.gitlab-ci.yml

-include: "https://git.autistici.org/ai3/build-deb/raw/master/ci-common.yml"
-
-run_tests:
-  stage: test
-  image: registry.git.autistici.org/ai3/docker/test/golang:master
-  script:
-    - run-go-test ./...
-  artifacts:
-    when: always
-    reports:
-      coverage_report:
-        coverage_format: cobertura
-        path: cover.xml
-      junit: report.xml
-
+include:
+  - "https://git.autistici.org/pipelines/debian/raw/master/common.yml"
+  - "https://git.autistici.org/ai3/docker/test/golang/raw/master/ci.yml"

go.mod

@@ -3,8 +3,8 @@ module git.autistici.org/ai3/tools/acmeserver
 go 1.14
 
 require (
-	git.autistici.org/ai3/go-common v0.0.0-20221125154433-06304016b1da
-	git.autistici.org/ai3/tools/replds v0.0.0-20221125172033-645684356fd1
+	git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6
+	git.autistici.org/ai3/tools/replds v0.0.0-20230817204140-2ea02f3acb7b
 	github.com/miekg/dns v1.1.50
 	github.com/prometheus/client_golang v1.12.2
 	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90

go.sum

@@ -54,10 +54,14 @@ git.autistici.org/ai3/go-common v0.0.0-20220814151247-39e01d32d5ee h1:EPfpfiG3vK
 git.autistici.org/ai3/go-common v0.0.0-20220814151247-39e01d32d5ee/go.mod h1:yhMB8VKJBBr+EKMft7MtqHVO73vkwdq/O5sVDTs/CNI=
 git.autistici.org/ai3/go-common v0.0.0-20221125154433-06304016b1da h1:fizdAjFv2vWz+83IoeRW2L0Shyo3dDquXyQKWRGs4jc=
 git.autistici.org/ai3/go-common v0.0.0-20221125154433-06304016b1da/go.mod h1:FTGqOGPpuoFg7TiHshYCyp5j1Ab3ek0J0KcS++vEjxw=
+git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6 h1:q4Qxb0a3ekwYQmR1u/5/gyg0bvkDSAOQtFaG1Th1smI=
+git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6/go.mod h1:CWQqao2Jnqgwm73wbgykBb3ZiPQ1nO3Ln3JyZjgeumg=
 git.autistici.org/ai3/tools/replds v0.0.0-20220814170053-28106a9463f5 h1:E5enMbOmQkRkLVbYks2Makfg3wd3fOxYDK9ksGOqS7c=
 git.autistici.org/ai3/tools/replds v0.0.0-20220814170053-28106a9463f5/go.mod h1:DDsdq6Fs+uWfzRIuj8JncnTrfy+NRwfGHxk6OViV8T0=
 git.autistici.org/ai3/tools/replds v0.0.0-20221125172033-645684356fd1 h1:hnaPLqc/XpULit1MjSATdwLemoreHUIYYp9DyHuKnzI=
 git.autistici.org/ai3/tools/replds v0.0.0-20221125172033-645684356fd1/go.mod h1:rglcYetSwQ6a70Hs6Wv+ab3y+eIVBOQw8KtH4e2o3to=
+git.autistici.org/ai3/tools/replds v0.0.0-20230817204140-2ea02f3acb7b h1:5Fa6VGXx+ySIg6E14vFnK3YAxS8psYzQaAKOhOcJ6BE=
+git.autistici.org/ai3/tools/replds v0.0.0-20230817204140-2ea02f3acb7b/go.mod h1:aRZt7jndr4Zt2hkL9tzTj7DwtEYosOIz7vWpJtnWPSo=
 github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU=
 github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
 github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
@@ -1004,6 +1008,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+v
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

vendor/git.autistici.org/ai3/go-common/go.mod

@@ -28,5 +28,5 @@ require (
 	go.opentelemetry.io/otel/sdk v1.10.0
 	go.opentelemetry.io/otel/trace v1.10.0
 	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
-	golang.org/x/sync v0.1.0
+	golang.org/x/sync v0.3.0
 )

vendor/git.autistici.org/ai3/go-common/go.sum

@@ -1050,6 +1050,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

vendor/git.autistici.org/ai3/go-common/serverutil/http.go

@@ -104,13 +104,20 @@ func (config *ServerConfig) buildHTTPHandler(h http.Handler) (http.Handler, *tls
 	return h, tlsConfig, nil
 }
 
-// Serve HTTP(S) content on the specified address. If config.TLS is
-// not nil, enable HTTPS and TLS authentication.
-//
-// This function will return an error if there are problems creating
-// the listener, otherwise it will handle graceful termination on
-// SIGINT or SIGTERM and return nil.
-func Serve(h http.Handler, config *ServerConfig, addr string) error {
+func buildListener(addr string, tlsConfig *tls.Config) (net.Listener, error) {
+	// Create the net.Listener first, so we can detect
+	// initialization-time errors safely.
+	l, err := net.Listen("tcp", addr)
+	if err != nil {
+		return nil, err
+	}
+	if tlsConfig != nil {
+		l = tls.NewListener(l, tlsConfig)
+	}
+	return l, nil
+}
+
+func buildServer(h http.Handler, config *ServerConfig, addr string) (*http.Server, error) {
 	// Wrap with tracing handler (exclude metrics and other
 	// debugging endpoints).
 	h = tracing.WrapHandler(h, guessEndpointName(addr))
@@ -118,7 +125,7 @@ func Serve(h http.Handler, config *ServerConfig, addr string) error {
 	// Create the top-level HTTP handler with all our additions.
 	hh, tlsConfig, err := config.buildHTTPHandler(h)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// These are not meant to be external-facing servers, so we
@@ -131,14 +138,24 @@ func Serve(h http.Handler, config *ServerConfig, addr string) error {
 		TLSConfig:         tlsConfig,
 	}
 
-	// Create the net.Listener first, so we can detect
-	// initialization-time errors safely.
-	l, err := net.Listen("tcp", addr)
+	return srv, nil
+}
+
+// Serve HTTP(S) content on the specified address. If config.TLS is
+// not nil, enable HTTPS and TLS authentication.
+//
+// This function will return an error if there are problems creating
+// the listener, otherwise it will handle graceful termination on
+// SIGINT or SIGTERM and return nil.
+func Serve(h http.Handler, config *ServerConfig, addr string) error {
+	srv, err := buildServer(h, config, addr)
 	if err != nil {
 		return err
 	}
-	if srv.TLSConfig != nil {
-		l = tls.NewListener(l, srv.TLSConfig)
+
+	l, err := buildListener(addr, srv.TLSConfig)
+	if err != nil {
+		return err
 	}
 
 	// Install a signal handler for gentle process termination.
@@ -176,6 +193,38 @@ func Serve(h http.Handler, config *ServerConfig, addr string) error {
 	return nil
 }
 
+// ServeWithContext operates like Serve but with a controlling Context
+// that can be used to stop the HTTP server.
+func ServeWithContext(ctx context.Context, h http.Handler, config *ServerConfig, addr string) error {
+	srv, err := buildServer(h, config, addr)
+	if err != nil {
+		return err
+	}
+
+	l, err := buildListener(addr, srv.TLSConfig)
+	if err != nil {
+		return err
+	}
+
+	go func() {
+		<-ctx.Done()
+
+		sctx, cancel := context.WithTimeout(context.Background(), gracefulShutdownTimeout)
+		srv.Shutdown(sctx) // nolint: errcheck
+		srv.Close()
+		cancel()
+	}()
+
+	daemon.SdNotify(false, "READY=1") // nolint
+
+	err = srv.Serve(l)
+	if err == http.ErrServerClosed {
+		err = nil
+	}
+
+	return err
+}
+
 func addDefaultHandlers(h http.Handler) http.Handler {
 	root := http.NewServeMux()
 

vendor/git.autistici.org/ai3/go-common/serverutil/tls.go

@@ -123,6 +123,7 @@ func (c *TLSServerConfig) TLSConfig() (*tls.Config, error) {
 		CipherSuites:             serverCiphers,
 		MinVersion:               tls.VersionTLS12,
 		PreferServerCipherSuites: true,
+		NextProtos:               []string{"h2", "http/1.1"},
 	}
 
 	// Require client certificates if a CA is specified.

vendor/git.autistici.org/ai3/tools/replds/go.mod

@@ -3,7 +3,7 @@ module git.autistici.org/ai3/tools/replds
 go 1.14
 
 require (
-	git.autistici.org/ai3/go-common v0.0.0-20221125154433-06304016b1da
+	git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/google/subcommands v1.2.0
 	github.com/prometheus/client_golang v1.12.2

vendor/git.autistici.org/ai3/tools/replds/go.sum

@@ -54,6 +54,8 @@ git.autistici.org/ai3/go-common v0.0.0-20220814151247-39e01d32d5ee h1:EPfpfiG3vK
 git.autistici.org/ai3/go-common v0.0.0-20220814151247-39e01d32d5ee/go.mod h1:yhMB8VKJBBr+EKMft7MtqHVO73vkwdq/O5sVDTs/CNI=
 git.autistici.org/ai3/go-common v0.0.0-20221125154433-06304016b1da h1:fizdAjFv2vWz+83IoeRW2L0Shyo3dDquXyQKWRGs4jc=
 git.autistici.org/ai3/go-common v0.0.0-20221125154433-06304016b1da/go.mod h1:FTGqOGPpuoFg7TiHshYCyp5j1Ab3ek0J0KcS++vEjxw=
+git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6 h1:q4Qxb0a3ekwYQmR1u/5/gyg0bvkDSAOQtFaG1Th1smI=
+git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6/go.mod h1:CWQqao2Jnqgwm73wbgykBb3ZiPQ1nO3Ln3JyZjgeumg=
 github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU=
 github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
 github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
@@ -990,6 +992,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+v
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

vendor/modules.txt

-# git.autistici.org/ai3/go-common v0.0.0-20221125154433-06304016b1da
+# git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6
 ## explicit
 git.autistici.org/ai3/go-common
 git.autistici.org/ai3/go-common/clientutil
 git.autistici.org/ai3/go-common/serverutil
 git.autistici.org/ai3/go-common/tracing
-# git.autistici.org/ai3/tools/replds v0.0.0-20221125172033-645684356fd1
+# git.autistici.org/ai3/tools/replds v0.0.0-20230817204140-2ea02f3acb7b
 ## explicit
 git.autistici.org/ai3/tools/replds
 # github.com/NYTimes/gziphandler v1.1.1
@@ -98,7 +98,7 @@ golang.org/x/net/internal/iana
 golang.org/x/net/internal/socket
 golang.org/x/net/ipv4
 golang.org/x/net/ipv6
-# golang.org/x/sync v0.1.0
+# golang.org/x/sync v0.3.0
 golang.org/x/sync/singleflight
 # golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
 golang.org/x/sys/execabs