GNU bug report logs - #47136
[PATCH 0/3] services: certbot: Add dry-run? option and a couple of other minor fixes.

Previous Next

Package: guix-patches;

Reported by: Pierre Langlois <pierre.langlois <at> gmx.com>

Date: Sun, 14 Mar 2021 13:09:02 UTC

Severity: normal

Tags: patch

Full log

Message #20 received at 47136 <at> debbugs.gnu.org (full text, mbox):

From: Pierre Langlois <pierre.langlois <at> gmx.com>
To: 47136 <at> debbugs.gnu.org
Cc: Pierre Langlois <pierre.langlois <at> gmx.com>
Subject: Re: [PATCH 3/3] services: certbot: Add dry-run? certificate option.
Date: Sat, 17 Apr 2021 17:51:46 +0100

[Message part 1 (text/plain, inline)]
Hi all,

Friendly ping on this series :-).

Thanks,
Pierre

Pierre Langlois writes:

> * gnu/services/certbot.scm (certificate-configuration): Add dry-run? field.
> (certbot-command): Use it to pass --dry-run to certbot.
> * doc/guix.texi (Certificate Services): Document dry-run? option.
> ---
>  doc/guix.texi            | 35 +++++++++++++++++++++++++++++++++++
>  gnu/services/certbot.scm | 10 +++++++---
>  2 files changed, 42 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index ec449b1772..322c717941 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -25665,6 +25665,41 @@ certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
>  contain a space-delimited list of renewed certificate domains (for
>  example, @samp{"example.com www.example.com"}.
>
> +@item @code{dry-run?} (default: @code{#f})
> +Communitcate with the ACME server but do not update certificates nor

note-to-self, typo here: Communicate

> +trigger @code{deploy-hook}.  This is useful as a temporary setting to
> +test the challenge procedure, especially the @code{authentication-hook}
> +and @code{cleanup-hook} while working on them.  It's also a good idea to
> +use Let's Encrypt's staging server at
> +@url{https://acme-staging-v02.api.letsencrypt.org/directory} while
> +testing, which allows for higher rate limits, but with which
> +@code{certbot} will helpfully refuse to update certificates and
> +recommend the @code{dry-run?} option.  For example:
> +
> +@lisp
> +(define %authentication-hook
> +  (program-file "authentication-hook"
> +    #~(let ((domain (getenv "CERTBOT_DOMAIN"))
> +            (token (getenv "CERTBOT_TOKEN")))
> +        (format #t "Hey, can you authenticate ~a with ~a for me?"
> +                domain token))))
> +
> +(define %cleanup-hook
> +  (program-file "authentication-hook"
> +    #~(display "Bye")
> +
> +(service certbot-service-type
> +         (certbot-configuration
> +          (server "https://acme-staging-v02.api.letsencrypt.org/directory")
> +          (certificates
> +           (list
> +            (certificate-configuration
> +              (dry-run? #t)
> +              (authentication-hook %authentication-hook)
> +              (cleanup-hook %cleanup-hook)
> +              (domains '("example.net" "www.example.net")))))))
> +@end lisp
> +
>  @end table
>  @end deftp
>
> diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
> index 1cea68fc2a..15274cf0ed 100644
> --- a/gnu/services/certbot.scm
> +++ b/gnu/services/certbot.scm
> @@ -61,6 +61,8 @@
>    (cleanup-hook        certificate-cleanup-hook
>                         (default #f))
>    (deploy-hook         certificate-configuration-deploy-hook
> +                       (default #f))
> +  (dry-run?            certbot-configuration-dry-run?
>                         (default #f)))
>
>  (define-record-type* <certbot-configuration>
> @@ -96,7 +98,7 @@
>                (match-lambda
>                  (($ <certificate-configuration> custom-name domains challenge
>                                                  authentication-hook cleanup-hook
> -                                                deploy-hook)
> +                                                deploy-hook dry-run?)
>                   (let ((name (or custom-name (car domains))))
>                     (if challenge
>                       (append
> @@ -114,7 +116,8 @@
>                            `("--manual-auth-hook" ,authentication-hook)
>                            '())
>                        (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '())
> -                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
> +                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> +                      (if dry-run? '("--dry-run")))
>                       (append
>                        (list name certbot "certonly" "-n" "--agree-tos"
>                              "--webroot" "-w" webroot
> @@ -125,7 +128,8 @@
>                            '("--register-unsafely-without-email"))
>                        (if server `("--server" ,server) '())
>                        (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
> -                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
> +                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> +                      (if dry-run? '("--dry-run") '()))))))
>                certificates)))
>         (program-file
>          "certbot-command"


[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 58 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.