GNU bug report logs - #30459
Certbot service patches

Previous Next

Full log

View this message in rfc822 format

From: Clément Lassieur <clement <at> lassieur.org>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 30459 <at> debbugs.gnu.org
Subject: [bug#30459] [PATCH 06/11] services: certbot: Get certbot to run non-interactively.
Date: Thu, 22 Feb 2018 21:49:46 +0100

Marius Bakke <mbakke <at> fastmail.com> writes:

>> I won't push right now because I'm unconvinced by certbot-activation:
>>   - it runs at every reconfigure, whereas I want it to run only when the
>>     configuration changes
>>   - it runs at system startup (with no internet access, I think) which I
>>     obviously don't want
>>   - it requires internet access
>
> I haven't studied the code, but perhaps certbot-activation could be made
> a "proper" Shepherd service (e.g. simple-service)?  That way it can have
> a dependency on networking, at least.  It also would not run on every
> reconfigure.

Good idea!

>> Assuming there is no way to get it to run only on reconfigure when the
>> configuration has changed, I could make a command that the user would
>> use manually (wich profile-service-type).  They would use this command
>> if they add new certificates and if they don't want to wait for the cron
>> task to happen.  WDYT?
>
> This sounds great, but don't know if it should block this series.
> Perhaps you can push it to a 'wip-certbot' branch on Savannah for easier
> access and testing?
>
> Also, hopefully some of our newfound Shepherd experts can chime in on
> this thread :)

I pushed the series as is in the master branch, because it changes the
API and it's better that the potential users use the new API as soon as
possible.  (And it works anyway.)  I'll add a patch implementing the
certbot-activation as a Shepherd service.

Thank you for the review!

Clément

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.