Add watchlist reload via SIGHUP

[The-Inceptions]

This addition allows updating the watchlist without needing to close the program. Users may send a SIGHUP signal after updating the watchlist. Once that occurs, the readWatchListFile function will be called again, updating the current watchlist.

[AGWA]

Thank you for your interest in improving certspotter. Unfortunately, your code is buggy - overwriting the watch list is not safe because it may be concurrently read by other goroutines.

Updating a running application's config is generally tricky, and there are other configuration files that a user might want to reload, like the email_recipients file.

Before making certspotter more complicated, I would like to understand more why restarting the program is undesirable. certspotter saves all log positions to disk when it receives a SIGTERM, so it won't lose any work when it restarts.

[The-Inceptions]

Unfortunately, your code is buggy - overwriting the watch list is not safe because it may be concurrently read by other goroutines.

Apologies for this, I can attempt a fix for this.

certspotter saves all log positions to disk when it receives a SIGTERM, so it won't lose any work when it restarts.

does this hold true with the -start_at_end flag enabled?

Our team runs certspotter as a daemon with the -start_at_end flag enabled and we are planning to integrate this into a lightweight docker container as of now. The goal is to be able to update the watchlist without restarting the monitoring of existing domains if kept in the watchlist alongside newly added domains.

[AGWA]

Yes, -start_at_end only applies the very first time a log is contacted. When you restart certspotter, it resumes monitoring previously-contacted logs from the previous position regardless of -start_at_end.

It doesn't seem like the SIGHUP behavior is necessary for your use case.