Christopher Baines <mail@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 1 May 2025 14:47:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu May 01 10:47:46 2025
Received: from localhost ([127.0.0.1]:52142 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uAVCU-0008Uc-6u
for submit <at> debbugs.gnu.org; Thu, 01 May 2025 10:47:46 -0400
Received: from mail-pf1-x42c.google.com ([2607:f8b0:4864:20::42c]:59868)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1uAVCR-0008UJ-A6
for 67497 <at> debbugs.gnu.org; Thu, 01 May 2025 10:47:44 -0400
Received: by mail-pf1-x42c.google.com with SMTP id
d2e1a72fcca58-7376e311086so1600791b3a.3
for <67497 <at> debbugs.gnu.org>; Thu, 01 May 2025 07:47:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1746110857; x=1746715657; darn=debbugs.gnu.org;
h=mime-version:user-agent:message-id:date:references:in-reply-to
:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=8aK8uRwkAfr89HapRFjnPJHn0J8rtXcAmGaAXn/dS+M=;
b=gfVyWFT2nn9xzUOrxWPR6+teJEK5fa4AfJ4MnUMjFKMV2tgEnupYboZ5Qyn7IBJhij
BcB7cm+CPs4p9phzfnZ0H4mfkNj5iFuuT0zo3Kn+6IFytgXBz5sozCyEDl/u0QXOSAa7
kywuPNeX0ByYQF4UibTeA3gvbgDV//FMN5AilBeUQfBXBrEQi9hEsiPxWaLWadY8+Rek
m3wZ8EdOnbAHTo4je3u6RuPp160eV4VfNcoxjO6aMrrx8F6YIGO4lEcBh0mOFFkVv3hn
2gOLYcK8ILdkThODwexJhucjOwSgOVNDM0YAVMP1M4V0la5x9shzIHpuQ6wuK/HEZTal
9ptQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1746110857; x=1746715657;
h=mime-version:user-agent:message-id:date:references:in-reply-to
:subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=8aK8uRwkAfr89HapRFjnPJHn0J8rtXcAmGaAXn/dS+M=;
b=mEFMfBFRIuTpIURwP/dyeHpbXR8Lzj+hpChyFJStJ30bdXB0yvo4Y/uWTKXvS64pAd
yiqeeGu/8nFNJTmA8Y7yXHQDv0OZ+BjLwofHQCaTdnEE+5yB8tTcP7Axb4F/QLBoSPUL
BS2HZXrbk/16paR7g/CiKr79pMMkH7hr5cIsBJwm6G4HjuhIETc+ae7Z+rWc/h3RdHnz
TMsB4MSEAQQJ845vPy1ZQeNFDlHGWJk7TZsYWylqC5gStAhK7wIS6gZet3VkpPu6ZiPf
rPS+nq7G3J6trhOXdTIbbZXs9wOwM8YIPZ8n+iWoaFmzXF07tNB+7ZMU0+8eawSH1j23
0nPA==
X-Gm-Message-State: AOJu0Yzw7bbim28XQi0aa7/rVdc0YRUa7CjeDfJ5T8/Mz71ReqhcPe+q
HekNkIk42sLk2isn/gjDRLOT22KWJWICEBrgbYQshaPoBnHNXddp
X-Gm-Gg: ASbGnctC25fN7geL/3FD5+33rJlAsvJrjMLFkYkCrBkOxnhimsTETDNddK27byUSXFD
s+GrJ5jsTIkE5aYOBPnTl3lkidsHuzAHEliF09dFzmwTCZuyLdIj6sb/ZFzODKkseu7Wey1nb87
1vPX+dXz2jBTUVgMBdlEKYXU9sk6m38A/H+WoNu2SmcvmT6tzhYtn1xRBrg1LXikmkS2Cw8ufIw
3q5UMLe5i7wwJ0uzAT0JOfq4MnwqfDIe+YoieUAK7TOk2O+VyaQ5khFH0AAwfZNIMa0CPkqhy1Q
mBHWUcYFW2Z0R9xOZEUNzoQ3XpxEKxIhsluKqKlsfm0mpeBJ4w==
X-Google-Smtp-Source: AGHT+IH0HRGrgXsOHMjUKWQ2QYB4w5seVsNZC28Lh2MBjIp1a1d4xrDfkxk4wsgAwXKjVqtnF/iz2A==
X-Received: by 2002:a05:6a00:9a2:b0:736:520a:58f9 with SMTP id
d2e1a72fcca58-7404924ef8dmr3511584b3a.17.1746110857187;
Thu, 01 May 2025 07:47:37 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-7404f9f76b3sm899119b3a.99.2025.05.01.07.47.35
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 01 May 2025 07:47:36 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Felix Lechner <felix.lechner@HIDDEN>
Subject: Re: [PATCH v2 4/4] In certbot's client configuration, offer
multiple deploy-hooks.
In-Reply-To: <cf51d7a8ac2a81602868c2f7e3c1fc1c143ffcc0.1746026936.git.felix.lechner@HIDDEN>
(Felix Lechner's message of "Wed, 30 Apr 2025 08:34:39 -0700")
References: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
<cf51d7a8ac2a81602868c2f7e3c1fc1c143ffcc0.1746026936.git.felix.lechner@HIDDEN>
Date: Thu, 01 May 2025 23:47:33 +0900
Message-ID: <87ldrg75h6.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 67497
Cc: 67497 <at> debbugs.gnu.org, Carlo Zancanaro <carlo@HIDDEN>,
Bruno Victal <mirai@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi,
Felix Lechner <felix.lechner@HIDDEN> writes:
> The certbot program can accept multiple deploy hooks by repeating the relevant
> option on the command line. This commit makes that capability available to
> users.
>
> Certificates are often used to secure multiple services. It is helpful to have
> separate hooks for each service. It makes those hooks easier to maintain. It's
> also easier that way to re-use a hook for another certificate that may not
> serve to secure the same combination of services.
For this commit and the previous one, you can keep your nice explanatory
text, but a GNU ChangeLog must be added below, per our conventions. I
can be terse and to the point, touching only the *changes*, especially
since you already have an explanatory text.
> Change-Id: I3a293daee47030d9bee7f366605aa63a14e98e38
> ---
> doc/guix.texi | 11 ++++++-----
> gnu/services/certbot.scm | 18 ++++++++++++++++--
> 2 files changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 1b0fa4f2a3a..deb1f76d353 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -35378,7 +35378,7 @@ Certificate Services
> (list
> (certificate-configuration
> (domains '("example.net" "www.example.net"))
> - (deploy-hook %nginx-deploy-hook))
> + (deploy-hooks '(%nginx-deploy-hook)))
> (certificate-configuration
> (domains '("bar.example.net")))))))
> @end lisp
> @@ -35483,14 +35483,15 @@ Certificate Services
> additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
> of the @code{auth-hook} script.
>
> -@item @code{deploy-hook} (default: @code{#f})
> -Command to be run in a shell once for each successfully issued
> -certificate. For this command, the environment variable
> +@item @code{deploy-hooks} (default: @code{'()})
> +Commands to be run in a shell once for each successfully issued
> +certificate. For these commands, the environment variable
> @code{$RENEWED_LINEAGE} will point to the config live subdirectory (for
> example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new
> certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will
> contain a space-delimited list of renewed certificate domains (for
> -example, @samp{"example.com www.example.com"}.
> +example, @samp{"example.com www.example.com"}. Please note that the singular
> +field @code{deploy-hook} was replaced by this field in the plural.
Need two space before the new sentence starts.
>
> @item @code{start-self-signed?} (default: @code{#t})
> Whether to generate an initial self-signed certificate during system
> diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
> index 08a480ed3b1..7a67b9bd7cb 100644
> --- a/gnu/services/certbot.scm
> +++ b/gnu/services/certbot.scm
> @@ -30,6 +30,7 @@ (define-module (gnu services certbot)
> #:use-module (gnu services web)
> #:use-module (gnu system shadow)
> #:use-module (gnu packages tls)
> + #:use-module (guix deprecation)
> #:use-module (guix i18n)
> #:use-module (guix records)
> #:use-module (guix gexp)
> @@ -63,8 +64,11 @@ (define-record-type* <certificate-configuration>
> (default #f))
> (cleanup-hook certificate-cleanup-hook
> (default #f))
> + ;; TODO: remove singular deploy-hook; is deprecated
For standalone comments, please use complete sentences, as in:
;; TODO: Remove singular deploy-hook, which is deprecated.
Note that it's not enough to simply document it as deprecated, you must
introduce a deprecation warning when people are using it for the
'deprecation' to count as such. Since this record is using a plain Guix
record, this is usually done using a sanitizer with a maybe value that
warns when the value is set.
> (deploy-hook certificate-configuration-deploy-hook
> (default #f))
> + (deploy-hooks certificate-configuration-deploy-hooks
> + (default '()))
> (start-self-signed? certificate-configuration-start-self-signed?
> (default #t)))
>
> @@ -140,7 +144,8 @@ (define certbot-command
> (match-lambda
> (($ <certificate-configuration> custom-name domains challenge
> csr authentication-hook
> - cleanup-hook deploy-hook)
> + cleanup-hook
> + deploy-hook deploy-hooks)
> (let ((name (or custom-name (car domains))))
> (append
> (list name
> @@ -168,7 +173,16 @@ (define certbot-command
> (list "--register-unsafely-without-email"))
> (if server (list "--server" server) '())
> (if rsa-key-size (list "--rsa-key-size" rsa-key-size) '())
> - (if deploy-hook (list "--deploy-hook" deploy-hook) '())))))
> +
> + (if deploy-hook
> + (begin
> + (warn-about-deprecation 'deploy-hook #f
> + #:replacement 'deploy-hooks)
Ah, I see you warned here, but that's going to happen at the time the
service is executed, right? Which is not as good: we'd like the
deprecation to be printed as early as possible, typically when the user
reconfigures their system. A sanitizer on the record field would
achieve that.
--
Thanks,
Maxim
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Apr 30 11:35:21 2025
Received: from localhost ([127.0.0.1]:43929 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uA9Sy-0002Sq-Hl
for submit <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:21 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:49108)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <felix.lechner@HIDDEN>)
id 1uA9Sn-0002M8-I4
for 67497 <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=HEqbv6EViF+YxSJ
wmA84LP4xnCFvOpeRkljgGH4fF3g=;
h=references:in-reply-to:date:subject:
cc:to:from; d=lease-up.com; b=YEo0uKR6FTALBH+uxK59bsrRzqTfqTpwvwORycoQ
f7+KRPyevQOJlAC4mXZ5L4Z2uDp+O7dvpnmwl2kBoioPKwZid0Q5AJpTsiryKYh4ngOF1u
iD+sjUdQR0aZfa1Hx887/kzHVHzOH4ZyC/y7/CC+ozRpVMIy7DDtQuq+pqiqA=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 5b25eb73
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Wed, 30 Apr 2025 15:35:06 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id c961b6af;
Wed, 30 Apr 2025 15:35:05 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH v2 3/4] In certbot service, reduce code duplication.
Date: Wed, 30 Apr 2025 08:34:38 -0700
Message-ID: <e1241f73bba23e4015c84cc826d11f92d723ac6c.1746026936.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
References: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 67497
Cc: Carlo Zancanaro <carlo@HIDDEN>, Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>,
Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
The certbot command is can only be changed with a great deal of attention. The
program branches early and constructs two separate invocations. Changes would
generally have to be made in two places. Otherwise, a new bug might be
introduced.
This commit places the conditional inquestion inside the list so that future
edits are more fool-proof.
Change-Id: I4a54f8b78ff4722688de7772d3c26a6191d6ff89
---
gnu/services/certbot.scm | 60 ++++++++++++++++++----------------------
1 file changed, 27 insertions(+), 33 deletions(-)
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index d6c7d175ff5..08a480ed3b1 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -142,39 +142,33 @@ (define certbot-command
csr authentication-hook
cleanup-hook deploy-hook)
(let ((name (or custom-name (car domains))))
- (if challenge
- (append
- (list name certbot "certonly" "-n" "--agree-tos"
- "--manual"
- (string-append "--preferred-challenges=" challenge)
- "--cert-name" name
- "--manual-public-ip-logging-ok"
- "-d" (string-join domains ","))
- (if csr `("--csr" ,csr) '())
- (if email
- `("--email" ,email)
- '("--register-unsafely-without-email"))
- (if server `("--server" ,server) '())
- (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
- (if authentication-hook
- `("--manual-auth-hook" ,authentication-hook)
- '())
- (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '())
- (list "--deploy-hook"
- (certbot-deploy-hook name deploy-hook)))
- (append
- (list name certbot "certonly" "-n" "--agree-tos"
- "--webroot" "-w" webroot
- "--cert-name" name
- "-d" (string-join domains ","))
- (if csr `("--csr" ,csr) '())
- (if email
- `("--email" ,email)
- '("--register-unsafely-without-email"))
- (if server `("--server" ,server) '())
- (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
- (list "--deploy-hook"
- (certbot-deploy-hook name deploy-hook)))))))
+ (append
+ (list name
+ certbot
+ "certonly"
+ "-n"
+ "--agree-tos")
+ (if challenge
+ (append
+ (list "--manual"
+ (string-append "--preferred-challenges=" challenge)
+ "--manual-public-ip-logging-ok")
+ (if authentication-hook
+ (list "--manual-auth-hook" authentication-hook)
+ '())
+ (if cleanup-hook
+ (list "--manual-cleanup-hook" cleanup-hook)
+ '()))
+ (list "--webroot" "-w" webroot))
+ (list "--cert-name" name
+ "-d" (string-join domains ","))
+ (if csr (list "--csr" csr) '())
+ (if email
+ (list "--email" email)
+ (list "--register-unsafely-without-email"))
+ (if server (list "--server" server) '())
+ (if rsa-key-size (list "--rsa-key-size" rsa-key-size) '())
+ (if deploy-hook (list "--deploy-hook" deploy-hook) '())))))
certificates)))
(program-file
"certbot-command"
--
2.49.0
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Apr 30 11:35:20 2025
Received: from localhost ([127.0.0.1]:43927 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uA9Sv-0002SB-QX
for submit <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:20 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:35816)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <felix.lechner@HIDDEN>)
id 1uA9So-0002MM-44
for 67497 <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=mmSDw5Y+P4Pk4EI
7DmeWJP2ZMqkwEfK9lYxSUn0i/mA=;
h=references:in-reply-to:date:subject:
cc:to:from; d=lease-up.com; b=YUKYHFmU4EuFvSSG8+kKjndfl4kEBv5ZDw3WzwdV
XsChkNvO88FasWvefpBKPeZMkW9EyDU5xnewIIzqs5ud/JkFzWwYcg8Ht+2H69y36YzoS7
ZaxX4lpUpt2bkqA5CpUowiCca+lvHDK4oyofM7N6YGnX6Y5WAVP5exq+mclKE=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 5d8c886e
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Wed, 30 Apr 2025 15:35:08 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id 26a28ea1;
Wed, 30 Apr 2025 15:35:07 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH v2 4/4] In certbot's client configuration,
offer multiple deploy-hooks.
Date: Wed, 30 Apr 2025 08:34:39 -0700
Message-ID: <cf51d7a8ac2a81602868c2f7e3c1fc1c143ffcc0.1746026936.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
References: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Gabriel Wicki <gabriel@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 67497
Cc: Carlo Zancanaro <carlo@HIDDEN>, Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>,
Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
The certbot program can accept multiple deploy hooks by repeating the relevant
option on the command line. This commit makes that capability available to
users.
Certificates are often used to secure multiple services. It is helpful to have
separate hooks for each service. It makes those hooks easier to maintain. It's
also easier that way to re-use a hook for another certificate that may not
serve to secure the same combination of services.
Change-Id: I3a293daee47030d9bee7f366605aa63a14e98e38
---
doc/guix.texi | 11 ++++++-----
gnu/services/certbot.scm | 18 ++++++++++++++++--
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 1b0fa4f2a3a..deb1f76d353 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -35378,7 +35378,7 @@ Certificate Services
(list
(certificate-configuration
(domains '("example.net" "www.example.net"))
- (deploy-hook %nginx-deploy-hook))
+ (deploy-hooks '(%nginx-deploy-hook)))
(certificate-configuration
(domains '("bar.example.net")))))))
@end lisp
@@ -35483,14 +35483,15 @@ Certificate Services
additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
of the @code{auth-hook} script.
-@item @code{deploy-hook} (default: @code{#f})
-Command to be run in a shell once for each successfully issued
-certificate. For this command, the environment variable
+@item @code{deploy-hooks} (default: @code{'()})
+Commands to be run in a shell once for each successfully issued
+certificate. For these commands, the environment variable
@code{$RENEWED_LINEAGE} will point to the config live subdirectory (for
example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new
certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will
contain a space-delimited list of renewed certificate domains (for
-example, @samp{"example.com www.example.com"}.
+example, @samp{"example.com www.example.com"}. Please note that the singular
+field @code{deploy-hook} was replaced by this field in the plural.
@item @code{start-self-signed?} (default: @code{#t})
Whether to generate an initial self-signed certificate during system
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 08a480ed3b1..7a67b9bd7cb 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -30,6 +30,7 @@ (define-module (gnu services certbot)
#:use-module (gnu services web)
#:use-module (gnu system shadow)
#:use-module (gnu packages tls)
+ #:use-module (guix deprecation)
#:use-module (guix i18n)
#:use-module (guix records)
#:use-module (guix gexp)
@@ -63,8 +64,11 @@ (define-record-type* <certificate-configuration>
(default #f))
(cleanup-hook certificate-cleanup-hook
(default #f))
+ ;; TODO: remove singular deploy-hook; is deprecated
(deploy-hook certificate-configuration-deploy-hook
(default #f))
+ (deploy-hooks certificate-configuration-deploy-hooks
+ (default '()))
(start-self-signed? certificate-configuration-start-self-signed?
(default #t)))
@@ -140,7 +144,8 @@ (define certbot-command
(match-lambda
(($ <certificate-configuration> custom-name domains challenge
csr authentication-hook
- cleanup-hook deploy-hook)
+ cleanup-hook
+ deploy-hook deploy-hooks)
(let ((name (or custom-name (car domains))))
(append
(list name
@@ -168,7 +173,16 @@ (define certbot-command
(list "--register-unsafely-without-email"))
(if server (list "--server" server) '())
(if rsa-key-size (list "--rsa-key-size" rsa-key-size) '())
- (if deploy-hook (list "--deploy-hook" deploy-hook) '())))))
+
+ (if deploy-hook
+ (begin
+ (warn-about-deprecation 'deploy-hook #f
+ #:replacement 'deploy-hooks)
+ (list "--deploy-hook" deploy-hook))
+ '())
+ (append-map (lambda (hook)
+ (list "--deploy-hook" hook))
+ deploy-hooks)))))
certificates)))
(program-file
"certbot-command"
--
2.49.0
gabriel@HIDDEN, ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Apr 30 11:35:17 2025
Received: from localhost ([127.0.0.1]:43925 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uA9Sv-0002Rp-8r
for submit <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:17 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:49108)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <felix.lechner@HIDDEN>)
id 1uA9Sm-0002M8-D0
for 67497 <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=m07dR0mb10lL5cW
Oa5LSDtsYMk2tsHDsvBEVpeGOCbM=;
h=references:in-reply-to:date:subject:
cc:to:from; d=lease-up.com; b=aNuFbiNqx4tHrRyV6XVsReNlwVI4sT932plZbyni
enVj3mVR3dFGUv4alZxM8y4y1YCjYhA+XIdS6kgad1cFrhNVWgOwIW5qYV/9gVogKS10dh
o+lOK1gLDTxPnZL+bVXJh6Oo2DCCfuMUvCHPz/ygrhkR+ecZQpDii+7np6Ey8=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 7d2d8054
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Wed, 30 Apr 2025 15:35:04 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id f371d704;
Wed, 30 Apr 2025 15:35:03 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH v2 2/4] In certbot documentation,
call environment variables by their proper name.
Date: Wed, 30 Apr 2025 08:34:37 -0700
Message-ID: <fea3a7fee3d2107ac69035a37b34c594e1250b97.1746026936.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
References: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Gabriel Wicki <gabriel@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 67497
Cc: Carlo Zancanaro <carlo@HIDDEN>, Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>,
Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Certbot's hooks can be written in any language. in fact, they can be any kind
of executable. Environment variables are widely used to communicate values
across that type of fork(2) boundary. In the context here, it is more accurate
to talk about environment variables.
Change-Id: If0b476c3367a3108d9365d718a74faa7d9fe7530
---
doc/guix.texi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index b48255a16e0..1b0fa4f2a3a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -35471,24 +35471,24 @@ Certificate Services
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
-answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
+answered. For this command, the environment variable @code{$CERTBOT_DOMAIN}
will contain the domain being authenticated, @code{$CERTBOT_VALIDATION}
contains the validation string and @code{$CERTBOT_TOKEN} contains the
file name of the resource requested when performing an HTTP-01 challenge.
@item @code{cleanup-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge that
-have been answered by the @code{auth-hook}. For this command, the shell
+have been answered by the @code{auth-hook}. For this command, the environment
variables available in the @code{auth-hook} script are still available, and
additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
of the @code{auth-hook} script.
@item @code{deploy-hook} (default: @code{#f})
Command to be run in a shell once for each successfully issued
-certificate. For this command, the shell variable
+certificate. For this command, the environment variable
@code{$RENEWED_LINEAGE} will point to the config live subdirectory (for
example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new
-certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
+certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will
contain a space-delimited list of renewed certificate domains (for
example, @samp{"example.com www.example.com"}.
--
2.49.0
gabriel@HIDDEN, ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Apr 30 11:35:12 2025
Received: from localhost ([127.0.0.1]:43920 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uA9Sp-0002Mu-Ox
for submit <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:12 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:49108)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <felix.lechner@HIDDEN>)
id 1uA9Sk-0002M8-Jp
for 67497 <at> debbugs.gnu.org; Wed, 30 Apr 2025 11:35:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=32oyDPoDHfPfas9
WcaIFANx+YdQzF6gypy3fbmUCGco=; h=date:subject:cc:to:from;
d=lease-up.com; b=bDW3NwvzEBy7vKuy2sgdoyZtBzVjxEfX+vsT1hDQhnAkLqicFPQK
RncLwk6mCrolTWb0xRPAW83rnt0SoEl54ypa0iWO+9bLUM2BDgFhCTxcoCxC8kQyH2RHm/
D13GGPq5GlHfO+FoB/0WaKXbEqX/w6N/GvhyCQKlMdcp869/8=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id c62308a8
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Wed, 30 Apr 2025 15:35:01 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id 7b88aa02;
Wed, 30 Apr 2025 15:35:01 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH v2 1/4] In documentation,
rename %certbot-deploy-hook back to %nginx-deploy-hook..
Date: Wed, 30 Apr 2025 08:34:36 -0700
Message-ID: <e2119afb4420e040d4e9f2d659a0df4ee9ca0c9c.1746026936.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
X-Debbugs-Cc: Gabriel Wicki <gabriel@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 67497
Cc: Carlo Zancanaro <carlo@HIDDEN>, Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>,
Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Bruno Victal made that change in commit fec8e513, but a nearby patch will
offer the ability to specify a list of hooks. That makes it possible to name
deploy hooks after the services they restart.
Change-Id: I128f71f2e96159eef8821e21ea03ecf0c1c0a7f4
---
doc/guix.texi | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 90d90b2e1eb..b48255a16e0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -35364,13 +35364,21 @@ Certificate Services
must be a @code{certbot-configuration} record as in this example:
@lisp
+(define %nginx-deploy-hook
+ (program-file "certbot-nginx-deploy-hook.scm"
+ (with-imported-modules '((gnu services herd))
+ #~(begin
+ (use-modules (gnu services herd))
+ (with-shepherd-action 'nginx ('reload) result result)))))
+
(service certbot-service-type
(certbot-configuration
(email "foo@@example.net")
(certificates
(list
(certificate-configuration
- (domains '("example.net" "www.example.net")))
+ (domains '("example.net" "www.example.net"))
+ (deploy-hook %nginx-deploy-hook))
(certificate-configuration
(domains '("bar.example.net")))))))
@end lisp
base-commit: bb8cc412c8fcab613c402e06ae7024d6df5c9010
--
2.49.0
gabriel@HIDDEN, ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.Received: (at 67497) by debbugs.gnu.org; 23 Apr 2025 01:46:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 22 21:46:09 2025 Received: from localhost ([127.0.0.1]:50815 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1u7PBg-0000W0-V0 for submit <at> debbugs.gnu.org; Tue, 22 Apr 2025 21:46:09 -0400 Received: from mail-pj1-x1036.google.com ([2607:f8b0:4864:20::1036]:51569) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1u7PBd-0000Cz-Bk for 67497 <at> debbugs.gnu.org; Tue, 22 Apr 2025 21:46:06 -0400 Received: by mail-pj1-x1036.google.com with SMTP id 98e67ed59e1d1-306b78ae2d1so4699183a91.3 for <67497 <at> debbugs.gnu.org>; Tue, 22 Apr 2025 18:46:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745372759; x=1745977559; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=NdOnhbzDtyJx8+fAVvcWszcueSR8UJq85A5p/H+I1Rc=; b=A8b2ZY6Ku8+nQ4eJ9QjiIDWeWaxm66l7ctFSMqKQB3Ta2ZMzEW9A8UlC8HMUh93iQC LpckPHQJRFSfkxUf9wDgUgJqorP6JQ5Uw+jBVP1k/cJkEFUxmyjF7Z4BPCAyoo5xj+NV +gk/ncBDXGgxoB9VP4YoCMaT1V3x2B3tTILlfM5Sug7JKHfRxdumvNASfqXLxmYpwAjI q9E2bMEXPzV5fWRuc4VZ0CTJ+YDOvFP2hTn4VrKNmDgs67R6da3Uj1oX2v1zJV7TduSB KO4bhFKbKiGuivBCdzzuuvcRPcl+stdWZ7X5dSBepProBCxXy0oVkpsylve7z9bqD6pR /DpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745372759; x=1745977559; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=NdOnhbzDtyJx8+fAVvcWszcueSR8UJq85A5p/H+I1Rc=; b=UIUBQ86ofxR6ygQJx9ux3GT/lsJ4cHOoBaj6/7J2uaZOMeVDjVxa6CExS6O8pJbRc7 3wAPozB7EzlTnnXYu/ElxIjZX/skso4q30tSGvCKTzL197laDQo1XutF702FD7Eu2A/t xNFgmrpoCl5fXRZQPwAx2dEaQUJfRMO2YwH4EZBVtdpOR6bUv0Jv5Lzik4CqMplI6cTn K0ltRGoy2g6sRZse9Vu62hPmsJpi9s+3vgjG2pm2HxeMMCZ4UaJufhc9PUDVeysU/FU4 1Fr1fSXfv0j9UDDeyILo+ox85ss4w1/6n8MU2j+EeVenY+FoNCkhl1BBmVKlD9CpeZ/4 ByuA== X-Gm-Message-State: AOJu0Yy0h23LxdRr9qitFCWiTOaSxdMjUtF+dVpHAKja1p4I2CAASrfy UzC2r3Raxfe3uPEij51yo08f/PuKGIpgNk9/V/pf4hngkXZBdm/N X-Gm-Gg: ASbGncuTk275YqX08p6Ws7+HG73XncbpuvWMbq43Aw4ST8D9jczhCyPPApT8XgnPbee ylxOZZmvV3KJONyCUnmEySpJlJ+lqAP4Dx6P25Utu6JSlPFMu29VqDEo5munZLQqRLIqsO+nq00 og9D2cXIOwxLMrhVEQnEfmJZOTkcFwnuMYOAew10jDFSpfcEuNnROjhqB253UM0D7ey2LOMmMNZ pvCoGZnW3S+9zTv8DVloroN0gkfvtwggDhpRakbJfN8lCLs2pUyCW7XO1A6V4Egg9Q+XlIjyeIc VsXD1m3QgC2o5nyyaiIR/vmc5q//QwB0KQJJDeA= X-Google-Smtp-Source: AGHT+IHk1zVj0uENnAqUodK7t3dSUJf0XZCwtmrxr77AEUhyAxi56Guxl+kLsOqtcdyAKSgKQz5Jdg== X-Received: by 2002:a17:90a:c887:b0:2fa:15ab:4df5 with SMTP id 98e67ed59e1d1-3087bccb042mr21521859a91.34.1745372758919; Tue, 22 Apr 2025 18:45:58 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-309e0d06a91sm315045a91.46.2025.04.22.18.45.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Apr 2025 18:45:58 -0700 (PDT) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Felix Lechner <felix.lechner@HIDDEN> Subject: Re: [bug#67497] [PATCH] Multiple deploy hooks in certbot service In-Reply-To: <87y0xoxvl0.fsf@HIDDEN> (Arun Isaac's message of "Sat, 01 Mar 2025 21:57:47 +0000") References: <87zfyzkkt4.fsf@HIDDEN> <87y0xoxvl0.fsf@HIDDEN> Date: Wed, 23 Apr 2025 10:45:54 +0900 Message-ID: <87bjsn1wh9.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 67497 Cc: 67497 <at> debbugs.gnu.org, Carlo Zancanaro <carlo@HIDDEN>, Bruno Victal <mirai@HIDDEN>, Felix Lechner <felix.lechner@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, Arun Isaac <arunisaac@HIDDEN> writes: > Hi all, > > This patchset LGTM. But, I would recommend that someone who actually > uses the certbot service reviews it. I do not use it myself, and would > not be able to test the service after the changes. I am therefore > tagging this issue with the help tag. Felix, could you please rebase this on master, after which I can apply it? -- Thanks, Maxim
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.Arun Isaac <arunisaac@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 67497) by debbugs.gnu.org; 1 Mar 2025 21:58:19 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 01 16:58:18 2025 Received: from localhost ([127.0.0.1]:45495 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1toUqg-00074O-14 for submit <at> debbugs.gnu.org; Sat, 01 Mar 2025 16:58:18 -0500 Received: from mugam.systemreboot.net ([139.59.75.54]:39986) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <arunisaac@HIDDEN>) id 1toUqb-00073k-8g for 67497 <at> debbugs.gnu.org; Sat, 01 Mar 2025 16:58:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemreboot.net; s=default; t=1740866275; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to; bh=a3Zton/SWkJ7b11Kjnl03jBivSx+XLdGHBfymMcH7v4=; b=WKokgIVOu4zMmxJZ/TaVIOqESzo8MNyoeLVWrgqNHVXZgNphCsnjc0ESH11csgh4gYd2VB wJNS4cxP58tdGcka+9pnaL6Up5Kaat/lYPlKShEibwlHntOpixScXK0YSQJYzk5Q9xLCFg 2n58JZT0IsfXY1fOGPBSTGOrwqtNYGfIv9MZwLtTD8DnbreNqTEtPDRKtSc6UDF0PwqAbu XzqD7eEhSYWOsS4KiW7PLbmL5F4/CjlpTDjWAZwgzvuMZD5r08g7GGgMwDrncXQdRUrdvV 5yoMonk/3ghPtPXnAz7hTlPA9EyKuwo1j7i2QfBoeYsYugG1VgA2SYBNf4dkLw== Received: from localhost (<unknown> [192.168.2.1]) by mugam.systemreboot.net (OpenSMTPD) with ESMTPSA id c14746ed (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sat, 1 Mar 2025 21:57:54 +0000 (UTC) From: Arun Isaac <arunisaac@HIDDEN> To: 67497 <at> debbugs.gnu.org Subject: Re: [PATCH] Multiple deploy hooks in certbot service In-Reply-To: <87v7t8w28t.fsf@HIDDEN> Date: Sat, 01 Mar 2025 21:57:47 +0000 Message-ID: <87y0xoxvl0.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 67497 Cc: Arun Isaac <arunisaac@HIDDEN>, Bruno Victal <mirai@HIDDEN>, Carlo Zancanaro <carlo@HIDDEN>, Felix Lechner <felix.lechner@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi all, This patchset LGTM. But, I would recommend that someone who actually uses the certbot service reviews it. I do not use it myself, and would not be able to test the service after the changes. I am therefore tagging this issue with the help tag. Thanks, Arun
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 18 Feb 2025 00:00:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 17 19:00:51 2025
Received: from localhost ([127.0.0.1]:51257 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tkB2g-00006M-HE
for submit <at> debbugs.gnu.org; Mon, 17 Feb 2025 19:00:50 -0500
Received: from voltorb.zancanaro.id.au ([45.77.50.64]:53812)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <carlo@HIDDEN>)
id 1tkB2d-00005c-2W
for 67497 <at> debbugs.gnu.org; Mon, 17 Feb 2025 19:00:48 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; bh=HsIywV268q7q5hX
6Y75/5H4E7OUzuKlOKOcpDtCSvDk=;
h=date:references:in-reply-to:subject:
cc:to:from; d=zancanaro.id.au; b=h1gXEzvFPrCKpWJk/w7QBdykOI0RpVkYHZWQh
TIJ6o4cEs4rcgZGaM3g+5Q6UdrxSQTotQ9tXrAqySo083IDZCN6xC5vx/XKsta4EtadOt/
gRjeDEsNNHqsBEpwfeMvJ4ysM2AuuZR9AuhIOT0OxVf1yyRa2kp36xrtdKXVLAZw=
Received: by voltorb.zancanaro.id.au (OpenSMTPD) with ESMTPSA id 47fa908c
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Tue, 18 Feb 2025 00:00:28 +0000 (UTC)
From: Carlo Zancanaro <carlo@HIDDEN>
To: Bruno Victal <mirai@HIDDEN>
Subject: Re: [bug#67497] [PATCH] Multiple deploy hooks in certbot service
In-Reply-To: <a224335a-b8f0-46cd-ba90-8bc51d698376@HIDDEN> (Bruno
Victal's message of "Sat, 16 Dec 2023 20:50:16 +0000")
References: <87zfyzkkt4.fsf@HIDDEN> <874jh6bu8c.fsf@HIDDEN>
<a224335a-b8f0-46cd-ba90-8bc51d698376@HIDDEN>
Date: Tue, 18 Feb 2025 11:00:34 +1100
Message-ID: <87v7t8w28t.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 67497
Cc: 67497 <at> debbugs.gnu.org, Arun Isaac <arunisaac@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Given this thread came up on guix-devel, and I use certbot and have
opinions, I thought I might chime in on this.
On Sat, Dec 16 2023, Bruno Victal wrote:
> As Arun pointed out, I don't think multiple deploy hooks would be
> adding value here.
I disagree. I think adding multiple deploy hooks would be adding value,
even beyond just reducing syntactic overhead (which is valuable itself).
Having a list of hooks has two benefits that I can see:
1. A list of hooks can be introspected by Scheme code, which lets us
write code to manipulate certbot-configuration objects. In particular,
it would make it easier to write code to add hooks without accidentally
duplicating existing hooks, and it would make it possible to write code
to remove hooks. I could easily see this being used in an enhancement to
the certbot-service-type extension mechanism where multiple services
extending certbot-service-type could be combined into a single
certificate (where the domains match, and whatnot).
2. A list of hooks makes it easier to read your configuration, and makes
it obvious that we're intending to support small, specific, deploy
hooks. This is a social argument, rather than a technical one. Even with
no change in expressive power, our interfaces do communicate how we
intend for them to be used. Having a list communicates "we expect each
hook to do one thing", which feels good to me.
At the very least, even if we don't go with list of deploy-hooks, we
could get some improvement by having an official gexp helper
"invoke-all" which calls invoke on each of its gexp arguments in
turn. This would be more generally useful for gexp composition, but then
it would also be less obvious than a deploy-hooks list (unless you're
already very familiar with gexps).
> What would be interesting though is adding service-extensions support
> for certbot-service-type.
I'm not entirely sure what you mean by this. certbot-service-type
already supports extensions?
On Sat, Dec 16 2023, Bruno Victal wrote:
> [...] for the record mine looks like this:
>
> --8<---------------cut here---------------start------------->8---
> (program-file "certbot-hook.scm"
> ;; source-module-closure not used here because at the time of writing
> ;; (gnu services herd) only uses Guile modules.
> (with-imported-modules '((gnu services herd))
> #~(begin
> (use-modules (gnu services herd))
> (with-shepherd-action 'nginx ('reload) result result)
> (restart-service 'dovecot)
> (restart-service 'smtpd))))
> --8<---------------cut here---------------end--------------->8---
As a bit of fun: do you know the difference between this hook, and the
equivalent using multiple --deploy-hook arguments? Error handling and
logging. With multiple deploy-hooks, I believe Cerbot will always run
all of them, and will report errors for each of them individually. An
error restarting dovecot shouldn't prevent smtpd from restarting, but in
your gexp it would (although I'm not actually sure how herd reports
errors here - my point is more general than this specific example).
The more we ask people to plumb things together themselves, the more we
ask them to decide themselves about error handling and logging. Which
means that error handling and logging will be an afterthought at best.
If you want to put things in one gexp you still can, but making it the
only option leaves less room for Certbot to "add value" in handling
these things for us.
Carlo
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.Received: (at 67497) by debbugs.gnu.org; 19 Dec 2023 06:30:16 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Dec 19 01:30:16 2023 Received: from localhost ([127.0.0.1]:34158 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rFTcO-00016S-EA for submit <at> debbugs.gnu.org; Tue, 19 Dec 2023 01:30:16 -0500 Received: from mugam.systemreboot.net ([139.59.75.54]:56696) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <arunisaac@HIDDEN>) id 1rFTcL-00014w-Fj for 67497 <at> debbugs.gnu.org; Tue, 19 Dec 2023 01:30:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=systemreboot.net; s=default; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+eiEw4ePthIXK22a1CtflzxvpmRwM2trRNE0qKvpjJc=; b=BtG5nSE6Raz/bpARYmrNBHAgD8 nphsxQrfJTaVdtWia2TBycta9V89UufYO3dNLgoMD5TylYPB8a1VQquCcZ58/DKITmaFrIPQPXOL+ 1RhOz34hCWv7fyiey8PySsF7hNoPMCBD1PbRrJ0eFK/LwpKofE6MLXRYD4D1fftW+XFw8/fU8nMKa h8TJuEvxQwYM8LEAilg3Rv4LHBWmeDULchoc2+ntxvv//AF7xpqCWCE9h+Cu6G7QdmWCtOGSol2DV Rxg60WoqouTQOD3Kru5isoCLMG7fAwxZqAwzXV4zdR9EGNel/IugmJmxRYgRKls7tF/Jiuz89eq3p n6SHiMZg==; Received: from [192.168.2.1] (port=45110 helo=localhost) by systemreboot.net with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.1) (envelope-from <arunisaac@HIDDEN>) id 1rFTbk-0001qn-0V; Tue, 19 Dec 2023 06:29:36 +0000 From: Arun Isaac <arunisaac@HIDDEN> To: Felix Lechner <felix.lechner@HIDDEN>, Bruno Victal <mirai@HIDDEN> Subject: Re: bug#67497: [PATCH] Multiple deploy hooks in certbot service In-Reply-To: <875y0wrabr.fsf@HIDDEN> References: <87zfyzkkt4.fsf@HIDDEN> <874jh6bu8c.fsf@HIDDEN> <a224335a-b8f0-46cd-ba90-8bc51d698376@HIDDEN> <875y0wrabr.fsf@HIDDEN> Date: Tue, 19 Dec 2023 06:29:55 +0000 Message-ID: <8734vyu2l8.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 67497 Cc: 67497 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi Felix, You make good points. Having multiple deploy hooks is probably in the spirit of the certbot project and makes for more declarative configuration. However, I still feel that combining multiple deploy hooks into one is better /composition/, more schemy and less complexity for the Guix certbot service. But, if others feel that multiple deploy hooks make sense, I am very happy to accept that. > Your blanket opposition to this patch is incomprehensible to me from > several angles: And, I am not in blanket opposition to this patch. :-) I was just contributing my two cents to the discussion. I suggested the alternative of combining hooks just in case you had not already thought of it. I am not invested in the certbot service. I don't even use it myself. Regards, Arun
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.Received: (at 67497) by debbugs.gnu.org; 17 Dec 2023 17:46:38 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 17 12:46:37 2023 Received: from localhost ([127.0.0.1]:58997 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rEvDp-0004SQ-Gw for submit <at> debbugs.gnu.org; Sun, 17 Dec 2023 12:46:37 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:41410) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <felix.lechner@HIDDEN>) id 1rEvDn-0004SJ-V6 for 67497 <at> debbugs.gnu.org; Sun, 17 Dec 2023 12:46:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=YYt31buC56lwLvr zqn9LxOpyvA6g1RRuchLOgeu14KU=; h=date:references:in-reply-to:subject: cc:to:from; d=lease-up.com; b=FxhnV/t3Mv9AkQyA2+JhehqwxAW6QCDQAkbl/+D9 +D/9aRSyygVeoiJG2TLFEBvprlTn0yUvvPoVBVHEeDqOkIuVOB/1dZp7XWZ9aAGaufEQRa 9budARgqi3X2anJ8JjfWYVQQNnSNvxrIZGW1cMBbISZSc6q2YceDHbhyrOYH4= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 0d66f2f2 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Sun, 17 Dec 2023 17:46:33 +0000 (UTC) From: Felix Lechner <felix.lechner@HIDDEN> To: Bruno Victal <mirai@HIDDEN>, Arun Isaac <arunisaac@HIDDEN> Subject: Re: bug#67497: [PATCH] Multiple deploy hooks in certbot service In-Reply-To: <a224335a-b8f0-46cd-ba90-8bc51d698376@HIDDEN> References: <87zfyzkkt4.fsf@HIDDEN> <874jh6bu8c.fsf@HIDDEN> <a224335a-b8f0-46cd-ba90-8bc51d698376@HIDDEN> Date: Sun, 17 Dec 2023 09:46:32 -0800 Message-ID: <875y0wrabr.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 67497 Cc: 67497 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, Thank you both for reviewing this patch! I have to respond to several reviews and will start with this one, because it weighed the heaviest on me. On Sat, Dec 16 2023, Bruno Victal wrote: > As Arun pointed out, I don't think multiple deploy hooks would be > adding value here. Your blanket opposition to this patch is incomprehensible to me from several angles: 1. A meaningful name for a hook near the certificate declaration is more administrator-friendly. Someone who manages several certificates, like my twenty-one certificates [1], can see right away which services are being restarted. 2. Arun's solution requires an extra procedure and makes the configuration file longer without without conveying extra meaning. 3. Anyone parsing the code has to look up the definition of the hook in order to see what it does---and probably also the definition for 'invoke', which is not standard Guile, in the Guix manual. In my view, your code is not easy to read. 4. The bundling into one script brings no economy, because different services generally share no code for their reloading. That was already recognized by Certbot's upstream when the feature for multiple hooks was added. After all, the concerns can also be combined, as you prefer, in Certbot's own hooks, but that was apparently unpopular. 5. As a more serious downside, in your cases changing the combined hook might inadventently reload a certificate for a service does not use it. A grep is required to check where the cmombined hook is being used. An extra step is required, and the propensity for errors rises. 6. In your preferred setups, the most elegant way to provide different hooks is probably '%certbot-hook-1' and 'certbot-hook-2'. Those scripts will then share code---likely to restart a HTTP server---for no good reason! 7. User-friendliness is regarded as a worthwhile goal at another, more popular Linux distribution. [2] 8. Most significantly, your use case isn't affected by this patch! The use of combined hooks, which you prefer, is still possible should this patch be accepted. In summary, I do not understand what motivated you to object to this patch, but I recognize that the opinions of reasonable people can differ. As a side note, I have contributed upstream, but not to the feature we are discussing here. [3] > What would be interesting though is adding service-extensions support > for certbot-service-type. Roughly speaking, two plausible ways to > achieve this would be: > > * Single deploy-hook and ungexp-splicing, i.e.: > > [...] > > * Multiple --deploy-hook =E2=80=A6 behind the scenes (the deploy-hook > field in <certificate-configuration> still accepts only a single hook) While I very much respect Bruno's opinion and guidance on Guix services (and genuinely appreciated this review) I do not understand what those sentences mean. I guess it's shame on me. I can, however, say that I likewise fail to see an advantage in more complexity when my patch does nearly the same thing in three lines. Thank you! Kind regards Felix [1] https://codeberg.org/lechner/system-config/src/commit/b566b08a982a12f89= 6cd6e6666f7849dbac0ce2e/host/wallace-server/operating-system.scm#L1097-L1193 [2] point 4, https://www.debian.org/social_contract.html [3] https://github.com/certbot/certbot/blob/master/AUTHORS.md
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 16 Dec 2023 20:58:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 16 15:58:46 2023
Received: from localhost ([127.0.0.1]:56172 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rEbkD-0003JY-Rk
for submit <at> debbugs.gnu.org; Sat, 16 Dec 2023 15:58:46 -0500
Received: from smtpm3.myservices.hosting ([185.26.105.234]:36792)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mirai@HIDDEN>) id 1rEbkA-0003JO-Nu
for 67497 <at> debbugs.gnu.org; Sat, 16 Dec 2023 15:58:44 -0500
Received: from mail1.netim.hosting (unknown [185.26.106.173])
by smtpm3.myservices.hosting (Postfix) with ESMTP id 52961210AE;
Sat, 16 Dec 2023 21:58:39 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by mail1.netim.hosting (Postfix) with ESMTP id 9F2E680095;
Sat, 16 Dec 2023 21:58:39 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting
Received: from mail1.netim.hosting ([127.0.0.1])
by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id jzqLbTRfECKO; Sat, 16 Dec 2023 21:58:39 +0100 (CET)
Received: from [192.168.1.116] (unknown [10.192.1.83])
(Authenticated sender: lumen@HIDDEN)
by mail1.netim.hosting (Postfix) with ESMTPSA id 2973280067;
Sat, 16 Dec 2023 21:58:39 +0100 (CET)
Message-ID: <0b64f8bb-755d-4c09-af51-871392de8262@HIDDEN>
Date: Sat, 16 Dec 2023 20:58:37 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 2/4] In certbot documentation, call environment variables
by their proper name.
Content-Language: en-US
To: Felix Lechner <felix.lechner@HIDDEN>
References: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
<c31f51f5209e6dfe5df01e27698abccd38ddd2c4.1701120054.git.felix.lechner@HIDDEN>
From: Bruno Victal <mirai@HIDDEN>
In-Reply-To: <c31f51f5209e6dfe5df01e27698abccd38ddd2c4.1701120054.git.felix.lechner@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------s80WGHVnW0hdWx0P99uCBDzY"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 67497
Cc: 67497 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------s80WGHVnW0hdWx0P99uCBDzY
Content-Type: multipart/mixed; boundary="------------SGGSRoTD2D05xj1fs0Dkl8Eu";
protected-headers="v1"
From: Bruno Victal <mirai@HIDDEN>
To: Felix Lechner <felix.lechner@HIDDEN>
Cc: 67497 <at> debbugs.gnu.org
Message-ID: <0b64f8bb-755d-4c09-af51-871392de8262@HIDDEN>
Subject: Re: [PATCH 2/4] In certbot documentation, call environment variables
by their proper name.
References: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
<c31f51f5209e6dfe5df01e27698abccd38ddd2c4.1701120054.git.felix.lechner@HIDDEN>
In-Reply-To: <c31f51f5209e6dfe5df01e27698abccd38ddd2c4.1701120054.git.felix.lechner@HIDDEN>
--------------SGGSRoTD2D05xj1fs0Dkl8Eu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 2023-11-27 21:20, Felix Lechner wrote:
> Certbot's hooks can be written in any language. in fact, they can be an=
y kind
> of executable. Environment variables are widely used to communicate val=
ues
> across that type of fork(2) boundary. In the context here, it is more a=
ccurate
> to talk about environment variables.
>=20
> Change-Id: If0b476c3367a3108d9365d718a74faa7d9fe7530
> ---
> doc/guix.texi | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>=20
> diff --git a/doc/guix.texi b/doc/guix.texi
> index b0b1c05c73..440a5f3efa 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -32139,24 +32139,24 @@ Certificate Services
> =20
> @item @code{authentication-hook} (default: @code{#f})
> Command to be run in a shell once for each certificate challenge to be=
> -answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}=
> +answered. For this command, the environment variable @code{$CERTBOT_D=
OMAIN}
[=E2=80=A6]
> will contain the domain being authenticated, @code{$CERTBOT_VALIDATION=
}
[=E2=80=A6]
> contains the validation string and @code{$CERTBOT_TOKEN} contains the
[=E2=80=A6]
> variables available in the @code{auth-hook} script are still available=
, and
> additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard out=
put
[=E2=80=A6]
> @code{$RENEWED_LINEAGE} will point to the config live subdirectory (fo=
r
> example, @samp{"/etc/letsencrypt/live/example.com"}) containing the ne=
w
> -certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will=
> +certificates and keys; the environment variable @code{$RENEWED_DOMAINS=
} will
> contain a space-delimited list of renewed certificate domains (for
> example, @samp{"example.com www.example.com"}.
The correct Texinfo @-command should be @env{CERTBOT_DOMAIN}, =E2=80=A6.
Could you amend and send a v2 that addresses these issues as well?
Other than that, it LGTM.
--=20
Furthermore, I consider that nonfree software must be eradicated.
Cheers,
Bruno.
--------------SGGSRoTD2D05xj1fs0Dkl8Eu--
--------------s80WGHVnW0hdWx0P99uCBDzY
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTAPCseV0HOaN0YFheobOGDL+spVQUCZX4PfgAKCRCobOGDL+sp
VVTiAQCatAiQllltzz9arRgpE1fDw64cmwzFTsI5tPDfVTPRxgEAn5nq/vOg3/VU
wpqrUC22QaneB6QJZepQ1HP/N9hKAQQ=
=irh9
-----END PGP SIGNATURE-----
--------------s80WGHVnW0hdWx0P99uCBDzY--
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 16 Dec 2023 20:50:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 16 15:50:32 2023
Received: from localhost ([127.0.0.1]:56160 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rEbcG-00031S-4d
for submit <at> debbugs.gnu.org; Sat, 16 Dec 2023 15:50:32 -0500
Received: from smtpmciv1.myservices.hosting ([185.26.107.237]:51632)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mirai@HIDDEN>) id 1rEbc9-00031D-TA
for 67497 <at> debbugs.gnu.org; Sat, 16 Dec 2023 15:50:30 -0500
Received: from mail1.netim.hosting (unknown [185.26.106.173])
by smtpmciv1.myservices.hosting (Postfix) with ESMTP id DC38520DD5;
Sat, 16 Dec 2023 21:50:22 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by mail1.netim.hosting (Postfix) with ESMTP id 2A42780095;
Sat, 16 Dec 2023 21:50:19 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting
Received: from mail1.netim.hosting ([127.0.0.1])
by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id 2U0fwhI8ZYwP; Sat, 16 Dec 2023 21:50:18 +0100 (CET)
Received: from [192.168.1.116] (unknown [10.192.1.83])
(Authenticated sender: lumen@HIDDEN)
by mail1.netim.hosting (Postfix) with ESMTPSA id 88AD880067;
Sat, 16 Dec 2023 21:50:18 +0100 (CET)
Message-ID: <a224335a-b8f0-46cd-ba90-8bc51d698376@HIDDEN>
Date: Sat, 16 Dec 2023 20:50:16 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: bug#67497: [PATCH] Multiple deploy hooks in certbot service
Content-Language: en-US
To: Arun Isaac <arunisaac@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>
References: <87zfyzkkt4.fsf@HIDDEN> <874jh6bu8c.fsf@HIDDEN>
From: Bruno Victal <mirai@HIDDEN>
In-Reply-To: <874jh6bu8c.fsf@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------pxfr190QYyQd4FQ2hWfEPAXI"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 67497
Cc: 67497 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------pxfr190QYyQd4FQ2hWfEPAXI
Content-Type: multipart/mixed; boundary="------------OUIg0jZ6YGGc1qxwQ5EDzy8W";
protected-headers="v1"
From: Bruno Victal <mirai@HIDDEN>
To: Arun Isaac <arunisaac@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>
Cc: 67497 <at> debbugs.gnu.org
Message-ID: <a224335a-b8f0-46cd-ba90-8bc51d698376@HIDDEN>
Subject: Re: bug#67497: [PATCH] Multiple deploy hooks in certbot service
References: <87zfyzkkt4.fsf@HIDDEN> <874jh6bu8c.fsf@HIDDEN>
In-Reply-To: <874jh6bu8c.fsf@HIDDEN>
--------------OUIg0jZ6YGGc1qxwQ5EDzy8W
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hi Felix and Arun,
On 2023-11-28 00:24, Arun Isaac wrote:
> It's already possible to write the deploy-hook as a G-expression
> constructed script (using program-file) that invokes multiple hooks in
> succession. Something like:
>=20
> (program-file "deploy-hook"
> (with-imported-modules '((guix build utils))
> #~(begin
> (use-modules (guix build utils))
>=20
> (invoke "/some/hook")
> (invoke "/some/other/hook"))))
Indeed, and for the record mine looks like this:
--8<---------------cut here---------------start------------->8---
(program-file "certbot-hook.scm"
;; source-module-closure not used here because at the time of writing
;; (gnu services herd) only uses Guile modules.
(with-imported-modules '((gnu services herd))
#~(begin
(use-modules (gnu services herd))
(with-shepherd-action 'nginx ('reload) result result)
(restart-service 'dovecot)
(restart-service 'smtpd))))
--8<---------------cut here---------------end--------------->8---
(that is, a single hook is responsible for various other shepherd
services)
> Here /some/hook and /some/other/hook can themselves be recursively
> constructed using program-file. So, do we really need a service that
> explicitly accepts multiple deploy hooks?
As Arun pointed out, I don't think multiple deploy hooks would be
adding value here.
What would be interesting though is adding service-extensions support
for certbot-service-type. Roughly speaking, two plausible ways to
achieve this would be:
* Single deploy-hook and ungexp-splicing, i.e.:
--8<---------------cut here---------------start------------->8---
;; service-extension-hooks: list of program-files
#$@(map (lambda (extension-hook)
#~(invoke #$extension-hook))
service-extension-hooks)
--8<---------------cut here---------------end--------------->8---
* Multiple --deploy-hook =E2=80=A6 behind the scenes (the deploy-hook
field in <certificate-configuration> still accepts only a single hook)
Important note, such service-extensions must account for the fact that
they are actually extensions to <certificate-configuration> objects,
i.e. they have to account for which domain(s) is the (deploy/
cleanup/authentication)-hook for.
--=20
Furthermore, I consider that nonfree software must be eradicated.
Cheers,
Bruno.
--------------OUIg0jZ6YGGc1qxwQ5EDzy8W--
--------------pxfr190QYyQd4FQ2hWfEPAXI
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTAPCseV0HOaN0YFheobOGDL+spVQUCZX4NigAKCRCobOGDL+sp
VecqAP0YQWXsd5Egk/UBaNWqfO0cHBbrUDIRCNPJCx/5JTcdsAEA82oxJvMavBw+
3CZhxwacoy8+ImYFWJ195K5RmNO3yAM=
=ZTEy
-----END PGP SIGNATURE-----
--------------pxfr190QYyQd4FQ2hWfEPAXI--
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 28 Nov 2023 00:24:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 19:24:40 2023
Received: from localhost ([127.0.0.1]:45078 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r7lu4-0005HS-2Y
for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 19:24:40 -0500
Received: from mugam.systemreboot.net ([139.59.75.54]:49562)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <arunisaac@HIDDEN>) id 1r7lu0-0005HE-Ed
for 67497 <at> debbugs.gnu.org; Mon, 27 Nov 2023 19:24:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=systemreboot.net; s=default; h=Content-Type:MIME-Version:Message-ID:Date:
References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:
Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=9SWU4h3bgcoOGjWeb0YtASpTjZ7YI63861+aBPx9r68=; b=Gg8KD8KtAXhpDT7+IDhgbA3hDP
7EEQ/6UEXgasBKPxRM5qdqew/+c2NLJ47IrR+rSlh3fDNhJNAjc9n4vN8sMJUZAjuPqTHSkGB0oQE
v1tSM/QVKghTwyqa24IBtAADDNiOloYYnD5qY4iyTMAhc4VCPFl2I5VAu1VCsToriyGsKK1MB+lRV
kGyTOPvCII0mtLf0fFV680jlKhk0j7tYbvUfjl60UT+MPDx2C8h9/B7dykhmOlh3AWVUuTMk/yxhl
giQSPT2/QUr1JTYXG5rl2l5fNL1nfbaBpwo07NnEZudABcwvRqxNbhlpjfL3ATtD1LT2Ktc5d8Gzn
jKCMKakg==;
Received: from [192.168.2.1] (port=43926 helo=localhost)
by systemreboot.net with esmtpsa (TLS1.3) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96)
(envelope-from <arunisaac@HIDDEN>) id 1r7ltn-0007cj-0d;
Tue, 28 Nov 2023 00:24:23 +0000
From: Arun Isaac <arunisaac@HIDDEN>
To: Felix Lechner <felix.lechner@HIDDEN>, 67497 <at> debbugs.gnu.org
Subject: Re: bug#67497: [PATCH] Multiple deploy hooks in certbot service
In-Reply-To: <87zfyzkkt4.fsf@HIDDEN>
References: <87zfyzkkt4.fsf@HIDDEN>
Date: Tue, 28 Nov 2023 00:24:19 +0000
Message-ID: <874jh6bu8c.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 67497
Cc: bruno victal <mirai@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Felix,
> Certificates are often used to secure multiple services. It is helpful
> to have separate hooks for each service.
It's already possible to write the deploy-hook as a G-expression
constructed script (using program-file) that invokes multiple hooks in
succession. Something like:
(program-file "deploy-hook"
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(invoke "/some/hook")
(invoke "/some/other/hook"))))
Here /some/hook and /some/other/hook can themselves be recursively
constructed using program-file. So, do we really need a service that
explicitly accepts multiple deploy hooks?
Regards,
Arun
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 16:21:47 2023
Received: from localhost ([127.0.0.1]:44992 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r7j34-00018L-KC
for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:47 -0500
Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <felix.lechner@HIDDEN>) id 1r7j2w-00017R-OI
for 67497 <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=BLbugcUu92iK3vE
e1pNldPPel9aHTUmZ5cTIw35/KXg=;
h=references:in-reply-to:date:subject:
cc:to:from; d=lease-up.com; b=GopeRi7SkYQWtakhR3nqqo2u5UL+Nj4cZQGfKXg0
970lgWTA/8WbKDeN5wil1XGI+XarGzbAX9URhsi2Ltf+qpsY7tzB611L0W4MmNfwdeHzhh
YvQtih7BfbGzllx17RfzK6p9DwqG6Jc+x+QGvSz/IopGdK39q52d7kUQnv2lU=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id e2bd5eed
(TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
Mon, 27 Nov 2023 21:21:31 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id 5602a01d;
Mon, 27 Nov 2023 21:21:30 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH 4/4] In certbot's client configuration,
offer multiple deploy-hooks.
Date: Mon, 27 Nov 2023 13:20:54 -0800
Message-ID: <729de952f099681b99b1ffd4f3f5bed736cc6b43.1701120054.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
References: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 67497
Cc: Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)
The certbot program can accept multiple deploy hooks by repeating the relevant
option on the command line. This commit makes that capability available to
users.
Certificates are often used to secure multiple services. It is helpful to have
separate hooks for each service. It makes those hooks easier to maintain. It's
also easier that way to re-use a hook for another certificate that may not
serve to secure the same combination of services.
Change-Id: I3a293daee47030d9bee7f366605aa63a14e98e38
---
doc/guix.texi | 11 ++++++-----
gnu/services/certbot.scm | 20 +++++++++++++++++---
2 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 440a5f3efa..c5cbd0275d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32046,7 +32046,7 @@ Certificate Services
(list
(certificate-configuration
(domains '("example.net" "www.example.net"))
- (deploy-hook %nginx-deploy-hook))
+ (deploy-hooks '(%nginx-deploy-hook)))
(certificate-configuration
(domains '("bar.example.net")))))))
@end lisp
@@ -32151,14 +32151,15 @@ Certificate Services
additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
of the @code{auth-hook} script.
-@item @code{deploy-hook} (default: @code{#f})
-Command to be run in a shell once for each successfully issued
-certificate. For this command, the environment variable
+@item @code{deploy-hooks} (default: @code{'()})
+Commands to be run in a shell once for each successfully issued
+certificate. For these commands, the environment variable
@code{$RENEWED_LINEAGE} will point to the config live subdirectory (for
example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new
certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will
contain a space-delimited list of renewed certificate domains (for
-example, @samp{"example.com www.example.com"}.
+example, @samp{"example.com www.example.com"}. Please note that the singular
+field @code{deploy-hook} was replaced by this field in the plural.
@end table
@end deftp
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 8490a69a99..9d5305174b 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -30,6 +30,7 @@ (define-module (gnu services certbot)
#:use-module (gnu services web)
#:use-module (gnu system shadow)
#:use-module (gnu packages tls)
+ #:use-module (guix deprecation)
#:use-module (guix i18n)
#:use-module (guix records)
#:use-module (guix gexp)
@@ -62,8 +63,11 @@ (define-record-type* <certificate-configuration>
(default #f))
(cleanup-hook certificate-cleanup-hook
(default #f))
+ ;; TODO: remove singular deploy-hook; is deprecated
(deploy-hook certificate-configuration-deploy-hook
- (default #f)))
+ (default #f))
+ (deploy-hooks certificate-configuration-deploy-hooks
+ (default '())))
(define-record-type* <certbot-configuration>
certbot-configuration make-certbot-configuration
@@ -98,7 +102,8 @@ (define certbot-command
(match-lambda
(($ <certificate-configuration> custom-name domains challenge
csr authentication-hook
- cleanup-hook deploy-hook)
+ cleanup-hook
+ deploy-hook deploy-hooks)
(let ((name (or custom-name (car domains))))
(append
(list name
@@ -126,7 +131,16 @@ (define certbot-command
(list "--register-unsafely-without-email"))
(if server (list "--server" server) '())
(if rsa-key-size (list "--rsa-key-size" rsa-key-size) '())
- (if deploy-hook (list "--deploy-hook" deploy-hook) '())))))
+
+ (if deploy-hook
+ (begin
+ (warn-about-deprecation 'deploy-hook #f
+ #:replacement 'deploy-hooks)
+ (list "--deploy-hook" deploy-hook))
+ '())
+ (append-map (lambda (hook)
+ (list "--deploy-hook" hook))
+ deploy-hooks)))))
certificates)))
(program-file
"certbot-command"
--
2.41.0
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 16:21:38 2023
Received: from localhost ([127.0.0.1]:44989 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r7j2w-00017w-68
for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:38 -0500
Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <felix.lechner@HIDDEN>) id 1r7j2u-00017R-UB
for 67497 <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=He5BdxLzrXx8Tx1
KMFb3ErmfgVyOv9pbVDeJ3mHo3fY=;
h=references:in-reply-to:date:subject:
cc:to:from; d=lease-up.com; b=iaDHQSXKrxZmnbcU/jOx81gRwwINwcAuAdxrnmo2
qq7EWOOCtD96F/FMVkvbiJSPk480Wm0NJ2nhWPBaDuqyn5w8qOoi4+06JfnRqXbj5p4MTd
h67+ux7XgP5bYCY4C44syK749A/f6XH8WFJYR4vrVxYZ/RN679BybMHhjPs2g=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 295fbbd1
(TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
Mon, 27 Nov 2023 21:21:29 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id 0cae772a;
Mon, 27 Nov 2023 21:21:28 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH 3/4] In certbot service, reduce code duplication.
Date: Mon, 27 Nov 2023 13:20:53 -0800
Message-ID: <ed0f8c6ad1ddb4ae435d5c5cf1c8d9f72a5e41ad.1701120054.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
References: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 67497
Cc: Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)
The certbot command is can only be changed with a great deal of attention. The
program branches early and constructs two separate invocations. Changes would
generally have to be made in two places. Otherwise, a new bug might be
introduced.
This commit places the conditional inquestion inside the list so that future
edits are more fool-proof.
Change-Id: I4a54f8b78ff4722688de7772d3c26a6191d6ff89
---
gnu/services/certbot.scm | 58 +++++++++++++++++++---------------------
1 file changed, 27 insertions(+), 31 deletions(-)
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 0c45471659..8490a69a99 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -100,37 +100,33 @@ (define certbot-command
csr authentication-hook
cleanup-hook deploy-hook)
(let ((name (or custom-name (car domains))))
- (if challenge
- (append
- (list name certbot "certonly" "-n" "--agree-tos"
- "--manual"
- (string-append "--preferred-challenges=" challenge)
- "--cert-name" name
- "--manual-public-ip-logging-ok"
- "-d" (string-join domains ","))
- (if csr `("--csr" ,csr) '())
- (if email
- `("--email" ,email)
- '("--register-unsafely-without-email"))
- (if server `("--server" ,server) '())
- (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
- (if authentication-hook
- `("--manual-auth-hook" ,authentication-hook)
- '())
- (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '())
- (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
- (append
- (list name certbot "certonly" "-n" "--agree-tos"
- "--webroot" "-w" webroot
- "--cert-name" name
- "-d" (string-join domains ","))
- (if csr `("--csr" ,csr) '())
- (if email
- `("--email" ,email)
- '("--register-unsafely-without-email"))
- (if server `("--server" ,server) '())
- (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
- (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
+ (append
+ (list name
+ certbot
+ "certonly"
+ "-n"
+ "--agree-tos")
+ (if challenge
+ (append
+ (list "--manual"
+ (string-append "--preferred-challenges=" challenge)
+ "--manual-public-ip-logging-ok")
+ (if authentication-hook
+ (list "--manual-auth-hook" authentication-hook)
+ '())
+ (if cleanup-hook
+ (list "--manual-cleanup-hook" cleanup-hook)
+ '()))
+ (list "--webroot" "-w" webroot))
+ (list "--cert-name" name
+ "-d" (string-join domains ","))
+ (if csr (list "--csr" csr) '())
+ (if email
+ (list "--email" email)
+ (list "--register-unsafely-without-email"))
+ (if server (list "--server" server) '())
+ (if rsa-key-size (list "--rsa-key-size" rsa-key-size) '())
+ (if deploy-hook (list "--deploy-hook" deploy-hook) '())))))
certificates)))
(program-file
"certbot-command"
--
2.41.0
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 16:21:38 2023
Received: from localhost ([127.0.0.1]:44987 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r7j2v-00017u-OS
for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:38 -0500
Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <felix.lechner@HIDDEN>) id 1r7j2s-00017R-7n
for 67497 <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=fvjhNjgOq6aLOZO
RmF4VZEHyzgSdcD/CUrbIl3wI0/c=;
h=references:in-reply-to:date:subject:
cc:to:from; d=lease-up.com; b=ZP2JzvE2snqTnN+SJnNRw/HPPR8hxX78Rj4dqEqg
EcIZHcmWIrhiGtE25DAhr5TLcaHVwpa16irPvNysdpph5Lky1Jf/iBFWG0eqaRxQJQcZ9k
q5fOIQezwjdfYphlSa905m+7EotHPsRfGu7zYezMWZWHA+GSliJj9bo6BGLW8=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 79edd8b4
(TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
Mon, 27 Nov 2023 21:21:27 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id de854032;
Mon, 27 Nov 2023 21:21:26 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH 2/4] In certbot documentation,
call environment variables by their proper name.
Date: Mon, 27 Nov 2023 13:20:52 -0800
Message-ID: <c31f51f5209e6dfe5df01e27698abccd38ddd2c4.1701120054.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
References: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 67497
Cc: Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)
Certbot's hooks can be written in any language. in fact, they can be any kind
of executable. Environment variables are widely used to communicate values
across that type of fork(2) boundary. In the context here, it is more accurate
to talk about environment variables.
Change-Id: If0b476c3367a3108d9365d718a74faa7d9fe7530
---
doc/guix.texi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index b0b1c05c73..440a5f3efa 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32139,24 +32139,24 @@ Certificate Services
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
-answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
+answered. For this command, the environment variable @code{$CERTBOT_DOMAIN}
will contain the domain being authenticated, @code{$CERTBOT_VALIDATION}
contains the validation string and @code{$CERTBOT_TOKEN} contains the
file name of the resource requested when performing an HTTP-01 challenge.
@item @code{cleanup-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge that
-have been answered by the @code{auth-hook}. For this command, the shell
+have been answered by the @code{auth-hook}. For this command, the environment
variables available in the @code{auth-hook} script are still available, and
additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
of the @code{auth-hook} script.
@item @code{deploy-hook} (default: @code{#f})
Command to be run in a shell once for each successfully issued
-certificate. For this command, the shell variable
+certificate. For this command, the environment variable
@code{$RENEWED_LINEAGE} will point to the config live subdirectory (for
example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new
-certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
+certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will
contain a space-delimited list of renewed certificate domains (for
example, @samp{"example.com www.example.com"}.
--
2.41.0
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.
Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 16:21:34 2023
Received: from localhost ([127.0.0.1]:44983 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r7j2s-00017Z-EW
for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:34 -0500
Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <felix.lechner@HIDDEN>) id 1r7j2q-00017R-DP
for 67497 <at> debbugs.gnu.org; Mon, 27 Nov 2023 16:21:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=fGLAC27IcFWBrV0
/0tgLToXTmKm7Am3RZqyg3ig0EKs=; h=date:subject:cc:to:from;
d=lease-up.com; b=UYrhuRJNbcug2ltieKPxdzTDgvB9kXaA8doLLF0zJouy3LEeddTI
oQuSA12c+OuJAF5k9YU4xCeLI9+z0enC8rLb/MvCY8yIhuU7uUzDaH2mv5zlIj9si1Sxc3
j4lHmKuun4ONXNELQi2QuRXjEHLpZxwdOGTR12Bwk2YrK4pj0=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 4456cd9d
(TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
Mon, 27 Nov 2023 21:21:25 +0000 (UTC)
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id 00673cdd;
Mon, 27 Nov 2023 21:21:24 +0000 (UTC)
From: Felix Lechner <felix.lechner@HIDDEN>
To: 67497 <at> debbugs.gnu.org
Subject: [PATCH 1/4] In documentation,
rename %certbot-deploy-hook back to %nginx-deploy-hook..
Date: Mon, 27 Nov 2023 13:20:51 -0800
Message-ID: <e9fdc8d35f8d57913a3a5861db7a1073d47ce729.1701120054.git.felix.lechner@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 67497
Cc: Bruno Victal <mirai@HIDDEN>,
Felix Lechner <felix.lechner@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)
Bruno Victal made that change in commit fec8e513, but a nearby patch will
offer the ability to specify a list of hooks. That makes it possible to name
deploy hooks after the services they restart.
Change-Id: I128f71f2e96159eef8821e21ea03ecf0c1c0a7f4
---
doc/guix.texi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 767133cd0f..b0b1c05c73 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32032,8 +32032,8 @@ Certificate Services
must be a @code{certbot-configuration} record as in this example:
@lisp
-(define %certbot-deploy-hook
- (program-file "certbot-deploy-hook.scm"
+(define %nginx-deploy-hook
+ (program-file "certbot-nginx-deploy-hook.scm"
(with-imported-modules '((gnu services herd))
#~(begin
(use-modules (gnu services herd))
@@ -32046,7 +32046,7 @@ Certificate Services
(list
(certificate-configuration
(domains '("example.net" "www.example.net"))
- (deploy-hook %certbot-deploy-hook))
+ (deploy-hook %nginx-deploy-hook))
(certificate-configuration
(domains '("bar.example.net")))))))
@end lisp
base-commit: 6e4914a037c8b332ab3f1149129c0bd1cea4640b
--
2.41.0
guix-patches@HIDDEN:bug#67497; Package guix-patches.
Full text available.Felix Lechner <felix.lechner@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at submit) by debbugs.gnu.org; 27 Nov 2023 20:23:14 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 15:23:14 2023 Received: from localhost ([127.0.0.1]:44907 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r7i8P-000811-TT for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 15:23:14 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:50520) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <felix.lechner@HIDDEN>) id 1r7i8N-00080q-2r for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 15:23:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=ZWhxKg2MIIF+G+A L5rQg5naHIMRj8C0YsO/YOfxVygc=; h=date:subject:cc:to:from; d=lease-up.com; b=RcO0sNPELHScyRbuj2qicfRFxP1G7yEblLIwrfoBaSAljvsGzdGK rtUSbQB8UzsfJq3QdbtCM15i4E3tuFGp/MS29zbqVm3lkZXwNfuZ+X0UDVEB8jiRbWMb0K OIwmS9GKY1B7vl/vm0rKzTlyGTEGB8wqzVJL8YvLxI0vmxGjY= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 9267e529 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO) for <submit <at> debbugs.gnu.org>; Mon, 27 Nov 2023 20:23:03 +0000 (UTC) From: Felix Lechner <felix.lechner@HIDDEN> To: submit <at> debbugs.gnu.org Subject: [PATCH] Multiple deploy hooks in certbot service Date: Mon, 27 Nov 2023 12:23:03 -0800 Message-ID: <87zfyzkkt4.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) X-Debbugs-CC: Bruno Victal <mirai@HIDDEN> Hi, The certbot program can accept multiple deploy hooks by repeating the relevant option on the command line. This commit makes that capability available to users. Certificates are often used to secure multiple services. It is helpful to have separate hooks for each service. It makes the hooks easier to maintain. It's also easier that way to re-use hooks for another certificate that may not serve to secure the same combination of services. Kind regards Felix
Felix Lechner <felix.lechner@HIDDEN>:mirai@HIDDEN, help-debbugs@HIDDEN.
Full text available.mirai@HIDDEN, help-debbugs@HIDDEN:bug#67497; Package debbugs.gnu.org.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.