New release: (April-)July

Message ID
DKIM signature
Download raw message
# Back in business

After all this time of not having anything interesting to share, or being too
lazy to do it, I finally managed to put this down (just as I start my vacation
no less). So here's a (not so) short summary of the past 4 months or so.

## Work on federation

This has been a very long time incoming, but only recently I've made strides in
this direction.

The changes we've made span across projects.

### Processing package

We've added different handling of saving and loading of ActivityPub objects
required to successfully process an Activity based on the fact that said
objects belong to the current instance or they are remote.

Pushing to collections is also changed so we distinguish between these two
separate use cases.

We have implemented just the content management and appreciation processing for
federated activities.

### The auth package

It has received improvements to loading remote keys for ActivityPub actors. We
switched to a forked version of the httpsig package, which can deal with more
types of signatures, not just HMAC and SHA256.

### FedBOX

Adding processing of Activities received in /inbox end-points.

Adding integration tests for received federated activities and for local
activities with remote recipients.

Adding command for generating EC key pairs for HTTPSig authorization for
all actors with type Person that miss it, or for individual ones.

Adding the key automatically if creating actors from the command line tool.

### Go-Littr

Improvements to handling actors and objects that belong to different activities
than the default one.

Added support for Create/Update, Like/Dislike on remote objects.

## Docker images pipeline improvements

Due to the number of images we built for fedbox the sr.ht pipeline was running
quite a long time and we've added a couple of improvements to increase the speed.

They had less of an impact than I would have wanted but now the builder image
that compiles for all versions is stored locally and can be reused between
runs. It has been streamlined as much as possible so, every image build just
runs the compilation step itself. The time shaved off was about a third of the

Some steps have been done to allow use of rootless buildah for creating the
images. However pushing multiple tags to quay.io seems problematic, and I'm
not sure if that's a bug in buildah/podman or with my build scripts.

## Speedup of sqlite auth storage backend

We were apprarently using sqlite the wrong way in the auth package by wrapping
the saving of the authorization and authentication tokens in transactions.

After we removed them the integration tests run time for this storage went down
a 3x factor (from ~18s to ~6s)

## Improvements to OAuth on FedBOX

The OAuth login page on FedBOX can now be accessed for each actor individually.

We improved the flow so it can do a full login based on a client application

These new OAuth urls are exposed in go-littr for each actor so an IndieAuth
flow can be triggered for each user. (This flow is still not fully supported)

## Other things

I had two attempts at standalone clients for FedBOX, which are not fully functional

One in the form of a TUI interafce for doing admin work on a FedBOX
instance, named motely[1] which is based on the Charm TUI widgets.

Another one was an attempt at the most basic example for a client, but which
increased into something that's not that simple and that I used to seed test
instances with activities. It can be found on sourcehut at fedbox-spammy[2]

I also started to write my ideas about the client to server implementation I
used for FedBOX into a Fediverse Enhancement Proposal[3], but I didn't get very
far. Who knew that writing specs can be tedious?

[1] https://git.sr.ht/~mariusor/motley
[2] https://git.sr.ht/~mariusor/fedbox-spammy
[3] https://git.sr.ht/~mariusor/Fediverse-Enhancement-Proposal/tree/master/item/feps/fep-6606.md

Berlin, 19th July 2021
Reply to thread Export thread (mbox)