docs: prepare for 1.9.0 (#425)

favonia · Mar 15, 2023 · c8083e9 · c8083e9
1 parent 3562676
commit c8083e9
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 3 deletions.
diff --git a/CHANGELOG.markdown b/CHANGELOG.markdown
@@ -1,3 +1,17 @@
+# [1.9.0](https://github.com/favonia/cloudflare-ddns/compare/v1.8.4...v1.9.0) (2023-03-15)
+
+### Features
+
+- **cron:** add the option `UPDATE_CRON=@disabled` to disable cron ([#411](https://github.com/favonia/cloudflare-ddns/issues/411)) ([a381c5a](https://github.com/favonia/cloudflare-ddns/commit/a381c5a5d6df12a1d10cafeb74fe63cce7f18558))
+
+### BREAKING CHANGES
+
+- the quiet mode will no longer print the version and the information about superuser privileges (unless there are errors) ([#415](https://github.com/favonia/cloudflare-ddns/issues/415)) ([92a4462](https://github.com/favonia/cloudflare-ddns/commit/92a44628ab459c5eb715ecbddb9cb84ea36c927e))
+
+### Other Notes
+
+The feature to disable cron is experimental. The intention is to use another mechanism to manage the update schedule and run the updater. The quiet mode was made quieter so that repeated execution of the updater will not lead to excessive logging with non-errors.
+
 # [1.8.4](https://github.com/favonia/cloudflare-ddns/compare/v1.8.3...v1.8.4) (2023-03-03)
 
 This release comes with no user-visible changes. It was compiled by version 1.20.1 of Go (instead of 1.20) and was shipped with version 0.62.0 of the [cloudflare-go library](https://github.com/cloudflare/cloudflare-go/) that [fixed a bug about proxy settings](https://github.com/cloudflare/cloudflare-go/pull/1222). I believe the bug does not affect the updater, but there's no reason not to use the fixed version. 😄

diff --git a/internal/droproot/checker.go b/internal/droproot/checker.go
@@ -6,6 +6,7 @@ import (
 	"syscall"
 
 	"golang.org/x/exp/slices"
+	"kernel.org/pub/linux/libs/security/libcap/cap"
 
 	"github.com/favonia/cloudflare-ddns/internal/pp"
 )
@@ -44,3 +45,18 @@ func checkGroupIDs(ppfmt pp.PP, gid int) bool {
 
 	return ok
 }
+
+func checkCapabilities(ppfmt pp.PP) bool {
+	now := cap.GetProc()
+	diff, err := now.Cf(cap.NewSet())
+	switch {
+	case err != nil:
+		ppfmt.Errorf(pp.EmojiImpossible, "Failed to check Linux capabilities: %v", err)
+		return false
+	case diff != 0:
+		ppfmt.Noticef(pp.EmojiWarning, "Failed to drop all Linux capabilities; current ones: %v", now)
+		return false
+	default:
+		return true
+	}
+}
diff --git a/internal/droproot/drop.go b/internal/droproot/drop.go
@@ -67,9 +67,9 @@ func setUser(ppfmt pp.PP, uid int) bool {
 
 // dropCapabilities drop all capabilities as the last step.
 func dropCapabilities(ppfmt pp.PP) bool {
-	if err := cap.NewSet().SetProc(); err != nil {
-		ppfmt.Errorf(pp.EmojiImpossible, "Failed to drop all capabilities: %v", err)
-	}
+	_ = cap.NewSet().SetProc()
+	checkCapabilities(ppfmt)
+
 	return true
 }