GNU bug report logs -
#35330
[PATCH] gnu: certbot: Add support for manual plugin.
Previous Next
Reported by: Julien Lepiller <julien <at> lepiller.eu>
Date: Fri, 19 Apr 2019 21:28:02 UTC
Severity: normal
Tags: patch
Done: Julien Lepiller <julien <at> lepiller.eu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 35330 in the body.
You can then email your comments to 35330 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#35330; Package
guix-patches.
(Fri, 19 Apr 2019 21:28:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Julien Lepiller <julien <at> lepiller.eu>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 19 Apr 2019 21:28:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/services/certbot.scm (certificate-configuration): Add challenge,
auth-hook and cleanup-hook fields.
(certbot-command): Use them.
* doc/guix.texi (Certificate Services): Document them.
---
doc/guix.texi | 19 +++++++++++++++++++
gnu/services/certbot.scm | 38 ++++++++++++++++++++++++++++----------
2 files changed, 47 insertions(+), 10 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8c7522f286..7bbec33d10 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -19416,6 +19416,25 @@ Its default is the first provided domain.
The first domain provided will be the subject CN of the certificate, and
all domains will be Subject Alternative Names on the certificate.
+@item @code{challenge} (default: @code{#f})
+The challenge type that has to be run by certbot. If @code{#f} is specified,
+default to the http challenge. If a value is specified, defaults to the
+manual plugin (see @code{auth-hook} and @code{cleanup-hook}).
+
+@item @code{auth-hook} (default: @code{#f})
+Command to be run in a shell once for each certificate challenge to be
+answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
+will contain the domain being authenticated, @code{$CERTBOT_VALIDATION}
+contains the validation string and @code{$CERTBOT_TOKEN} contains the
+filename of the resource requested when performing an HTTP-01 challenge.
+
+@item @code{cleanup-hook} (default: @code{#f})
+Command to be run in a shell once for each certificate challenge that
+have been answered by the @code{auth-hook}. For this command, the shell
+variables available in the @code{auth-hook} script are still available, and
+additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
+of the @code{auth-hook} script.
+
@item @code{deploy-hook} (default: @code{#f})
Command to be run in a shell once for each successfully issued
certificate. For this command, the shell variable
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 7565bc97ca..95c39684cf 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -50,6 +50,12 @@
(default #f))
(domains certificate-configuration-domains
(default '()))
+ (challenge certificate-configuration-challenge
+ (default #f))
+ (auth-hook certificate-auth-hook
+ (default #f))
+ (cleanup-hook certificate-cleanup-hook
+ (default #f))
(deploy-hook certificate-configuration-deploy-hook
(default #f)))
@@ -81,17 +87,29 @@
(commands
(map
(match-lambda
- (($ <certificate-configuration> custom-name domains
- deploy-hook)
+ (($ <certificate-configuration> custom-name domains challenge
+ auth-hook cleanup-hook deploy-hook)
(let ((name (or custom-name (car domains))))
- (append
- (list name certbot "certonly" "-n" "--agree-tos"
- "-m" email
- "--webroot" "-w" webroot
- "--cert-name" name
- "-d" (string-join domains ","))
- (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
- (if deploy-hook `("--deploy-hook" ,deploy-hook) '())))))
+ (if challenge
+ (append
+ (list name certbot "certonly" "-n" "--agree-tos"
+ "-m" email
+ "--manual"
+ (string-append "--preferred-challenges=" challenge)
+ "--cert-name" name
+ "-d" (string-join domains ","))
+ (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if auth-hook `("--manual-auth-hook" ,auth-hook) '())
+ (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '())
+ (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
+ (append
+ (list name certbot "certonly" "-n" "--agree-tos"
+ "-m" email
+ "--webroot" "-w" webroot
+ "--cert-name" name
+ "-d" (string-join domains ","))
+ (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
certificates)))
(program-file
"certbot-command"
--
2.21.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#35330; Package
guix-patches.
(Wed, 24 Apr 2019 12:30:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 35330 <at> debbugs.gnu.org (full text, mbox):
Hello,
Julien Lepiller <julien <at> lepiller.eu> skribis:
> * gnu/services/certbot.scm (certificate-configuration): Add challenge,
> auth-hook and cleanup-hook fields.
> (certbot-command): Use them.
> * doc/guix.texi (Certificate Services): Document them.
Neat!
Nitpick:
- s/http/HTTP/
- two spaces after end-of-sentence period
- s/filename/file name/
> +@item @code{challenge} (default: @code{#f})
> +The challenge type that has to be run by certbot. If @code{#f} is specified,
> +default to the http challenge. If a value is specified, defaults to the
> +manual plugin (see @code{auth-hook} and @code{cleanup-hook}).
If there’s a stable URL to upstream documentation, perhaps you could
insert it here.
> +@item @code{auth-hook} (default: @code{#f})
Should it be called ‘authentication-hook’?
I’m definitely no expert, but I’d say go for it!
Thanks for working on it!
Ludo’.
Reply sent
to
Julien Lepiller <julien <at> lepiller.eu>:
You have taken responsibility.
(Thu, 25 Apr 2019 17:49:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Julien Lepiller <julien <at> lepiller.eu>:
bug acknowledged by developer.
(Thu, 25 Apr 2019 17:49:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 35330-done <at> debbugs.gnu.org (full text, mbox):
Le Wed, 24 Apr 2019 14:29:12 +0200,
Ludovic Courtès <ludo <at> gnu.org> a écrit :
> Hello,
>
> Julien Lepiller <julien <at> lepiller.eu> skribis:
>
> > * gnu/services/certbot.scm (certificate-configuration): Add
> > challenge, auth-hook and cleanup-hook fields.
> > (certbot-command): Use them.
> > * doc/guix.texi (Certificate Services): Document them.
>
> Neat!
>
> Nitpick:
>
> - s/http/HTTP/
> - two spaces after end-of-sentence period
> - s/filename/file name/
>
> > +@item @code{challenge} (default: @code{#f})
> > +The challenge type that has to be run by certbot. If @code{#f} is
> > specified, +default to the http challenge. If a value is specified,
> > defaults to the +manual plugin (see @code{auth-hook} and
> > @code{cleanup-hook}).
>
> If there’s a stable URL to upstream documentation, perhaps you could
> insert it here.
>
> > +@item @code{auth-hook} (default: @code{#f})
>
> Should it be called ‘authentication-hook’?
>
> I’m definitely no expert, but I’d say go for it!
>
> Thanks for working on it!
>
> Ludo’.
Thanks, pushed as b68aff1f05864a589b62afa44665a99e5cf43718.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 24 May 2019 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 332 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.