upgrade and update patch

2025-11-08 17:15:14 -05:00
parent 0d0cb5a5fa 6060b4d3aa
commit 60d0a268e2
6 changed files with 263 additions and 253 deletions
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = gotosocial
 	pkgdesc = ActivityPub social network server written in Golang
-	pkgver = 0.19.1
+	pkgver = 0.20.1
 	pkgrel = 11
 	url = https://gotosocial.org
 	arch = x86_64
@@ -19,6 +19,7 @@ pkgbase = gotosocial
 	backup = etc/gotosocial/template/authorize.tmpl
 	backup = etc/gotosocial/template/confirm-email.tmpl
 	backup = etc/gotosocial/template/confirmed-email.tmpl
+	backup = etc/gotosocial/template/domain-allowlist.tmpl
 	backup = etc/gotosocial/template/domain-blocklist.tmpl
 	backup = etc/gotosocial/template/email_confirm.tmpl
 	backup = etc/gotosocial/template/email_new_report.tmpl
@@ -59,20 +60,20 @@ pkgbase = gotosocial
 	backup = etc/gotosocial/template/status_poll.tmpl
 	backup = etc/gotosocial/template/tag.tmpl
 	backup = etc/gotosocial/template/thread.tmpl
-	source = gotosocial::git+https://github.com/superseriousbusiness/gotosocial#tag=v0.19.1
+	source = gotosocial::git+https://codeberg.org/superseriousbusiness/gotosocial#tag=v0.20.1
 	source = sysusers.conf
 	source = tmpfiles.conf
 	source = use-fhs-directories.patch
 	source = modded.patch
-	sha512sums = cab294e99184ec25888101e04e5753ab9f042711662258e0155619e071750a364f102132682aa44e95fba7a9c10ca3cf00da18537406f8bdfa4ec95e2a74663d
+	sha512sums = 37200b2c5f238cb86c8b0c7815a5a3754cd8db6fb7eebdf70d817a7e498df682b47d436a077089c241327d9f542ee6d66754c77047c8be16f734cf3e74fcfba1
 	sha512sums = 2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80
 	sha512sums = b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a
-	sha512sums = 913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77
-	sha512sums = 7a9837521e4765d3b6b509876ccf19a89de6dcafa69e82e436d1c26ca98e416ec012e5323c2d446ef92288821d0c64669076ebe647f72dba4d4d51fc63ffd847
-	b2sums = 773c579ec4f504141dbae393dcaf6cd2b9669f8338d4f01d546def27c05f5899b12b3f7287bcf229743a11335597d6cadd8bc803e076f3558848dcd808d80277
+	sha512sums = 87edf6e6acee86a621c838a7db32f1c9aab70bc5640f8eae099c5133a2be77ec2f711261d716a6821e4c0414436592170b1ae7a5f652bc8aeab49c8dbd0fedde
+	sha512sums = 9eadab35be81f9a4676fa9c623cdb7321e53055a3b7b1b2f8795a8c9f2e9059e6d7088b86dd23a85d2b234f8c938575089e7203dadfbdae486211c7f8f1f3ac1
+	b2sums = da2a59857da3659e211d92694a4a7d40dceed2f930641d6b749be245b31094c68b8d1f3e561d4a0fc918ed5c32cf45531f92e873db7e931cefdcee6f4696c884
 	b2sums = ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b
 	b2sums = 4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04
-	b2sums = 9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c
-	b2sums = 9958c7a20249ced130963fd5cfc9c8750ee4b98554a404f62d2d488298008a7e891bc136fab2373bdbb82534881e8407430f08ff519138fb649e93052e197c11
+	b2sums = 3671911545d15cc21045b37fbe6983c05499e66b8a6a1e1b3eccbb5c2686914c88b090dec0bfe8e2919d8787e5b4c59bfb1e2c292cad30a8b552ab57e91d5fdf
+	b2sums = b0331e3fdf107bf072c35849155dd7a03d9c0e815a34182f0f108ec30b9a8d3a18b4ba38e24074a81812896c3cbbb189548591549d97fafcee8aef7a76827512

 pkgname = gotosocial
--- a/.nvchecker.toml
+++ b/.nvchecker.toml
@@ -1,5 +1,5 @@
 [gotosocial]
 source = "git"
-git = "https://github.com/superseriousbusiness/gotosocial.git"
+git = "https://codeberg.org/superseriousbusiness/gotosocial.git"
 prefix = "v"
 exclude_regex = ".*(beta|rc).*"
--- a/129
+++ b/129
@@ -3,81 +3,82 @@
 # Contributor: Stefan Husmann <stefan-husmann@t-online.de>

 pkgname=gotosocial
-pkgver=0.19.1
+pkgver=0.20.1
 pkgrel=11
 pkgdesc='ActivityPub social network server written in Golang'
-arch=('x86_64')
+arch=(x86_64)
 url='https://gotosocial.org'
-license=('AGPL-3.0-only')
-depends=('glibc')
-makedepends=('git' 'go' 'yarn' 'nodejs' 'go-swagger')
-options=('!lto')
+license=(AGPL-3.0-only)
+depends=(glibc)
+makedepends=(git go yarn nodejs go-swagger)
+options=(!lto)
 backup=(
-  'etc/gotosocial/config.yaml'
-  'etc/gotosocial/template/2fa.tmpl'
-  'etc/gotosocial/template/404.tmpl'
-  'etc/gotosocial/template/about.tmpl'
-  'etc/gotosocial/template/authorize.tmpl'
-  'etc/gotosocial/template/confirm-email.tmpl'
-  'etc/gotosocial/template/confirmed-email.tmpl'
-  'etc/gotosocial/template/domain-blocklist.tmpl'
-  'etc/gotosocial/template/email_confirm.tmpl'
-  'etc/gotosocial/template/email_new_report.tmpl'
-  'etc/gotosocial/template/email_new_signup.tmpl'
-  'etc/gotosocial/template/email_report_closed.tmpl'
-  'etc/gotosocial/template/email_reset.tmpl'
-  'etc/gotosocial/template/email_signup_approved.tmpl'
-  'etc/gotosocial/template/email_signup_rejected.tmpl'
-  'etc/gotosocial/template/email_test.tmpl'
-  'etc/gotosocial/template/error.tmpl'
-  'etc/gotosocial/template/finalize.tmpl'
-  'etc/gotosocial/template/index.tmpl'
-  'etc/gotosocial/template/index_register.tmpl'
-  'etc/gotosocial/template/index_what_is_this.tmpl'
-  'etc/gotosocial/template/login-info.tmpl'
-  'etc/gotosocial/template/login_button.tmpl'
-  'etc/gotosocial/template/maintenance.tmpl'
-  'etc/gotosocial/template/oob.tmpl'
-  'etc/gotosocial/template/page.tmpl'
-  'etc/gotosocial/template/page_footer.tmpl'
-  'etc/gotosocial/template/page_header.tmpl'
-  'etc/gotosocial/template/page_ogmeta.tmpl'
-  'etc/gotosocial/template/page_stylesheets.tmpl'
-  'etc/gotosocial/template/profile-gallery.tmpl'
-  'etc/gotosocial/template/profile.tmpl'
-  'etc/gotosocial/template/profile_about_user.tmpl'
-  'etc/gotosocial/template/profile_fields.tmpl'
-  'etc/gotosocial/template/profile_header.tmpl'
-  'etc/gotosocial/template/settings.tmpl'
-  'etc/gotosocial/template/sign-in.tmpl'
-  'etc/gotosocial/template/sign-up.tmpl'
-  'etc/gotosocial/template/signed-up.tmpl'
-  'etc/gotosocial/template/status.tmpl'
-  'etc/gotosocial/template/status_attachment.tmpl'
-  'etc/gotosocial/template/status_attributes.tmpl'
-  'etc/gotosocial/template/status_header.tmpl'
-  'etc/gotosocial/template/status_info.tmpl'
-  'etc/gotosocial/template/status_poll.tmpl'
-  'etc/gotosocial/template/tag.tmpl'
-  'etc/gotosocial/template/thread.tmpl'
+  etc/gotosocial/config.yaml
+  etc/gotosocial/template/2fa.tmpl
+  etc/gotosocial/template/404.tmpl
+  etc/gotosocial/template/about.tmpl
+  etc/gotosocial/template/authorize.tmpl
+  etc/gotosocial/template/confirm-email.tmpl
+  etc/gotosocial/template/confirmed-email.tmpl
+  etc/gotosocial/template/domain-allowlist.tmpl
+  etc/gotosocial/template/domain-blocklist.tmpl
+  etc/gotosocial/template/email_confirm.tmpl
+  etc/gotosocial/template/email_new_report.tmpl
+  etc/gotosocial/template/email_new_signup.tmpl
+  etc/gotosocial/template/email_report_closed.tmpl
+  etc/gotosocial/template/email_reset.tmpl
+  etc/gotosocial/template/email_signup_approved.tmpl
+  etc/gotosocial/template/email_signup_rejected.tmpl
+  etc/gotosocial/template/email_test.tmpl
+  etc/gotosocial/template/error.tmpl
+  etc/gotosocial/template/finalize.tmpl
+  etc/gotosocial/template/index.tmpl
+  etc/gotosocial/template/index_register.tmpl
+  etc/gotosocial/template/index_what_is_this.tmpl
+  etc/gotosocial/template/login-info.tmpl
+  etc/gotosocial/template/login_button.tmpl
+  etc/gotosocial/template/maintenance.tmpl
+  etc/gotosocial/template/oob.tmpl
+  etc/gotosocial/template/page.tmpl
+  etc/gotosocial/template/page_footer.tmpl
+  etc/gotosocial/template/page_header.tmpl
+  etc/gotosocial/template/page_ogmeta.tmpl
+  etc/gotosocial/template/page_stylesheets.tmpl
+  etc/gotosocial/template/profile-gallery.tmpl
+  etc/gotosocial/template/profile.tmpl
+  etc/gotosocial/template/profile_about_user.tmpl
+  etc/gotosocial/template/profile_fields.tmpl
+  etc/gotosocial/template/profile_header.tmpl
+  etc/gotosocial/template/settings.tmpl
+  etc/gotosocial/template/sign-in.tmpl
+  etc/gotosocial/template/sign-up.tmpl
+  etc/gotosocial/template/signed-up.tmpl
+  etc/gotosocial/template/status.tmpl
+  etc/gotosocial/template/status_attachment.tmpl
+  etc/gotosocial/template/status_attributes.tmpl
+  etc/gotosocial/template/status_header.tmpl
+  etc/gotosocial/template/status_info.tmpl
+  etc/gotosocial/template/status_poll.tmpl
+  etc/gotosocial/template/tag.tmpl
+  etc/gotosocial/template/thread.tmpl
 )
 source=(
-  "$pkgname::git+https://github.com/superseriousbusiness/gotosocial#tag=v$pkgver"
-  'sysusers.conf'
-  'tmpfiles.conf'
-  'use-fhs-directories.patch'
-  'modded.patch'
+  "$pkgname::git+https://codeberg.org/superseriousbusiness/gotosocial#tag=v$pkgver"
+  sysusers.conf
+  tmpfiles.conf
+  use-fhs-directories.patch
+  modded.patch
 )
-sha512sums=('cab294e99184ec25888101e04e5753ab9f042711662258e0155619e071750a364f102132682aa44e95fba7a9c10ca3cf00da18537406f8bdfa4ec95e2a74663d'
+sha512sums=('37200b2c5f238cb86c8b0c7815a5a3754cd8db6fb7eebdf70d817a7e498df682b47d436a077089c241327d9f542ee6d66754c77047c8be16f734cf3e74fcfba1'
            '2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80'
            'b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a'
-            '913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77'
-            '7a9837521e4765d3b6b509876ccf19a89de6dcafa69e82e436d1c26ca98e416ec012e5323c2d446ef92288821d0c64669076ebe647f72dba4d4d51fc63ffd847')
-b2sums=('773c579ec4f504141dbae393dcaf6cd2b9669f8338d4f01d546def27c05f5899b12b3f7287bcf229743a11335597d6cadd8bc803e076f3558848dcd808d80277'
+            '87edf6e6acee86a621c838a7db32f1c9aab70bc5640f8eae099c5133a2be77ec2f711261d716a6821e4c0414436592170b1ae7a5f652bc8aeab49c8dbd0fedde'
+            '9eadab35be81f9a4676fa9c623cdb7321e53055a3b7b1b2f8795a8c9f2e9059e6d7088b86dd23a85d2b234f8c938575089e7203dadfbdae486211c7f8f1f3ac1')
+b2sums=('da2a59857da3659e211d92694a4a7d40dceed2f930641d6b749be245b31094c68b8d1f3e561d4a0fc918ed5c32cf45531f92e873db7e931cefdcee6f4696c884'
        'ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b'
        '4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04'
-        '9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c'
-        '9958c7a20249ced130963fd5cfc9c8750ee4b98554a404f62d2d488298008a7e891bc136fab2373bdbb82534881e8407430f08ff519138fb649e93052e197c11')
+        '3671911545d15cc21045b37fbe6983c05499e66b8a6a1e1b3eccbb5c2686914c88b090dec0bfe8e2919d8787e5b4c59bfb1e2c292cad30a8b552ab57e91d5fdf'
+        'b0331e3fdf107bf072c35849155dd7a03d9c0e815a34182f0f108ec30b9a8d3a18b4ba38e24074a81812896c3cbbb189548591549d97fafcee8aef7a76827512')

 prepare() {
  cd "$pkgname"
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -7,16 +7,6 @@ path = [
    "keys/**",
    ".SRCINFO",
    ".nvchecker.toml",
-    "*.install",
-    "*.sysusers",
-    "*.tmpfiles",
-    "*.logrotate",
-    "*.pam",
-    "*.service",
-    "*.socket",
-    "*.timer",
-    "*.desktop",
-    "*.hook",
    "sysusers.conf",
    "tmpfiles.conf",
 ]
--- a/modded.patch
+++ b/modded.patch
@@ -1,24 +1,26 @@
 diff --git a/example/config.yaml b/example/config.yaml
-index 17a57b857..bf645a364 100644
+index bf6be2573..a0b11392c 100644
 --- a/example/config.yaml
 +++ b/example/config.yaml
-@@ -105,13 +105,13 @@ account-domain: ""
+@@ -118,7 +118,7 @@ account-domain: ""
 protocol: "https"
 
- # String. Address to bind the GoToSocial server to.
-# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
-+# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname or unix socket
+ # String. Address to bind the GoToSocial HTTP server to.
+-# This can be an IPv4 address, an IPv6 address, or a hostname.
+# This can be an IPv4 address, an IPv6 address, or a hostname. or unix socket
+ #
 # The default value will bind to all interfaces, which makes the server
- # accessible by other machines. For most setups there is no need to change this.
- # If you are using GoToSocial in a reverse proxy setup with the proxy running on
- # the same machine, you will want to set this to "localhost" or an equivalent,
- # so that the proxy can't be bypassed.
-# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
-+# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]", "unix//run/gts/sock]
+ # accessible by other machines. For most setups you won't need to change this.
+@@ -126,7 +126,7 @@ protocol: "https"
+ # running on the same machine, you may want to set this to "localhost" or equivalent,
+ # so that the proxy definitely can't be bypassed.
+ #
+-# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "::1", "2001:db8::fed1"]
+# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "::1", "2001:db8::fed1", "unix//run/gts/sock]
 # Default: "0.0.0.0"
 bind-address: "0.0.0.0"
 
-@@ -124,6 +124,13 @@ bind-address: "0.0.0.0"
+@@ -139,6 +139,13 @@ bind-address: "0.0.0.0"
 # Default: 8080
 port: 8080
 
@@ -32,77 +34,131 @@ index 17a57b857..bf645a364 100644
 # Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy.
 # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
 # or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
-@@ -155,7 +162,7 @@ db-type: "postgres"
+@@ -170,7 +177,7 @@ db-type: "sqlite"
 # If address is set to :memory: then an in-memory database will be used (no file).
 # WARNING: :memory: should NOT BE USED except for testing purposes.
 #
 -# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"]
 +# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db", "/run/postgresql/"]
 # Default: ""
- db-address: ""
+ db-address: "sqlite.db"
 
 diff --git a/go.mod b/go.mod
-index 4169208ed..60b3a1281 100644
+index baa5d5ad7..3f7374598 100644
 --- a/go.mod
 +++ b/go.mod
-@@ -74,6 +74,7 @@ require (
- 	github.com/uptrace/bun/extra/bunotel v1.2.11
+@@ -73,6 +73,7 @@ require (
+ 	github.com/uptrace/bun/extra/bunotel v1.2.15
 	github.com/wagslane/go-password-validator v0.3.0
- 	github.com/yuin/goldmark v1.7.11
-+	go.balki.me/anyhttp v0.5.0
- 	go.opentelemetry.io/otel v1.35.0
- 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0
- 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0
+ 	github.com/yuin/goldmark v1.7.13
+	go.balki.me/anyhttp v0.5.2
+ 	go.opentelemetry.io/contrib/exporters/autoexport v0.63.0
+ 	go.opentelemetry.io/contrib/instrumentation/runtime v0.63.0
+ 	go.opentelemetry.io/otel v1.38.0
 diff --git a/go.sum b/go.sum
-index 597cee716..532e99852 100644
+index 49451e55b..136678292 100644
 --- a/go.sum
 +++ b/go.sum
-@@ -489,6 +489,8 @@ github.com/yuin/goldmark v1.7.11 h1:ZCxLyDMtz0nT2HFfsYG8WZ47Trip2+JyLysKcMYE5bo=
- github.com/yuin/goldmark v1.7.11/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
- gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround h1:QbfrBqNKgAFSSK89fYf547vxDQuz8p6iJUzzAMrusNk=
- gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM=
-+go.balki.me/anyhttp v0.5.0 h1:uys0oRciBpZfwtxXAevScKy6amIQBXyDrcV0EtGF5zo=
-+go.balki.me/anyhttp v0.5.0/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s=
+@@ -505,6 +505,8 @@ github.com/yuin/goldmark v1.7.13 h1:GPddIs617DnBLFFVJFgpo1aBfe/4xcvMc3SB5t/D0pA=
+ github.com/yuin/goldmark v1.7.13/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+ gitlab.com/NyaaaWhatsUpDoc/sqlite v1.39.1-concurrency-workaround h1:ptkkB4Z76pmpmLE7vmp5BVOfO5o5+Kt0eGFhNbvVxjA=
+ gitlab.com/NyaaaWhatsUpDoc/sqlite v1.39.1-concurrency-workaround/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
+go.balki.me/anyhttp v0.5.2 h1:et4tCDXLeXpWfMNvRKG7ojfrnlr3du7cEaG966MLSpA=
+go.balki.me/anyhttp v0.5.2/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s=
 go.mongodb.org/mongo-driver v1.17.3 h1:TQyXhnsWfWtgAhMtOgtYHMTkZIfBTpMTsMnd9ZBeHxQ=
 go.mongodb.org/mongo-driver v1.17.3/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 diff --git a/internal/config/config.go b/internal/config/config.go
-index b9804d404..331d41139 100644
+index dfc919f11..b2cca1276 100644
 --- a/internal/config/config.go
 +++ b/internal/config/config.go
-@@ -58,6 +58,7 @@ type Configuration struct {
- 	BindAddress        string   `name:"bind-address" usage:"Bind address to use for the GoToSocial server (eg., 0.0.0.0, 172.138.0.9, [::], localhost). For ipv6, enclose the address in square brackets, eg [2001:db8::fed1]. Default binds to all interfaces."`
- 	Port               int      `name:"port" usage:"Port to use for GoToSocial. Change this to 443 if you're running the binary directly on the host machine."`
- 	TrustedProxies     []string `name:"trusted-proxies" usage:"Proxies to trust when parsing x-forwarded headers into real IPs."`
-+	TrustedPlatform    string   `name:"trusted-platform" usage:"HTTP header that contains the real client ip"`
- 	SoftwareVersion    string   `name:"software-version" usage:""`
- 
- 	DbType                     string        `name:"db-type" usage:"Database type: eg., postgres"`
-@@ -193,6 +194,8 @@ type Configuration struct {
- 	AdminMediaListRemoteOnly bool   `name:"remote-only" usage:"list only remote attachments/emojis; if specified then local-only cannot also be true"`
- 
- 	RequestIDHeader string `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."`
+@@ -54,13 +54,13 @@ func fieldtag(field, tag string) string {
+ // You will need to have gofumpt installed in order for this to work:
+ // https://github.com/mvdan/gofumpt.
+ type Configuration struct {
+-	LogLevel           string `name:"log-level" usage:"Log level to run at: [trace, debug, info, warn, fatal]"`
+-	LogFormat          string `name:"log-format" usage:"Log output format: [logfmt, json]"`
+-	LogTimestampFormat string `name:"log-timestamp-format" usage:"Format to use for the log timestamp, as supported by Go's time.Layout"`
+-	LogDbQueries       bool   `name:"log-db-queries" usage:"Log database queries verbosely when log-level is trace or debug"`
+-	LogClientIP        bool   `name:"log-client-ip" usage:"Include the client IP in logs"`
+-	RequestIDHeader    string `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."`
+-
+	LogLevel                   string        `name:"log-level" usage:"Log level to run at: [trace, debug, info, warn, fatal]"`
+	LogFormat                  string        `name:"log-format" usage:"Log output format: [logfmt, json]"`
+	LogTimestampFormat         string        `name:"log-timestamp-format" usage:"Format to use for the log timestamp, as supported by Go's time.Layout"`
+	LogDbQueries               bool          `name:"log-db-queries" usage:"Log database queries verbosely when log-level is trace or debug"`
+	LogClientIP                bool          `name:"log-client-ip" usage:"Include the client IP in logs"`
+	RequestIDHeader            string        `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."`
+	TrustedPlatform            string        `name:"trusted-platform" usage:"HTTP header that contains the real client ip"`
+ 	ConfigPath                 string        `name:"config-path" usage:"Path to a file containing gotosocial configuration. Values set in this file will be overwritten by values set as env vars or arguments"`
+ 	ApplicationName            string        `name:"application-name" usage:"Name of the application, used in various places internally"`
+ 	LandingPageUser            string        `name:"landing-page-user" usage:"the user that should be shown on the instance's landing page"`
+@@ -188,6 +188,9 @@ type Configuration struct {
+ 	AdminMediaListRemoteOnly bool   `name:"remote-only" usage:"list only remote attachments/emojis; if specified then local-only cannot also be true" ephemeral:"yes"`
+ 	TestrigSkipDBSetup       bool   `name:"skip-db-setup" usage:"skip testrig database setup with population of test models" ephemeral:"yes"`
+ 	TestrigSkipDBTeardown    bool   `name:"skip-db-teardown" usage:"skip testrig database teardown (i.e. data deletion and tables dropped)" ephemeral:"yes"`
 +
-+	KalaclistaAllowedUnauthorizedGet bool `name:"kalaclista-allowed-unauthorized-get" usage:"unlock AUTHOZIED_FETCH (aka Secure mode in Mastodon) mode."`
+	// for kalaclista-flavoured
+	KalaclistaTurnOffAuthorizedFetch bool `name:"kalaclista-turnoff-authorized-fetch" usage:"skip authorization if another instance message doesn't have httpsig"`
 }
 
 type HTTPClientConfiguration struct {
 diff --git a/internal/config/defaults.go b/internal/config/defaults.go
-index 57c64db44..c19864002 100644
+index a4996e5c6..695adbcb4 100644
 --- a/internal/config/defaults.go
 +++ b/internal/config/defaults.go
-@@ -234,4 +234,6 @@
+@@ -251,4 +251,7 @@
 	RequestIDHeader: "X-Request-Id",
 
 	LogClientIP: true,
 +
-+	KalaclistaAllowedUnauthorizedGet: false,
+	// for kalaclista-flavoured
+	KalaclistaTurnOffAuthorizedFetch: true,
 }
 diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go
-index f063cbf93..cdb5a663f 100644
+index 217917bcf..e194e842e 100644
 --- a/internal/config/helpers.gen.go
 +++ b/internal/config/helpers.gen.go
-@@ -350,6 +350,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() }
+@@ -225,6 +225,7 @@
+ 	AdminMediaListRemoteOnlyFlag                   = "remote-only"
+ 	TestrigSkipDBSetupFlag                         = "skip-db-setup"
+ 	TestrigSkipDBTeardownFlag                      = "skip-db-teardown"
+	KalaclistaTurnOffAuthorizedFetchFlag           = "kalaclista-turnoff-authorized-fetch"
+ )
+ 
+ func (cfg *Configuration) RegisterFlags(flags *pflag.FlagSet) {
+@@ -415,6 +416,7 @@ func (cfg *Configuration) RegisterFlags(flags *pflag.FlagSet) {
+ 	flags.Float64("cache-mutes-mem-ratio", cfg.Cache.MutesMemRatio, "")
+ 	flags.Float64("cache-status-filter-mem-ratio", cfg.Cache.StatusFilterMemRatio, "")
+ 	flags.Float64("cache-visibility-mem-ratio", cfg.Cache.VisibilityMemRatio, "")
+	flags.Bool("kalaclista-turnoff-authorized-fetch", cfg.KalaclistaTurnOffAuthorizedFetch, "skip authorization if another instance message doesn't have httpsig")
+ }
+ 
+ func (cfg *Configuration) MarshalMap() map[string]any {
+@@ -615,6 +617,7 @@ func (cfg *Configuration) MarshalMap() map[string]any {
+ 	cfgmap["remote-only"] = cfg.AdminMediaListRemoteOnly
+ 	cfgmap["skip-db-setup"] = cfg.TestrigSkipDBSetup
+ 	cfgmap["skip-db-teardown"] = cfg.TestrigSkipDBTeardown
+	cfgmap["kalaclista-turnoff-authorized-fetch"] = cfg.KalaclistaTurnOffAuthorizedFetch
+ 	return cfgmap
+ }
+ 
+@@ -2226,6 +2229,14 @@ func (cfg *Configuration) UnmarshalMap(cfgmap map[string]any) error {
+ 		}
+ 	}
+ 
+	if ival, ok := cfgmap["kalaclista-turnoff-authorized-fetch"]; ok {
+		var err error
+		cfg.KalaclistaTurnOffAuthorizedFetch, err = cast.ToBoolE(ival)
+		if err != nil {
+			return fmt.Errorf("error casting %#v -> bool for 'kalaclista-turnoff-authorized-fetch': %w", ival, err)
+		}
+	}
+
+ 	return nil
+ }
+ 
+@@ -2559,6 +2570,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() }
 // SetTrustedProxies safely sets the value for global configuration 'TrustedProxies' field
 func SetTrustedProxies(v []string) { global.SetTrustedProxies(v) }
 
@@ -134,37 +190,37 @@ index f063cbf93..cdb5a663f 100644
 // GetSoftwareVersion safely fetches the Configuration value for state's 'SoftwareVersion' field
 func (st *ConfigState) GetSoftwareVersion() (v string) {
 	st.mutex.RLock()
-@@ -4681,3 +4706,28 @@ func GetRequestIDHeader() string { return global.GetRequestIDHeader() }
+@@ -6565,6 +6601,28 @@ func GetTestrigSkipDBTeardown() bool { return global.GetTestrigSkipDBTeardown()
+ // SetTestrigSkipDBTeardown safely sets the value for global configuration 'TestrigSkipDBTeardown' field
+ func SetTestrigSkipDBTeardown(v bool) { global.SetTestrigSkipDBTeardown(v) }
 
- // SetRequestIDHeader safely sets the value for global configuration 'RequestIDHeader' field
- func SetRequestIDHeader(v string) { global.SetRequestIDHeader(v) }
-+
-+// GetKalaclistaAllowedUnauthorizedGet safely fetches the Configuration value for state's 'KalaclistaAllowedUnauthorizedGet' field
-+func (st *ConfigState) GetKalaclistaAllowedUnauthorizedGet() (v bool) {
+// GetKalaclistaTurnOffAuthorizedFetch safely fetches the Configuration value for state's 'KalaclistaTurnOffAuthorizedFetch' field
+func (st *ConfigState) GetKalaclistaTurnOffAuthorizedFetch() (v bool) {
 +	st.mutex.RLock()
-+	v = st.config.KalaclistaAllowedUnauthorizedGet
+	v = st.config.KalaclistaTurnOffAuthorizedFetch
 +	st.mutex.RUnlock()
-+	return
+	return v
 +}
 +
-+// SetKalaclistaAllowedUnauthorizedGet safely sets the Configuration value for state's 'KalaclistaAllowedUnauthorizedGet' field
-+func (st *ConfigState) SetKalaclistaAllowedUnauthorizedGet(v bool) {
+// SetKalaclistaTurnOffAuthorizedFetch safely sets the Configuration value for state's 'KalaclistaTurnOffAuthorizedFetch' field
+func (st *ConfigState) SetKalaclistaTurnOffAuthorizedFetch(v bool) {
 +	st.mutex.Lock()
 +	defer st.mutex.Unlock()
-+	st.config.KalaclistaAllowedUnauthorizedGet = v
+	st.config.KalaclistaTurnOffAuthorizedFetch = v
 +	st.reloadToViper()
 +}
 +
-+// KalaclistaAllowedUnauthorizedGetFlag returns the flag name for the 'KalaclistaAllowedUnauthorizedGet' field
-+func KalaclistaAllowedUnauthorizedGetFlag() string { return "kalaclista-allowed-unauthorized-get" }
+// GetKalaclistaTurnOffAuthorizedFetch safely fetches the value for global configuration 'KalaclistaTurnOffAuthorizedFetch' field
+func GetKalaclistaTurnOffAuthorizedFetch() bool { return global.GetKalaclistaTurnOffAuthorizedFetch() }
 +
-+// GetKalaclistaAllowedUnauthorizedGet safely fetches the value for global configuration 'KalaclistaAllowedUnauthorizedGet' field
-+func GetKalaclistaAllowedUnauthorizedGet() bool { return global.GetKalaclistaAllowedUnauthorizedGet() }
+// SetKalaclistaTurnOffAuthorizedFetch safely sets the value for global configuration 'KalaclistaTurnOffAuthorizedFetch' field
+func SetKalaclistaTurnOffAuthorizedFetch(v bool) { global.SetKalaclistaTurnOffAuthorizedFetch(v) }
 +
-+// SetKalaclistaAllowedUnauthorizedGet safely sets the value for global configuration 'KalaclistaAllowedUnauthorizedGet' field
-+func SetKalaclistaAllowedUnauthorizedGet(v bool) { global.SetKalaclistaAllowedUnauthorizedGet(v) }
+ // GetTotalOfMemRatios safely fetches the combined value for all the state's mem ratio fields
+ func (st *ConfigState) GetTotalOfMemRatios() (total float64) {
+ 	st.mutex.RLock()
 diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go
-index 9059aef39..6e9a22b59 100644
+index ff6ed6fd4..01b3037f1 100644
 --- a/internal/processing/fedi/common.go
 +++ b/internal/processing/fedi/common.go
@@ -20,8 +20,10 @@
@@ -178,89 +234,30 @@ index 9059aef39..6e9a22b59 100644
 	"code.superseriousbusiness.org/gotosocial/internal/db"
 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
 	"code.superseriousbusiness.org/gotosocial/internal/gtsmodel"
-@@ -51,6 +53,12 @@ func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*co
+@@ -53,6 +55,10 @@ func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*co
 	// get requesting account, dereferencing if necessary.
 	pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUser)
 	if errWithCode != nil {
-+		if config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized {
-+			return &commonAuth{
-+				receivingAcct: receiver,
-+			}, nil
+		if config.GetKalaclistaTurnOffAuthorizedFetch() && errWithCode.Code() == http.StatusUnauthorized {
+			return &commonAuth{receiver: receiver}, nil
 +		}
 +
 		return nil, errWithCode
 	}
 
-diff --git a/internal/processing/fedi/emoji.go b/internal/processing/fedi/emoji.go
-index 8db8b48ea..d7e503f7d 100644
--- a/internal/processing/fedi/emoji.go
-+++ b/internal/processing/fedi/emoji.go
-@@ -20,14 +20,20 @@
- import (
- 	"context"
- 	"fmt"
-+	"net/http"
- 
- 	"code.superseriousbusiness.org/gotosocial/internal/ap"
-+	"code.superseriousbusiness.org/gotosocial/internal/config"
- 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
- )
- 
- // EmojiGet handles the GET for a federated emoji originating from this instance.
- func (p *Processor) EmojiGet(ctx context.Context, requestedEmojiID string) (interface{}, gtserror.WithCode) {
- 	if _, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, ""); errWithCode != nil {
-+		if !(config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized) {
-+			return nil, errWithCode
-+		}
-+
- 		return nil, errWithCode
- 	}
- 
-diff --git a/internal/processing/fedi/user.go b/internal/processing/fedi/user.go
-index 53dfd6022..7d976a523 100644
--- a/internal/processing/fedi/user.go
-+++ b/internal/processing/fedi/user.go
-@@ -21,9 +21,11 @@
- 	"context"
- 	"errors"
- 	"fmt"
-+	"net/http"
- 	"net/url"
- 
- 	"code.superseriousbusiness.org/gotosocial/internal/ap"
-+	"code.superseriousbusiness.org/gotosocial/internal/config"
- 	"code.superseriousbusiness.org/gotosocial/internal/db"
- 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
- 	"code.superseriousbusiness.org/gotosocial/internal/uris"
-@@ -67,6 +69,15 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
- 	// we can serve a more complete profile.
- 	pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
- 	if errWithCode != nil {
-+		if config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized {
-+			person, err := p.converter.AccountToAS(ctx, receiver)
-+			if err != nil {
-+				err := gtserror.Newf("error converting account: %w", err)
-+				return nil, gtserror.NewErrorInternalError(err)
-+			}
-+
-+			return data(person)
-+		}
- 		return nil, errWithCode // likely 401
- 	}
- 
 diff --git a/internal/router/router.go b/internal/router/router.go
-index 45419807d..7ef90e297 100644
+index fd7a18ebe..8ee62dc89 100644
 --- a/internal/router/router.go
 +++ b/internal/router/router.go
-@@ -23,6 +23,7 @@
- 	"fmt"
+@@ -24,6 +24,7 @@
 	"net"
 	"net/http"
+ 	"strconv"
 +	"strings"
 	"time"
 
 	"code.superseriousbusiness.org/gotosocial/internal/config"
-@@ -31,6 +32,7 @@
+@@ -32,6 +33,7 @@
 	"codeberg.org/gruf/go-bytesize"
 	"codeberg.org/gruf/go-debug"
 	"github.com/gin-gonic/gin"
@@ -268,7 +265,7 @@ index 45419807d..7ef90e297 100644
 	"golang.org/x/crypto/acme/autocert"
 )
 
-@@ -75,6 +77,11 @@ func New(ctx context.Context) (*Router, error) {
+@@ -76,6 +78,11 @@ func New(ctx context.Context) (*Router, error) {
 	engine.MaxMultipartMemory = maxMultipartMemory
 	engine.HandleMethodNotAllowed = true
 
@@ -280,7 +277,7 @@ index 45419807d..7ef90e297 100644
 	// Set up client IP forwarding via
 	// trusted x-forwarded-* headers.
 	trustedProxies := config.GetTrustedProxies()
-@@ -135,6 +142,7 @@ func (r *Router) Start() error {
+@@ -138,6 +145,7 @@ func (r *Router) Start() error {
 		certFile  = config.GetTLSCertificateChain()
 		keyFile   = config.GetTLSCertificateKey()
 		leEnabled = config.GetLetsEncryptEnabled()
@@ -288,7 +285,7 @@ index 45419807d..7ef90e297 100644
 	)
 
 	switch {
-@@ -155,6 +163,18 @@ func (r *Router) Start() error {
+@@ -158,6 +166,18 @@ func (r *Router) Start() error {
 			return err
 		}
 
@@ -602,10 +599,10 @@ index 000000000..85bce6fc3
 +[0]: https://pkg.go.dev/time#ParseDuration
 diff --git a/vendor/go.balki.me/anyhttp/anyhttp.go b/vendor/go.balki.me/anyhttp/anyhttp.go
 new file mode 100644
-index 000000000..8d316a78f
+index 000000000..fac5046e8
 --- /dev/null
 +++ b/vendor/go.balki.me/anyhttp/anyhttp.go
-@@ -0,0 +1,440 @@
+@@ -0,0 +1,429 @@
 +// Package anyhttp has helpers to serve http from unix sockets and systemd socket activated fds
 +package anyhttp
 +
@@ -621,7 +618,6 @@ index 000000000..8d316a78f
 +	"strconv"
 +	"strings"
 +	"sync"
-+	"syscall"
 +	"time"
 +
 +	"go.balki.me/anyhttp/idle"
@@ -758,16 +754,6 @@ index 000000000..8d316a78f
 +// StartFD is the starting file descriptor number
 +const StartFD = 3
 +
-+func makeFdListener(fd int, name string) (net.Listener, error) {
-+	fdFile := os.NewFile(uintptr(fd), name)
-+	l, err := net.FileListener(fdFile)
-+	if err != nil {
-+		return nil, err
-+	}
-+	syscall.CloseOnExec(fd)
-+	return l, nil
-+}
-+
 +// GetListener returns the FileListener created with socketed activated fd
 +func (s *SysdConfig) GetListener() (net.Listener, error) {
 +
@@ -1046,6 +1032,47 @@ index 000000000..8d316a78f
 +	}
 +	return &ctx, nil
 +}
+diff --git a/vendor/go.balki.me/anyhttp/fd_unix.go b/vendor/go.balki.me/anyhttp/fd_unix.go
+new file mode 100644
+index 000000000..83a94fce4
+--- /dev/null
+++ b/vendor/go.balki.me/anyhttp/fd_unix.go
+@@ -0,0 +1,19 @@
+//go:build unix
+
+package anyhttp
+
+import (
+	"net"
+	"os"
+	"syscall"
+)
+
+func makeFdListener(fd int, name string) (net.Listener, error) {
+	fdFile := os.NewFile(uintptr(fd), name)
+	l, err := net.FileListener(fdFile)
+	if err != nil {
+		return nil, err
+	}
+	syscall.CloseOnExec(fd)
+	return l, nil
+}
+diff --git a/vendor/go.balki.me/anyhttp/fd_windows.go b/vendor/go.balki.me/anyhttp/fd_windows.go
+new file mode 100644
+index 000000000..f1d6bca12
+--- /dev/null
+++ b/vendor/go.balki.me/anyhttp/fd_windows.go
+@@ -0,0 +1,10 @@
+package anyhttp
+
+import (
+	"errors"
+	"net"
+)
+
+func makeFdListener(fd int, name string) (net.Listener, error) {
+	return nil, errors.New("windows not supported")
+}
 diff --git a/vendor/go.balki.me/anyhttp/idle/idle.go b/vendor/go.balki.me/anyhttp/idle/idle.go
 new file mode 100644
 index 000000000..ee3d81ff1
@@ -1180,14 +1207,14 @@ index 000000000..ee3d81ff1
 +	return i.c
 +}
 diff --git a/vendor/modules.txt b/vendor/modules.txt
-index 276f0f17c..ec3ecb43d 100644
+index 19b2ef773..3d418ee33 100644
 --- a/vendor/modules.txt
 +++ b/vendor/modules.txt
-@@ -968,6 +968,10 @@ github.com/yuin/goldmark/renderer
+@@ -1002,6 +1002,10 @@ github.com/yuin/goldmark/renderer
 github.com/yuin/goldmark/renderer/html
 github.com/yuin/goldmark/text
 github.com/yuin/goldmark/util
-+# go.balki.me/anyhttp v0.5.0
+# go.balki.me/anyhttp v0.5.2
 +## explicit; go 1.20
 +go.balki.me/anyhttp
 +go.balki.me/anyhttp/idle
--- a/use-fhs-directories.patch
+++ b/use-fhs-directories.patch
@@ -1,24 +1,15 @@
 --- a/example/config.yaml
 +++ b/example/config.yaml
-@@ -97,7 +97,7 @@ trusted-proxies:
- # String. Database type.
- # Options: ["postgres","sqlite"]
- # Default: "postgres"
-db-type: "postgres"
-+db-type: "sqlite"
- 
- # String. Database address or parameters.
- #
-@@ -112,7 +112,7 @@ db-type: "postgres"
+@@ -172,7 +172,7 @@ db-type: "sqlite"
 #
 # Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"]
 # Default: ""
-db-address: ""
+-db-address: "sqlite.db"
 +db-address: "/var/lib/gotosocial/sqlite.db"
 
- # Int. Port for database connection.
+ # Int. Port for postgres database connection; ignored for sqlite.
 # Examples: [5432, 1234, 6969]
-@@ -158,12 +158,12 @@ db-tls-ca-cert: ""
+@@ -297,12 +297,12 @@ cache:
 # String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
 # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
 # Default: "./web/template/"
@@ -33,7 +24,7 @@
 
 ###########################
 ##### INSTANCE CONFIG #####
-@@ -261,7 +261,7 @@ storage-backend: "local"
+@@ -745,7 +745,7 @@ storage-backend: "local"
 # Only required when running with the local storage backend.
 # Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]
 # Default: "/gotosocial/storage"
@@ -42,7 +33,7 @@
 
 # String. API endpoint of the S3 compatible service.
 # Only required when running with the s3 storage backend.
-@@ -357,7 +357,7 @@ letsencrypt-port: 80
+@@ -908,7 +908,7 @@ letsencrypt-port: 80
 # In any case, make sure GoToSocial has permissions to write to / read from this directory.
 # Examples: ["/home/gotosocial/storage/certs", "/acmecerts"]
 # Default: "/gotosocial/storage/certs"
@@ -53,8 +44,8 @@
 # Most likely, this will be the email address of the instance administrator.
 --- a/example/gotosocial.service
 +++ b/example/gotosocial.service
-@@ -14,8 +14,8 @@ Type=exec
- Restart=on-failure
+@@ -28,8 +28,8 @@ Restart=on-failure
+ #Environment="OTEL_METRICS_PRODUCERS=prometheus"
 
 # change if your path to the GoToSocial binary is different
 -ExecStart=/gotosocial/gotosocial --config-path config.yaml server start
@@ -62,5 +53,5 @@
 +ExecStart=/usr/bin/gotosocial --config-path /etc/gotosocial/config.yaml server start
 +WorkingDirectory=/var/lib/gotosocial
 
- StandardOutput=append:/var/log/gotosocial/gotosocial.log
- StandardError=inherit
+ # Sandboxing options to harden security
+ # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html