Migrate to checker-sdk-go v1.3.0 with standalone build tag

The SDK split the HTTP server scaffolding into the new checker-sdk-go/checker/server subpackage. Update main.go to import server and call server.New, and isolate the interactive form code behind the standalone build tag so plugin/builtin builds skip net/http entirely.
2026-04-24 12:58:43 +07:00 · 2026-04-24 12:58:43 +07:00 · 47d71c8cde
commit 47d71c8cde
parent 40a4cf285e
9 changed files with 20 additions and 15 deletions
--- a/2
+++ b/2
@ -6,7 +6,7 @@ WORKDIR /src
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
-RUN CGO_ENABLED=0 go build -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-kerberos .
+RUN CGO_ENABLED=0 go build -tags standalone -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-kerberos .

 FROM scratch
 COPY --from=builder /checker-kerberos /checker-kerberos
--- a/7
+++ b/7
@ -6,12 +6,12 @@ CHECKER_SOURCES := main.go $(wildcard checker/*.go)

 GO_LDFLAGS := -X main.Version=$(CHECKER_VERSION)

-.PHONY: all plugin docker clean
+.PHONY: all plugin docker test clean

 all: $(CHECKER_NAME)

 $(CHECKER_NAME): $(CHECKER_SOURCES)
-	go build -ldflags "$(GO_LDFLAGS)" -o $@ .
+	go build -tags standalone -ldflags "$(GO_LDFLAGS)" -o $@ .

 plugin: $(CHECKER_NAME).so

@ -21,5 +21,8 @@ $(CHECKER_NAME).so: $(CHECKER_SOURCES) $(wildcard plugin/*.go)
 docker:
 	docker build --build-arg CHECKER_VERSION=$(CHECKER_VERSION) -t $(CHECKER_IMAGE) .

+test:
+	go test -tags standalone ./...
+
 clean:
 	rm -f $(CHECKER_NAME) $(CHECKER_NAME).so
--- a/README.md
+++ b/README.md
@ -4,13 +4,13 @@ happyDomain checker that audits a Kerberos realm from its DNS records.

 Starting from the realm name (or from the SRV records grouped under the
 `abstract.Kerberos` service), the checker performs a series of
-**anonymous probes** — and an optional **authenticated round-trip** when
-credentials are supplied — to give a complete picture of the realm's
+**anonymous probes**, and an optional **authenticated round-trip** when
+credentials are supplied, to give a complete picture of the realm's
 availability and security posture.

 ## What gets checked

- SRV layout — `_kerberos._tcp.`, `_kerberos._udp.`,
+- SRV layout, `_kerberos._tcp.`, `_kerberos._udp.`,
  `_kerberos-master._tcp.`, `_kerberos-adm._tcp.`, `_kpasswd._tcp.`,
  `_kpasswd._udp.`.
 - Forward resolution of every SRV target (A + AAAA).
--- a/checker/collect.go
+++ b/checker/collect.go
@ -377,7 +377,7 @@ func buildProbeASReq(realm string) (messages.ASReq, error) {

 // parseASResponse inspects the raw KDC reply and fills the ASProbeResult.
 // Expected replies: KRB-ERROR (PREAUTH_REQUIRED / C_PRINCIPAL_UNKNOWN) or,
-// less commonly, an AS-REP (principal exists and doesn't require preauth —
+// less commonly, an AS-REP (principal exists and doesn't require preauth .
 // AS-REP roasting territory).
 func parseASResponse(raw []byte, out *ASProbeResult) {
 	// Try KRB-ERROR first.
@ -400,7 +400,7 @@ func parseASResponse(raw []byte, out *ASProbeResult) {
 		return
 	}

-	// Try AS-REP. If this succeeds, preauth wasn't required — surface it.
+	// Try AS-REP. If this succeeds, preauth wasn't required, surface it.
 	var asRep messages.ASRep
 	if err := asRep.Unmarshal(raw); err == nil {
 		out.PrincipalFound = true
--- a/checker/interactive.go
+++ b/checker/interactive.go
@ -1,3 +1,5 @@
+//go:build standalone
+
 package checker

 import (
--- a/checker/report.go
+++ b/checker/report.go
@ -257,7 +257,7 @@ then rekey principals with <code>kadmin -q "cpw -randkey principal"</code> or eq
 		})
 	}

-	// AS-REP without preauth — AS-REP roasting.
+	// AS-REP without preauth, AS-REP roasting.
 	if r.AS.Attempted && r.AS.PrincipalFound && !r.AS.PreauthReq {
 		out = append(out, remediation{
 			Title: "Enable pre-authentication",
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module git.happydns.org/checker-kerberos
 go 1.25.0

 require (
-	git.happydns.org/checker-sdk-go v1.2.0
+	git.happydns.org/checker-sdk-go v1.3.0
 	github.com/jcmturner/gofork v1.7.6
 	github.com/jcmturner/gokrb5/v8 v8.4.4
 )
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,5 @@
-git.happydns.org/checker-sdk-go v1.2.0 h1:v4MpKAz0W3PwP+bxx3pya8w893sVH5xTD1of1cc0TV8=
-git.happydns.org/checker-sdk-go v1.2.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
+git.happydns.org/checker-sdk-go v1.3.0 h1:FG2kIhlJCzI0m35EhxSgn4UWc9M4ha6aZTeoChu4l7A=
+git.happydns.org/checker-sdk-go v1.3.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
--- a/main.go
+++ b/main.go
@ -5,7 +5,7 @@ import (
 	"log"

 	kerberos "git.happydns.org/checker-kerberos/checker"
-	sdk "git.happydns.org/checker-sdk-go/checker"
+	"git.happydns.org/checker-sdk-go/checker/server"
 )

 // Version is the standalone binary's version. It defaults to "custom-build"
@ -21,8 +21,8 @@ func main() {

 	kerberos.Version = Version

-	server := sdk.NewServer(kerberos.Provider())
-	if err := server.ListenAndServe(*listenAddr); err != nil {
+	srv := server.New(kerberos.Provider())
+	if err := srv.ListenAndServe(*listenAddr); err != nil {
 		log.Fatalf("server error: %v", err)
 	}
 }