GNU bug report logs -
#49213
[PATCH v1] services: certbot: Add option to use CSR file.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 49213 in the body.
You can then email your comments to 49213 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Thu, 24 Jun 2021 18:52:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Raghav Gururajan <rg <at> raghavgururajan.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 24 Jun 2021 18:52:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/services/certbot.scm (<certificate-configuration>): Add csr field.
(certbot-command): Modify.
* doc/guix.texi (Certificate Services): Document it.
---
doc/guix.texi | 6 ++++++
gnu/services/certbot.scm | 6 +++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 15e8999447..689d6498a9 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -25934,6 +25934,12 @@ the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
and gives Let's Encrypt permission to log the public IP address of the
requesting machine.
+@item @code{csr} (default: @code{#f})
+Path to a Certificate Signing Request (CSR) in DER or PEM format. If @code{#f}
+is specified, this argument will not be passed to certbot. If a value is passed,
+certbot uses it to obtain certificate, instead of using randomly generated
+private-key.
+
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 1c67ff63f1..9a3822a679 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -55,6 +55,8 @@
(default '()))
(challenge certificate-configuration-challenge
(default #f))
+ (csr certificate-configuration-csr
+ (default #f))
(authentication-hook certificate-authentication-hook
(default #f))
(cleanup-hook certificate-cleanup-hook
@@ -95,7 +97,7 @@
(match-lambda
(($ <certificate-configuration> custom-name domains challenge
authentication-hook cleanup-hook
- deploy-hook)
+ deploy-hook csr)
(let ((name (or custom-name (car domains))))
(if challenge
(append
@@ -110,6 +112,7 @@
'("--register-unsafely-without-email"))
(if server `("--server" ,server) '())
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if csr `("--csr" ,csr) '())
(if authentication-hook
`("--manual-auth-hook" ,authentication-hook)
'())
@@ -125,6 +128,7 @@
'("--register-unsafely-without-email"))
(if server `("--server" ,server) '())
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if csr `("--csr" ,csr) '())
(if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
certificates)))
(program-file
--
2.32.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Thu, 24 Jun 2021 19:19:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 49213 <at> debbugs.gnu.org (full text, mbox):
* gnu/services/certbot.scm (<certificate-configuration>): Add csr field.
(certbot-command): Modify.
* doc/guix.texi (Certificate Services): Document it.
---
doc/guix.texi | 7 +++++++
gnu/services/certbot.scm | 6 +++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 15e8999447..fce72a9fb5 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -91,6 +91,7 @@ Copyright @copyright{} 2020 Edgar Vincent@*
Copyright @copyright{} 2021 Maxime Devos@*
Copyright @copyright{} 2021 B. Wilson@*
Copyright @copyright{} 2021 Xinglu Chen@*
+Copyright @copyright{} 2021 Raghav Gururajan@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -25934,6 +25935,12 @@ the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
and gives Let's Encrypt permission to log the public IP address of the
requesting machine.
+@item @code{csr} (default: @code{#f})
+File name of Certificate Signing Request (CSR) in DER or PEM format.
+If @code{#f} is specified, this argument will not be passed to certbot.
+If a value is provided, certbot will use it to obtain a certificate, instead of
+using a randomly-generated CSR.
+
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 1c67ff63f1..c73142ca81 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -55,6 +55,8 @@
(default '()))
(challenge certificate-configuration-challenge
(default #f))
+ (csr certificate-configuration-csr
+ (default #f))
(authentication-hook certificate-authentication-hook
(default #f))
(cleanup-hook certificate-cleanup-hook
@@ -95,7 +97,7 @@
(match-lambda
(($ <certificate-configuration> custom-name domains challenge
authentication-hook cleanup-hook
- deploy-hook)
+ deploy-hook csr)
(let ((name (or custom-name (car domains))))
(if challenge
(append
@@ -110,6 +112,7 @@
'("--register-unsafely-without-email"))
(if server `("--server" ,server) '())
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if csr `("--csr" ,csr) '())
(if authentication-hook
`("--manual-auth-hook" ,authentication-hook)
'())
@@ -125,6 +128,7 @@
'("--register-unsafely-without-email"))
(if server `("--server" ,server) '())
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if csr `("--csr" ,csr) '())
(if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
certificates)))
(program-file
--
2.32.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Thu, 24 Jun 2021 21:59:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 49213 <at> debbugs.gnu.org (full text, mbox):
* gnu/services/certbot.scm (<certificate-configuration>): Add csr field.
(certbot-command): Modify.
* doc/guix.texi (Certificate Services): Document it.
---
doc/guix.texi | 9 +++++++++
gnu/services/certbot.scm | 8 ++++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 15e8999447..560d7af83f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -91,6 +91,7 @@ Copyright @copyright{} 2020 Edgar Vincent@*
Copyright @copyright{} 2021 Maxime Devos@*
Copyright @copyright{} 2021 B. Wilson@*
Copyright @copyright{} 2021 Xinglu Chen@*
+Copyright @copyright{} 2021 Raghav Gururajan@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -25934,6 +25935,14 @@ the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
and gives Let's Encrypt permission to log the public IP address of the
requesting machine.
+@item @code{csr} (default: @code{#f})
+File name of Certificate Signing Request (CSR) in DER or PEM format.
+If @code{#f} is specified, this argument will not be passed to certbot.
+If a value is specified, certbot will use it to obtain a certificate, instead of
+using a self-generated CSR.
+The domain-name(s) mentioned in @code{domains}, must be consistent with the
+domain-name(s) mentioned in CSR file.
+
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 1c67ff63f1..85eff58379 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -55,6 +55,8 @@
(default '()))
(challenge certificate-configuration-challenge
(default #f))
+ (csr certificate-configuration-csr
+ (default #f))
(authentication-hook certificate-authentication-hook
(default #f))
(cleanup-hook certificate-cleanup-hook
@@ -94,8 +96,8 @@
(map
(match-lambda
(($ <certificate-configuration> custom-name domains challenge
- authentication-hook cleanup-hook
- deploy-hook)
+ csr authentication-hook
+ cleanup-hook deploy-hook)
(let ((name (or custom-name (car domains))))
(if challenge
(append
@@ -105,6 +107,7 @@
"--cert-name" name
"--manual-public-ip-logging-ok"
"-d" (string-join domains ","))
+ (if csr `("--csr" ,csr) '())
(if email
`("--email" ,email)
'("--register-unsafely-without-email"))
@@ -120,6 +123,7 @@
"--webroot" "-w" webroot
"--cert-name" name
"-d" (string-join domains ","))
+ (if csr `("--csr" ,csr) '())
(if email
`("--email" ,email)
'("--register-unsafely-without-email"))
--
2.32.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Thu, 24 Jun 2021 22:01:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 49213 <at> debbugs.gnu.org (full text, mbox):
* gnu/services/certbot.scm (<certificate-configuration>): Add csr field.
(certbot-command): Modify.
* doc/guix.texi (Certificate Services): Document it.
---
doc/guix.texi | 9 +++++++++
gnu/services/certbot.scm | 9 +++++++--
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 15e8999447..560d7af83f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -91,6 +91,7 @@ Copyright @copyright{} 2020 Edgar Vincent@*
Copyright @copyright{} 2021 Maxime Devos@*
Copyright @copyright{} 2021 B. Wilson@*
Copyright @copyright{} 2021 Xinglu Chen@*
+Copyright @copyright{} 2021 Raghav Gururajan@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -25934,6 +25935,14 @@ the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
and gives Let's Encrypt permission to log the public IP address of the
requesting machine.
+@item @code{csr} (default: @code{#f})
+File name of Certificate Signing Request (CSR) in DER or PEM format.
+If @code{#f} is specified, this argument will not be passed to certbot.
+If a value is specified, certbot will use it to obtain a certificate, instead of
+using a self-generated CSR.
+The domain-name(s) mentioned in @code{domains}, must be consistent with the
+domain-name(s) mentioned in CSR file.
+
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 1c67ff63f1..46b5abd2ef 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2019 Julien Lepiller <julien <at> lepiller.eu>
;;; Copyright © 2020 Jack Hill <jackhill <at> jackhill.us>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
+;;; Copyright © 2021 Raghav Gururajan <rg <at> raghavgururajan.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -55,6 +56,8 @@
(default '()))
(challenge certificate-configuration-challenge
(default #f))
+ (csr certificate-configuration-csr
+ (default #f))
(authentication-hook certificate-authentication-hook
(default #f))
(cleanup-hook certificate-cleanup-hook
@@ -94,8 +97,8 @@
(map
(match-lambda
(($ <certificate-configuration> custom-name domains challenge
- authentication-hook cleanup-hook
- deploy-hook)
+ csr authentication-hook
+ cleanup-hook deploy-hook)
(let ((name (or custom-name (car domains))))
(if challenge
(append
@@ -105,6 +108,7 @@
"--cert-name" name
"--manual-public-ip-logging-ok"
"-d" (string-join domains ","))
+ (if csr `("--csr" ,csr) '())
(if email
`("--email" ,email)
'("--register-unsafely-without-email"))
@@ -120,6 +124,7 @@
"--webroot" "-w" webroot
"--cert-name" name
"-d" (string-join domains ","))
+ (if csr `("--csr" ,csr) '())
(if email
`("--email" ,email)
'("--register-unsafely-without-email"))
--
2.32.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Thu, 24 Jun 2021 22:21:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 49213 <at> debbugs.gnu.org (full text, mbox):
* gnu/services/certbot.scm (<certificate-configuration>): Add csr field.
(certbot-command): Modify.
* doc/guix.texi (Certificate Services): Document it.
---
doc/guix.texi | 9 +++++++++
gnu/services/certbot.scm | 9 +++++++--
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 15e8999447..560d7af83f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -91,6 +91,7 @@ Copyright @copyright{} 2020 Edgar Vincent@*
Copyright @copyright{} 2021 Maxime Devos@*
Copyright @copyright{} 2021 B. Wilson@*
Copyright @copyright{} 2021 Xinglu Chen@*
+Copyright @copyright{} 2021 Raghav Gururajan@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -25934,6 +25935,14 @@ the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
and gives Let's Encrypt permission to log the public IP address of the
requesting machine.
+@item @code{csr} (default: @code{#f})
+File name of Certificate Signing Request (CSR) in DER or PEM format.
+If @code{#f} is specified, this argument will not be passed to certbot.
+If a value is specified, certbot will use it to obtain a certificate, instead of
+using a self-generated CSR.
+The domain-name(s) mentioned in @code{domains}, must be consistent with the
+domain-name(s) mentioned in CSR file.
+
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 1c67ff63f1..1c819bef48 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2019 Julien Lepiller <julien <at> lepiller.eu>
;;; Copyright © 2020 Jack Hill <jackhill <at> jackhill.us>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
+;;; Copyright © 2021 Raghav Gururajan <rg <at> raghavgururajan.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -55,6 +56,8 @@
(default '()))
(challenge certificate-configuration-challenge
(default #f))
+ (csr certificate-configuration-csr
+ (default #f))
(authentication-hook certificate-authentication-hook
(default #f))
(cleanup-hook certificate-cleanup-hook
@@ -94,8 +97,8 @@
(map
(match-lambda
(($ <certificate-configuration> custom-name domains challenge
- authentication-hook cleanup-hook
- deploy-hook)
+ csr authentication-hook
+ cleanup-hook deploy-hook)
(let ((name (or custom-name (car domains))))
(if challenge
(append
@@ -105,6 +108,7 @@
"--cert-name" name
"--manual-public-ip-logging-ok"
"-d" (string-join domains ","))
+ (if csr `("--csr" ,csr) '())
(if email
`("--email" ,email)
'("--register-unsafely-without-email"))
@@ -120,6 +124,7 @@
"--webroot" "-w" webroot
"--cert-name" name
"-d" (string-join domains ","))
+ (if csr `("--csr" ,csr) '())
(if email
`("--email" ,email)
'("--register-unsafely-without-email"))
--
2.32.0
Reply sent
to
Raghav Gururajan <rg <at> raghavgururajan.name>:
You have taken responsibility.
(Thu, 24 Jun 2021 22:41:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Raghav Gururajan <rg <at> raghavgururajan.name>:
bug acknowledged by developer.
(Thu, 24 Jun 2021 22:41:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 49213-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Pushed as 1bf1226a4f.
[OpenPGP_signature (application/pgp-signature, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Wed, 30 Jun 2021 19:57:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 49213 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Raghav Gururajan via Guix-patches via schreef op do 24-06-2021 om 18:39 [-0400]:
> Pushed as 1bf1226a4f.
Hi,
Do I understand correctly that this patch series
was pushed a day after it was sent? AFAIK the series is good
though I don't know anything about CSR, but, as the guix manual notes:
For anything else, please post to <guix-patches <at> gnu.org> and leave
time for a review, without committing anything (*note Submitting
Patches::). If you didn’t receive any reply after two weeks, and if
you’re confident, it’s OK to commit.
One day seems a lot less than two weeks, and I haven't seen
a reply. Did I miss any replies, or was it ‘replied’ to on IRC,
or ...?
TBF, the manual also notes
That last part is subject to being adjusted, allowing individuals to
commit directly on non-controversial changes on parts they’re familiar
with.
which might or might not apply.
Greetings,
Maxime.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Wed, 30 Jun 2021 20:17:02 GMT)
Full text and
rfc822 format available.
Message #28 received at 49213 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Maixme!
> One day seems a lot less than two weeks, and I haven't seen
> a reply. Did I miss any replies, or was it ‘replied’ to on IRC,
> or ...?
Sorry about that. I was interacting with Tobias in IRC about this patch
that day (https://logs.guix.gnu.org/guix/2021-06-25.log). After some
corrections, I was confident about that the patch with testing and I
pushed it. That said. I'll leave the future threads for more time
despite discussing on IRC. :)
Regards,
RG.
[OpenPGP_signature (application/pgp-signature, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Wed, 30 Jun 2021 20:21:02 GMT)
Full text and
rfc822 format available.
Message #31 received at submit <at> debbugs.gnu.org (full text, mbox):
On 30.06.21 22:16, Raghav Gururajan via Guix-patches via wrote:
> Hi Maixme!
>
>> One day seems a lot less than two weeks, and I haven't seen
>> a reply. Did I miss any replies, or was it ‘replied’ to on IRC,
>> or ...?
>
> Sorry about that. I was interacting with Tobias in IRC about this patch
> that day (https://logs.guix.gnu.org/guix/2021-06-25.log). After some
> corrections, I was confident about that the patch with testing and I
> pushed it. That said. I'll leave the future threads for more time
> despite discussing on IRC. :)
In that case I think its not really necessary to leave the patch longer
on the mailing list. Instead you could add something like "reviewed
together with XY in IRC" on your closing email :)
Information forwarded
to
guix-patches <at> gnu.org:
bug#49213; Package
guix-patches.
(Thu, 01 Jul 2021 08:06:01 GMT)
Full text and
rfc822 format available.
Message #34 received at 49213 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Jonathan Brielmaier schreef op wo 30-06-2021 om 22:20 [+0200]:
> On 30.06.21 22:16, Raghav Gururajan via Guix-patches via wrote:
> > Hi Maixme!
> > Sorry about that. I was interacting with Tobias in IRC about this patch
> > that day (https://logs.guix.gnu.org/guix/2021-06-25.log). After some
> > corrections, I was confident about that the patch with testing and I
> > pushed it. That said. I'll leave the future threads for more time
> > despite discussing on IRC. :)
>
> In that case I think its not really necessary to leave the patch longer
> on the mailing list. Instead you could add something like "reviewed
> together with XY in IRC" on your closing email :)
Yes, agreed on both points.
Greetings,
Maxime.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 29 Jul 2021 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 272 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.