v2.4.3: security notices separate from community notices

2018-09-17 01:16:27 -06:00 · 2018-09-17 01:16:27 -06:00 · 781a735146
commit 781a735146
parent 540ac6c310
4 changed files with 29 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -162,7 +162,8 @@ var greenlock = require('greenlock').create({

 , email: 'user@example.com'           // IMPORTANT: Change email and domains
 , agreeTos: true                      // Accept Let's Encrypt v2 Agreement
-, communityMember: true               // Optionally get important greenlock updates (security, api changes, etc)
+, communityMember: true               // Get (rare) non-mandatory updates about cool greenlock-related stuff (default false)
+, securityUpdates: true               // Important and mandatory notices related to security or breaking API changes (default true)

 , approveDomains: approveDomains
 });
@ -530,6 +531,8 @@ See https://git.coolaj86.com/coolaj86/le-challenge-fs.js

 Change History
 ==============
+* v2.4
+  * v2.4.3 - add security updates (default true) independent of community updates (default false)
 * v2.2 - Let's Encrypt v2 Support
  * v2.2.11 - documentation updates
  * v2.2.10 - don't let SNICallback swallow approveDomains errors 6286883fc2a6ebfff711a540a2e4d92f3ac2907c
--- a/lib/community.js
+++ b/lib/community.js
@ -1,6 +1,6 @@
 'use strict';

-function addCommunityMember(pkg, email, domains) {
+function addCommunityMember(pkg, action, email, domains, communityMember) {
  setTimeout(function () {
    var https = require('https');
    var req = https.request({
@ -15,15 +15,29 @@ function addCommunityMember(pkg, email, domains) {
      if (err) { return; }
      resp.on('data', function () {});
    });
-    req.write(JSON.stringify({
+    var data = {
      address: email
-    , comment: (pkg || 'community') + '  member w/ ' + (domains||[]).map(function (d) {
+      // greenlock-security is transactional and security only
+    , list: communityMember ? (pkg + '@ppl.family') : 'greenlock-security@ppl.family'
+    , action: action // reg | renew
+    , package: pkg
+      // hashed for privacy, but so we can still get some telemetry and inform users
+      // if abnormal things are happening (like several registrations for the same domain each day)
+    , domain: (domains||[]).map(function (d) {
        return require('crypto').createHash('sha1').update(d).digest('base64')
          .replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '');
      }).join(',')
-    }));
+    };
+    console.log(JSON.stringify(data, 2, null));
+    req.write(JSON.stringify(data, 2, null));
    req.end();
  }, 50);
 }

 module.exports.add = addCommunityMember;
+
+if (require.main === module) {
+  //addCommunityMember('greenlock-express.js', 'reg', 'coolaj86+test42@gmail.com', ['coolaj86.com'], true);
+  //addCommunityMember('greenlock.js', 'reg', 'coolaj86+test37@gmail.com', ['oneal.im'], false);
+  //addCommunityMember('greenlock.js', 'reg', 'coolaj86+test11@gmail.com', ['ppl.family'], true);
+}
--- a/lib/core.js
+++ b/lib/core.js
@ -407,9 +407,10 @@ module.exports.create = function (gl) {
        return core.certificates.checkAsync(args).then(function (certs) {
          if (!certs) {
            // There is no cert available
-            if (args.communityMember && !args._communityMemberAdded) {
+            if (false !== args.securityUpdates && !args._communityMemberAdded) {
              try {
-                require('./community').add(args._communityPackage + ' reg', args.email, args.domains);
+                // We will notify all greenlock users of mandatory and security updates
+                require('./community').add(args._communityPackage, 'reg', args.email, args.domains, args.communityMember);
              } catch(e) { /* ignore */ }
              args._communityMemberAdded = true;
            }
@ -418,9 +419,10 @@ module.exports.create = function (gl) {

          if (core.certificates._isRenewable(args, certs)) {
            // it's time to renew the available cert
-            if (args.communityMember && !args._communityMemberAdded) {
+            if (false !== args.securityUpdates && !args._communityMemberAdded) {
              try {
-                require('./community').add(args._communityPackage + ' renew', args.email, args.domains);
+                // We will notify all greenlock users of mandatory and security updates
+                require('./community').add(args._communityPackage, 'renew', args.email, args.domains, args.communityMember);
              } catch(e) { /* ignore */ }
              args._communityMemberAdded = true;
            }
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "greenlock",
-  "version": "2.4.2",
+  "version": "2.4.3",
  "description": "Let's Encrypt for node.js on npm",
  "main": "index.js",
  "files": [