Skip to content

Mount removal#76

Merged
theyoyojo merged 6 commits into
masterfrom
mount_removal
Apr 1, 2024
Merged

Mount removal#76
theyoyojo merged 6 commits into
masterfrom
mount_removal

Conversation

@charliemirabile

Copy link
Copy Markdown
Contributor

friendship with bind mounts ended

volumes are my new friend

@theyoyojo

Copy link
Copy Markdown
Contributor

friendships_with_ended copy

the test script can copy the CA cert from the running
container instead of looking in the ssl folder, and
now that we no longer need the ssl folder, it can be
removed from the gitignore.
Unfortunately podman does not support the subpath attribute for named
volumes and so the entire email volume including the logs needs to be
mounted in and the paths in the Containerfile need to be updated. This
isn't really a security issue since the logs are hardly interesting and
do not contain anything not available from reading the email, and the
data is mounted as read only for pop so it cannot inject fake logs into
the log directory even if it were compromised.

Without the email folder, the test script needs to reach into the volume
in order to clear the emails. It can just run a temporary container to
do so. While we are at it, we can actually save the original contents
and restore them after the test instead of just completely nuking all
stored email whenever running the test script. Now that the email folder
is no longer needed, it can be removed from the .gitignore.
users and sessions will persists when restarting the container

The tests need to start with a blank slate, so import an empty
db before testing begins. While we are at it, save and restore
existing db so that any existing data from before the testing
is preserved.
instead of mounting docs and git dir in at runtime and having to
deal with selinux nonsense, just build the content into the container
Comment thread container-compose-dev.yml
Comment thread test.sh
Comment thread test.sh
Comment thread test.sh
Comment thread container-compose-staging.yml

@theyoyojo theyoyojo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a couple of questions

by building the contents of the webroot into extenginx we can avoid
needing to mount them at all for prod and staging where selinux is a
hassle.
The previous commit deleted what used to be snippet zero, we can
now bump all the snippet numbers down so they start at zero again.
@theyoyojo

Copy link
Copy Markdown
Contributor

PASS

+ trap : EXIT
+ DOCKER=podman
+ require curl
+ command -v curl
+ require podman
+ command -v podman
+ ./script-lint.sh
+ shellcheck script-lint.sh
+ shellcheck test.sh
+ shellcheck orbit/test-style.sh
+ shellcheck orbit/warpdrive.sh
+ pushd orbit
~/src/singularity/orbit ~/src/singularity
+ ./test-style.sh
+ flake8 radius.py
+ flake8 config.py
+ flake8 db.py
+ flake8 hyperspace.py
+ popd
~/src/singularity
+ mkdir -p test
+ rm -f test/ca_cert.pem test/create_user test/delete_user test/email_orig.tar test/login_fail_invalid test/login_fail_no_user test/login_success test/orbit_orig.tar test/pop_get_empty test/pop_get_message test/register_fail_duplicate test/register_fail_no_user test/register_fail_wrong test/register_success test/smtp_send_email
+ DEVEL=
+ STAGING=
+ EMAIL_HOSTNAME=kdlp.underground.software
+ '[' -n '' ']'
+ '[' -n '' ']'
+ podman cp singularity_nginx_1:/etc/ssl/nginx/fullchain.pem test/ca_cert.pem
+ podman volume export singularity_email
+ nuke_mail
+ podman run --rm -v singularity_email:/mnt alpine:3.19 sh -c 'rm -f /mnt/mail/* /mnt/logs/*'
+ add_cleanup 'podman volume import singularity_email test/email_orig.tar'
++ printf '%s\n' 'podman volume import singularity_email test/email_orig.tar'
+++ trap -p EXIT
++ eval 'get_stack trap -- '\'':'\'' EXIT'
+++ get_stack trap -- : EXIT
+++ printf '%s\n' :
+ trap -- 'podman volume import singularity_email test/email_orig.tar
:' EXIT
+ CURL_OPTS=(--verbose --cacert test/ca_cert.pem --fail --no-progress-meter)
+ podman volume export singularity_orbit-db
+ xxd -r
+ gunzip
+ podman volume import singularity_orbit-db -
+ add_cleanup 'podman volume import singularity_orbit-db test/orbit_orig.tar'
++ printf '%s\n' 'podman volume import singularity_orbit-db test/orbit_orig.tar'
+++ trap -p EXIT
++ eval 'get_stack trap -- '\''podman volume import singularity_email test/email_orig.tar
:'\'' EXIT'
+++ get_stack trap -- 'podman volume import singularity_email test/email_orig.tar
:' EXIT
+++ printf '%s\n' 'podman volume import singularity_email test/email_orig.tar
:'
+ trap -- 'podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:' EXIT
+ grep 'msg = no such student'
+ tee test/register_fail_no_user
+ curl --url https://kdlp.underground.software/register --unix-socket ./socks/https.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --data student_id=1234
* processing: https://kdlp.underground.software/register
*   Trying ./socks/https.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/https.sock) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: kdlp.underground.software
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 15
> Content-Type: application/x-www-form-urlencoded
>
} [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 01 Apr 2024 22:21:54 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1160 bytes data]
* Connection #0 to host kdlp.underground.software left intact
        <code>msg = no such student</code><br>
+ curl --url https://kdlp.underground.software/login --unix-socket ./socks/https.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --data 'username=user&password=pass'
+ tee test/login_fail_no_user
+ grep 'msg = authentication failure'
* processing: https://kdlp.underground.software/login
*   Trying ./socks/https.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/https.sock) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> POST /login HTTP/1.1
> Host: kdlp.underground.software
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 27
> Content-Type: application/x-www-form-urlencoded
>
} [27 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 01 Apr 2024 22:21:54 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1365 bytes data]
* Connection #0 to host kdlp.underground.software left intact
        <code>msg = authentication failure</code><br>
+ orbit/warpdrive.sh -u user -p pass -i 1234 -n
+ tee test/create_user
+ grep 'credentials(username: user, password:pass)'
credentials(username: user, password:pass)
+ add_cleanup 'orbit/warpdrive.sh   -u user -w   | tee test/delete_user   | grep '\''user'\'''
++ printf '%s\n' 'orbit/warpdrive.sh   -u user -w   | tee test/delete_user   | grep '\''user'\'''
+++ trap -p EXIT
++ eval 'get_stack trap -- '\''podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:'\'' EXIT'
+++ get_stack trap -- 'podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:' EXIT
+++ printf '%s\n' 'podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:'
+ trap -- 'orbit/warpdrive.sh   -u user -w   | tee test/delete_user   | grep '\''user'\''
podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:' EXIT
+ curl --url https://kdlp.underground.software/register --unix-socket ./socks/https.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --data student_id=123
+ grep 'msg = no such student'
+ tee test/register_fail_wrong
* processing: https://kdlp.underground.software/register
*   Trying ./socks/https.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/https.sock) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: kdlp.underground.software
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 14
> Content-Type: application/x-www-form-urlencoded
>
} [14 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 01 Apr 2024 22:21:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1160 bytes data]
* Connection #0 to host kdlp.underground.software left intact
        <code>msg = no such student</code><br>
+ curl --url https://kdlp.underground.software/register --unix-socket ./socks/https.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --data student_id=1234
+ tee test/register_success
+ grep 'msg = welcome to the classroom'
* processing: https://kdlp.underground.software/register
*   Trying ./socks/https.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/https.sock) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: kdlp.underground.software
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 15
> Content-Type: application/x-www-form-urlencoded
>
} [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 01 Apr 2024 22:21:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1070 bytes data]
* Connection #0 to host kdlp.underground.software left intact
        <code>msg = welcome to the classroom</code><br>
+ curl --url https://kdlp.underground.software/register --unix-socket ./socks/https.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --data student_id=1234
+ tee test/register_fail_duplicate
+ grep 'msg = no such student'
* processing: https://kdlp.underground.software/register
*   Trying ./socks/https.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/https.sock) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> POST /register HTTP/1.1
> Host: kdlp.underground.software
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 15
> Content-Type: application/x-www-form-urlencoded
>
} [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 01 Apr 2024 22:21:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1160 bytes data]
* Connection #0 to host kdlp.underground.software left intact
        <code>msg = no such student</code><br>
+ curl --url https://kdlp.underground.software/login --unix-socket ./socks/https.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --data 'username=user&password=invalid'
+ tee test/login_fail_invalid
+ grep 'msg = authentication failure'
* processing: https://kdlp.underground.software/login
*   Trying ./socks/https.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/https.sock) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> POST /login HTTP/1.1
> Host: kdlp.underground.software
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 30
> Content-Type: application/x-www-form-urlencoded
>
} [30 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 01 Apr 2024 22:21:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
< Set-Cookie: auth=
<
{ [1365 bytes data]
* Connection #0 to host kdlp.underground.software left intact
        <code>msg = authentication failure</code><br>
+ curl --url https://kdlp.underground.software/login --unix-socket ./socks/https.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --data 'username=user&password=pass'
+ tee test/login_success
+ grep 'msg = user authenticated by password'
* processing: https://kdlp.underground.software/login
*   Trying ./socks/https.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/https.sock) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> POST /login HTTP/1.1
> Host: kdlp.underground.software
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 27
> Content-Type: application/x-www-form-urlencoded
>
} [27 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 01 Apr 2024 22:21:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: auth=
< Set-Cookie: auth=81ad2f9868196cb51b80c4571507e5f5c0a773266596cc96490065d358ce36a2; Expires=Tue, 02 Apr 2024 01:21:55 GMT; Max-Age=10800; Path=/
<
{ [1633 bytes data]
* Connection #0 to host kdlp.underground.software left intact
        <code>msg = user authenticated by password</code><br>
+ curl --url pop3s://kdlp.underground.software --unix-socket ./socks/pop3s.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --user user:pass
+ tee test/pop_get_empty
+ diff /dev/fd/62 /dev/stdin
++ printf '\r\n'
* processing: pop3s://kdlp.underground.software
*   Trying ./socks/pop3s.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/pop3s.sock) port 995
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< +OK POP3 ready
} [5 bytes data]
> CAPA
{ [5 bytes data]
< +OK Capability list follows
< TOP
< USER
< UIDL
< SASL PLAIN LOGIN
< .
} [5 bytes data]
> AUTH PLAIN
{ [5 bytes data]
< +
} [5 bytes data]
> AHVzZXIAcGFzcw==
{ [5 bytes data]
< +OK got username
} [5 bytes data]
> LIST
{ [5 bytes data]
< +OK maildrop follows
{ [5 bytes data]
* Connection #0 to host kdlp.underground.software left intact
++ printf '\r'
+ CR=$'\r'
+ curl --url smtps://kdlp.underground.software --unix-socket ./socks/smtps.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --mail-from user@kdlp.underground.software --mail-rcpt other@kdlp.underground.software --upload-file - --user user:pass
+ tee test/smtp_send_email
+ diff /dev/fd/62 /dev/stdin
++ printf ''
* processing: smtps://kdlp.underground.software
*   Trying ./socks/smtps.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/smtps.sock) port 465
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< 220 kdlp.underground.software ESMTP ready
} [5 bytes data]
> EHLO fedora
{ [5 bytes data]
< 250-kdlp.underground.software
< 250 AUTH PLAIN LOGIN
} [5 bytes data]
> AUTH PLAIN
{ [5 bytes data]
< 334
} [5 bytes data]
> AHVzZXIAcGFzcw==
{ [5 bytes data]
< 235 2.0.0 OK
} [5 bytes data]
> MAIL FROM:<user@kdlp.underground.software>
{ [5 bytes data]
< 250 OK
} [5 bytes data]
> RCPT TO:<other@kdlp.underground.software>
{ [5 bytes data]
< 250 OK
} [5 bytes data]
> DATA
{ [5 bytes data]
< 354 Start input
} [5 bytes data]
< 250 OK
* Connection #0 to host kdlp.underground.software left intact
+ add_cleanup nuke_mail
++ printf '%s\n' nuke_mail
+++ trap -p EXIT
++ eval 'get_stack trap -- '\''orbit/warpdrive.sh   -u user -w   | tee test/delete_user   | grep '\''\'\'''\''user'\''\'\'''\''
podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:'\'' EXIT'
+++ get_stack trap -- 'orbit/warpdrive.sh   -u user -w   | tee test/delete_user   | grep '\''user'\''
podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:' EXIT
+++ printf '%s\n' 'orbit/warpdrive.sh   -u user -w   | tee test/delete_user   | grep '\''user'\''
podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:'
+ trap -- 'nuke_mail
orbit/warpdrive.sh   -u user -w   | tee test/delete_user   | grep '\''user'\''
podman volume import singularity_orbit-db test/orbit_orig.tar
podman volume import singularity_email test/email_orig.tar
:' EXIT
+ tee test/pop_get_message
+ curl --url pop3s://kdlp.underground.software/1 --unix-socket ./socks/pop3s.sock --verbose --cacert test/ca_cert.pem --fail --no-progress-meter --user user:pass
+ grep 'Bottom text'
* processing: pop3s://kdlp.underground.software/1
*   Trying ./socks/pop3s.sock:0...
* Connected to kdlp.underground.software (/run/nginx/socks/pop3s.sock) port 995
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: test/ca_cert.pem
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1340 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
*  subject: CN=kdlp.underground.software
*  start date: Apr  1 22:15:48 2024 GMT
*  expire date: Apr 25 22:15:48 2389 GMT
*  common name: kdlp.underground.software (matched)
*  issuer: CN=kdlp.underground.software
*  SSL certificate verify ok.
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< +OK POP3 ready
} [5 bytes data]
> CAPA
{ [5 bytes data]
< +OK Capability list follows
< TOP
< USER
< UIDL
< SASL PLAIN LOGIN
< .
} [5 bytes data]
> AUTH PLAIN
{ [5 bytes data]
< +
} [5 bytes data]
> AHVzZXIAcGFzcw==
{ [5 bytes data]
< +OK got username
} [5 bytes data]
> RETR 1
{ [5 bytes data]
< +OK message follows
{ [5 bytes data]
* Connection #0 to host kdlp.underground.software left intact
Bottom text
+ nuke_mail
+ podman run --rm -v singularity_email:/mnt alpine:3.19 sh -c 'rm -f /mnt/mail/* /mnt/logs/*'
+ orbit/warpdrive.sh -u user -w
+ grep user
+ tee test/delete_user
user
+ podman volume import singularity_orbit-db test/orbit_orig.tar
+ podman volume import singularity_email test/email_orig.tar
+ :

@theyoyojo theyoyojo merged commit 405c5eb into master Apr 1, 2024
@theyoyojo theyoyojo deleted the mount_removal branch April 1, 2024 22:23
@charliemirabile charliemirabile mentioned this pull request Apr 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants