✨ Provide Cache-Control

CHANGELOG.md

@@ -2,18 +2,31 @@
 
 All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/) and this project adheres to
-[Semantic Versioning](https://semver.org/).
+The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
+project adheres to [Semantic Versioning](https://semver.org/).
+
+# 1.1.2 - 2021-12-17
+
+## Added
+
+- Support for cache control. Static pages are now explicitely cachable by
+  default (1d), configurable via `--cache-control-static` or
+  `ZEITGITTER_CACHE_CONTROL_STATIC`.
+
+## Fixed
+
+## Changed
 
 # 1.1.1 - 2021-11-11
 
 ## Added
 
-- Support for `favicon.ico` (served as `image/png`, as that is the most common type today)
+- Support for `favicon.ico` (served as `image/png`, as that is the most common
+  type today)
 
 ## Fixed
 
-- The fix for malformed request made things work. Better fix.
+- The fix for malformed request made things worse. Better fix.
 
 ## Changed
 
@@ -46,8 +59,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 
 ## Added
 
-- Include an optional TLS termination proxy as part of the `docker-compose` setup (requires setting
-  `ZEITGITTER_DOMAIN` in addition to `ZEITGITTER_OWN_URL` in `server.env`)
+- Include an optional TLS termination proxy as part of the `docker-compose`
+  setup (requires setting `ZEITGITTER_DOMAIN` in addition to
+  `ZEITGITTER_OWN_URL` in `server.env`)
 
 ## Fixed
 
@@ -56,24 +70,25 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 ## Changed
 
 - Shrank docker image
-- No changes to source or PyPI versions (except the version number); only Docker image is affected
-  by the modifications leading up to v1.0.5
+- No changes to source or PyPI versions (except the version number); only Docker
+  image is affected by the modifications leading up to v1.0.5
 
 # 1.0.4 - 2021-03-05
 
 ## Added
 
-- `--upstream-sleep` allows to sleep between upstream timestamps, e.g. to ensure a consistent
-  ordering of cross-timestamping events for each commit.
-- Time intervals (such as "5m3.5s") may skip the seconds indication, `s`. So `--upstream-sleep=0` is
-  also valid.
+- `--upstream-sleep` allows to sleep between upstream timestamps, e.g. to ensure
+  a consistent ordering of cross-timestamping events for each commit.
+- Time intervals (such as "5m3.5s") may skip the seconds indication, `s`. So
+  `--upstream-sleep=0` is also valid.
 
 ## Fixed
 
 ## Changed
 
-- Version numbers of non-tagged versions now end in `.postX`, where `X` is the number of commits
-  since the tag (unless overridden by `FORCE_VERSION` environment variable).
+- Version numbers of non-tagged versions now end in `.postX`, where `X` is the
+  number of commits since the tag (unless overridden by `FORCE_VERSION`
+  environment variable).
 - Docker image slightly smaller
 
 # 1.0.3 - 2020-12-07
@@ -83,19 +98,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 - More documentation: (especially in `doc/Docker.md`).
   - Setup and retirement of a timestamping server
   - Document choice/change of PGP key ID (and name)
-- On restart, tries to resume waiting for a mail response from PGP Digital Timestamping Service (was
-  added some versions ago, but never documented)
-- New `tools/zeitgitter-repo-health.sh` allows to probe whether the repo has seen the expected
-  updates. Optionally, skip fetches or test for specific files to have been modified and return a
-  specific exit code. This is independent from the Docker health checks and can be run on a
-  monitoring machine.
-- Timespans may also indicate the number of weeks now (e.g., "1w 2d 8h 40m 3.5s")
+- On restart, tries to resume waiting for a mail response from PGP Digital
+  Timestamping Service (was added some versions ago, but never documented)
+- New `tools/zeitgitter-repo-health.sh` allows to probe whether the repo has
+  seen the expected updates. Optionally, skip fetches or test for specific files
+  to have been modified and return a specific exit code. This is independent
+  from the Docker health checks and can be run on a monitoring machine.
+- Timespans may also indicate the number of weeks now (e.g., "1w 2d 8h 40m
+  3.5s")
 - Simplified using multiple cross-timestampers:
-  - Add support to push all branches using `--push_branch=*`, saving the need to list/update them
-    all (see also _Changes_ below)
-  - `--upstream-timestamp` no longer needs a branch name, if `git timestamp` will determine it
-    correctly. This leads to much shorter and more maintainable lists of cross-timestamping servers
-    (e.g., `gitta diversity some.other.server`).
+  - Add support to push all branches using `--push_branch=*`, saving the need to
+    list/update them all (see also _Changes_ below)
+  - `--upstream-timestamp` no longer needs a branch name, if `git timestamp`
+    will determine it correctly. This leads to much shorter and more
+    maintainable lists of cross-timestamping servers (e.g.,
+    `gitta diversity some.other.server`).
 
 ## Fixed
 
@@ -106,43 +123,48 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 
 ## Changed
 
-- Docker image is now based on `debian:buster-slim`. As the same number of packages (171) has to be
-  added on top of it, starting with the smaller image is preferable. (See
-  [#0.9.6---2020-08-13](v0.9.6 below) for why not using one of the `python` base images.)
-- Default for `--push-branch` is now `*`, meaning `--all` (which cannot be expressed in the config
-  file)
-- `ZEITGITTER_FAKE_TIME` (needed only for tests) is removed from the environment of `git timestamp`
-  clients that connect to cross-timestamping servers specified as server name only (as opposed to
-  `branch=server` tuples) to allow both testing against our local timeserver (which does not use
-  wall clock to achieve reproducible signatures) and against real-world timeservers obeying wall
-  clock.
+- Docker image is now based on `debian:buster-slim`. As the same number of
+  packages (171) has to be added on top of it, starting with the smaller image
+  is preferable. (See [#0.9.6---2020-08-13](v0.9.6 below) for why not using one
+  of the `python` base images.)
+- Default for `--push-branch` is now `*`, meaning `--all` (which cannot be
+  expressed in the config file)
+- `ZEITGITTER_FAKE_TIME` (needed only for tests) is removed from the environment
+  of `git timestamp` clients that connect to cross-timestamping servers
+  specified as server name only (as opposed to `branch=server` tuples) to allow
+  both testing against our local timeserver (which does not use wall clock to
+  achieve reproducible signatures) and against real-world timeservers obeying
+  wall clock.
 
 # 1.0.2 - 2020-08-15
 
 ## Added
 
-- Allow testing docker images without having to publish to PyPI and DockerHub. This will allow
-  better testing in the future before releasing. (If you wonder why this Changelog does not say
-  anything about v1.0.1, this is why.)
+- Allow testing docker images without having to publish to PyPI and DockerHub.
+  This will allow better testing in the future before releasing. (If you wonder
+  why this Changelog does not say anything about v1.0.1, this is why.)
 
 ## Fixed
 
-- Data loss can occur (and did in fact occur on `gitta.zeitgitter.net`) if `git` is not installed,
-  due to `FileNotFoundError` signalling both harmless events (whether a file tested for presence
-  exists) and important events (`git` cannot be executed, as it cannot be found). This resulted in
-  destructive file operations being performed, as it was wrongly believed that the data was already
-  recorded persistently in `git`. This has been fixed. :warning: Please refrain from using Docker
-  image versions 1.0.0 or 0.9.6, and do update to 1.0.1 also for non-Docker instances, as they will
-  fail more harmlessly (i.e., just lengthen the interval until `git` is present (again), resulting
-  in precision loss from cross-timestamping, instead of with data loss).
+- Data loss can occur (and did in fact occur on `gitta.zeitgitter.net`) if `git`
+  is not installed, due to `FileNotFoundError` signalling both harmless events
+  (whether a file tested for presence exists) and important events (`git` cannot
+  be executed, as it cannot be found). This resulted in destructive file
+  operations being performed, as it was wrongly believed that the data was
+  already recorded persistently in `git`. This has been fixed. :warning: Please
+  refrain from using Docker image versions 1.0.0 or 0.9.6, and do update to
+  1.0.1 also for non-Docker instances, as they will fail more harmlessly (i.e.,
+  just lengthen the interval until `git` is present (again), resulting in
+  precision loss from cross-timestamping, instead of with data loss).
 - `git` included in Docker image
 - Recovering from dangling repositories
 
 ## Changed
 
-- A commit will be created after creating the timestamping repository and adding `pubkey.asc` to it,
-  so that cross-timestamping can start then. Otherwise, cross-timestamping would result in error
-  messages until the first external timestamping request arrives.
+- A commit will be created after creating the timestamping repository and adding
+  `pubkey.asc` to it, so that cross-timestamping can start then. Otherwise,
+  cross-timestamping would result in error messages until the first external
+  timestamping request arrives.
 
 # 1.0.0 - 2020-08-13
 
@@ -162,12 +184,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 
 ## Changed
 
-- Commit/tag message now starts with :watch:; this is not only useful for projects following
-  [gitmoji](https://gitmoji.carloscuesta.me/) style, but also for visually distinguishing timestamps
-  from regular commits/tags
+- Commit/tag message now starts with :watch:; this is not only useful for
+  projects following [gitmoji](https://gitmoji.carloscuesta.me/) style, but also
+  for visually distinguishing timestamps from regular commits/tags
 - Base Docker image on `debian:buster`, as
   [`python:*` is on purpose not meant to be used with local system packages](https://github.com/docker-library/python/issues/482).
-  However, `pygit2` is impractical to install without relying on system packages.
+  However, `pygit2` is impractical to install without relying on system
+  packages.
 
 # 0.9.5 - 2020-05-13
 
@@ -187,8 +210,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 - Reduced logging for PGP Timestamping Server mail handling
 - Updated gnupg config documentation
 - Newer GnuPG versions seem to ignore the symlink trick, now copying for real
-- Restarting the server tries to resume a pending `async_email_timestamp()` waiting for the reply
-  mail
+- Restarting the server tries to resume a pending `async_email_timestamp()`
+  waiting for the reply mail
 
 # 0.9.4 - 2020-05-09
 
@@ -210,8 +233,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 
 ## Added
 
-- Allow dots in tag names, as long as they are not next to each other (i.e., `..` is not allowed)
-- Added support for [PGP Digital Timestamping Service](http://www.itconsult.co.uk/stamper.htm) and
+- Allow dots in tag names, as long as they are not next to each other (i.e.,
+  `..` is not allowed)
+- Added support for
+  [PGP Digital Timestamping Service](http://www.itconsult.co.uk/stamper.htm) and
   improved documentation
 - Timestamp our commit id as well with PGP Timestamper
 - Configuration now easier: Just look for `EASYCONFIG` in `zeitgitter.conf`
@@ -221,26 +246,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 - More detailed debug support (see `--debug-level`)
 - Minimal support for HTTP `HEAD` requests
 - Can use IMAP servers without `IDLE` support (are there still any out there?)
-- Work around a bug in some(?) Dovecot mail servers which cannot match the last character of a mail
-  domain. I.e., `[email protected]` does not match the `From: Stamper <[email protected]>`
-  header in IMAP SEARCH, but `[email protected]` (note the missing `k`!) does match the header.
-  This can be turned off via `--no-dovecot-bug-workaround`.
+- Work around a bug in some(?) Dovecot mail servers which cannot match the last
+  character of a mail domain. I.e., `[email protected]` does not match the
+  `From: Stamper <[email protected]>` header in IMAP SEARCH, but
+  `[email protected]` (note the missing `k`!) does match the header. This
+  can be turned off via `--no-dovecot-bug-workaround`.
 
 ## Fixed
 
-- Correctly handles IMAP `IDLE` responses other than `EXISTS` (especially Dovecot's
-  `* OK still here`)
+- Correctly handles IMAP `IDLE` responses other than `EXISTS` (especially
+  Dovecot's `* OK still here`)
 - End line in stamper mails may now also be in last line.
 - Not receiving a stamper mail in time does no longer raise an exception
 
 ## Changed
 
 - Split into client (git-timestamp) and server (zeitgitterd).
 - Calculate a default for `--gnupg-home` to allow `--number-of-gpg-agents` > 1
-- Commit log message includes timestamp as well to improve readability for `git blame` etc.
+- Commit log message includes timestamp as well to improve readability for
+  `git blame` etc.
 - Log message timestamps (including "Found uncommitted data") now say "UTC"
-- Renamed all PGP Digital Timestamper related parameters to a common `--stamper-` prefix (the old
-  names are still accepted, but deprecated)
+- Renamed all PGP Digital Timestamper related parameters to a common
+  `--stamper-` prefix (the old names are still accepted, but deprecated)
 - Mail tests now include a (local) configuration file for the site secrets.
 - Maintainer affiliation
 - Release on PyPI
@@ -255,26 +282,27 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 
 - Distributable via PyPI
 - Added Python 2.x compatibility; tested with 2.7
-- Automatically derive default timestamp branch name from servername (first component not named
-  'igitt') followd by '-timestamps'.
+- Automatically derive default timestamp branch name from servername (first
+  component not named 'igitt') followd by '-timestamps'.
 - Better error message when wrong `gnupg` module has been installed
 
 ## Fixed
 
 ### Client
 
-- Fetch GnuPG key again if missing from keyring. This fixes unexpected behavior when running as sudo
-  vs. natively as root.
-- Work around a bug in older GnuPG installs (create `pubring.kbx` if it does not yet exist before
-  attempting `scan_keys()`).
+- Fetch GnuPG key again if missing from keyring. This fixes unexpected behavior
+  when running as sudo vs. natively as root.
+- Work around a bug in older GnuPG installs (create `pubring.kbx` if it does not
+  yet exist before attempting `scan_keys()`).
 
 ## Changed
 
 - Higher-level README
 
 ### Client
 
-- Is now implemented as a package (`make install` still installs a flat file though, for simplicity)
+- Is now implemented as a package (`make install` still installs a flat file
+  though, for simplicity)
 
 # 0.9.1 - 2019-04-19
 
@@ -284,8 +312,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 
 - `--server` can be set in git config
 - Prevent actual duplicate entries created by `git timestamp --branch`
-- Documented that `git timestamp --help` does not work and to use `-h`, as `--help` is swallowed by
-  `git` and not forwarded to `git-timestamp`.
+- Documented that `git timestamp --help` does not work and to use `-h`, as
+  `--help` is swallowed by `git` and not forwarded to `git-timestamp`.
 - Client system tests (require Internet connectivity)
 
 ### Server
@@ -302,8 +330,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 ### Client
 
 - Made some error messages more consistent
-- `--tag` overrides `--branch`. This allows to store a default branch in `git config`, yet timestamp
-  a tag when necessary.
+- `--tag` overrides `--branch`. This allows to store a default branch in
+  `git config`, yet timestamp a tag when necessary.
 
 # 0.9.0 - 2019-04-04
 

zeitgitter/config.py

@@ -107,6 +107,12 @@ def get_args(args=None, config_file_contents=None):
     parser.add_argument('--listen-port',
                         default=15177, type=int,
                         help="port number to listen on")
+    parser.add_argument('--cache-control-static',
+                        default="max-age=86400,"
+                        " stale-while-revalidate=86400,"
+                        " stale-if-error=86400",
+                        help="The value of the `Cache-Control` HTTP header"
+                        " returned for static pages")
 
     # GnuPG
     parser.add_argument('--max-parallel-signatures',
@@ -197,7 +203,8 @@ def get_args(args=None, config_file_contents=None):
                             `stamper-from`. Should not impact other mail
                             servers.""")
 
-    arg = parser.parse_args(args=args, config_file_contents=config_file_contents)
+    arg = parser.parse_args(
+        args=args, config_file_contents=config_file_contents)
 
     if arg.print_sample_config:
         print_sample_config()

zeitgitter/sample.conf

@@ -70,6 +70,10 @@
 ; listen-address = ::1
 ; listen-port = 15177
 
+# `Cache-Control` HTTP header for static pages
+#
+# Default: max-age=86400, stale-while-revalidate=86400, stale-if-error=86400
+; cache-control-static = max-age=86400, stale-while-revalidate=86400, stale-if-error=86400
 
 [GIT]
 # The GIT repository to use

zeitgitter/server.py

@@ -84,6 +84,8 @@ def send_file(self, content_type, filename, replace={}):
             for k, v in replace.items():
                 contents = contents.replace(k, v)
             self.send_response(200)
+            self.send_header(
+                'Cache-Control', zeitgitter.config.arg.cache_control_static)
             if content_type.startswith('text/'):
                 self.send_header(
                     'Content-Type', content_type + '; charset=UTF-8')
@@ -171,6 +173,8 @@ def send_public_key(self):
         else:
             pk = bytes(public_key, 'ASCII')
             self.send_response(200)
+            self.send_header(
+                'Cache-Control', zeitgitter.config.arg.cache_control_static)
             self.send_header('Content-Type', 'application/pgp-keys')
             self.send_header('Content-Length', len(pk))
             self.end_headers()
@@ -207,6 +211,7 @@ def handle_request(self, params):
         else:
             sig = bytes(sig, 'ASCII')
             self.send_response(200)
+            self.send_header('Cache-Control', 'no-cache, no-store')
             self.send_header('Content-Type', 'application/x-git-object')
             self.send_header('Content-Length', len(sig))
             self.end_headers()

zeitgitter/version.py

@@ -18,4 +18,4 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-VERSION = '1.1.1'
+VERSION = '1.1.2'