💾 Archived View for thrig.me › blog › 2024 › 04 › 23 › syncmail.go captured on 2024-07-09 at 02:23:17.
⬅️ Previous capture (2024-05-10)
-=-=-=-=-=-=-
// syncmail - transfer between maildir directories by SFTP. there are // things to TWEAK package main import ( "encoding/base64" "fmt" "io" "log" "net" "os" "os/signal" "path/filepath" "syscall" "github.com/pkg/sftp" "golang.org/x/crypto/ssh" "suah.dev/protect" ) func keyString(k ssh.PublicKey) string { return k.Type() + " " + base64.StdEncoding.EncodeToString(k.Marshal()) // e. } func hostkey_callback(trustedKey string) ssh.HostKeyCallback { if trustedKey == "" { return func(_ string, _ net.Addr, k ssh.PublicKey) error { return fmt.Errorf("SSH no key verify: %q", keyString(k)) } } return func(_ string, _ net.Addr, k ssh.PublicKey) error { ks := keyString(k) if trustedKey != ks { return fmt.Errorf("SSH verify: expect %q got %q", trustedKey, ks) } return nil } } func main() { sigc := make(chan os.Signal, 1) signal.Notify(sigc, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT) go func() { <-sigc }() protect.Pledge("cpath inet rpath stdio wpath unveil") // TWEAK where the remote files are copied to home, _ := os.UserHomeDir() tmp_path := filepath.Join(home, "mail/inbox/tmp") new_path := filepath.Join(home, "mail/inbox/new") herr := os.Chdir(tmp_path) if herr != nil { log.Fatal(herr) } sshkey := filepath.Join(home, ".ssh/TWEAK_your_public_key_file_here") protect.Unveil(sshkey, "r") protect.Unveil(tmp_path, "cw") protect.Unveil(new_path, "cw") protect.UnveilBlock() key, err := os.ReadFile(sshkey) if err != nil { log.Fatalf("unable to read private key: %v", err) } signer, err := ssh.ParsePrivateKey(key) if err != nil { log.Fatalf("unable to parse private key: %v", err) } config := &ssh.ClientConfig{ User: "TWEAK_username", Auth: []ssh.AuthMethod{ ssh.PublicKeys(signer), }, HostKeyCallback: hostkey_callback("ssh-ed25519 TWEAK_your_host_key_here"), } // NOTE this requires a port, does not assume :22 ssh, err := ssh.Dial("tcp", "TWEAK_hostname_or_ip:22", config) if err != nil { log.Fatalf("unable to connect: %v", err) } defer ssh.Close() protect.Pledge("cpath stdio wpath") sftp, err := sftp.NewClient(ssh) if err != nil { log.Fatal(err) } defer sftp.Close() files, err := sftp.ReadDir("mail/inbox/new") if err != nil { log.Fatal(err) } copied := 0 for _, dirent := range files { if !dirent.Mode().IsRegular() { // TWEAK you could log unexpected file types here continue } remote_file := sftp.Join("mail/inbox/new", dirent.Name()) sfh, err := sftp.Open(remote_file) if err != nil { log.Fatal(err) } defer sfh.Close() dfh, err := os.OpenFile(dirent.Name(), os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0755) if err != nil { log.Fatal(err) } defer dfh.Close() _, cerr := io.Copy(dfh, sfh) if cerr != nil { log.Fatal(cerr) } derr := dfh.Sync() if derr != nil { log.Fatal(derr) } rnerr := os.Rename(dirent.Name(), filepath.Join("../new", dirent.Name())) if rnerr != nil { // TWEAK you may want to instead keep this file // around, especially if the files can be large // and network transfers expensive, but then // you'd need something to detect the error or // review for stale files in the "tmp" // directory, and to manually rename the file // or whatever os.Remove(dirent.Name()) log.Fatal(rnerr) } rerr := sftp.Remove(remote_file) if rerr != nil { log.Fatal(rerr) } // TWEAK log what got copied //log.Println(remote_file) copied++ } if copied > 0 { os.Exit(0) } else { os.Exit(2) } }