[Feature] Mark genuinely hard dependencies in plugins

author Vsevolod Stakhov <vsevolod@rspamd.com>

Tue, 31 Mar 2026 16:00:29 +0000 (17:00 +0100)

committer Vsevolod Stakhov <vsevolod@rspamd.com>

Tue, 31 Mar 2026 16:00:29 +0000 (17:00 +0100)
author Vsevolod Stakhov <vsevolod@rspamd.com>
Tue, 31 Mar 2026 16:00:29 +0000 (17:00 +0100)
committer Vsevolod Stakhov <vsevolod@rspamd.com>
Tue, 31 Mar 2026 16:00:29 +0000 (17:00 +0100)
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua

index 67446e207e42d4f0cc0ef9824d0d237649a9882f..eec0cc4f0465d8e5bfc7d6d21ee5100d821c1180 100644 (file)
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -951,11 +951,10 @@ end
  
  rspamd_config:register_symbol(sym_reg_tbl)
  
--- Do not sign unless checked
-rspamd_config:register_dependency(settings['sign_symbol'], 'ARC_CHECK')
--- We need to check dmarc before signing as we have to produce valid AAR header
--- see #3613
-rspamd_config:register_dependency(settings['sign_symbol'], 'DMARC_CHECK')
+-- Hard: ARC signing needs arc-seals cache from ARC_CHECK
+rspamd_config:register_dependency(settings['sign_symbol'], 'ARC_CHECK', true)
+-- Hard: ARC signing needs DMARC result for valid AAR header (#3613)
+rspamd_config:register_dependency(settings['sign_symbol'], 'DMARC_CHECK', true)
  
  if settings.adjust_dmarc and settings.whitelisted_signers_map then
    local function arc_dmarc_adjust_cb(task)
@@ -985,6 +984,7 @@ if settings.adjust_dmarc and settings.whitelisted_signers_map then
      callback = arc_dmarc_adjust_cb,
      type = 'callback',
    })
-  rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'DMARC_CHECK')
-  rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'ARC_CHECK')
+  -- Hard: reads both DMARC policy symbols and ARC trusted cache
+  rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'DMARC_CHECK', true)
+  rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'ARC_CHECK', true)
  end
diff --git a/src/plugins/lua/bimi.lua b/src/plugins/lua/bimi.lua

index a0303273979d301fab7c1e6abdd96cd0ac3d3933..9f4dc51ef9b4ae8344914cbe9d17fbb6fa35a186 100644 (file)
--- a/src/plugins/lua/bimi.lua
+++ b/src/plugins/lua/bimi.lua
@@ -415,7 +415,8 @@ if redis_params then
      score = 0.0
    }
  
-  rspamd_config:register_dependency('BIMI_CHECK', 'DMARC_CHECK')
+  -- Hard: BIMI requires DMARC pass
+  rspamd_config:register_dependency('BIMI_CHECK', 'DMARC_CHECK', true)
  else
    lua_util.disable_module(N, "redis")
  end
diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua

index e2b3dedcc9d1745382f3e61841762e0e1ffd6013..64e7a6f15ea8bd86c292a8e86d5d6b9784b9a25f 100644 (file)
--- a/src/plugins/lua/dmarc.lua
+++ b/src/plugins/lua/dmarc.lua
@@ -794,7 +794,8 @@ if settings.munging then
      augmentations = { lua_util.dns_timeout_augmentation(rspamd_config) },
    })
  
-  rspamd_config:register_dependency('DMARC_MUNGED', 'DMARC_CHECK')
+  -- Hard: without DMARC policy there is nothing to munge
+  rspamd_config:register_dependency('DMARC_MUNGED', 'DMARC_CHECK', true)
    -- Weak: signing works without munging, just ensures proper header rewrite order
    rspamd_config:register_dependency('DKIM_SIGNED', 'DMARC_MUNGED')
    rspamd_config:register_dependency('ARC_SIGNED', 'DMARC_MUNGED')
diff --git a/src/plugins/lua/settings.lua b/src/plugins/lua/settings.lua

index 379289c1976d42295c87c7e93c3e936bd75b8851..0eddf3d307e0c3efcad901e4705069d3e9665bed 100644 (file)
--- a/src/plugins/lua/settings.lua
+++ b/src/plugins/lua/settings.lua
@@ -1457,13 +1457,13 @@ rspamd_config:register_symbol({
    flags = 'empty,nostat,explicit_disable,ignore_passthrough',
  })
  
--- SETTINGS_APPLY depends on SETTINGS_CHECK (waits for it to finish collecting)
-rspamd_config:register_dependency('SETTINGS_APPLY', 'SETTINGS_CHECK')
+-- Hard dep: SETTINGS_APPLY must wait for SETTINGS_CHECK to finish collecting
+rspamd_config:register_dependency('SETTINGS_APPLY', 'SETTINGS_CHECK', true)
  
--- Also depend on REDIS_SETTINGS symbols if redis is configured
+-- Also hard-depend on REDIS_SETTINGS symbols if redis is configured
  if redis_sym_names then
    for _, sym_name in ipairs(redis_sym_names) do
-    rspamd_config:register_dependency('SETTINGS_APPLY', sym_name)
+    rspamd_config:register_dependency('SETTINGS_APPLY', sym_name, true)
    end
  end
author	Vsevolod Stakhov <vsevolod@rspamd.com>
	Tue, 31 Mar 2026 16:00:29 +0000 (17:00 +0100)
committer	Vsevolod Stakhov <vsevolod@rspamd.com>
	Tue, 31 Mar 2026 16:00:29 +0000 (17:00 +0100)
src/plugins/lua/arc.lua		patch \| blob \| blame \| history
src/plugins/lua/bimi.lua		patch \| blob \| blame \| history
src/plugins/lua/dmarc.lua		patch \| blob \| blame \| history
src/plugins/lua/settings.lua		patch \| blob \| blame \| history