Change logging approach. -vvvv now gives more helpful output.
Unbreak ping support.
Allow %x and %? to be used in errorcmd. When cmd fails, the only clue
as to why can be its exit code. Previously, snare had no way of transmitting
this information to the user: this commit allows using %x and %? (the
latter borrowing the similarly named variable from the shell) in errorcmd
to access this information.
Remove hyper/tokio in favour of a simple internal HTTP server. This reduces the number of library dependencies by about 25%.
Improve logging: errors, warnings, and information are now differentiated.
The -v switch increases the logging level. Defaults to “only report
errors”.
Default to /bin/sh if $SHELL isn’t set when running commands.
Add a system test suite.
Respect DESTDIR, and try to pick a more appropriate location for man pages,
in installation.
json crate to serde_json.Update dependencies, including a security fix to the regex crate.
Remove mention of reposdir from the documentation: it is deprecated and
using it causes a warning.
Documentation improvements, including more secure examples.
Updated dependencies, solving a long-standing slow error leak.
The email option in match blocks has been replaced by the more generic
errorcmd. To obtain the previous behaviour:
email = "someone@example.com";
should be changed to something like:
errorcmd = "cat %s | mailx -s \"snare error: github.com/%o/%r\" someone@example.com";
This assumes that the mailx command is installed on your machine. As this
example may suggest, errorcmd is much more flexible than email. The
syntax of errorcmd is the same as cmd with the addition that %s is
expanded to the path of the failed job’s combined stderr / stdout.
snare informs users whose config contains email how to update to
errorcmd to obtain the previous behaviour.
After daemonisation, all errors are now sent to syslog (previously a few errors could still be sent to stderr).
Fix bug in parsing string escapes, where one character too many was
consumed after \".
Use SIGCHLD to listen for child process exit, so that snare does not have
to be woken up as often.
snare now only searches for a configuration file at
/etc/snare/snare.conf; as before, you can specify an alternative location
for snare.conf via the -c option.
snare always changes its CWD to / (previously CWD was only altered if a
user was specified).
The github-block level reposdir option has been removed. The more
flexible match-block level cmd has been introduced. In essence:
github { reposdir = "/path/to/prps"; ... }
should be changed to:
github { match ".*" { cmd = "/path/to/reposdir/%o/%r %e %j"; } }
snare informs users whose config contains repodir how to update it.
snare now validates input derived from the webhook request so that it is
safe to pass to the shell: GitHub owners, repositories, and events are all
guaranteed to satisfy the regular expression [a-zA-Z0-9._-]+ and not to be
the strings . or ...
String escapes (e.g. "\"") are now properly processed (previously they were
ignored).
First release.