https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7397
Bug ID: 7397
Summary: SA-Update hasn't seen a lot of love lately
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sa-update
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
Created attachment 5439
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5439&action=edit
Modified sa-update with enhanced support for channel options
While looking at the sa-update methods, we see that the code hasn't had a lot
of love lately, but even more to the point, it is constrained in it's ability
to use multiple channels, when very specific channel requirements might/should
be in place.
And while my Perl code is most likely horrible from lack of use lately, decided
to look at updating it to used an enhanced methodology.
* More Flexible Channel mechanisms
* Try for 100% backwards compatibility
* Try not to completely re-write from scratch, to make easier adoption.
What I decided to do is use a commonly used concept..
/etc/spamassassin/channels.d/
Where individual channels could have their own configurations, yet allowing a
simple native sa-update process and cron jobs properly retrieve all channels
safely.
The reason for this, is that different channels might have different
restrictions, eg.. some require, https vs http, some might use http auth, some
might have differing GPG requirements, some might want IPv6 access etc.. Some
might have to refresh mirrors more often, etc..
The idea is that a config file would look similar to this..
channel=updates.spamassassin.org
use=y
;use-ipv6=no
use-gpg=y
; You MUST specify 'trusted' keys in one of the following two options
gpgkey=26C900A46DD40CD5AD24F6D7DEE01987265FA05B
0C2B1D7175B852C64B3CDC716C55397824F434CE
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
;gpgkeyfile
# This should default to the channel name
gpghomedir=/etc/spamassassin/sa-update-keys
force-https=n
#use-auth-token=myuser
; watch out for passwords containing '='
#use-auth-password=mypass
refresh-mirrors=n
allow-plugins=y
(of course, allowing if allowing plugins, it behooves the user of the channel
to make sure that the channel rules are 'secure' and 'authentic)
I also chose to have all public keys stored in the same directory, eg
/usr/share/spamassassin, but with a naming convention that reflects the actual
channel name, except of course for the legacy key for updates.spamassassin.org
I also chose to prefer to have gpghomedir based on the channel name, and to be
located under /etc/spamassassin/sa-update-keys/
And while sa-update should really be rebuilt from scratch, by someone who is a
much better perl programmer than I, I thought I would share my working version
of an updated sa-update program, for what it is worth.
Only thing left is to improve the cron jobs to accommodate, so that it can
pre-compile other channels rules as well as the native rules.
Please dont' criticize the code too heavily, but take the concept and the
working prototype for what it is meant, a contribution, and a step forward to
make it easier for those that test/develop rule sets, to use multiple channels
much more safely. And of course, I didn't test it on other platforms (eg,
windows)
--
You are receiving this mail because:
You are the assignee for the bug.
