From f7d8f160671de1c876d4989a298123dad9a7f6d0 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Fri, 8 Apr 2022 18:23:03 +0800 Subject: [PATCH 01/11] chore: improve changes --- CHANGES-4.3.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES-4.3.md b/CHANGES-4.3.md index cfb5a3498..623e2d399 100644 --- a/CHANGES-4.3.md +++ b/CHANGES-4.3.md @@ -26,13 +26,21 @@ File format: - prints check points of mnesia internal stats - prints check points of per table loading stats Help to locate the problem of long table loading time. +* Add `local` strategy for Shared Subscription. + That will preferentially dispatch messages to a shared subscriber at the same + node. It will improves the efficiency of shared messages dispatching in certain + scenarios, especially when the emqx-bridge-mqtt plugin is configured as shared + subscription. [#7462] ### Bug fixes * Prohibit empty topics in strict mode * Make sure ehttpc delete useless pool always succeed. * Update mongodb driver to fix potential process leak. -* Dashboard admin password persists after leaving/joining the cluster +* Fix a potential security issue #3155 with emqx-dashboard plugin. + In the earlier implementation, the Dashboard password is reset back to the + default value of emqx_dashboard.conf after the node left cluster. + Now we persist changed password to protect against reset. [#7518] * Silence grep/sed warnings in docker-entrypoint.sh. [#7520] * Generate `loaded_modules` and `loaded_plugins` files with default values when no such files exists. [#7520] From d205cb6fc039858faef94ed9811218f7444bcb32 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Fri, 8 Apr 2022 14:26:03 +0200 Subject: [PATCH 02/11] build: make centos6 happy --- scripts/get-distro.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/get-distro.sh b/scripts/get-distro.sh index 92e44ff2f..513b78e28 100755 --- a/scripts/get-distro.sh +++ b/scripts/get-distro.sh @@ -15,6 +15,9 @@ case "$UNAME" in if grep -q -i 'rhel' /etc/*-release; then DIST='centos' VERSION_ID="$(rpm --eval '%{rhel}')" + elif grep -q -i 'centos' /etc/*-release; then + DIST='centos' + VERSION_ID="$(rpm --eval '%{centos_ver}')" else DIST="$(sed -n '/^ID=/p' /etc/os-release | sed -r 's/ID=(.*)/\1/g' | sed 's/"//g')" VERSION_ID="$(sed -n '/^VERSION_ID=/p' /etc/os-release | sed -r 's/VERSION_ID=(.*)/\1/g' | sed 's/"//g')" From 3e9b91e53a694843d9f203786acb96d28ae6fc6a Mon Sep 17 00:00:00 2001 From: DDDHuang <44492639+DDDHuang@users.noreply.github.com> Date: Fri, 8 Apr 2022 14:31:18 +0800 Subject: [PATCH 03/11] fix: disable server_name_indication suport --- apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src | 2 +- .../src/emqx_plugin_libs.appup.src | 4 ++-- apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl | 14 ++++++++++++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src b/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src index f72ffc229..38d0bc324 100644 --- a/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src +++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src @@ -1,6 +1,6 @@ {application, emqx_plugin_libs, [{description, "EMQ X Plugin utility libs"}, - {vsn, "4.3.2"}, + {vsn, "4.3.3"}, {modules, []}, {applications, [kernel,stdlib]}, {env, []} diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src b/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src index 62d0ce4f0..cb61d66a8 100644 --- a/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src +++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src @@ -2,13 +2,13 @@ {VSN, [ - {<<"4\\.3\\.[0-1]">>, [ + {<<"4\\.3\\.[0-2]">>, [ {load_module, emqx_plugin_libs_ssl, brutal_purge, soft_purge, []} ]}, {<<".*">>, []} ], [ - {<<"4\\.3\\.[0-1]">>, [ + {<<"4\\.3\\.[0-2]">>, [ {load_module, emqx_plugin_libs_ssl, brutal_purge, soft_purge, []} ]}, {<<".*">>, []} diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl index 8d5e2daa5..b459e0b69 100644 --- a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl +++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl @@ -66,13 +66,23 @@ save_files_return_opts(Options, Dir) -> _ -> verify_peer end, SNI = case Get(<<"server_name_indication">>) of + <<"disable">> -> disable; + "disable" -> disable; + "" -> undefined; + <<>> -> undefined; undefined -> undefined; SNI0 -> ensure_str(SNI0) end, Versions = emqx_tls_lib:integral_versions(Get(<<"tls_versions">>)), Ciphers = emqx_tls_lib:integral_ciphers(Versions, Get(<<"ciphers">>)), - filter([{keyfile, Key}, {certfile, Cert}, {cacertfile, CA}, - {verify, Verify}, {server_name_indication, SNI}, {versions, Versions}, {ciphers, Ciphers}]). + filter([ {keyfile, Key} + , {certfile, Cert} + , {cacertfile, CA} + , {verify, Verify} + , {server_name_indication, SNI} + , {versions, Versions} + , {ciphers, Ciphers} + ]). %% @doc Save a key or certificate file in data dir, %% and return path of the saved file. From 2464c110af2f3834726b74d1571d0f1f864b0f44 Mon Sep 17 00:00:00 2001 From: DDDHuang <44492639+DDDHuang@users.noreply.github.com> Date: Fri, 8 Apr 2022 14:59:05 +0800 Subject: [PATCH 04/11] fix: add fix sni change log --- CHANGES-4.3.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES-4.3.md b/CHANGES-4.3.md index 623e2d399..7eaf2e586 100644 --- a/CHANGES-4.3.md +++ b/CHANGES-4.3.md @@ -42,8 +42,8 @@ File format: default value of emqx_dashboard.conf after the node left cluster. Now we persist changed password to protect against reset. [#7518] * Silence grep/sed warnings in docker-entrypoint.sh. [#7520] -* Generate `loaded_modules` and `loaded_plugins` files with default - values when no such files exists. [#7520] +* Generate `loaded_modules` and `loaded_plugins` files with default values when no such files exists. [#7520] +* Fix the configuration `server_name_indication` set to disable does not take effect. ## v4.3.13 From af4250dcf457cd8171e98805e65fddccaf8e60f9 Mon Sep 17 00:00:00 2001 From: DDDHuang <44492639+DDDHuang@users.noreply.github.com> Date: Fri, 8 Apr 2022 15:18:44 +0800 Subject: [PATCH 05/11] fix: mqtt bridge config schema sni disable spelling --- apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema b/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema index 30120a7d5..face6277e 100644 --- a/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema +++ b/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema @@ -183,8 +183,12 @@ [{verify, verify_peer}]; (verify, false) -> [{verify, verify_none}]; - (server_name_indication, "disabled") -> - [{server_name_indication, disabled}]; + (server_name_indication, "disable") -> + [{server_name_indication, disable}]; + (server_name_indication, undefined) -> + []; + (server_name_indication, "") -> + []; (server_name_indication, Hostname) -> [{server_name_indication, Hostname}]; (Opt, Val) -> From 4a692f0c2e4706dde5e0e731ae56a335d25438eb Mon Sep 17 00:00:00 2001 From: DDDHuang <44492639+DDDHuang@users.noreply.github.com> Date: Fri, 8 Apr 2022 15:44:08 +0800 Subject: [PATCH 06/11] fix: config schema sni disable --- apps/emqx_auth_http/src/emqx_auth_http.app.src | 2 +- .../emqx_auth_http/src/emqx_auth_http.appup.src | 9 +++++++-- apps/emqx_auth_http/src/emqx_auth_http_app.erl | 1 + apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema | 1 + apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src | 2 +- .../emqx_auth_ldap/src/emqx_auth_ldap.appup.src | 8 ++++++-- .../emqx_auth_mongo/priv/emqx_auth_mongo.schema | 1 + .../emqx_auth_mysql/priv/emqx_auth_mysql.schema | 1 + .../emqx_auth_mysql/src/emqx_auth_mysql.app.src | 2 +- .../src/emqx_auth_mysql.appup.src | 9 +++++++-- .../emqx_auth_pgsql/priv/emqx_auth_pgsql.schema | 1 + .../emqx_auth_pgsql/src/emqx_auth_pgsql.app.src | 2 +- .../src/emqx_auth_pgsql.appup.src | 9 +++++++-- .../emqx_auth_redis/priv/emqx_auth_redis.schema | 1 + .../emqx_auth_redis/src/emqx_auth_redis.app.src | 2 +- .../src/emqx_auth_redis.appup.src | 9 +++++++-- .../src/emqx_bridge_mqtt.appup.src | 4 ++-- .../src/emqx_bridge_mqtt_actions.erl | 17 +++++++++++++++++ .../src/emqx_plugin_libs.app.src | 2 +- .../src/emqx_plugin_libs.appup.src | 4 ++-- apps/emqx_web_hook/src/emqx_web_hook.app.src | 2 +- apps/emqx_web_hook/src/emqx_web_hook.appup.src | 2 ++ apps/emqx_web_hook/src/emqx_web_hook_app.erl | 1 + 23 files changed, 71 insertions(+), 21 deletions(-) diff --git a/apps/emqx_auth_http/src/emqx_auth_http.app.src b/apps/emqx_auth_http/src/emqx_auth_http.app.src index 21d0b569b..fd8d1e046 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http.app.src +++ b/apps/emqx_auth_http/src/emqx_auth_http.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_http, [{description, "EMQ X Authentication/ACL with HTTP API"}, - {vsn, "4.3.4"}, % strict semver, bump manually! + {vsn, "4.3.5"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_http_sup]}, {applications, [kernel,stdlib,ehttpc]}, diff --git a/apps/emqx_auth_http/src/emqx_auth_http.appup.src b/apps/emqx_auth_http/src/emqx_auth_http.appup.src index abad22e47..256bd7566 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http.appup.src +++ b/apps/emqx_auth_http/src/emqx_auth_http.appup.src @@ -1,6 +1,9 @@ %% -*- mode: erlang -*- {VSN, - [{"4.3.3", + [{"4.3.4", + [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]} + ]}, + {"4.3.3", [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]}, {"4.3.2", @@ -11,7 +14,9 @@ {<<"4.3.[0-1]">>, [{restart_application,emqx_auth_http}]}, {<<".*">>,[]}], - [{"4.3.3", + [{"4.3.4", + [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]}, + {"4.3.3", [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]}, {"4.3.2", diff --git a/apps/emqx_auth_http/src/emqx_auth_http_app.erl b/apps/emqx_auth_http/src/emqx_auth_http_app.erl index 15fc97283..6b868d601 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http_app.erl +++ b/apps/emqx_auth_http/src/emqx_auth_http_app.erl @@ -71,6 +71,7 @@ translate_env(EnvName) -> end, SNI = case application:get_env(?APP, server_name_indication, undefined) of "disable" -> disable; + "" -> undefined; SNI0 -> SNI0 end, TLSOpts = lists:filter( diff --git a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema b/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema index b3d3de1a2..04e9d40df 100644 --- a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema +++ b/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema @@ -73,6 +73,7 @@ {verify, cuttlefish:conf_get("auth.ldap.ssl.verify", Conf, undefined)}, {server_name_indication, case cuttlefish:conf_get("auth.ldap.ssl.server_name_indication", Conf, undefined) of "disable" -> disable; + "" -> undefined; SNI -> SNI end}] end, diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src index bf4148ed9..a072234d7 100644 --- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src +++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_ldap, [{description, "EMQ X Authentication/ACL with LDAP"}, - {vsn, "4.3.3"}, % strict semver, bump manually! + {vsn, "4.3.4"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_ldap_sup]}, {applications, [kernel,stdlib,eldap2,ecpool]}, diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src index f202cf29d..ea44d7a1a 100644 --- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src +++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src @@ -1,6 +1,10 @@ %% -*-: erlang -*- {VSN, - [ {"4.3.0", + [ {"4.3.3", [ + %% There are only changes to the schema file, so we don't need + %% any commands here. + ]}, + {"4.3.0", [ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []} , {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []} , {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []} @@ -16,7 +20,7 @@ ]}, {<<".*">>, []} ], - [ + [ {"4.3.3", []}, {"4.3.0", [ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []} , {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []} diff --git a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema b/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema index 8a2ff98b3..0c491e005 100644 --- a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema +++ b/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema @@ -141,6 +141,7 @@ Filter([{verify, Verify}, {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of "disable" -> disable; + "" -> undefined; SNI -> SNI end}, {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)}, diff --git a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema b/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema index 5e4619301..cacea41a1 100644 --- a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema +++ b/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema @@ -109,6 +109,7 @@ end, SNI = case cuttlefish:conf_get("auth.mysql.ssl.server_name_indication", Conf, undefined) of "disable" -> disable; + "" -> undefined; SNI0 -> SNI0 end, Options ++ [{ssl, Filter([{server_name_indication, SNI}, diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src b/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src index e3d3677d7..6df4545fd 100644 --- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src +++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_mysql, [{description, "EMQ X Authentication/ACL with MySQL"}, - {vsn, "4.3.1"}, % strict semver, bump manually! + {vsn, "4.3.2"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_mysql_sup]}, {applications, [kernel,stdlib,mysql,ecpool]}, diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src b/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src index edc09aa2d..88ff1b38e 100644 --- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src +++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src @@ -1,10 +1,15 @@ %% -*- mode: erlang -*- {VSN, - [{"4.3.0", + [{"4.3.1", [ + %% There are only changes to the schema file, so we don't need + %% any commands here. + ]}, + {"4.3.0", [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.0", + [{"4.3.1", []}, + {"4.3.0", [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}] diff --git a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema index f78bcc597..5d45354b9 100644 --- a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema +++ b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema @@ -109,6 +109,7 @@ {verify, Verify}, {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of "disable" -> disable; + "" -> undefined; SNI -> SNI end}, {versions, [list_to_existing_atom(Value) diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src index d18021ff3..75175a814 100644 --- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src +++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_pgsql, [{description, "EMQ X Authentication/ACL with PostgreSQL"}, - {vsn, "4.3.1"}, % strict semver, bump manually! + {vsn, "4.3.2"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_pgsql_sup]}, {applications, [kernel,stdlib,epgsql,ecpool]}, diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src index f7e802fdc..1c9a0c572 100644 --- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src +++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src @@ -1,10 +1,15 @@ %% -*- mode: erlang -*- {VSN, - [{"4.3.0", + [{"4.3.1", [ + %% There are only changes to the schema file, so we don't need + %% any commands here. + ]}, + {"4.3.0", [{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.0", + [{"4.3.1", []}, + {"4.3.0", [{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}] diff --git a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema b/apps/emqx_auth_redis/priv/emqx_auth_redis.schema index 3ce34d597..f36dd9420 100644 --- a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema +++ b/apps/emqx_auth_redis/priv/emqx_auth_redis.schema @@ -98,6 +98,7 @@ end, SNI = case cuttlefish:conf_get("auth.redis.ssl.server_name_indication", Conf, undefined) of "disable" -> disable; + "" -> undefined; SNI0 -> SNI0 end, [{options, [{ssl_options, diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src b/apps/emqx_auth_redis/src/emqx_auth_redis.app.src index 31c8e7cb6..ea6aaefcf 100644 --- a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src +++ b/apps/emqx_auth_redis/src/emqx_auth_redis.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_redis, [{description, "EMQ X Authentication/ACL with Redis"}, - {vsn, "4.3.1"}, % strict semver, bump manually! + {vsn, "4.3.2"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_redis_sup]}, {applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]}, diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src b/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src index 719f5ef80..83f5d46be 100644 --- a/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src +++ b/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src @@ -1,10 +1,15 @@ %% -*- mode: erlang -*- {VSN, - [{"4.3.0", + [{"4.3.1", [ + %% There are only changes to the schema file, so we don't need + %% any commands here. + ]}, + {"4.3.0", [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.0", + [{"4.3.1", []}, + {"4.3.0", [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}] diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src index b1fa8b85d..6edf6048c 100644 --- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src +++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src @@ -2,8 +2,7 @@ {VSN, [ {"4.3.4", [ - %% There are only changes to the schema file, so we don't need - %% any commands here. + {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} ]}, {"4.3.3", [ {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []} @@ -21,6 +20,7 @@ ], [ {"4.3.4", [ + {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} ]}, {"4.3.3", [ {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []} diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl index 21cda5b6d..d0db149d1 100644 --- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl +++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl @@ -240,6 +240,23 @@ zh => <<"SSL 加密算法"/utf8>>}, description => #{en => <<"SSL Ciphers">>, zh => <<"SSL 加密算法"/utf8>>} + }, + verify => #{ + order => 19, + type => boolean, + default => false, + title => #{en => <<"Verify Server Certfile">>, + zh => <<"校验服务器证书"/utf8>>}, + description => #{en => <<"Whether to verify the server certificate. By default, the client will not verify the server's certificate. If verification is required, please set it to true.">>, + zh => <<"是否校验服务器证书。 默认客户端不会去校验服务器的证书,如果需要校验,请设置成true。"/utf8>>} + }, + server_name_indication => #{ + order => 20, + type => string, + title => #{en => <<"Server Name Indication">>, + zh => <<"服务器名称指示"/utf8>>}, + description => #{en => <<"Specify the hostname used for peer certificate verification, or set to disable to turn off this verification.">>, + zh => <<"指定用于对端证书验证时使用的主机名,或者设置为 disable 以关闭此项验证。"/utf8>>} } }). diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src b/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src index 38d0bc324..f72ffc229 100644 --- a/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src +++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src @@ -1,6 +1,6 @@ {application, emqx_plugin_libs, [{description, "EMQ X Plugin utility libs"}, - {vsn, "4.3.3"}, + {vsn, "4.3.2"}, {modules, []}, {applications, [kernel,stdlib]}, {env, []} diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src b/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src index cb61d66a8..62d0ce4f0 100644 --- a/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src +++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src @@ -2,13 +2,13 @@ {VSN, [ - {<<"4\\.3\\.[0-2]">>, [ + {<<"4\\.3\\.[0-1]">>, [ {load_module, emqx_plugin_libs_ssl, brutal_purge, soft_purge, []} ]}, {<<".*">>, []} ], [ - {<<"4\\.3\\.[0-2]">>, [ + {<<"4\\.3\\.[0-1]">>, [ {load_module, emqx_plugin_libs_ssl, brutal_purge, soft_purge, []} ]}, {<<".*">>, []} diff --git a/apps/emqx_web_hook/src/emqx_web_hook.app.src b/apps/emqx_web_hook/src/emqx_web_hook.app.src index 64cd28784..93db474d2 100644 --- a/apps/emqx_web_hook/src/emqx_web_hook.app.src +++ b/apps/emqx_web_hook/src/emqx_web_hook.app.src @@ -1,6 +1,6 @@ {application, emqx_web_hook, [{description, "EMQ X WebHook Plugin"}, - {vsn, "4.3.10"}, % strict semver, bump manually! + {vsn, "4.3.11"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_web_hook_sup]}, {applications, [kernel,stdlib,ehttpc]}, diff --git a/apps/emqx_web_hook/src/emqx_web_hook.appup.src b/apps/emqx_web_hook/src/emqx_web_hook.appup.src index 3f0980b3c..a1bd558c2 100644 --- a/apps/emqx_web_hook/src/emqx_web_hook.appup.src +++ b/apps/emqx_web_hook/src/emqx_web_hook.appup.src @@ -16,6 +16,7 @@ [ %% nothing so far %% 4.3.9 is taken by release 4.3.12 ]}, + {"4.3.10", [{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], [{<<"4\\.3\\.[0-2]">>, [{apply,{application,stop,[emqx_web_hook]}}, @@ -33,4 +34,5 @@ [ %% nothing so far %% 4.3.9 is taken by release 4.3.12 ]}, + {"4.3.10", [{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}]}. diff --git a/apps/emqx_web_hook/src/emqx_web_hook_app.erl b/apps/emqx_web_hook/src/emqx_web_hook_app.erl index e728aca9d..1156111b5 100644 --- a/apps/emqx_web_hook/src/emqx_web_hook_app.erl +++ b/apps/emqx_web_hook/src/emqx_web_hook_app.erl @@ -61,6 +61,7 @@ translate_env() -> end, SNI = case application:get_env(?APP, server_name_indication, undefined) of "disable" -> disable; + "" -> undefined; SNI0 -> SNI0 end, TLSOpts = lists:filter(fun({_K, V}) -> From a483f5ffa4eed8d45f6b3d6b988c7d2db2ee91a8 Mon Sep 17 00:00:00 2001 From: DDDHuang <44492639+DDDHuang@users.noreply.github.com> Date: Fri, 8 Apr 2022 20:03:57 +0800 Subject: [PATCH 07/11] fix: bad appup --- .../src/emqx_bridge_mqtt.appup.src | 66 ++++++++----------- .../emqx_web_hook/src/emqx_web_hook.appup.src | 21 +++--- 2 files changed, 37 insertions(+), 50 deletions(-) diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src index 6edf6048c..9e1eda7f4 100644 --- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src +++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src @@ -1,39 +1,29 @@ -%% -*-: erlang -*- +%% -*- mode: erlang -*- +%% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [ - {"4.3.4", [ - {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} - ]}, - {"4.3.3", [ - {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []} - ]}, - {<<"4\\.3\\.[1-2]">>, [ - {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []}, - {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} - ]}, - {"4.3.0", [ - {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []}, - {load_module, emqx_bridge_worker, brutal_purge, soft_purge, []}, - {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} - ]}, - {<<".*">>, []} - ], - [ - {"4.3.4", [ - {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} - ]}, - {"4.3.3", [ - {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []} - ]}, - {<<"4\\.3\\.[1-2]">>, [ - {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []}, - {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} - ]}, - {"4.3.0", [ - {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []}, - {load_module, emqx_bridge_worker, brutal_purge, soft_purge, []}, - {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []} - ]}, - {<<".*">>, []} - ] -}. + [{"4.3.4", + [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]}, + {"4.3.3", + [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}]}, + {<<"4\\.3\\.[1-2]">>, + [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]}, + {"4.3.0", + [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_worker,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]}, + {<<".*">>,[]}], + [{"4.3.4", + [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]}, + {"4.3.3", + [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}]}, + {<<"4\\.3\\.[1-2]">>, + [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]}, + {"4.3.0", + [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_worker,brutal_purge,soft_purge,[]}, + {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]}, + {<<".*">>,[]}]}. diff --git a/apps/emqx_web_hook/src/emqx_web_hook.appup.src b/apps/emqx_web_hook/src/emqx_web_hook.appup.src index a1bd558c2..4e3e28a21 100644 --- a/apps/emqx_web_hook/src/emqx_web_hook.appup.src +++ b/apps/emqx_web_hook/src/emqx_web_hook.appup.src @@ -1,4 +1,5 @@ %% -*- mode: erlang -*- +%% Unless you know what you are doing, DO NOT edit manually!! {VSN, [{<<"4\\.3\\.[0-2]">>, [{apply,{application,stop,[emqx_web_hook]}}, @@ -11,12 +12,10 @@ {load_module,emqx_web_hook,brutal_purge,soft_purge,[]}, {load_module,emqx_web_hook_actions,brutal_purge,soft_purge,[]}]}, {"4.3.8", - [{load_module,emqx_web_hook,brutal_purge,soft_purge,[]}]}, - {"4.3.9", - [ %% nothing so far - %% 4.3.9 is taken by release 4.3.12 - ]}, - {"4.3.10", [{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, + [{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}, + {load_module,emqx_web_hook,brutal_purge,soft_purge,[]}]}, + {"4.3.9",[{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, + {"4.3.10",[{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], [{<<"4\\.3\\.[0-2]">>, [{apply,{application,stop,[emqx_web_hook]}}, @@ -29,10 +28,8 @@ {load_module,emqx_web_hook,brutal_purge,soft_purge,[]}, {load_module,emqx_web_hook_actions,brutal_purge,soft_purge,[]}]}, {"4.3.8", - [{load_module,emqx_web_hook,brutal_purge,soft_purge,[]}]}, - {"4.3.9", - [ %% nothing so far - %% 4.3.9 is taken by release 4.3.12 - ]}, - {"4.3.10", [{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, + [{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}, + {load_module,emqx_web_hook,brutal_purge,soft_purge,[]}]}, + {"4.3.9",[{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, + {"4.3.10",[{load_module,emqx_web_hook_app,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}]}. From 703441c631bf7684a5401c7be6adb24948af3520 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Mon, 11 Apr 2022 18:23:08 +0800 Subject: [PATCH 08/11] chore: update ehttpc to 0.2.0 In ehttpc v0.2.0, we have optimized the implementation for request collection to reduce resource consumption. see: https://github.com/emqx/ehttpc/pull/31 --- rebar.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rebar.config b/rebar.config index d7ab16fe3..0a7faf889 100644 --- a/rebar.config +++ b/rebar.config @@ -39,7 +39,7 @@ {deps, [ {gpb, "4.11.2"} %% gpb only used to build, but not for release, pin it here to avoid fetching a wrong version due to rebar plugins scattered in all the deps - , {ehttpc, {git, "https://github.com/emqx/ehttpc", {tag, "0.1.15"}}} + , {ehttpc, {git, "https://github.com/emqx/ehttpc", {tag, "0.2.0"}}} , {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.7.1"}}} , {gproc, {git, "https://github.com/uwiger/gproc", {tag, "0.8.0"}}} , {jiffy, {git, "https://github.com/emqx/jiffy", {tag, "1.0.5"}}} From 73ac4c1ff8925198f359ba20bd7465cf6314455f Mon Sep 17 00:00:00 2001 From: DDDHuang <44492639+DDDHuang@users.noreply.github.com> Date: Mon, 11 Apr 2022 18:33:20 +0800 Subject: [PATCH 09/11] fix: random id ensure do not delete resource --- apps/emqx_rule_engine/src/emqx_rule_engine.erl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.erl b/apps/emqx_rule_engine/src/emqx_rule_engine.erl index 292e10311..b210d4f8d 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.erl @@ -332,7 +332,9 @@ start_resource(ResId) -> test_resource(#{type := Type} = Params) -> case emqx_rule_registry:find_resource_type(Type) of {ok, #resource_type{}} -> - ResId = maps:get(id, Params, resource_id()), + %% Resource will be deleted after test. + %% Use random resource id, ensure test func will not delete the resource in used. + ResId = resource_id(), try case create_resource(maps:put(id, ResId, Params), no_retry) of {ok, _} -> From e9ed65de0642e53dece70911c1110f144e4e0337 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Tue, 12 Apr 2022 09:39:41 +0800 Subject: [PATCH 10/11] chore: bump vsn to 4.3.14-rc.2 --- include/emqx_release.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/emqx_release.hrl b/include/emqx_release.hrl index 6526e9a6c..c5d14e53e 100644 --- a/include/emqx_release.hrl +++ b/include/emqx_release.hrl @@ -29,7 +29,7 @@ -ifndef(EMQX_ENTERPRISE). --define(EMQX_RELEASE, {opensource, "4.3.14-rc.1"}). +-define(EMQX_RELEASE, {opensource, "4.3.14-rc.2"}). -else. From 3f9f53a1e0e40ef3ffac06ca0d51c20a651e89b4 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Tue, 12 Apr 2022 13:48:43 +0800 Subject: [PATCH 11/11] chore: bump vsn --- include/emqx_release.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/emqx_release.hrl b/include/emqx_release.hrl index cf21aba2c..b3b06c23f 100644 --- a/include/emqx_release.hrl +++ b/include/emqx_release.hrl @@ -29,7 +29,7 @@ -ifndef(EMQX_ENTERPRISE). --define(EMQX_RELEASE, {opensource, "4.4.3-rc.1"}). +-define(EMQX_RELEASE, {opensource, "4.4.3-rc.2"}). -else.