diff --git a/.drone.yml b/.drone.yml index bf7c5ca..8a82861 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,43 +13,6 @@ trigger: - tag steps: -# - name: Download identiconpp for Debian stretch -# image: plugins/download -# settings: -# source: https://schlomp.space/attachments/f40d4b6e-ab9f-4cb7-a83e-cb1d8490e9ee -# destination: identiconpp_stretch.deb - -- name: Download identiconpp for Debian buster - image: plugins/download - settings: - source: https://schlomp.space/attachments/a94b0252-db1e-4122-bc27-cb6679acb3af - destination: identiconpp_buster.deb - -# - name: GCC 6 -# image: debian:stretch-slim -# pull: always -# environment: -# CXX: g++-6 -# CXXFLAGS: -pipe -O2 -# DEBIAN_FRONTEND: noninteractive -# LANG: C.utf8 -# commands: -# - rm /etc/apt/apt.conf.d/docker-clean -# - echo "APT::Default-Release \"stretch\";" >> /etc/apt/apt.conf.d/00default_release -# - echo "deb http://deb.debian.org/debian stretch-backports main" >> /etc/apt/sources.list.d/stretch.list -# - apt-get update -q -# - apt-get install -qq -t stretch-backports cmake -# - apt-get install -qq g++-6 pkg-config -# - apt-get install -qq libcrypto++-dev libmagick++-dev libxdg-basedir-dev -# - dpkg -i identiconpp_stretch.deb -# - rm -rf build && mkdir -p build && cd build -# - cmake .. -# - cmake --build . -# - make install -# volumes: -# - name: debian-package-cache -# path: /var/cache/apt/archives - - name: GCC 8 / clang 7 image: debian:buster-slim pull: always @@ -63,16 +26,13 @@ steps: - apt-get update -q - apt-get install -qq build-essential clang pkg-config cmake - apt-get install -qq libcrypto++-dev libmagick++-dev libxdg-basedir-dev - - dpkg -i identiconpp_buster.deb - - rm -rf build && mkdir -p build && cd build - - cmake .. - - cmake --build . - - make install - - cd ../ - - rm -rf build && mkdir -p build && cd build - - CXX="clang++" cmake .. - - cmake --build . - - make install + - rm -rf build + - cmake -S . -B build -DLIBRAVATAR_BUNDLED_IDENTICONPP=YES + - cmake --build build + - rm -rf build + - CXX="clang++" cmake -S . -B build -DLIBRAVATAR_BUNDLED_IDENTICONPP=YES + - cmake --build build + - cmake --install build volumes: - name: debian-package-cache path: /var/cache/apt/archives @@ -81,7 +41,7 @@ steps: image: drillster/drone-email pull: always settings: - host: cryptoparty-celle.de + host: tzend.de from: drone@tzend.de username: from_secret: email_username diff --git a/README.md b/README.md index 8431eb3..2d4a706 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,8 @@ specification for hosting profile images tied to email or OpenID addresses. * MD5 hashes * SHA256 hashes * Variable image size (`s` or `size`) -* Default fallbacks (`d` or `default`): 404, URL (only on the same server), mp/mm, identicon, retro +* Default fallbacks (`d` or `default`): 404, mp/mm, identicon (=retro), retro +* Requesting file type by appending `.jpg`, `.png` or `.gif` to the hash The API is explained in greater detail at the [Libravar wiki](https://wiki.libravatar.org/api/). @@ -25,7 +26,7 @@ The API is explained in greater detail at the * Patches welcome * forcedefault * Fallback URLs for to external sites (due to [CWE-601](https://cwe.mitre.org/data/definitions/601.html)) - * We have a server setting (`LIBRAVATARSERV_REDIRECT_*`) to redirect to + * We have a server setting (`LIBRAVATARSERV_REDIRECT`) to redirect to libravatar.org. ## Usage @@ -45,9 +46,8 @@ _avatars-sec._tcp.example.com. IN SRV 0 0 443 avatars.example.com `_avatars._tcp.example.com` is for HTTP, `_avatars-sec._tcp.example.com` is for HTTPS. -libravatarserv looks in each of `${XDG_DATA_DIRS}` for a directory named -`libravatarserv`. You can force a different directory by setting the environment -variable `LIBRAVATARSERV_DIR` (until 0.3.0 `AVATAR_DIR`). +libravatarserv looks in the current working directory for images. You can force +a different directory by setting the environment variable `LIBRAVATARSERV_DIR`. The image files are named like your email address, no file extension. The default behaviour for unknown users is to return a 404 error. You can change @@ -68,7 +68,7 @@ Test your setup on . The avatar directory could look like this: ``` plain -/usr/share/libravatarserv +/var/db/libravatarserv ├── [ 32K] default ├── [ 759] user@example.com └── [ 16] user+newsletter@example.com -> user@example.com @@ -82,7 +82,7 @@ Configuration is done through environment variables. The directory containing the avatars. -Default: empty +Default: current directory **LIBRAVATARSERV_DEFAULT_FALLBACK** @@ -92,25 +92,18 @@ parameter. Default: 404 -**LIBRAVATARSERV_REDIRECT_NOFALLBACK** - -Set to 1 to redirect to libravatar.org if the user is not found and the -requested fallback is not supported. - -Default: 0 - -**LIBRAVATARSERV_REDIRECT_NOUSER** +**LIBRAVATARSERV_REDIRECT** Set to 1 to redirect to libravatar.org if the user is not found. -Default: 0 +Default: 1 ### Things to keep in mind -libravatarserv resizes images on the fly and calculates both MD5 and SHA256 -hashes for every user on every request. This could seriously strain the -ressources of your computer if many users use the service. Make sure to set up -caching if you expect more than occasional traffic. +libravatarserv resizes images on the fly and potentially calculates hashes for +every user on every request. This could seriously strain the ressources of your +computer if many users use the service. Make sure to set up caching if you +expect more than occasional traffic. ## Install @@ -123,7 +116,7 @@ Gentoo ebuilds are available via my #### Dependencies -* C++ compiler (tested: [gcc](https://gcc.gnu.org/) 8/9, +* C++ compiler (tested: [gcc](https://gcc.gnu.org/) 8/11, [clang](https://llvm.org/) 7) * [cmake](https://cmake.org/) (at least 3.10) * [crypto++](https://cryptopp.com) (tested: 7.0 / 5.6) @@ -133,25 +126,22 @@ Gentoo ebuilds are available via my On a Debian system, install the packages: `build-essential cmake libcrypto++-dev libmagick++-dev libxdg-basedir-dev` and -[identiconpp](https://schlomp.space/tastytea/identiconpp). +[identiconpp](https://schlomp.space/tastytea/identiconpp) (or use the bundled). #### Compile ``` shell -mkdir build && cd build -cmake .. -make -make install +cmake -S . -B build +cmake --build build ``` ##### cmake options * `-DCMAKE_BUILD_TYPE=Debug` for a debug build -* One of: - * `-DWITH_DEB=YES` to generate a deb-package - * `-DWITH_RPM=YES` to generate an rpm-package +* `-DLIBRAVATAR_BUNDLED_IDENTICONPP=YES` to use the bundles identiconpp -To generate a binary package, execute `make package` +To install, run `sudo cmake --install build`. To create a linux distribution +package, run `cpack -G DEB` or `cpack -G RPM`. ## Contributing @@ -166,6 +156,8 @@ avatars. The tests were done with a 27KiB image, scaled down from 569px to 512px. It took 3,8s / 5-7s to transfer 50 unique avatars (about 3 KiB each) on one page. +This test was done on an older version and may not be accurate any more. + ## Contact See https://tastytea.de/ diff --git a/doc/nginx-example.conf b/doc/nginx-example.conf index e08d1d5..d6fe09d 100644 --- a/doc/nginx-example.conf +++ b/doc/nginx-example.conf @@ -22,12 +22,14 @@ server { fastcgi_pass unix:/var/run/cgi-fcgiwrap.socket-1; fastcgi_param SCRIPT_FILENAME /usr/bin/libravatarserv; + # fastcgi_param LIBRAVATARSERV_DIR "/var/db/libravatarserv" # fastcgi_param LIBRAVATARSERV_DEFAULT_FALLBACK 404; - # fastcgi_param LIBRAVATARSERV_REDIRECT_NOFALLBACK 0; - # fastcgi_param LIBRAVATARSERV_REDIRECT_NOUSER 0; + # fastcgi_param LIBRAVATARSERV_REDIRECT 1; fastcgi_cache avatar; - fastcgi_cache_valid 200 2h; # Cache answers for up to 2 hours. - fastcgi_cache_lock on; # Relay only one identical request at a time. + fastcgi_cache_valid 200 307 400 501 1h; # Cache answers for up to 1 hour + # Cache negative replies that may be temporary for 10 minutes + fastcgi_cache_valid 404 500 10m; + fastcgi_cache_lock on; # Relay only one identical request at a time. } }