Use tox -c option

Setup deltachat dependency in init.sh
run tests via scripts
2026-05-10 16:04:37 +00:00 · 2023-10-22 11:49:25 +00:00 · 2023-10-22 11:47:40 +00:00 · 2023-10-21 12:51:30 +02:00 · 2023-10-21 12:49:05 +02:00 · 2023-10-21 12:22:21 +02:00
20 changed files with 41 additions and 210 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -159,5 +159,3 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
-
-chatmail.zone
--- a/README.md
+++ b/README.md
@@ -10,17 +10,14 @@ comprised of a minimal setup of the battle-tested

    scripts/init.sh 

-2. setup a domain with `A` and `AAAA` records for your chatmail server
-
-3. set environment variable to the chatmail domain you want to setup:
+2. set environment variable to the chatmail domain you want to setup:

    export CHATMAIL_DOMAIN=c1.testrun.org   # replace with your host

-4. run the deploy of the chat mail instance: 
+3. run the deploy of the chat mail instance: 

    scripts/deploy.sh 

-5. run `scripts/generate-dns-zone.sh` and create the generated DNS records at your DNS provider

 ## Running tests and benchmarks (offline and online) 

--- a/chatmaild/src/chatmaild/dictproxy.py
+++ b/chatmaild/src/chatmaild/dictproxy.py
@@ -21,27 +21,15 @@ def encrypt_password(password: str):
    return "{SHA512-CRYPT}" + passhash


-def check_password(password) -> bool:
-    """Check password policy"""
-    if len(password) < 10:
-        return False
-    return True
-
-
-def create_user(db, user, encrypted_password):
+def create_user(db, user, password):
    if os.path.exists(NOCREATE_FILE):
        logging.warning(
            f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation."
        )
        return
    with db.write_transaction() as conn:
-        conn.create_user(user, encrypted_password)
-    return dict(
-        home=f"/home/vmail/{user}",
-        uid="vmail",
-        gid="vmail",
-        password=encrypted_password,
-    )
+        conn.create_user(user, password)
+    return dict(home=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password)


 def get_user_data(db, user):
@@ -60,9 +48,6 @@ def lookup_userdb(db, user):
 def lookup_passdb(db, user, password):
    userdata = get_user_data(db, user)
    if not userdata:
-        if not check_password(password):
-            logging.warning("Attempt to create an account with a weak password.")
-            return
        return create_user(db, user, encrypt_password(password))
    userdata["password"] = userdata["password"].strip()
    return userdata
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -34,34 +34,6 @@ def check_encrypted(message):
    return True


-def check_mdn(message, envelope):
-    if len(envelope.rcpt_tos) != 1:
-        return False
-
-    for name in ["auto-submitted", "chat-version"]:
-        if not message.get(name):
-            return False
-
-    if message.get_content_type() != "multipart/report":
-        return False
-
-    body = message.get_body()
-    if body.get_content_type() != "text/plain":
-        return False
-
-    if list(body.iter_attachments()) or list(body.iter_parts()):
-        return False
-
-    # even with all mime-structural checks an attacker
-    # could try to abuse the subject or body to contain links or other
-    # annoyance -- we skip on checking subject/body for now as Delta Chat
-    # should evolve to create E2E-encrypted read receipts anyway.
-    # and then MDNs are just encrypted mail and can pass the border
-    # to other instances.
-
-    return True
-
-
 class SMTPController(Controller):
    def factory(self):
        return SMTP(self.handler, **self.SMTP_kwargs)
@@ -110,9 +82,6 @@ def check_DATA(envelope):
    if envelope.mail_from.lower() != from_addr.lower():
        return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"

-    if not mail_encrypted and check_mdn(message, envelope):
-        return
-
    envelope_from_domain = from_addr.split("@").pop()
    for recipient in envelope.rcpt_tos:
        if envelope.mail_from == recipient:
--- a/deploy-chatmail/src/deploy_chatmail/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/init.py
@@ -4,8 +4,8 @@ Chat Mail pyinfra deploy.
 import importlib.resources
 from pathlib import Path

-from pyinfra import host
-from pyinfra.operations import apt, files, server, systemd
+from pyinfra import host, logger
+from pyinfra.operations import apt, files, server, systemd, python
 from pyinfra.facts.files import File
 from .acmetool import deploy_acmetool

@@ -70,36 +70,6 @@ def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
        mode="644",
        config={"domain_name": domain, "opendkim_selector": dkim_selector},
    )
-    need_restart |= main_config.changed
-
-    files.directory(
-        name="Add opendkim directory to /etc",
-        path="/etc/opendkim",
-        user="opendkim",
-        group="opendkim",
-        mode="750",
-        present=True,
-    )
-
-    keytable = files.template(
-        src=importlib.resources.files(__package__).joinpath("opendkim/KeyTable"),
-        dest="/etc/dkimkeys/KeyTable",
-        user="opendkim",
-        group="opendkim",
-        mode="644",
-        config={"domain_name": domain, "opendkim_selector": dkim_selector},
-    )
-    need_restart |= keytable.changed
-
-    signing_table = files.template(
-        src=importlib.resources.files(__package__).joinpath("opendkim/SigningTable"),
-        dest="/etc/dkimkeys/SigningTable",
-        user="opendkim",
-        group="opendkim",
-        mode="644",
-        config={"domain_name": domain, "opendkim_selector": dkim_selector},
-    )
-    need_restart |= signing_table.changed

    files.directory(
        name="Add opendkim socket directory to /var/spool/postfix",
@@ -120,6 +90,8 @@ def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
            _sudo_user="opendkim",
        )

+    need_restart |= main_config.changed
+
    return need_restart


@@ -320,3 +292,14 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
        enabled=True,
        restarted=journald_conf,
    )
+
+    def callback():
+        result = server.shell(
+            commands=[
+                f"""sed 's/\tIN/ 600 IN/;s/\t(//;s/\"$//;s/^\t  \"//g; s/ ).*//' """
+                f"""/etc/dkimkeys/{dkim_selector}.txt | tr --delete '\n'"""
+            ]
+        )
+        logger.info(f"Add this TXT entry into DNS zone: {result.stdout}")
+
+    python.call(name="Print TXT entry for DKIM", function=callback)
--- a/deploy-chatmail/src/deploy_chatmail/deploy.py
+++ b/deploy-chatmail/src/deploy_chatmail/deploy.py
@@ -6,7 +6,7 @@ from deploy_chatmail import deploy_chatmail
 def main():
    mail_domain = os.getenv("CHATMAIL_DOMAIN")
    mail_server = os.getenv("CHATMAIL_SERVER", mail_domain)
-    dkim_selector = os.getenv("CHATMAIL_DKIM_SELECTOR", "dkim")
+    dkim_selector = os.getenv("CHATMAIL_DKIM_SELECTOR", "2023")

    assert mail_domain
    assert mail_server
--- a/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
@@ -118,24 +118,6 @@ service auth-worker {
  user = vmail
 }

-service imap-login {
-    # High-security mode.
-    # Each process serves a single connection and exits afterwards.
-    # This is the default, but we set it explicitly to be sure.
-    # See <https://doc.dovecot.org/admin_manual/login_processes/#high-security-mode> for details.
-    service_count = 1
-
-    # Inrease the number of simultaneous connections.
-    #
-    # As of Dovecot 2.3.19.1 the default is 100 processes.
-    # Combined with `service_count = 1` it means only 100 connections
-    # can be handled simultaneously.
-    process_limit = 10000
-
-    # Avoid startup latency for new connections.
-    process_min_avail = 10
-}
-
 ssl = required
 ssl_cert = </var/lib/acme/live/{{ config.hostname }}/fullchain
 ssl_key = </var/lib/acme/live/{{ config.hostname }}/privkey
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/KeyTable
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/KeyTable
@@ -1 +0,0 @@
-dkim._domainkey.{{ config.domain_name }} {{ config.domain_name }}:{{ config.opendkim_selector }}:/etc/dkimkeys/dkim.private
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/SigningTable
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/SigningTable
@@ -1 +0,0 @@
-*@{{ config.domain_name }} {{ config.opendkim_selector }}._domainkey.{{ config.domain_name }}
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/opendkim.conf
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/opendkim.conf
@@ -1,4 +1,7 @@
-# OpenDKIM configuration.
+# This is a basic configuration for signing and verifying. It can easily be
+# adapted to suit a basic installation. See opendkim.conf(5) and
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
+# documentation of available configuration parameters.

 Syslog			yes
 SyslogSuccess		yes
@@ -18,9 +21,7 @@ OversignHeaders		From
 # setup options can be found in /usr/share/doc/opendkim/README.opendkim.
 Domain			{{ config.domain_name }}
 Selector		{{ config.opendkim_selector }}
-KeyFile		  /etc/dkimkeys/{{ config.opendkim_selector }}.private
-KeyTable          /etc/dkimkeys/KeyTable
-SigningTable      /etc/dkimkeys/SigningTable
+KeyFile		/etc/dkimkeys/{{ config.opendkim_selector }}.private

 # In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
 # using a local socket with MTAs that access the socket as a non-privileged
--- a/scripts/bench.sh
+++ b/scripts/bench.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 set -e

-venv/bin/pytest online-tests/benchmark.py -vrx 
+online-tests/venv/bin/pytest online-tests/benchmark.py -vrx 
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -1,15 +1,10 @@
 #!/usr/bin/env bash
+: ${CHATMAIL_DOMAIN:=c1.testrun.org}
+export CHATMAIL_DOMAIN

-echo -----------------------------------------
-echo deploying to $CHATMAIL_DOMAIN 
-echo -----------------------------------------
+chatmaild/venv/bin/python3 -m build -n --sdist chatmaild --outdir dist

-echo WARNING: in five seconds deploy to $CHATMAIL_DOMAIN starts
-sleep 5
-
-venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
-
-venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
+deploy-chatmail/venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
    deploy-chatmail/src/deploy_chatmail/deploy.py

 rm -r dist/
--- a/scripts/generate-dns-zone.sh
+++ b/scripts/generate-dns-zone.sh
@@ -1,20 +0,0 @@
-#!/bin/sh
-: ${CHATMAIL_DOMAIN:=c1.testrun.org}
-: ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
-
-set -e
-SSH="ssh root@$CHATMAIL_SSH"
-EMAIL="root@$CHATMAIL_DOMAIN"
-ACME_ACCOUNT_URL="$($SSH -- acmetool account-url)"
-
-cat <<EOF
-$CHATMAIL_DOMAIN. MX 10 $CHATMAIL_DOMAIN.
-$CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_DOMAIN -all"
-_dmarc.$CHATMAIL_DOMAIN. TXT "v=DMARC1;p=reject;rua=mailto:$EMAIL;ruf=mailto:$EMAIL;fo=1;adkim=r;aspf=r"
-_submission._tcp.$CHATMAIL_DOMAIN.  SRV 0 1 587 $CHATMAIL_DOMAIN.
-_submissions._tcp.$CHATMAIL_DOMAIN. SRV 0 1 465 $CHATMAIL_DOMAIN.
-_imap._tcp.$CHATMAIL_DOMAIN.        SRV 0 1 143 $CHATMAIL_DOMAIN.
-_imaps._tcp.$CHATMAIL_DOMAIN.       SRV 0 1 993 $CHATMAIL_DOMAIN.
-$CHATMAIL_DOMAIN. IN CAA 0 issue "letsencrypt.org; accounturi=$ACME_ACCOUNT_URL"
-EOF
-$SSH opendkim-genzone -F | sed 's/^;.*$//;/^$/d'
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-venv/bin/tox -c chatmaild
-venv/bin/tox -c deploy-chatmail
+tox -c chatmaild
+tox -c deploy-chatmail
 venv/bin/pytest tests/online -vrx --durations=5 $@
--- a/tests/chatmaild/test_dictproxy.py
+++ b/tests/chatmaild/test_dictproxy.py
@@ -18,7 +18,7 @@ def test_basic(db):
    chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
    if os.path.exists(chatmaild.dictproxy.NOCREATE_FILE):
        os.remove(chatmaild.dictproxy.NOCREATE_FILE)
-    lookup_passdb(db, "link2xt@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
+    lookup_passdb(db, "link2xt@c1.testrun.org", "asdf")
    data = get_user_data(db, "link2xt@c1.testrun.org")
    assert data

@@ -37,7 +37,7 @@ def test_nocreate_file(db):
    with open(chatmaild.dictproxy.NOCREATE_FILE, "w+") as f:
        f.write("")
    assert os.path.exists(chatmaild.dictproxy.NOCREATE_FILE)
-    lookup_passdb(db, "newuser1@something.org", "zequ0Aimuchoodaechik")
+    lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
    assert not get_user_data(db, "newuser1@something.org")
    os.remove(chatmaild.dictproxy.NOCREATE_FILE)

--- a/tests/chatmaild/test_filtermail.py
+++ b/tests/chatmaild/test_filtermail.py
@@ -1,4 +1,4 @@
-from chatmaild.filtermail import check_encrypted, check_DATA, SendRateLimiter, check_mdn
+from chatmaild.filtermail import check_encrypted, check_DATA, SendRateLimiter
 import pytest


@@ -41,33 +41,8 @@ def test_filtermail_encryption_detection(maildata):
    assert not check_encrypted(msg)


-def test_filtermail_is_mdn(maildata, gencreds):
-    from_addr = gencreds()[0]
-    to_addr = gencreds()[0] + ".other"
-    msg = maildata("mdn.eml", from_addr, to_addr)
-
-    class env:
-        mail_from = from_addr
-        rcpt_tos = [to_addr]
-        content = msg.as_bytes()
-
-    assert check_mdn(msg, env)
-    print(msg.as_string())
-    assert not check_DATA(env)
-
-
-def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
-    from_addr = gencreds()[0]
-    to_addr = gencreds()[0] + ".other"
-    thirdaddr = gencreds()[0]
-    msg = maildata("mdn.eml", from_addr, to_addr)
-
-    class env:
-        mail_from = from_addr
-        rcpt_tos = [to_addr, thirdaddr]
-        content = msg.as_bytes()
-
-    assert not check_mdn(msg, env)
+def test_filtermail_mdn_is_not_encrypted(maildata):
+    assert not check_encrypted(maildata("mdn.eml"))


 def test_send_rate_limiter():
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -290,7 +290,7 @@ class Remote:
 def maildata(request, gencreds):
    datadir = conftestdir.joinpath("mail-data")

-    def maildata(name, from_addr=None, to_addr=None):
+    def maildata(name, parsed=True, from_addr=None, to_addr=None):
        if from_addr is None:
            from_addr = gencreds()[0]
        if to_addr is None:
--- a/tests/mail-data/mdn.eml
+++ b/tests/mail-data/mdn.eml
@@ -1,6 +1,6 @@
 Subject: Message opened
-From: <{from_addr}>
-To: <{to_addr}>
+From: <barbaz@c2.testrun.org>
+To: <foobar@c2.testrun.org>
 Date: Sun, 15 Oct 2023 16:43:25 +0000
 Message-ID: <Mr.78MWtlV7RAi.goCFzBhCYfy@c2.testrun.org>
 Auto-Submitted: auto-replied
--- a/tests/online/test_0_login.py
+++ b/tests/online/test_0_login.py
@@ -23,11 +23,6 @@ def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
    with pytest.raises(imap_or_smtp.AuthError):
        imap_or_smtp.login(user, password + "wrong")

-    lp.sec(f"creating users with a short password is not allowed")
-    user, _password = gencreds()
-    with pytest.raises(imap_or_smtp.AuthError):
-        imap_or_smtp.login(user, "admin")
-

 def test_login_same_password(imap_or_smtp, gencreds):
    """Test two different users logging in with the same password
--- a/tests/online/test_2_deltachat.py
+++ b/tests/online/test_2_deltachat.py
@@ -1,4 +1,3 @@
-import time
 import random
 import pytest

@@ -82,29 +81,3 @@ class TestEndToEndDeltaChat:
        ch = ac2.qr_setup_contact(qr)
        assert ch.id >= 10
        ac1._evtracker.wait_securejoin_inviter_progress(1000)
-
-    def test_read_receipts_between_instances(self, cmfactory, lp, maildomain2):
-        ac1 = cmfactory.new_online_configuring_account(cache=False)
-        cmfactory.switch_maildomain(maildomain2)
-        ac2 = cmfactory.new_online_configuring_account(cache=False)
-        cmfactory.bring_accounts_online()
-
-        lp.sec("setup encrypted comms between ac1 and ac2 on different instances")
-        qr = ac1.get_setup_contact_qr()
-        ch = ac2.qr_setup_contact(qr)
-        msg = ac2.wait_next_incoming_message()
-        assert "verified" in msg.text
-
-        lp.sec("ac1 sends a message and ac2 marks it as seen")
-        chat = ac1.create_chat(ac2)
-        msg = chat.send_text("hi")
-        m = ac2.wait_next_incoming_message()
-        m.mark_seen()
-        # we can only indirectly wait for mark-seen to cause an smtp-error
-        lp.sec("try to wait for markseen to complete and check error states")
-        deadline = time.time() + 3.1
-        while time.time() < deadline:
-            msgs = m.chat.get_messages()
-            for msg in msgs:
-                assert "error" not in m.get_message_info()
-            time.sleep(1)
Author	SHA1	Message	Date
link2xt	77727e259e	Use tox -c option	2023-10-22 11:49:25 +00:00
link2xt	732fdb3dab	Setup `deltachat` dependency in init.sh	2023-10-22 11:47:40 +00:00
holger krekel	fe648f4784	run tests via scripts	2023-10-21 12:51:30 +02:00
holger krekel	d43e046c5d	try to run all offline tests in CI	2023-10-21 12:49:05 +02:00
holger krekel	3716f2e429	fix init.sh and test.sh use tox for chatmaild non-online tests	2023-10-21 12:22:21 +02:00
holger krekel	00b4c484ff	add missing file	2023-10-21 01:16:35 +02:00
holger krekel	0950d7ea8f	rename fixture to maildata and rename doveauth	2023-10-21 00:53:47 +02:00
holger krekel	7dd2d0b9b4	more maildata shifting	2023-10-21 00:47:19 +02:00
holger krekel	dd232689a7	move all inlined mails to a data directory	2023-10-21 00:06:30 +02:00
holger krekel	c613ca24af	move all tests into a root "tests" folder so they can share setup and config	2023-10-20 23:07:48 +02:00
				`@@ -1 +0,0 @@`
				`dkim._domainkey.{{ config.domain_name }} {{ config.domain_name }}:{{ config.opendkim_selector }}:/etc/dkimkeys/dkim.private`
				`@@ -1 +0,0 @@`
				`*@{{ config.domain_name }} {{ config.opendkim_selector }}._domainkey.{{ config.domain_name }}`