From f9c1f8cf32f0c6c882c3b5df7c90a14e59fb2826 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Thu, 10 Nov 2022 22:00:25 +0100 Subject: [PATCH 1/7] docs: add a comment to schema default value --- priv/emqx.schema | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/priv/emqx.schema b/priv/emqx.schema index 0399cb27d..e2eaa7b10 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -807,13 +807,13 @@ end}. %% @doc Define a determined authentication plugin/module check order. %% see detailed doc in emqx.conf {mapping, "auth_order", "emqx.auth_order", [ - {default, "none"}, + {default, "none"}, % keep default value in sync with emqx_conf.erl {datatype, string} ]}. %% @doc Same as auth_order, but for ACL. {mapping, "acl_order", "emqx.acl_order", [ - {default, "none"}, + {default, "none"}, % keep default value in sync with emqx_conf.erl {datatype, string} ]}. From d5de5ac05cf1f95f1abf47fc18f9c193b911b17b Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Fri, 11 Nov 2022 07:04:28 +0100 Subject: [PATCH 2/7] Revert "fix: remove outdated cert store from packages" --- .github/workflows/build_packages.yaml | 5 ----- build | 15 ++------------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml index 195e3c23c..38c1ea472 100644 --- a/.github/workflows/build_packages.yaml +++ b/.github/workflows/build_packages.yaml @@ -94,11 +94,6 @@ jobs: } make ensure-rebar3 make ${{ matrix.profile }} - ## Delete certifi cert store - $Cert = Get-ChildItem "_build/${{ matrix.profile }}/rel/emqx/lib/certifi*/priv/cacerts.pem" - if (Test-Path $Cert) { - Remove-Item $Cert - } mkdir -p _packages/${{ matrix.profile }} Compress-Archive -Path _build/${{ matrix.profile }}/rel/emqx -DestinationPath _build/${{ matrix.profile }}/rel/$pkg_name mv _build/${{ matrix.profile }}/rel/$pkg_name _packages/${{ matrix.profile }} diff --git a/build b/build index 1cb6bd713..0ffb810eb 100755 --- a/build +++ b/build @@ -61,20 +61,9 @@ log() { echo "===< $msg" } -delete_unwanted_file() { - if [ -e "${1}" ]; then - log "Deleting file: ${1}" - rm -f "${1}" - else - log "Cannot delete file: ${1} -- file not found" - fi -} - make_rel() { - ./rebar3 as "$PROFILE" release - # delete outdated cert store - delete_unwanted_file _build/"${PROFILE}"/rel/emqx/lib/certifi*/priv/cacerts.pem - ./rebar3 as "$PROFILE" tar + # shellcheck disable=SC1010 + ./rebar3 as "$PROFILE" do release,tar } ## unzip previous version .zip files to _build/$PROFILE/rel/emqx/releases before making relup From 0748ca1238d039afd38e3b4cced09d0081c42c1e Mon Sep 17 00:00:00 2001 From: JimMoen Date: Fri, 11 Nov 2022 14:00:38 +0800 Subject: [PATCH 3/7] chore: fix comment in schema and config file --- changes/v4.3.22-en.md | 4 ++-- changes/v4.3.22-zh.md | 2 +- etc/emqx.conf | 4 ++-- priv/emqx.schema | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/changes/v4.3.22-en.md b/changes/v4.3.22-en.md index d4116990a..48177dc19 100644 --- a/changes/v4.3.22-en.md +++ b/changes/v4.3.22-en.md @@ -39,8 +39,8 @@ - Added configurations to enable more `client.disconnected` events (and counter bumps) [#9267](https://github.com/emqx/emqx/pull/9267). Prior to this change, the `client.disconnected` event (and counter bump) is triggered when a client performs a 'normal' disconnect, or is 'kicked' by system admin, but NOT triggered when a - stale connection had to be 'discarded' (for clean session) or 'takenover' (for non-clean session). - Now it is possible to set configs `broker.client_disconnect_discarded` and `broker.client_disconnect_takenover` to `on` to enable the event in these scenarios. + stale connection had to be 'discarded' (for clean session) or 'takeovered' (for non-clean session) by new connection. + Now it is possible to set configs `broker.client_disconnect_discarded` and `broker.client_disconnect_takeovered` to `on` to enable the event in these scenarios. - For Rule-Engine resource creation failure, delay before the first retry [#9313](https://github.com/emqx/emqx/pull/9313). Prior to this change, the retry delay was added *after* the retry failure. diff --git a/changes/v4.3.22-zh.md b/changes/v4.3.22-zh.md index 2e02538ca..e5ee67942 100644 --- a/changes/v4.3.22-zh.md +++ b/changes/v4.3.22-zh.md @@ -34,7 +34,7 @@ - 为更多类型的 `client.disconnected` 事件(计数器触发)提供可配置项 [#9267](https://github.com/emqx/emqx/pull/9267)。 此前,`client.disconnected` 事件及计数器仅会在客户端正常断开连接或客户端被系统管理员踢出时触发, - 但不会在旧 session 被废弃 (clean_session = true) 或旧 session 被接管 (clean_session = false) 时被触发。 + 但不会在旧 session 被新连接废弃时 (clean_session = true) ,或旧 session 被新连接接管时 (clean_session = false) 被触发。 可将 `broker.client_disconnect_discarded` 和 `broker.client_disconnect_takovered` 选项设置为 `on` 来启用此场景下的客户端断连事件。 - 规则引擎资源创建失败后,第一次重试前增加一个延迟 [#9313](https://github.com/emqx/emqx/pull/9313)。 diff --git a/etc/emqx.conf b/etc/emqx.conf index f23b6f841..1eabe1cad 100644 --- a/etc/emqx.conf +++ b/etc/emqx.conf @@ -2457,9 +2457,9 @@ broker.route_batch_clean = off ## Enable client disconnect event will be triggered by which reasons. ## Value: on | off -## `takeover`: session was takenover by another client with same client ID. (clean_session = false) +## `discarded`: session was discarded by another client with same client ID when new connection use `clean_session = true`. ## Default: off -## `discard`: session was takeover by another client with same client ID. (clean_session = true) +## `takeover`: session was takeovered by another client with same client ID when new connection use `clean_session = false`. ## Default: off ## # broker.client_disconnect_discarded = off diff --git a/priv/emqx.schema b/priv/emqx.schema index 0399cb27d..61808dfa4 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -2508,13 +2508,13 @@ end}. ]}. %% @doc Configuration of disconnected event reason. -%% `takeover`: session was takenover by another client with same client ID. (clean_session = false) -%% `discard`: session was takeover by another client with same client ID. (clean_session = true) +%% `discarded`: session was discarded by another client with same client ID when new connection use `clean_session = true`. {mapping, "broker.client_disconnect_discarded", "emqx.client_disconnect_discarded", [ {default, off}, {datatype, flag} ]}. +%% `takeovered`: session was takeovered by another client with same client ID when new connection use `clean_session = false`. {mapping, "broker.client_disconnect_takeovered", "emqx.client_disconnect_takeovered", [ {default, off}, {datatype, flag} From 2b6be02485dbb0764779bc643ecc3ac8a2da84dd Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 11 Nov 2022 18:05:31 +0800 Subject: [PATCH 4/7] feat: validate tls_versions value --- changes/v4.3.22-en.md | 2 ++ changes/v4.3.22-zh.md | 2 ++ priv/emqx.schema | 11 ++++++++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/changes/v4.3.22-en.md b/changes/v4.3.22-en.md index 48177dc19..c11ea3718 100644 --- a/changes/v4.3.22-en.md +++ b/changes/v4.3.22-en.md @@ -3,6 +3,8 @@ ## Enhancements +- Make sure listener's tls_versions is `[tlsv1,tlsv1.1,tlsv1.2,tlsv1.3]` [#9260](https://github.com/emqx/emqx/pull/9260). + - Remove useless information from the dashboard listener failure log [#9260](https://github.com/emqx/emqx/pull/9260). - We now trigger the `'message.acked'` hook after the CoAP gateway sends a message to the device and receives the ACK from the device [#9264](https://github.com/emqx/emqx/pull/9264). diff --git a/changes/v4.3.22-zh.md b/changes/v4.3.22-zh.md index e5ee67942..fc78c6985 100644 --- a/changes/v4.3.22-zh.md +++ b/changes/v4.3.22-zh.md @@ -2,6 +2,8 @@ ## 增强 +- 确证监听器的 tls_versions 为 `[tlsv1,tlsv1.1,tlsv1.2,tlsv1.3]` [#9260](https://github.com/emqx/emqx/pull/9260). + - 删除 Dashboard 监听器失败时日志中的无用信息 [#9260](https://github.com/emqx/emqx/pull/9260). - 当 CoAP 网关给设备投递消息并收到设备发来的确认之后,回调 `'message.acked'` 钩子 [#9264](https://github.com/emqx/emqx/pull/9264)。 diff --git a/priv/emqx.schema b/priv/emqx.schema index 61808dfa4..60cb85ae2 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -2203,7 +2203,16 @@ end}. SslOpts = fun(Prefix) -> Versions = case SplitFun(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf, undefined)) of undefined -> undefined; - L -> [list_to_atom(V) || V <- L] + L -> + Versions0 = [list_to_atom(V) || V <- L], + SupportVersions = ['tlsv1', 'tlsv1.1', 'tlsv1.2', 'tlsv1.3'], + case lists:all(fun(V) -> lists:member(V, SupportVersions) end, Versions0) of + false -> + cuttlefish:invalid( + lists:flatten(io_lib:format("tls_versions: only support ~p", [SupportVersions]))); + true -> + Versions0 + end end, TLSCiphers = cuttlefish:conf_get(Prefix++".ciphers", Conf, undefined), PSKCiphers = cuttlefish:conf_get(Prefix++".psk_ciphers", Conf, undefined), From dfa3f4b5f775b72a7ef60de90e787959ffc55b69 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Mon, 14 Nov 2022 09:26:48 +0800 Subject: [PATCH 5/7] chore: apply suggestions from code review Co-authored-by: Zaiming (Stone) Shi --- changes/v4.3.22-en.md | 2 +- changes/v4.3.22-zh.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/changes/v4.3.22-en.md b/changes/v4.3.22-en.md index c11ea3718..a625bf323 100644 --- a/changes/v4.3.22-en.md +++ b/changes/v4.3.22-en.md @@ -3,7 +3,7 @@ ## Enhancements -- Make sure listener's tls_versions is `[tlsv1,tlsv1.1,tlsv1.2,tlsv1.3]` [#9260](https://github.com/emqx/emqx/pull/9260). +- Make sure listener's `tls_versions` config value is one or more of `tlsv1`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3` [#9260](https://github.com/emqx/emqx/pull/9260). - Remove useless information from the dashboard listener failure log [#9260](https://github.com/emqx/emqx/pull/9260). diff --git a/changes/v4.3.22-zh.md b/changes/v4.3.22-zh.md index fc78c6985..758b31547 100644 --- a/changes/v4.3.22-zh.md +++ b/changes/v4.3.22-zh.md @@ -2,7 +2,7 @@ ## 增强 -- 确证监听器的 tls_versions 为 `[tlsv1,tlsv1.1,tlsv1.2,tlsv1.3]` [#9260](https://github.com/emqx/emqx/pull/9260). +- 检查监听器的 `tls_versions` 配置值是 `tlsv1`,`tlsv1.1`,`tlsv1.2`,`tlsv1.3` 中的一个或多个组合 [#9260](https://github.com/emqx/emqx/pull/9260)。 - 删除 Dashboard 监听器失败时日志中的无用信息 [#9260](https://github.com/emqx/emqx/pull/9260). From a48c75594e5427b8c0717188be1fd2a3962a4906 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Mon, 14 Nov 2022 08:49:03 +0100 Subject: [PATCH 6/7] ci: ensure github checkout@v1 and checkout@v2 fetch full history for release builds, alwasy fetch full history otherwise the old tags will not be found resulting in no relup generated --- .github/workflows/build_packages.yaml | 1 + .github/workflows/build_slim_packages.yaml | 4 ++++ .github/workflows/release.yaml | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml index 38c1ea472..4d82c4f0e 100644 --- a/.github/workflows/build_packages.yaml +++ b/.github/workflows/build_packages.yaml @@ -29,6 +29,7 @@ jobs: - uses: actions/checkout@v3 with: path: source + fetch-depth: 0 # clone full git history - name: detect-profiles id: detect-profiles uses: ./source/.github/actions/detect-profiles diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml index c542e0197..65f3c760d 100644 --- a/.github/workflows/build_slim_packages.yaml +++ b/.github/workflows/build_slim_packages.yaml @@ -34,6 +34,8 @@ jobs: # keep using v1 for now as the otp-23 image has an old version git # TODO: change to v3 after OTP is upgraded to 23.3.4.18-1 - uses: actions/checkout@v1 + with: + fetch-depth: 0 # clone full git history - name: fix-git-unsafe-repository run: git config --global --add safe.directory /__w/emqx/emqx - uses: ./.github/actions/detect-profiles @@ -79,6 +81,8 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 + with: + fetch-depth: 0 # clone full git history - name: ensure access to github if: endsWith(github.repository, 'enterprise') run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c7446eaa1..c8065cd0c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,6 +14,8 @@ jobs: steps: - uses: actions/checkout@v3 + with: + fetch-depth: 0 # clone full git history - id: detect-profiles uses: ./.github/actions/detect-profiles @@ -55,6 +57,8 @@ jobs: -d "{\"repo\":\"emqx/emqx\", \"tag\": \"${{ github.ref_name }}\" }" \ ${{ secrets.EMQX_IO_RELEASE_API }} - uses: actions/checkout@v3 + with: + fetch-depth: 0 # clone full git history - name: get version id: version run: echo "version=$(./pkg-vsn.sh)" >> $GITHUB_OUTPUT From e667b564d83129710d951e1165fb48d442a320d0 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Mon, 14 Nov 2022 10:10:34 +0100 Subject: [PATCH 7/7] docs: add a comment to .ci/build_packages/Dockerfile --- .ci/build_packages/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/build_packages/Dockerfile b/.ci/build_packages/Dockerfile index b56cb5220..e979adfb3 100644 --- a/.ci/build_packages/Dockerfile +++ b/.ci/build_packages/Dockerfile @@ -1,4 +1,5 @@ ARG BUILD_FROM=emqx/build-env:erl23.3.4.9-3-ubuntu20.04 +# This Dockerfile is only used for EMQX 4.3, no need to update for 4.4 or later FROM ${BUILD_FROM} ARG EMQX_NAME=emqx