All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
robots.txtandsitemap.xml(and the ability to serve TXT and XML files)
- Be more defensive against malformed requests
- Slightly changed explanatory web text and refreshed its appearance
- All text files now go through
ZEITGITTER_*substitution
- Upgraded docker image to debian:bullseye-slim
- Include an optional TLS termination proxy as part of the
docker-composesetup (requires settingZEITGITTER_DOMAINin addition toZEITGITTER_OWN_URLinserver.env)
- Fixed Dockerfile for ARM64
- Shrank docker image
- No changes to source or PyPI versions (except the version number); only Docker image is affected by the modifications leading up to v1.0.5
--upstream-sleepallows to sleep between upstream timestamps, e.g. to ensure a consistent ordering of cross-timestamping events for each commit.- Time intervals (such as "5m3.5s") may skip the seconds indication,
s. So--upstream-sleep=0is also valid.
- Version numbers of non-tagged versions now end in
.postX, whereXis the number of commits since the tag (unless overridden byFORCE_VERSIONenvironment variable). - Docker image slightly smaller
- More documentation: (especially in
doc/Docker.md).- Setup and retirement of a timestamping server
- Document choice/change of PGP key ID (and name)
- On restart, tries to resume waiting for a mail response from PGP Digital Timestamping Service (was added some versions ago, but never documented)
- New
tools/zeitgitter-repo-health.shallows to probe whether the repo has seen the expected updates. Optionally, skip fetches or test for specific files to have been modified and return a specific exit code. This is independent from the Docker health checks and can be run on a monitoring machine. - Timespans may also indicate the number of weeks now (e.g., "1w 2d 8h 40m 3.5s")
- Simplified using multiple cross-timestampers:
- Add support to push all branches using
--push_branch=*, saving the need to list/update them all (see also Changes below) --upstream-timestampno longer needs a branch name, ifgit timestampwill determine it correctly. This leads to much shorter and more maintainable lists of cross-timestamping servers (e.g.,gitta diversity some.other.server).
- Add support to push all branches using
- Code typo on failed key creation
- Docker health check failed due to missing
wgetpackage - Docker health check now supports multiple cross-timestamping targets
- Tests test against new commit string (and, therefore, signatures) now
- Docker image is now based on
debian:buster-slim. As the same number of packages (171) has to be added on top of it, starting with the smaller image is preferable. (See [#0.9.6---2020-08-13](v0.9.6 below) for why not using one of thepythonbase images.) - Default for
--push-branchis now*, meaning--all(which cannot be expressed in the config file) ZEITGITTER_FAKE_TIME(needed only for tests) is removed from the environment ofgit timestampclients that connect to cross-timestamping servers specified as server name only (as opposed tobranch=servertuples) to allow both testing against our local timeserver (which does not use wall clock to achieve reproducible signatures) and against real-world timeservers obeying wall clock.
- Allow testing docker images without having to publish to PyPI and DockerHub. This will allow better testing in the future before releasing. (If you wonder why this Changelog does not say anything about v1.0.1, this is why.)
- Data loss can occur (and did in fact occur on
gitta.zeitgitter.net) ifgitis not installed, due toFileNotFoundErrorsignalling both harmless events (whether a file tested for presence exists) and important events (gitcannot be executed, as it cannot be found). This resulted in destructive file operations being performed, as it was wrongly believed that the data was already recorded persistently ingit. This has been fixed.⚠️ Please refrain from using Docker image versions 1.0.0 or 0.9.6, and do update to 1.0.1 also for non-Docker instances, as they will fail more harmlessly (i.e., just lengthen the interval untilgitis present (again), resulting in precision loss from cross-timestamping, instead of with data loss). gitincluded in Docker image- Recovering from dangling repositories
- A commit will be created after creating the timestamping repository and adding
pubkey.ascto it, so that cross-timestamping can start then. Otherwise, cross-timestamping would result in error messages until the first external timestamping request arrives.
- Releasing 0.9.6 as 1.0.0
- Commit/tag message now starts with ⌚; this is not only useful for projects following gitmoji style, but also for visually distinguishing timestamps from regular commits/tags
- Base Docker image on
debian:buster, aspython:*is on purpose not meant to be used with local system packages. However,pygit2is impractical to install without relying on system packages.
- README for the Docker file
- Support for ARM and ARM64 docker images
- Documented support for multiple debug classes
- Web files again included in wheel
async_email_timestamp()now really waits in a new thread for the mail reply
- Reduced logging for PGP Timestamping Server mail handling
- Updated gnupg config documentation
- Newer GnuPG versions seem to ignore the symlink trick, now copying for real
- Restarting the server tries to resume a pending
async_email_timestamp()waiting for the reply mail
- Support for data in binary packages
- Default port is now 15177 (as has been for systemd); tests use 15178
- Default debug level is now INFO. Numeric debug levels are now deprecated.
- Default commit interval has been set to 1h
- Simplified Docker setup/usage. Now created from pypi images.
- Docker is now the recommended usage platform.
- Allow dots in tag names, as long as they are not next to each other (i.e.,
..is not allowed) - Added support for PGP Digital Timestamping Service and improved documentation
- Timestamp our commit id as well with PGP Timestamper
- Configuration now easier: Just look for
EASYCONFIGinzeitgitter.conf - Added support for (semi-)automatic configuration
- Configuration through environment variables
- Support Docker
- More detailed debug support (see
--debug-level) - Minimal support for HTTP
HEADrequests - Can use IMAP servers without
IDLEsupport (are there still any out there?) - Work around a bug in some(?) Dovecot mail servers which cannot match the last character of a mail
domain. I.e.,
[email protected]does not match theFrom: Stamper <[email protected]>header in IMAP SEARCH, but[email protected](note the missingk!) does match the header. This can be turned off via--no-dovecot-bug-workaround.
- Correctly handles IMAP
IDLEresponses other thanEXISTS(especially Dovecot's* OK still here) - End line in stamper mails may now also be in last line.
- Not receiving a stamper mail in time does no longer raise an exception
- Split into client (git-timestamp) and server (zeitgitterd).
- Calculate a default for
--gnupg-hometo allow--number-of-gpg-agents> 1 - Commit log message includes timestamp as well to improve readability for
git blameetc. - Log message timestamps (including "Found uncommitted data") now say "UTC"
- Renamed all PGP Digital Timestamper related parameters to a common
--stamper-prefix (the old names are still accepted, but deprecated) - Mail tests now include a (local) configuration file for the site secrets.
- Maintainer affiliation
- Release on PyPI
make aptinstalls dependencies on systems supportingapt
- Distributable via PyPI
- Added Python 2.x compatibility; tested with 2.7
- Automatically derive default timestamp branch name from servername (first component not named 'igitt') followd by '-timestamps'.
- Better error message when wrong
gnupgmodule has been installed
- Fetch GnuPG key again if missing from keyring. This fixes unexpected behavior when running as sudo vs. natively as root.
- Work around a bug in older GnuPG installs (create
pubring.kbxif it does not yet exist before attemptingscan_keys()).
- Higher-level README
- Is now implemented as a package (
make installstill installs a flat file though, for simplicity)
--servercan be set in git config- Prevent actual duplicate entries created by
git timestamp --branch - Documented that
git timestamp --helpdoes not work and to use-h, as--helpis swallowed bygitand not forwarded togit-timestamp. - Client system tests (require Internet connectivity)
- Ability to run multiple GnuPG processes (including gpg-agents) in parallel
- Handle missing
--push-repository(again)
- Made tests compatible with older GnuPG versions
- Made some error messages more consistent
--tagoverrides--branch. This allows to store a default branch ingit config, yet timestamp a tag when necessary.
Initial public release