diff -Nru certspotter-0.15.0/CHANGELOG.md certspotter-0.15.1/CHANGELOG.md --- certspotter-0.15.0/CHANGELOG.md 2023-02-09 00:43:05.000000000 +0000 +++ certspotter-0.15.1/CHANGELOG.md 2023-02-09 18:44:06.000000000 +0000 @@ -1,5 +1,9 @@ # Change Log +## v0.15.1 (2023-02-09) +- Fix some typos in help and error messages. +- Allow version to be set via linker flag, to facilitate distro package building. + ## v0.15.0 (2023-02-08) - **Significant behavior change**: certspotter is now intended to run as a daemon instead of a cron job. Specifically, certspotter no longer diff -Nru certspotter-0.15.0/cmd/certspotter/main.go certspotter-0.15.1/cmd/certspotter/main.go --- certspotter-0.15.0/cmd/certspotter/main.go 2023-02-09 00:43:05.000000000 +0000 +++ certspotter-0.15.1/cmd/certspotter/main.go 2023-02-09 18:44:06.000000000 +0000 @@ -30,10 +30,14 @@ ) var programName = os.Args[0] +var Version = "" const defaultLogList = "https://loglist.certspotter.org/monitor.json" func certspotterVersion() string { + if Version != "" { + return Version + "?" + } info, ok := debug.ReadBuildInfo() if !ok { return "unknown" @@ -123,7 +127,7 @@ } flag.IntVar(&flags.batchSize, "batch_size", 1000, "Max number of entries to request per call to get-entries (advanced)") flag.Func("email", "Email address to contact when matching certificate is discovered (repeatable)", appendFunc(&flags.email)) - flag.DurationVar(&flags.healthcheck, "healthcheck", 24*time.Hour, "How frequently to perform a healt check") + flag.DurationVar(&flags.healthcheck, "healthcheck", 24*time.Hour, "How frequently to perform a health check") flag.StringVar(&flags.logs, "logs", defaultLogList, "File path or URL of JSON list of logs to monitor") flag.BoolVar(&flags.noSave, "no_save", false, "Do not save a copy of matching certificates in state directory") flag.StringVar(&flags.script, "script", "", "Program to execute when a matching certificate is discovered") diff -Nru certspotter-0.15.0/ct/client/logclient.go certspotter-0.15.1/ct/client/logclient.go --- certspotter-0.15.0/ct/client/logclient.go 2023-02-09 00:43:05.000000000 +0000 +++ certspotter-0.15.1/ct/client/logclient.go 2023-02-09 18:44:06.000000000 +0000 @@ -77,7 +77,7 @@ // These represent the structures returned by the CT Log server. ////////////////////////////////////////////////////////////////////////////////// -// getSTHResponse respresents the JSON response to the get-sth CT method +// getSTHResponse represents the JSON response to the get-sth CT method type getSTHResponse struct { TreeSize uint64 `json:"tree_size"` // Number of certs in the current tree Timestamp uint64 `json:"timestamp"` // Time that the tree was created @@ -85,13 +85,13 @@ TreeHeadSignature []byte `json:"tree_head_signature"` // Log signature for this STH } -// base64LeafEntry respresents a Base64 encoded leaf entry +// base64LeafEntry represents a Base64 encoded leaf entry type base64LeafEntry struct { LeafInput []byte `json:"leaf_input"` ExtraData []byte `json:"extra_data"` } -// getEntriesReponse respresents the JSON response to the CT get-entries method +// getEntriesReponse represents the JSON response to the CT get-entries method type getEntriesResponse struct { Entries []base64LeafEntry `json:"entries"` // the list of returned entries } diff -Nru certspotter-0.15.0/ct/types.go certspotter-0.15.1/ct/types.go --- certspotter-0.15.0/ct/types.go 2023-02-09 00:43:05.000000000 +0000 +++ certspotter-0.15.1/ct/types.go 2023-02-09 18:44:06.000000000 +0000 @@ -156,7 +156,7 @@ } } -// SignatureAlgorithm from the the DigitallySigned struct +// SignatureAlgorithm from the DigitallySigned struct type SignatureAlgorithm byte // SignatureAlgorithm constants @@ -301,7 +301,7 @@ SCTVersion Version `json:"sct_version"` // The version of the protocol to which the SCT conforms LogID SHA256Hash `json:"id"` // the SHA-256 hash of the log's public key, calculated over // the DER encoding of the key represented as SubjectPublicKeyInfo. - Timestamp uint64 `json:"timestamp"` // Timestamp (in ms since unix epoc) at which the SCT was issued + Timestamp uint64 `json:"timestamp"` // Timestamp (in ms since unix epoch) at which the SCT was issued Extensions CTExtensions `json:"extensions"` // For future extensions to the protocol Signature DigitallySigned `json:"signature"` // The Log's signature for this SCT } @@ -324,7 +324,7 @@ Extensions CTExtensions } -// MerkleTreeLeaf represents the deserialized sructure of the hash input for the +// MerkleTreeLeaf represents the deserialized structure of the hash input for the // leaves of a log's Merkle tree. See RFC section 3.4 type MerkleTreeLeaf struct { Version Version // the version of the protocol to which the MerkleTreeLeaf corresponds diff -Nru certspotter-0.15.0/debian/changelog certspotter-0.15.1/debian/changelog --- certspotter-0.15.0/debian/changelog 2023-02-09 13:28:24.000000000 +0000 +++ certspotter-0.15.1/debian/changelog 2023-02-14 15:08:50.000000000 +0000 @@ -1,3 +1,11 @@ +certspotter (0.15.1-1) unstable; urgency=medium + + * New upstream release. + - Drop patch -Xmain.Version patch, merged upstream. + - No other upstream changes. + + -- Faidon Liambotis Tue, 14 Feb 2023 17:08:50 +0200 + certspotter (0.15.0-1) unstable; urgency=medium * New upstream release. diff -Nru certspotter-0.15.0/debian/patches/0001-certspotterVersion-also-allow-X-main.Version.patch certspotter-0.15.1/debian/patches/0001-certspotterVersion-also-allow-X-main.Version.patch --- certspotter-0.15.0/debian/patches/0001-certspotterVersion-also-allow-X-main.Version.patch 2023-02-09 13:28:24.000000000 +0000 +++ certspotter-0.15.1/debian/patches/0001-certspotterVersion-also-allow-X-main.Version.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -From: Faidon Liambotis -Date: Thu, 9 Feb 2023 15:01:02 +0200 -Subject: certspotterVersion: also allow -X=main.Version - -debug.ReadBuildInfo() doesn't work for the Debian package, where there -is no git repository (at best; could be the Debian packaging one). The -go module doesn't have a version either. - -Add a quick shortcut at the top, that sets the version to main.Version -if it's non-empty -- which is by default, so no change in behavior. - -Effectively, this allows one to use the standard --ldflags=-X=main.Version to set the version, like we intend to do in the -Debian package. ---- - cmd/certspotter/main.go | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/cmd/certspotter/main.go b/cmd/certspotter/main.go -index be69607..6802eba 100644 ---- a/cmd/certspotter/main.go -+++ b/cmd/certspotter/main.go -@@ -30,10 +30,14 @@ import ( - ) - - var programName = os.Args[0] -+var Version = "" - - const defaultLogList = "https://loglist.certspotter.org/monitor.json" - - func certspotterVersion() string { -+ if Version != "" { -+ return Version -+ } - info, ok := debug.ReadBuildInfo() - if !ok { - return "unknown" diff -Nru certspotter-0.15.0/debian/patches/series certspotter-0.15.1/debian/patches/series --- certspotter-0.15.0/debian/patches/series 2023-02-09 13:28:24.000000000 +0000 +++ certspotter-0.15.1/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -0001-certspotterVersion-also-allow-X-main.Version.patch diff -Nru certspotter-0.15.0/merkletree/hash.go certspotter-0.15.1/merkletree/hash.go --- certspotter-0.15.0/merkletree/hash.go 2023-02-09 00:43:05.000000000 +0000 +++ certspotter-0.15.1/merkletree/hash.go 2023-02-09 18:44:06.000000000 +0000 @@ -34,7 +34,7 @@ return err } if len(hashBytes) != HashLen { - return fmt.Errorf("Merkle Tree hash has wrong length (should be %d bytes long, not %d)", HashLen) + return fmt.Errorf("Merkle Tree hash has wrong length (should be %d bytes long, not %d)", HashLen, len(hashBytes)) } copy(h[:], hashBytes) return nil diff -Nru certspotter-0.15.0/README.md certspotter-0.15.1/README.md --- certspotter-0.15.0/README.md 2023-02-09 00:43:05.000000000 +0000 +++ certspotter-0.15.1/README.md 2023-02-09 18:44:06.000000000 +0000 @@ -1,7 +1,7 @@ # Cert Spotter - Certificate Transparency Monitor **Cert Spotter** is a Certificate Transparency log monitor from SSLMate that -alerts you when a SSL/TLS certificate is issued for one of your domains. +alerts you when an SSL/TLS certificate is issued for one of your domains. Cert Spotter is easier to use than other open source CT monitors, since it does not require a database. It's also more robust, since it uses a special certificate parser that ensures it won't miss certificates.