From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:8:6d80::])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id GLWgN8kSe2CjAwEAgWs5BA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 17 Apr 2021 18:54:33 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id 2Bv8MskSe2DUSgAAbx9fmQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 17 Apr 2021 16:54:33 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 455D7174D9
	for <larch@yhetil.org>; Sat, 17 Apr 2021 18:54:33 +0200 (CEST)
Received: from localhost ([::1]:45984 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1lXoDI-0001f4-BE
	for larch@yhetil.org; Sat, 17 Apr 2021 12:54:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58648)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lXoAs-0001T0-S7
 for guix-patches@gnu.org; Sat, 17 Apr 2021 12:52:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:60932)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lXoAs-00020w-Kt
 for guix-patches@gnu.org; Sat, 17 Apr 2021 12:52:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lXoAs-000560-In
 for guix-patches@gnu.org; Sat, 17 Apr 2021 12:52:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#47136] [PATCH 3/3] services: certbot: Add dry-run? certificate
 option.
Resent-From: Pierre Langlois <pierre.langlois@gmx.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 17 Apr 2021 16:52:02 +0000
Resent-Message-ID: <handler.47136.B47136.161867832019581@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 47136@debbugs.gnu.org
Cc: Pierre Langlois <pierre.langlois@gmx.com>
Received: via spool by 47136-submit@debbugs.gnu.org id=B47136.161867832019581
 (code B ref 47136); Sat, 17 Apr 2021 16:52:02 +0000
Received: (at 47136) by debbugs.gnu.org; 17 Apr 2021 16:52:00 +0000
Received: from localhost ([127.0.0.1]:44245 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lXoAq-00055k-Cx
 for submit@debbugs.gnu.org; Sat, 17 Apr 2021 12:52:00 -0400
Received: from mout.gmx.net ([212.227.15.19]:57007)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pierre.langlois@gmx.com>) id 1lXoAk-00055G-3M
 for 47136@debbugs.gnu.org; Sat, 17 Apr 2021 12:51:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1618678308;
 bh=0IAZpz3eZdEIaPy9QZGT+8oCHD1MIRKR3Z4gbj660QY=;
 h=X-UI-Sender-Class:References:From:To:Cc:Subject:In-reply-to:Date;
 b=N1VtpsQN0gY68NAPIa2UqkcFI3J05RAHf0rg+qseB+ukgnLbjIVoQawyz4eLJNi3A
 kapy0e+3JOKkB+s1CJw7blU5tkHFT4Q30t/cHobCQlta9C7yUlmB1JOHcqQa+b3J1M
 RHJepoFYD1lQlESL5qj0sCI1L1+okVmoOUb7CzlQ=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from labiere ([82.69.64.142]) by mail.gmx.net (mrgmx004
 [212.227.17.184]) with ESMTPSA (Nemesis) id 1MkYXs-1lwjvB3Hxu-00m5k7; Sat, 17
 Apr 2021 18:51:47 +0200
References: <87k0q9c28e.fsf@gmx.com>
 <20210314131543.9310-1-pierre.langlois@gmx.com>
 <20210314131543.9310-3-pierre.langlois@gmx.com>
User-agent: mu4e 1.4.15; emacs 27.2
From: Pierre Langlois <pierre.langlois@gmx.com>
In-reply-to: <20210314131543.9310-3-pierre.langlois@gmx.com>
Date: Sat, 17 Apr 2021 17:51:46 +0100
Message-ID: <87blacluql.fsf@gmx.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Provags-ID: V03:K1:6Ft4R+ttWluWyPpq+1+X596LoirIfMXOpcJUxeEd/M1SPq506T/
 5Q3kbtTTJc4DBH65ygAOPXUNdyFAmB0dKh8MRBi6S1ahvy6IiZ5ZiYkcmkSMFAoctDeLhge
 5yr5pOdOWVHBCgBhsZ81McWbZGcDdFuubv7qNDpc7xItklajkyz8BqD8829mg43eNyWEpAw
 0V1Va+ezcVIr98Btvy8xA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:+Q1FHaEHPtU=:403D7buq61GMq6MJCYHPAB
 +iWBoPolhIVckMXpDZ96xZ/1MoOLnPjeozbh5dutBsy9Nk7o8kc+WXXA1ZaDrTIIG4SVfMcwG
 +YHSKyveH/lIolVaXd1/w+4io7V5Km55yq0T6cQ78mT46DX75ASozWknF9DJhu5V0mV61ViyJ
 BWnXZKmHbHmyQk6nohY4U0wL8js2yKroFVvng5xHJYw6nwr5fMGdI2inTW1/fvWU/LrvHk6JI
 /Ruuv2c8w79GVjga7kDpWiJ58mtiRhOe5FsUmR854N4QW1oVq0wMTzlOQYZ70L4oTCvav4znI
 ZSqh9JUsVLU170iv2eOr6DxxM7wy7WqQyNb3YF7oOug/bwYk8fmfgDCmVgrGsNA59Y4pC5CQL
 IQ65tiwfcq0bRfb29pVX1ImnGUMnT/EBRBup/uQmeyBTNswXmboiKPtvVp8Kv4CtdNCo76gkp
 EgehNIGbU8MJQOnO0CgAMUuv8mQy45zxed/giJ465kMGoUbuAPGOJuQYttuI0PkKhSzZjsIWZ
 cUcpo+Hf3cm5gBsgrgBe64/kh0wQu942meifDkYHcD4mWyMe1RgVEha8pDugpX6K4cvRCjWkf
 Pb/v477UlPfMxYQ3YT4gwhEuckF9O5y3vKWdf7yvYQqMAIEH9wlm1g1bs6AXshy28jMBRXlu0
 Lt1+mM6K4BzY5JfnkwJRgAVSYvYFGfKcxqTmyw31sGDd+M9B5//3SyvIJdOTqGX34zfC2R5SE
 u5OuKMbhhNBNBSpQJ+tLLgkK1JlcYpDWfTkdYaC5/mvWELRqbAu9JzIvognVR7QUjOCQ+IcEN
 sq9deBTnu3+gfzeRnO0RwgQ+WkQgMlcz84xTCvvFdsmuNgy0n3OG6BPnyvd2DH55w4Z+26E5Z
 tua/+ZVBf2rxmQ8h5/eMB8oQJR2RLaDRMQi9mDWgCJOtZ9wGWaXF/g7rqMDO22o5T68pVjTZR
 fw0SHVzayRf/bymT2H1uqDoxcuwfmAEqX0g6/oUH7HgDxcXHAOX+8PEigZLhaAQ7myjm/eOSz
 7MgzTRyonGKg8BvCnEaISfdF/kQA3vl2YuxylGE3ie5NM4SXeT5MpIsd0hMvALc9NxGzwVZm+
 aN7aAH+vBm2rwjSTJEIxtfdiyNsXoIGihJ8BXUGmVlOHOSrSqe1xxk9L7tuyb5mnrNvY3R/Nw
 gIXz8zNkT2qSKgHHJxSpuwGlWEoYNXvaAeD2StMdz2OfK4XlFkADK5Oi86zw4X4TWYrqcmGai
 xYAXleUd3UesXbB9x
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1618678473;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=7YDXLUogqN+Sex9z6VWn1tvtISb6atCow1wE7we70r4=;
	b=T9j12l9VfDJmbT5UOxtz1o+O0wvV3FxQYMjbJWACEOKSbm4yFhHxs9MacRxLDrxgdGwPbX
	byRgK813OiWJvGLtb0X3VJd+7kEssJH+5n6TNgstFnCvR+qBoMAnkx3CpuI/tB6aRXBBy1
	MqCrvE0RgFIyIKQtNK8m8UMwthmnzsUhkXZcnK09cM3rY1/5gmmyRyWlpi85v69Ev/ai1R
	flJj9SK13n5rrB0nk/EA2F/y8GilIKjMlSOHGMSFddyHxft2JB99UBksIQE30z9rS8C42h
	zy1Rk+gQTmPzmHTIMfsM6uHUllEDWDUDnfW2chld5DtUn2KVsPSoydeGr1tqtg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1618678473; a=rsa-sha256; cv=none;
	b=Doy11GvY+qyrnAInDetY94dxeHPCx5tiF0ZV49Ghz/hRADxml57HnYa7os0W0p8HVbIF3j
	IeeH7RU7S3onsBwzGkmwuB63JLpdG+AvVZ1hdCTgvU331rbk2d5EqO7RPXCnI8Sh+r5pIJ
	Pm5xB1tKMdSBIXOG2OMSt3rBiotuTFfG3NXNwMqUUvt67GY4EJaO8j2PjRAPmQlI1e+7Wi
	XF1QoKp6STHAvRvfMj7CcweIllvgoNUDq4LLKxNRjVQdtSxdmabbGRS+iUKACtr+jvRIDp
	x3uYwHNpxY1JJw/BFjApLxTuvwgMjGeKPIlTfifjwEbnK3MxygicH6lc67wjrg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmx.net header.s=badeba3b8450 header.b=N1VtpsQN;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Spam-Score: -1.94
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmx.net header.s=badeba3b8450 header.b=N1VtpsQN;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmx.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: 455D7174D9
X-Spam-Score: -1.94
X-Migadu-Scanner: scn0.migadu.com
X-TUID: ImbqiJPGjSIi

--=-=-=
Content-Type: text/plain

Hi all,

Friendly ping on this series :-).

Thanks,
Pierre

Pierre Langlois writes:

> * gnu/services/certbot.scm (certificate-configuration): Add dry-run? field.
> (certbot-command): Use it to pass --dry-run to certbot.
> * doc/guix.texi (Certificate Services): Document dry-run? option.
> ---
>  doc/guix.texi            | 35 +++++++++++++++++++++++++++++++++++
>  gnu/services/certbot.scm | 10 +++++++---
>  2 files changed, 42 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index ec449b1772..322c717941 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -25665,6 +25665,41 @@ certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
>  contain a space-delimited list of renewed certificate domains (for
>  example, @samp{"example.com www.example.com"}.
>
> +@item @code{dry-run?} (default: @code{#f})
> +Communitcate with the ACME server but do not update certificates nor

note-to-self, typo here: Communicate

> +trigger @code{deploy-hook}.  This is useful as a temporary setting to
> +test the challenge procedure, especially the @code{authentication-hook}
> +and @code{cleanup-hook} while working on them.  It's also a good idea to
> +use Let's Encrypt's staging server at
> +@url{https://acme-staging-v02.api.letsencrypt.org/directory} while
> +testing, which allows for higher rate limits, but with which
> +@code{certbot} will helpfully refuse to update certificates and
> +recommend the @code{dry-run?} option.  For example:
> +
> +@lisp
> +(define %authentication-hook
> +  (program-file "authentication-hook"
> +    #~(let ((domain (getenv "CERTBOT_DOMAIN"))
> +            (token (getenv "CERTBOT_TOKEN")))
> +        (format #t "Hey, can you authenticate ~a with ~a for me?"
> +                domain token))))
> +
> +(define %cleanup-hook
> +  (program-file "authentication-hook"
> +    #~(display "Bye")
> +
> +(service certbot-service-type
> +         (certbot-configuration
> +          (server "https://acme-staging-v02.api.letsencrypt.org/directory")
> +          (certificates
> +           (list
> +            (certificate-configuration
> +              (dry-run? #t)
> +              (authentication-hook %authentication-hook)
> +              (cleanup-hook %cleanup-hook)
> +              (domains '("example.net" "www.example.net")))))))
> +@end lisp
> +
>  @end table
>  @end deftp
>
> diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
> index 1cea68fc2a..15274cf0ed 100644
> --- a/gnu/services/certbot.scm
> +++ b/gnu/services/certbot.scm
> @@ -61,6 +61,8 @@
>    (cleanup-hook        certificate-cleanup-hook
>                         (default #f))
>    (deploy-hook         certificate-configuration-deploy-hook
> +                       (default #f))
> +  (dry-run?            certbot-configuration-dry-run?
>                         (default #f)))
>
>  (define-record-type* <certbot-configuration>
> @@ -96,7 +98,7 @@
>                (match-lambda
>                  (($ <certificate-configuration> custom-name domains challenge
>                                                  authentication-hook cleanup-hook
> -                                                deploy-hook)
> +                                                deploy-hook dry-run?)
>                   (let ((name (or custom-name (car domains))))
>                     (if challenge
>                       (append
> @@ -114,7 +116,8 @@
>                            `("--manual-auth-hook" ,authentication-hook)
>                            '())
>                        (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '())
> -                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
> +                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> +                      (if dry-run? '("--dry-run")))
>                       (append
>                        (list name certbot "certonly" "-n" "--agree-tos"
>                              "--webroot" "-w" webroot
> @@ -125,7 +128,8 @@
>                            '("--register-unsafely-without-email"))
>                        (if server `("--server" ,server) '())
>                        (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
> -                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
> +                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> +                      (if dry-run? '("--dry-run") '()))))))
>                certificates)))
>         (program-file
>          "certbot-command"


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQFMBAEBCgA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAmB7EiIYHHBpZXJyZS5s
YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31URn0H/jzvrCTtinIasaCpaG00f6st
f5BGaNO2gKLeHHf8rze1gKaA7Sb8cG3FxnRDwGfIV97pN4rhPQzDLOFfseLQ//ZE
mQOS5hdCLu88jJVm/FACXg+6K+ZWCaRdmI3IKvWOluRWrpljXUkFL3Id6Pm7I5sV
bSIGkHVkwqbr5njMKRdVOcFZV15SiBVTbl14jh1tHT0/jvncLw7MyLuYypUt0FmO
SYxHoVEz9HAdVCell3gWcO5Qj+sCuJEI3JVV7dPxm3iSStBLv6m95Q1f7l55TCI2
XUK0630vJJdBg1bS6mBvB6JJtaNv/XXXoJUy0dsb9aJvZpMl6/grnamBiFQHTSg=
=b8V1
-----END PGP SIGNATURE-----
--=-=-=--