Add Jenkinsfile

2022-09-05 12:24:32 +02:00
21 changed files with 164 additions and 297 deletions
--- a/.env.dist
+++ b/.env.dist
@ -1,2 +0,0 @@
-GPG_SIGNING_KEY=
-ARCH_TARGETS='amd64 arm arm64 386'
--- a/.gitignore
+++ b/.gitignore
@ -3,7 +3,4 @@
 /bin
 /testdata
 /release
-/out
-/.mktools
-/tools
-/.env
+/out
--- a/28
+++ b/28
@ -1,4 +1,4 @@
-@Library('cadoles') _
+@Library('cadoles@gitea-release') _

 pipeline {
    agent {
@ -9,19 +9,25 @@ pipeline {
    }

    stages {
-        stage('Lint') {
+        stage('Release') {
            steps {
                script {
-                    catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
-                        sh 'make lint'
+                    def isPrerelease = true
+                    try {
+                        sh(script: "git describe --exact-match ${GIT_COMMIT}")
+                        isPrerelease = false
+                    } catch (err) {
+                        println "Could not find tag associated with commit '${GIT_COMMIT}' ! Generating a prerelease..."
                    }
-                }
-            }
-        }
-        stage('Test') {
-            steps {
-                script {
-                    sh 'make test'
+
+                    sh 'ARCH_TARGETS="amd64 arm arm64" make release'
+
+                    def attachments = sh(returnStdout: true, script: 'ls release/*.tar.gz').split(' ')
+                    gitea.release('forge-jenkins', 'Cadoles', 'go-http-peering', [
+                        'attachments': attachments,
+                        'isDraft': false,
+                        'isPrerelease': isPrerelease,
+                    ])
                }
            }
        }
--- a/61
+++ b/61
@ -1,56 +1,35 @@
-SHELL := /bin/bash
-
-test: go-test keygen-test
-
-go-test:
+test:
 	go clean -testcache
 	go test -cover -v ./...

 watch:
-	go run -mod=readonly github.com/cortesi/modd/cmd/modd@latest
+	modd	

-release: tidy .env
-	( set -o allexport && source .env && set +o allexport && script/release )
+release:
+	script/release

-.env:
-	cp .env.dist .env
+deps:
+	GO111MODULE=off go get -u golang.org/x/tools/cmd/godoc
+	GO111MODULE=off go get -u github.com/cortesi/modd/cmd/modd
+	GO111MODULE=off go get -u github.com/golangci/golangci-lint/cmd/golangci-lint
+	GO111MODULE=off go get -u github.com/lmika/goseq

 tidy:
 	go mod tidy

 lint:
-	go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0 run --tests=false --enable-all
+	golangci-lint run --tests=false --enable-all
+
+sequence-diagram: sd-advertise sd-update sd-ping
+
+sd-%:
+	goseq doc/sequence-diagram/$*.seq > doc/sequence-diagram/$*.svg
+
+doc:
+	@echo "open your browser to http://localhost:6060/pkg/forge.cadoles.com/Cadoles/go-http-peering to see the documentation"
+	godoc -http=:6060

 bin/keygen:
 	CGO_ENABLED=0 go build -o bin/keygen ./cmd/keygen

-.PHONY: test lint doc sequence-diagram bin/keygen release
-
-gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release
-	GITEA_RELEASE_PROJECT="go-http-peering" \
-		GITEA_RELEASE_ORG="Cadoles" \
-		GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
-		GITEA_RELEASE_VERSION="$(MKT_PROJECT_VERSION)" \
-		GITEA_RELEASE_NAME="$(MKT_PROJECT_VERSION)" \
-		GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
-		GITEA_RELEASE_IS_DRAFT="false" \
-		GITEA_RELEASE_BODY="" \
-		GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \
-		tools/gitea-release/bin/gitea-release.sh
-
-keygen-test: tools/bash_unit/bin/bash_unit
-	tools/bash_unit/bin/bash_unit misc/bash_unit/keygen_test.sh
-
-tools/bash_unit/bin/bash_unit:
-	mkdir -p tools/bash_unit/bin
-	cd tools/bash_unit/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)
-
-.PHONY: mktools
-mktools:
-	rm -rf .mktools
-	curl -k -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL)
-
-.mktools:
-	$(MAKE) mktools
-
-include .mktools/*.mk
+.PHONY: test lint doc sequence-diagram bin/keygen release
--- a/client/client.go
+++ b/client/client.go
@ -5,11 +5,11 @@ import (
 	"crypto/rsa"
 	"crypto/sha256"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"time"

 	jwt "github.com/dgrijalva/jwt-go"
-	"github.com/pkg/errors"

 	peering "forge.cadoles.com/Cadoles/go-http-peering"
 	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
@ -52,7 +52,7 @@ func (c *Client) Advertise(attrs peering.PeerAttributes) error {
 	case http.StatusConflict:
 		return peering.ErrPeerExists
 	default:
-		return errors.Wrapf(ErrUnexpectedResponse, "unexpected http status code '%d'", res.StatusCode)
+		return ErrUnexpectedResponse
 	}
 }

@ -76,7 +76,7 @@ func (c *Client) UpdateAttributes(attrs peering.PeerAttributes) error {
 	case http.StatusForbidden:
 		return ErrRejected
 	default:
-		return errors.Wrapf(ErrUnexpectedResponse, "unexpected http status code '%d'", res.StatusCode)
+		return ErrUnexpectedResponse
 	}
 }

@ -96,7 +96,7 @@ func (c *Client) Ping() error {
 	case http.StatusForbidden:
 		return ErrRejected
 	default:
-		return errors.Wrapf(ErrUnexpectedResponse, "unexpected http status code '%d'", res.StatusCode)
+		return ErrUnexpectedResponse
 	}
 }

--- a/cmd/keygen/create_key.go
+++ b/cmd/keygen/create_key.go
@ -4,21 +4,20 @@ import (
 	"fmt"

 	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"github.com/pkg/errors"
 )

 func createKey() {
 	passphrase, err := getPassphrase()
 	if err != nil {
-		handleError(errors.WithStack(err))
+		handleError(err)
 	}
 	key, err := crypto.CreateRSAKey(keySize)
 	if err != nil {
-		handleError(errors.WithStack(err))
+		handleError(err)
 	}
 	privatePEM, err := crypto.EncodePrivateKeyToEncryptedPEM(key, passphrase)
 	if err != nil {
-		handleError(errors.WithStack(err))
+		handleError(err)
 	}
 	fmt.Print(string(privatePEM))
 }
--- a/cmd/keygen/create_token.go
+++ b/cmd/keygen/create_token.go
@ -4,7 +4,6 @@ import (
 	"fmt"

 	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"github.com/pkg/errors"

 	peering "forge.cadoles.com/Cadoles/go-http-peering"
 )
@ -12,11 +11,11 @@ import (
 func createToken() {
 	privateKey, err := loadPrivateKey()
 	if err != nil {
-		handleError(errors.WithStack(err))
+		handleError(err)
 	}
 	token, err := crypto.CreateServerToken(privateKey, tokenIssuer, peering.PeerID(tokenPeerID))
 	if err != nil {
-		handleError(errors.WithStack(err))
+		handleError(err)
 	}
 	fmt.Println(token)
 }
--- a/cmd/keygen/get_public_key.go
+++ b/cmd/keygen/get_public_key.go
@ -4,17 +4,16 @@ import (
 	"fmt"

 	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"github.com/pkg/errors"
 )

 func getPublicKey() {
 	privateKey, err := loadPrivateKey()
 	if err != nil {
-		handleError(errors.WithStack(err))
+		handleError(err)
 	}
 	publicPEM, err := crypto.EncodePublicKeyToPEM(privateKey.Public())
 	if err != nil {
-		handleError(errors.WithStack(err))
+		handleError(err)
 	}
 	fmt.Print(string(publicPEM))
 }
--- a/cmd/keygen/main.go
+++ b/cmd/keygen/main.go
@ -11,10 +11,8 @@ var (
 	createKeyCmd    = false
 	getPublicKeyCmd = false
 	createTokenCmd  = false
-	verifyTokenCmd  = false
 	debug           = false
 	keyFile         string
-	tokenFile       string
 	tokenIssuer     string
 	tokenPeerID     = uuid.New()
 	keySize         = 2048
@ -30,17 +28,12 @@ func init() {
 		&createTokenCmd, "create-token", createTokenCmd,
 		"Create a new signed authentication token",
 	)
-	flag.BoolVar(
-		&verifyTokenCmd, "verify-token", verifyTokenCmd,
-		"Verify a token generated with the given key",
-	)
 	flag.BoolVar(
 		&getPublicKeyCmd, "get-public-key", getPublicKeyCmd,
 		"Get the PEM encoded public key associated with the private key",
 	)
 	flag.BoolVar(&debug, "debug", debug, "Debug mode")
 	flag.StringVar(&keyFile, "key", keyFile, "Path to the encrypted PEM encoded key")
-	flag.StringVar(&tokenFile, "token", tokenFile, "Path to the token to verify")
 	flag.StringVar(&tokenIssuer, "token-issuer", tokenIssuer, "Token issuer")
 	flag.StringVar(&tokenPeerID, "token-peer-id", tokenPeerID, "Token peer ID")
 	flag.IntVar(&keySize, "key-size", keySize, "Size of the private key")
@ -55,8 +48,6 @@ func main() {
 		getPublicKey()
 	case createTokenCmd:
 		createToken()
-	case verifyTokenCmd:
-		verifyToken()
 	default:
 		flag.Usage()
 	}
--- a/cmd/keygen/util.go
+++ b/cmd/keygen/util.go
@ -2,15 +2,17 @@ package main

 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
-	"strings"
 	"syscall"

 	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"github.com/pkg/errors"

 	"golang.org/x/crypto/ssh/terminal"
 )
@ -27,14 +29,14 @@ func askPassphrase() ([]byte, error) {
 	fmt.Print("Passphrase: ")
 	passphrase, err := terminal.ReadPassword(syscall.Stdin)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
 	}
 	fmt.Println()

 	fmt.Print("Confirm passphrase: ")
 	passphraseConfirmation, err := terminal.ReadPassword(syscall.Stdin)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
 	}
 	fmt.Println()

@ -45,43 +47,50 @@ func askPassphrase() ([]byte, error) {
 	return passphrase, nil
 }

+func privateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {
+
+	if passphrase == nil {
+		return nil, errors.New("passphrase cannot be empty")
+	}
+
+	// Convert it to pem
+	block := &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(key),
+	}
+
+	block, err := x509.EncryptPEMBlock(rand.Reader, block.Type, block.Bytes, passphrase, x509.PEMCipherAES256)
+	if err != nil {
+		return nil, err
+	}
+
+	return pem.EncodeToMemory(block), nil
+}
+
 func loadPrivateKey() (*rsa.PrivateKey, error) {
 	if keyFile == "" {
 		return nil, errors.New("you must specify a key file to load")
 	}
 	pem, err := ioutil.ReadFile(keyFile)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
 	}
 	passphrase, err := getPassphrase()
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
 	}
 	privateKey, err := crypto.DecodePEMEncryptedPrivateKey(pem, passphrase)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
 	}
 	return privateKey, nil
 }

-func loadToken() (string, error) {
-	if tokenFile == "" {
-		return "", errors.New("you must specify a token file to load")
-	}
-
-	token, err := os.ReadFile(tokenFile)
-	if err != nil {
-		return "", errors.WithStack(err)
-	}
-
-	return strings.TrimSpace(string(token)), nil
-}
-
 func handleError(err error) {
 	if !debug {
-		fmt.Printf("%+v\n", errors.WithStack(err))
+		fmt.Println(err)
 	} else {
-		panic(fmt.Sprintf("%+v", errors.WithStack(err)))
+		panic(err)
 	}
 	os.Exit(1)
 }
--- a/cmd/keygen/verify_token.go
+++ b/cmd/keygen/verify_token.go
@ -1,55 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-
-	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	"github.com/dgrijalva/jwt-go"
-	"github.com/pkg/errors"
-)
-
-func verifyToken() {
-	rawToken, err := loadToken()
-	if err != nil {
-		handleError(errors.WithStack(err))
-	}
-
-	privateKey, err := loadPrivateKey()
-	if err != nil {
-		handleError(errors.WithStack(err))
-	}
-
-	fn := func(token *jwt.Token) (interface{}, error) {
-		return &privateKey.PublicKey, nil
-	}
-
-	token, err := jwt.ParseWithClaims(rawToken, &peering.ServerTokenClaims{}, fn)
-	if err != nil {
-		validationError, ok := err.(*jwt.ValidationError)
-		if ok {
-			handleError(errors.WithStack(validationError.Inner))
-		}
-
-		handleError(errors.WithStack(err))
-	}
-
-	if !token.Valid {
-		handleError(errors.New("token is invalid"))
-	}
-
-	claims, ok := token.Claims.(*peering.ServerTokenClaims)
-	if !ok {
-		handleError(errors.New("unexpected token claims"))
-	}
-
-	data, err := json.MarshalIndent(claims, "", "  ")
-	if err != nil {
-		handleError(errors.WithStack(err))
-	}
-
-	fmt.Println("Token OK.")
-	fmt.Println("Claims:")
-	fmt.Println(string(data))
-
-}
--- a/crypto/pem.go
+++ b/crypto/pem.go
@ -6,16 +6,15 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
+	"errors"

 	jwt "github.com/dgrijalva/jwt-go"
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/ssh"
 )

 func EncodePublicKeyToPEM(key crypto.PublicKey) ([]byte, error) {
 	pub, err := x509.MarshalPKIXPublicKey(key)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
 	}
 	data := pem.EncodeToMemory(&pem.Block{
 		Type:  "PUBLIC KEY",
@ -29,23 +28,27 @@ func DecodePEMToPublicKey(pem []byte) (crypto.PublicKey, error) {
 }

 func DecodePEMEncryptedPrivateKey(key []byte, passphrase []byte) (*rsa.PrivateKey, error) {
-	var (
-		rawKey interface{}
-		err    error
-	)
+	var err error

-	if len(passphrase) == 0 {
-		rawKey, err = ssh.ParseRawPrivateKey(key)
-	} else {
-		rawKey, err = ssh.ParseRawPrivateKeyWithPassphrase(key, passphrase)
+	// Parse PEM block
+	var block *pem.Block
+	if block, _ = pem.Decode(key); block == nil {
+		return nil, errors.New("invalid PEM block")
 	}
+
+	decryptedBlock, err := x509.DecryptPEMBlock(block, passphrase)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
+	}
+
+	var parsedKey interface{}
+	if parsedKey, err = x509.ParsePKCS1PrivateKey(decryptedBlock); err != nil {
+		return nil, err
 	}

 	var privateKey *rsa.PrivateKey
 	var ok bool
-	if privateKey, ok = rawKey.(*rsa.PrivateKey); !ok {
+	if privateKey, ok = parsedKey.(*rsa.PrivateKey); !ok {
 		return nil, errors.New("invalid RSA private key")
 	}

@ -53,21 +56,21 @@ func DecodePEMEncryptedPrivateKey(key []byte, passphrase []byte) (*rsa.PrivateKe
 }

 func EncodePrivateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {
+	if passphrase == nil {
+		return nil, errors.New("passphrase cannot be empty")
+	}
+
 	block := &pem.Block{
 		Type:  "RSA PRIVATE KEY",
 		Bytes: x509.MarshalPKCS1PrivateKey(key),
 	}

-	if len(passphrase) != 0 {
-		encryptedBlock, err := x509.EncryptPEMBlock(
-			rand.Reader, block.Type,
-			block.Bytes, passphrase, x509.PEMCipherAES256,
-		)
-		if err != nil {
-			return nil, errors.WithStack(err)
-		}
-
-		block = encryptedBlock
+	block, err := x509.EncryptPEMBlock(
+		rand.Reader, block.Type,
+		block.Bytes, passphrase, x509.PEMCipherAES256,
+	)
+	if err != nil {
+		return nil, err
 	}

 	return pem.EncodeToMemory(block), nil
--- a/crypto/rsa.go
+++ b/crypto/rsa.go
@ -8,13 +8,12 @@ import (
 	peering "forge.cadoles.com/Cadoles/go-http-peering"

 	jwt "github.com/dgrijalva/jwt-go"
-	"github.com/pkg/errors"
 )

 func CreateRSAKey(bits int) (*rsa.PrivateKey, error) {
 	key, err := rsa.GenerateKey(rand.Reader, bits)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, err
 	}
 	return key, nil
 }
@ -29,7 +28,7 @@ func CreateServerToken(privateKey *rsa.PrivateKey, issuer string, peerID peering
 	})
 	tokenStr, err := token.SignedString(privateKey)
 	if err != nil {
-		return "", errors.WithStack(err)
+		return "", err
 	}
 	return tokenStr, nil
 }
--- a/go.mod
+++ b/go.mod
@ -1,17 +1,12 @@
 module forge.cadoles.com/Cadoles/go-http-peering

 require (
+	github.com/davecgh/go-spew v1.1.1
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-chi/chi v3.3.3+incompatible
 	github.com/pborman/uuid v1.2.0
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
+	golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2
+	golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223 // indirect
 )

-require (
-	github.com/google/uuid v1.0.0 // indirect
-	github.com/pkg/errors v0.9.1
-	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect
-	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect
-)
-
-go 1.18
+go 1.13
--- a/go.sum
+++ b/go.sum
@ -1,3 +1,5 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/go-chi/chi v3.3.3+incompatible h1:KHkmBEMNkwKuK4FdQL7N2wOeB9jnIx7jR5wsuSBEFI8=
@ -6,11 +8,7 @@ github.com/google/uuid v1.0.0 h1:b4Gk+7WdP/d3HZH8EJsZpvV7EtDOgaZLtnaNGIu1adA=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
-golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
-golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2 h1:NwxKRvbkH5MsNkvOtPZi3/3kmI8CAzs3mtv+GLQMkNo=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223 h1:DH4skfRX4EBpamg7iV4ZlCpblAHI6s6TDM39bFZumv8=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
--- a/misc/bash_unit/keygen_test.sh
+++ b/misc/bash_unit/keygen_test.sh
@ -1,49 +0,0 @@
-#!/bin/bash
-
-KEYGEN_BIN=${KEYGEN_BIN:-go run ../../cmd/keygen}
-
-test_create_key_without_passphrase() {
-    local workspace=$(mktemp -d)
-
-    # Generate a new private key without passphrase
-    local key_path="${workspace}/private.key"
-    KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
-}
-
-test_create_key_with_passphrase() {
-    local workspace=$(mktemp -d)
-
-    # Generate a new private key with passphrase
-    local key_path="${workspace}/private.key"
-    KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
-}
-
-test_verify_token_without_passphrase() {
-    local workspace=$(mktemp -d)
-    
-    # Generate a new private key without passphrase
-    local key_path="${workspace}/private.key"
-    KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
-
-    # Generate a new token
-    local token_path="${workspace}/token.jwt"
-    KEY_PASSPHRASE= $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
-
-    # Verify token
-    KEY_PASSPHRASE= $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}"  1>/dev/null
-}
-
-test_verify_token_with_passphrase() {
-    local workspace=$(mktemp -d)
-    
-    # Generate a new private key with passphrase
-    local key_path="${workspace}/private.key"
-    KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
-
-    # Generate a new token
-    local token_path="${workspace}/token.jwt"
-    KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
-
-    # Verify token
-    KEY_PASSPHRASE=foobar $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null
-}
--- a/misc/ci/Dockerfile
+++ b/misc/ci/Dockerfile
@ -1,5 +1,5 @@
-FROM reg.cadoles.com/proxy_cache/library/golang:1.21
+FROM golang:1.19

-RUN apt-get update && apt-get install -y make curl ca-certificates bash jq
+RUN apt-get update && apt-get install -y make upx-ucl curl ca-certificates bash jq

 RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
--- a/modd.conf
+++ b/modd.conf
@ -2,4 +2,8 @@
 !vendor/**.go {
    prep: make test
    prep: make bin/keygen
+}
+
+doc/sequence-diagram/*.seq {
+    prep: make sequence-diagram
 }
--- a/script/release
+++ b/script/release
@ -3,9 +3,7 @@
 set -eo pipefail

 OS_TARGETS=(linux)
-ARCH_TARGETS=${ARCH_TARGETS:-amd64 mipsle}
-
-export GOMIPS=softfloat
+ARCH_TARGETS=${ARCH_TARGETS:-amd64}

 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"

@ -31,16 +29,10 @@ function build {
    -o "$destdir/$name" \
    "$srcdir"

-  # Disable UPX compression for MIPS archs
-  # See https://github.com/upx/upx/issues/339
-  if [ ! -z "$(which upx)" ] && [[ ! "$arch" =~ "mips" ]]; then
+  if [ ! -z "$(which upx)" ]; then
    upx --best "$destdir/$name"
  fi

-  if [ ! -z "${GPG_SIGNING_KEY}" ]; then
-    echo "signing '$destdir/$name' with gpg key '$GPG_SIGNING_KEY'..."
-    gpg --sign --default-key "${GPG_SIGNING_KEY}" --armor --detach-sign --output "$destdir/$name.sig" "$destdir/$name"
-  fi
 }

 function copy {
--- a/server/handler.go
+++ b/server/handler.go
@ -3,12 +3,12 @@ package server
 import (
 	"crypto/rsa"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"time"

 	peering "forge.cadoles.com/Cadoles/go-http-peering"
 	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"github.com/pkg/errors"
 )

 var (
@ -34,7 +34,7 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu

 		serverClaims, err := assertServerToken(key, serverToken)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.Wrapf(err, "could not validate token '%s'", serverToken))
+			logger.Printf("[ERROR] %s", err)
 			sendError(w, http.StatusUnauthorized)
 			return
 		}
@ -43,53 +43,54 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu

 		decoder := json.NewDecoder(r.Body)
 		if err := decoder.Decode(advertising); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest)
 			return
 		}

 		if _, err := peeringCrypto.DecodePEMToPublicKey(advertising.PublicKey); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest)
 			return
 		}

-		_, err = store.Get(serverClaims.PeerID)
+		peer, err := store.Get(serverClaims.PeerID)
+
 		if err == nil {
-			logger.Printf("[WARN] %s", errors.WithStack(ErrPeerIDAlreadyInUse))
+			logger.Printf("[ERROR] %s", ErrPeerIDAlreadyInUse)
 			options.ErrorHandler(w, r, ErrPeerIDAlreadyInUse)
 			return
 		}

-		if !errors.Is(err, peering.ErrPeerNotFound) {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+		if err != peering.ErrPeerNotFound {
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		attrs := filterAttributes(options.PeerAttributes, advertising.Attributes)

-		peer, err := store.Create(serverClaims.PeerID, attrs)
+		peer, err = store.Create(serverClaims.PeerID, attrs)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		if err := store.UpdatePublicKey(peer.ID, advertising.PublicKey); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
@ -116,39 +117,39 @@ func UpdateHandler(store peering.Store, funcs ...OptionFunc) http.HandlerFunc {

 		peerID, err := GetPeerID(r)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		peer, err := store.Get(peerID)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		if peer == nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrUnauthorized))
+			logger.Printf("[ERROR] %s", ErrUnauthorized)
 			options.ErrorHandler(w, r, ErrUnauthorized)
 			return
 		}

 		if peer.Status == peering.StatusRejected {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerRejected))
+			logger.Printf("[ERROR] %s", ErrPeerRejected)
 			options.ErrorHandler(w, r, ErrPeerRejected)
 			return
 		}

 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		attrs := filterAttributes(options.PeerAttributes, update.Attributes)
 		if err := store.UpdateAttributes(peer.ID, attrs); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
@ -175,32 +176,32 @@ func PingHandler(store peering.Store, funcs ...OptionFunc) http.HandlerFunc {

 		peerID, err := GetPeerID(r)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		peer, err := store.Get(peerID)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

 		if peer == nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrUnauthorized))
+			logger.Printf("[ERROR] %s", ErrUnauthorized)
 			options.ErrorHandler(w, r, ErrUnauthorized)
 			return
 		}

 		if peer.Status == peering.StatusRejected {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerRejected))
+			logger.Printf("[ERROR] %s", ErrPeerRejected)
 			options.ErrorHandler(w, r, ErrPeerRejected)
 			return
 		}

 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
--- a/server/middleware.go
+++ b/server/middleware.go
@ -5,16 +5,17 @@ import (
 	"context"
 	"crypto/rsa"
 	"crypto/sha256"
+	"errors"
 	"io"
 	"io/ioutil"
-	"net/http"
 	"time"

 	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"

 	peering "forge.cadoles.com/Cadoles/go-http-peering"
 	jwt "github.com/dgrijalva/jwt-go"
-	"github.com/pkg/errors"
+
+	"net/http"
 )

 const (
@ -37,6 +38,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)

 	middleware := func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
+
 			serverToken := r.Header.Get(ServerTokenHeader)
 			if serverToken == "" {
 				sendError(w, http.StatusUnauthorized)
@ -51,7 +53,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)

 			serverClaims, err := assertServerToken(key, serverToken)
 			if err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %s", err)
 				sendError(w, http.StatusUnauthorized)
 				return
 			}
@ -64,21 +66,20 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 				options.IgnoredClientTokenErrors...,
 			)
 			if err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %s", err)
 				switch err {
 				case peering.ErrPeerNotFound:
 					sendError(w, http.StatusUnauthorized)
 				case ErrNotPeered:
 					if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
-						logger.Printf("[ERROR] %+v", errors.WithStack(err))
+						logger.Printf("[ERROR] %s", err)
 						sendError(w, http.StatusInternalServerError)
 						return
 					}
 					sendError(w, http.StatusUnauthorized)
-					return
 				case ErrPeerRejected:
 					if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
-						logger.Printf("[ERROR] %+v", errors.WithStack(err))
+						logger.Printf("[ERROR] %s", err)
 						sendError(w, http.StatusInternalServerError)
 						return
 					}
@ -92,19 +93,19 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)

 			match, body, err := assertBodySum(r.Body, clientClaims.BodySum)
 			if err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %s", err)
 				sendError(w, http.StatusInternalServerError)
 				return
 			}

 			if !match {
-				logger.Printf("[ERROR] %+v", errors.WithStack(ErrInvalidChecksum))
+				logger.Printf("[ERROR] %s", ErrInvalidChecksum)
 				sendError(w, http.StatusBadRequest)
 				return
 			}

 			if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %s", err)
 				sendError(w, http.StatusInternalServerError)
 				return
 			}
@ -114,6 +115,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 			r.Body = ioutil.NopCloser(bytes.NewBuffer(body))

 			next.ServeHTTP(w, r)
+
 		}
 		return http.HandlerFunc(fn)
 	}
@ -183,7 +185,7 @@ func assertClientToken(peerID peering.PeerID, store peering.Store, clientToken s
 		if ok {
 			for _, c := range ignoredValidationErrors {
 				if validationError.Errors&c != 0 {
-					logger.Printf("ignoring token validation error: '%+v'", errors.WithStack(validationError.Inner))
+					logger.Printf("ignoring token validation error: '%s'", validationError.Inner)
 					return getPeeringClaims(token)
 				}
 			}