From: Pierre Langlois <pierre.langlois@gmx.com>
To: 47136@debbugs.gnu.org
Cc: Pierre Langlois <pierre.langlois@gmx.com>
Subject: [bug#47136] [PATCH 3/3] services: certbot: Add dry-run? certificate option.
Date: Sat, 17 Apr 2021 17:51:46 +0100 [thread overview]
Message-ID: <87blacluql.fsf@gmx.com> (raw)
In-Reply-To: <20210314131543.9310-3-pierre.langlois@gmx.com>
[-- Attachment #1: Type: text/plain, Size: 4522 bytes --]
Hi all,
Friendly ping on this series :-).
Thanks,
Pierre
Pierre Langlois writes:
> * gnu/services/certbot.scm (certificate-configuration): Add dry-run? field.
> (certbot-command): Use it to pass --dry-run to certbot.
> * doc/guix.texi (Certificate Services): Document dry-run? option.
> ---
> doc/guix.texi | 35 +++++++++++++++++++++++++++++++++++
> gnu/services/certbot.scm | 10 +++++++---
> 2 files changed, 42 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index ec449b1772..322c717941 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -25665,6 +25665,41 @@ certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
> contain a space-delimited list of renewed certificate domains (for
> example, @samp{"example.com www.example.com"}.
>
> +@item @code{dry-run?} (default: @code{#f})
> +Communitcate with the ACME server but do not update certificates nor
note-to-self, typo here: Communicate
> +trigger @code{deploy-hook}. This is useful as a temporary setting to
> +test the challenge procedure, especially the @code{authentication-hook}
> +and @code{cleanup-hook} while working on them. It's also a good idea to
> +use Let's Encrypt's staging server at
> +@url{https://acme-staging-v02.api.letsencrypt.org/directory} while
> +testing, which allows for higher rate limits, but with which
> +@code{certbot} will helpfully refuse to update certificates and
> +recommend the @code{dry-run?} option. For example:
> +
> +@lisp
> +(define %authentication-hook
> + (program-file "authentication-hook"
> + #~(let ((domain (getenv "CERTBOT_DOMAIN"))
> + (token (getenv "CERTBOT_TOKEN")))
> + (format #t "Hey, can you authenticate ~a with ~a for me?"
> + domain token))))
> +
> +(define %cleanup-hook
> + (program-file "authentication-hook"
> + #~(display "Bye")
> +
> +(service certbot-service-type
> + (certbot-configuration
> + (server "https://acme-staging-v02.api.letsencrypt.org/directory")
> + (certificates
> + (list
> + (certificate-configuration
> + (dry-run? #t)
> + (authentication-hook %authentication-hook)
> + (cleanup-hook %cleanup-hook)
> + (domains '("example.net" "www.example.net")))))))
> +@end lisp
> +
> @end table
> @end deftp
>
> diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
> index 1cea68fc2a..15274cf0ed 100644
> --- a/gnu/services/certbot.scm
> +++ b/gnu/services/certbot.scm
> @@ -61,6 +61,8 @@
> (cleanup-hook certificate-cleanup-hook
> (default #f))
> (deploy-hook certificate-configuration-deploy-hook
> + (default #f))
> + (dry-run? certbot-configuration-dry-run?
> (default #f)))
>
> (define-record-type* <certbot-configuration>
> @@ -96,7 +98,7 @@
> (match-lambda
> (($ <certificate-configuration> custom-name domains challenge
> authentication-hook cleanup-hook
> - deploy-hook)
> + deploy-hook dry-run?)
> (let ((name (or custom-name (car domains))))
> (if challenge
> (append
> @@ -114,7 +116,8 @@
> `("--manual-auth-hook" ,authentication-hook)
> '())
> (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '())
> - (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
> + (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> + (if dry-run? '("--dry-run")))
> (append
> (list name certbot "certonly" "-n" "--agree-tos"
> "--webroot" "-w" webroot
> @@ -125,7 +128,8 @@
> '("--register-unsafely-without-email"))
> (if server `("--server" ,server) '())
> (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
> - (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
> + (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> + (if dry-run? '("--dry-run") '()))))))
> certificates)))
> (program-file
> "certbot-command"
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]
next prev parent reply other threads:[~2021-04-17 16:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-14 13:08 [bug#47136] [PATCH 0/3] services: certbot: Add dry-run? option and a couple of other minor fixes Pierre Langlois
2021-03-14 13:15 ` [bug#47136] [PATCH 1/3] services: certbot: Remove deprecated --manual-public-ip-logging-ok Pierre Langlois
2021-03-14 13:15 ` [bug#47136] [PATCH 2/3] services: certbot: Refer to authentication-hook in documentation Pierre Langlois
2021-03-14 13:15 ` [bug#47136] [PATCH 3/3] services: certbot: Add dry-run? certificate option Pierre Langlois
2021-04-17 16:51 ` Pierre Langlois [this message]
2021-04-17 17:38 ` Leo Famulari
2021-04-17 18:05 ` Pierre Langlois
2021-03-14 13:22 ` [bug#47136] [PATCH 1/3] services: certbot: Remove deprecated --manual-public-ip-logging-ok Pierre Langlois
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87blacluql.fsf@gmx.com \
--to=pierre.langlois@gmx.com \
--cc=47136@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.