26 Mar 2024 03:55:57 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1365 bytes data]
* Connection #0 to host localhost left intact
        <code>msg = authentication failure</code><br>
+ curl --url https://localhost:443/login --verbose --insecure --fail --no-progress-meter --data 'username=user&password=pass'
+ tee test/login_success
+ grep 'msg = user authenticated by password'
* processing: https://localhost:443/login
*   Trying [::1]:443...
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
} [5 bytes data]
> POST /login HTTP/1.1
> Host: localhost
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 27
> Content-Type: application/x-www-form-urlencoded
>
} [27 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 26 Mar 2024 03:55:57 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=53cbdbd406d1c9ecb8a06c3890dc6740f633d328b52c9b113ba6ca12bdd65b6f; Expires=Tue, 26 Mar 2024 06:55:57 GMT; Max-Age=10800; Path=/
<
{ [1633 bytes data]
* Connection #0 to host localhost left intact
        <code>msg = user authenticated by password</code><br>
+ curl --url pop3s://localhost:995 --verbose --insecure --fail --no-progress-meter --user user:pass
+ tee test/pop_get_empty
+ diff /dev/fd/63 /dev/stdin
++ printf '\r\n'
* processing: pop3s://localhost:995
*   Trying [::1]:995...
* connect to ::1 port 995 failed: Connection refused
*   Trying 127.0.0.1:995...
* Connected to localhost (127.0.0.1) port 995
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< +OK POP3 ready
} [5 bytes data]
> CAPA
{ [5 bytes data]
< +OK Capability list follows
< TOP
< USER
< UIDL
< SASL PLAIN LOGIN
< .
} [5 bytes data]
> AUTH PLAIN
{ [5 bytes data]
< +
} [5 bytes data]
> AHVzZXIAcGFzcw==
{ [5 bytes data]
< +OK got username
} [5 bytes data]
> LIST
{ [5 bytes data]
< +OK maildrop follows
{ [5 bytes data]
* Connection #0 to host localhost left intact
++ printf '\r'
+ CR=$'\r'
+ curl --url smtps://localhost:465 --verbose --insecure --fail --no-progress-meter --mail-from user@kdlp.underground.software --mail-rcpt other@kdlp.underground.software --upload-file - --user user:pass
* processing: smtps://localhost:465
*   Trying [::1]:465...
* connect to ::1 port 465 failed: Connection refused
*   Trying 127.0.0.1:465...
* Connected to localhost (127.0.0.1) port 465
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1308 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< 220 kdlp.underground.software ESMTP ready
} [5 bytes data]
> EHLO fedora
{ [5 bytes data]
< 250-kdlp.underground.software
< 250 AUTH PLAIN LOGIN
} [5 bytes data]
> AUTH PLAIN
{ [5 bytes data]
< 334
} [5 bytes data]
> AHVzZXIAcGFzcw==
{ [5 bytes data]
< 235 2.0.0 OK
} [5 bytes data]
> MAIL FROM:<user@kdlp.underground.software>
{ [5 bytes data]
< 250 OK
} [5 bytes data]
> RCPT TO:<other@kdlp.underground.software>
{ [5 bytes data]
< 250 OK
} [5 bytes data]
> DATA
{ [5 bytes data]
< 354 Start input
} [5 bytes data]
< 250 OK
* Connection #0 to host localhost left intact
+ curl --url pop3s://localhost:995/1 --verbose --insecure --fail --no-progress-meter --user user:pass
* processing: pop3s://localhost:995/1
*   Trying [::1]:995...
* connect to ::1 port 995 failed: Connection refused
*   Trying 127.0.0.1:995...
* Connected to localhost (127.0.0.1) port 995
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
*  subject: CN=localhost
*  start date: Mar 13 02:05:24 2024 GMT
*  expire date: Apr  6 02:05:24 2389 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< +OK POP3 ready
> CAPA
< +OK Capability list follows
< TOP
< USER
< UIDL
< SASL PLAIN LOGIN
< .
> AUTH PLAIN
< +
> AHVzZXIAcGFzcw==
< +OK got username
> RETR 1
< +OK message follows
Received: by kdlp.underground.software ; Tue, 26 Mar 2024 03:55:58 +0000 (UTC)
Message-ID: <2.1711425358.0@kdlp.underground.software>
From: <user@kdlp.underground.software>
To: <other@kdlp.underground.software>
Subject: Message Subject

To whom it may concern,

Bottom text
* Connection #0 to host localhost left intact
+ test_pop_get_message=0
+ orbit/warpdrive.sh -u user -w
+ python -m venv orbit-dev
+ source orbit-dev/bin/activate
++ deactivate nondestructive
++ '[' -n '' ']'
++ '[' -n '' ']'
++ hash -r
++ '[' -n '' ']'
++ unset VIRTUAL_ENV
++ unset VIRTUAL_ENV_PROMPT
++ '[' '!' nondestructive = nondestructive ']'
++ '[' linux-gnu = cygwin ']'
++ '[' linux-gnu = msys ']'
++ export VIRTUAL_ENV=/home/joel/src/singularity/orbit-dev
++ VIRTUAL_ENV=/home/joel/src/singularity/orbit-dev
++ _OLD_VIRTUAL_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin
++ PATH=/home/joel/src/singularity/orbit-dev/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin
++ export PATH
++ '[' -n '' ']'
++ '[' -z '' ']'
++ _OLD_VIRTUAL_PS1=
++ PS1='(orbit-dev) '
++ export PS1
++ VIRTUAL_ENV_PROMPT='(orbit-dev) '
++ export VIRTUAL_ENV_PROMPT
++ hash -r
+ pip install -r orbit/dev-requirements.txt
Requirement already satisfied: flake8~=7.0.0 in ./orbit-dev/lib64/python3.12/site-packages (from -r orbit/dev-requirements.txt (line 1)) (7.0.0)
Requirement already satisfied: mccabe~=0.7.0 in ./orbit-dev/lib64/python3.12/site-packages (from -r orbit/dev-requirements.txt (line 2)) (0.7.0)
Requirement already satisfied: pycodestyle~=2.11.1 in ./orbit-dev/lib64/python3.12/site-packages (from -r orbit/dev-requirements.txt (line 3)) (2.11.1)
Requirement already satisfied: pyflakes~=3.2.0 in ./orbit-dev/lib64/python3.12/site-packages (from -r orbit/dev-requirements.txt (line 4)) (3.2.0)

[notice] A new release of pip is available: 23.2.1 -> 24.0
[notice] To update, run: pip install --upgrade pip
+ pushd orbit
/home/joel/src/singularity/orbit /home/joel/src/singularity
+ ./test-style.sh
[SCAN] radius.py
[SCAN] config.py
[SCAN] db.py
[SCAN] hyperspace.py
+ popd
/home/joel/src/singularity

@theyoyojo theyoyojo merged commit 2b85cd1 into master Mar 26, 2024
@theyoyojo theyoyojo deleted the unport branch March 26, 2024 03:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants