[PRIVACY] Add a DNS method to fetch new updates

- Use TXT records in order to determine the latest available version.
- This addresses a valid privacy issue, as with HTTP requests the server
can keep track(estimated) of how many instances are using Forgejo, with
DNS that's basically not possible as the server will never receive any
data, as the only ones receiving data are DNS resolvers.

(cherry picked from commit 0baefb546ab96bc3c06d90feffdb14873c2c2a3a)
(cherry picked from commit e8ee41880b775532e6a68bd2052ed96d369dee78)
(cherry picked from commit 7eca4f3bf1faa3f063c9668d1bb354b842361007)
(cherry picked from commit 5c1567836c39b08b982005048f2610c3ad6d029a)
(cherry picked from commit 953afbc67f85f7c15a064405f83b9973273d4d7b)
(cherry picked from commit fd9d97ab9f304f0acea977130c74c63024c40182)
(cherry picked from commit 40fbd45effed8e37c0d23dec4896473a437fb7eb)
(cherry picked from commit c5c904b04ba8ddbab108c9fb2559109c1cef1166)
(cherry picked from commit 48659bb3ab268203f14d8d7e6f2f0de4ce1eaa23)
(cherry picked from commit b1fccd50938a0e63a8a80d127c6c81a78d31215a)
(cherry picked from commit 5e69573)

Author: Gusted

custom/conf/app.example.ini

@@ -2212,6 +2212,7 @@ ROUTER = console
 ;ENABLE_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
 ;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
+;DOMAIN_ENDPOINT = release.forgejo.org
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

docs/content/doc/administration/config-cheat-sheet.en-us.md

@@ -1050,6 +1050,7 @@ Default templates for project boards:
 - `ENABLE_SUCCESS_NOTICE`: **true**: Set to false to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax for scheduling a work, e.g. `@every 168h`.
 - `HTTP_ENDPOINT`: **https://dl.gitea.io/gitea/version.json**: the endpoint that Gitea will check for newer versions
+- `DOMAIN_ENDPOINT`: **release.forgejo.org**: the domain that, if specified, Gitea will check for newer versions. This is preferred over `HTTP_ENDPOINT`.
 
 #### Cron -  Delete all old system notices from database (`cron.delete_old_system_notices`)
 

modules/updatechecker/update_checker.go

@@ -4,8 +4,11 @@
 package updatechecker
 
 import (
+	"errors"
 	"io"
+	"net"
 	"net/http"
+	"strings"
 
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/proxy"
@@ -26,7 +29,51 @@ func (r *CheckerState) Name() string {
 }
 
 // GiteaUpdateChecker returns error when new version of Gitea is available
-func GiteaUpdateChecker(httpEndpoint string) error {
+func GiteaUpdateChecker(httpEndpoint, domainEndpoint string) error {
+	var version string
+	var err error
+	if domainEndpoint != "" {
+		version, err = getVersionDNS(domainEndpoint)
+	} else {
+		version, err = getVersionHTTP(httpEndpoint)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	return UpdateRemoteVersion(version)
+}
+
+// getVersionDNS will request the TXT records for the domain. If a record starts
+// with "forgejo_versions=" everything after that will be used as the latest
+// version available.
+func getVersionDNS(domainEndpoint string) (version string, err error) {
+	records, err := net.LookupTXT(domainEndpoint)
+	if err != nil {
+		return "", err
+	}
+
+	if len(records) == 0 {
+		return "", errors.New("no TXT records were found")
+	}
+
+	for _, record := range records {
+		if strings.HasPrefix(record, "forgejo_versions=") {
+			// Get all supported versions, separated by a comma.
+			supportedVersions := strings.Split(strings.TrimPrefix(record, "forgejo_versions="), ",")
+			// For now always return the latest supported version.
+			return supportedVersions[len(supportedVersions)-1], nil
+		}
+	}
+
+	return "", errors.New("there is no TXT record with a valid value")
+}
+
+// getVersionHTTP will make an HTTP request to the endpoint, and the returned
+// content is JSON. The "latest.version" path's value will be used as the latest
+// version available.
+func getVersionHTTP(httpEndpoint string) (version string, err error) {
 	httpClient := &http.Client{
 		Transport: &http.Transport{
 			Proxy: proxy.Proxy(),
@@ -35,16 +82,16 @@ func GiteaUpdateChecker(httpEndpoint string) error {
 
 	req, err := http.NewRequest("GET", httpEndpoint, nil)
 	if err != nil {
-		return err
+		return "", err
 	}
 	resp, err := httpClient.Do(req)
 	if err != nil {
-		return err
+		return "", err
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return err
+		return "", err
 	}
 
 	type respType struct {
@@ -55,10 +102,9 @@ func GiteaUpdateChecker(httpEndpoint string) error {
 	respData := respType{}
 	err = json.Unmarshal(body, &respData)
 	if err != nil {
-		return err
+		return "", err
 	}
-
-	return UpdateRemoteVersion(respData.Latest.Version)
+	return respData.Latest.Version, nil
 }
 
 // UpdateRemoteVersion updates the latest available version of Gitea

modules/updatechecker/update_checker_test.go

@@ -0,0 +1,16 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package updatechecker
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDNSUpdate(t *testing.T) {
+	version, err := getVersionDNS("release.forgejo.org")
+	assert.NoError(t, err)
+	assert.NotEmpty(t, version)
+}

services/cron/tasks_extended.go

@@ -142,18 +142,20 @@ func registerDeleteOldActions() {
 func registerUpdateGiteaChecker() {
 	type UpdateCheckerConfig struct {
 		BaseConfig
-		HTTPEndpoint string
+		HTTPEndpoint   string
+		DomainEndpoint string
 	}
 	RegisterTaskFatal("update_checker", &UpdateCheckerConfig{
 		BaseConfig: BaseConfig{
 			Enabled:    false,
 			RunAtStart: false,
 			Schedule:   "@every 168h",
 		},
-		HTTPEndpoint: "https://dl.gitea.io/gitea/version.json",
+		HTTPEndpoint:   "https://dl.gitea.io/gitea/version.json",
+		DomainEndpoint: "release.forgejo.org",
 	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		updateCheckerConfig := config.(*UpdateCheckerConfig)
-		return updatechecker.GiteaUpdateChecker(updateCheckerConfig.HTTPEndpoint)
+		return updatechecker.GiteaUpdateChecker(updateCheckerConfig.HTTPEndpoint, updateCheckerConfig.DomainEndpoint)
 	})
 }