From patchwork Wed Apr 30 15:34:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 42182 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E3B5927BC4A; Wed, 30 Apr 2025 16:36:41 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 0EACD27BC49 for ; Wed, 30 Apr 2025 16:36:41 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uA9Tq-0008H2-6I; Wed, 30 Apr 2025 11:36:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uA9Th-0008CK-KB for guix-patches@gnu.org; Wed, 30 Apr 2025 11:36:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uA9Tg-00087i-UU; Wed, 30 Apr 2025 11:36:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=Kt46toamon8LuAcVmySMz22QlivyXCafXyPNNKU98UQ=; b=GH6Q9WnO8GuMSYra2z2dywgyzy+kbE11jvl6cXmyDgIXFVRfzspXR3dhoiMRCp1N4cKXeljAUiCzH0tQJ8tL5W8rZq9iszAfwwkfwp3IhRsWdrPlduW3B2/IJOCnkyU1PKGswIxMILLusIukbDQWvbm79h8/Y6U7Xh/CSCS/22Ji+k+WGzcClSj4/FDXaMKK2lni+861N/R/jvd9Zxmk5dEOih5b3+soATuEHFxusSumSL+AOgXTP5cA6KOCmMfSAopJY+qA+Bc+Rj6Xx1uxacVKCVzKRN7qNmbnh/A7426ml4WWHt2pLpZ3y2I8pztu7951RanfE69ZZyAUlXMIaw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uA9Te-0002US-GY; Wed, 30 Apr 2025 11:36:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH v2 1/4] In documentation, rename %certbot-deploy-hook back to %nginx-deploy-hook.. References: <87zfyzkkt4.fsf@lease-up.com> In-Reply-To: <87zfyzkkt4.fsf@lease-up.com> Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: gabriel@erlikon.ch, ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Wed, 30 Apr 2025 15:36:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch help To: 67497@debbugs.gnu.org Cc: Carlo Zancanaro , Bruno Victal , Felix Lechner , Maxim Cournoyer , Gabriel Wicki , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Gabriel Wicki , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17460273129118 (code B ref 67497); Wed, 30 Apr 2025 15:36:02 +0000 Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:12 +0000 Received: from localhost ([127.0.0.1]:43920 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uA9Sp-0002Mu-Ox for submit@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:12 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:49108) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uA9Sk-0002M8-Jp for 67497@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=32oyDPoDHfPfas9 WcaIFANx+YdQzF6gypy3fbmUCGco=; h=date:subject:cc:to:from; d=lease-up.com; b=bDW3NwvzEBy7vKuy2sgdoyZtBzVjxEfX+vsT1hDQhnAkLqicFPQK RncLwk6mCrolTWb0xRPAW83rnt0SoEl54ypa0iWO+9bLUM2BDgFhCTxcoCxC8kQyH2RHm/ D13GGPq5GlHfO+FoB/0WaKXbEqX/w6N/GvhyCQKlMdcp869/8= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id c62308a8 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 30 Apr 2025 15:35:01 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 7b88aa02; Wed, 30 Apr 2025 15:35:01 +0000 (UTC) Date: Wed, 30 Apr 2025 08:34:36 -0700 Message-ID: X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Bruno Victal made that change in commit fec8e513, but a nearby patch will offer the ability to specify a list of hooks. That makes it possible to name deploy hooks after the services they restart. Change-Id: I128f71f2e96159eef8821e21ea03ecf0c1c0a7f4 --- doc/guix.texi | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) base-commit: bb8cc412c8fcab613c402e06ae7024d6df5c9010 diff --git a/doc/guix.texi b/doc/guix.texi index 90d90b2e1eb..b48255a16e0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35364,13 +35364,21 @@ Certificate Services must be a @code{certbot-configuration} record as in this example: @lisp +(define %nginx-deploy-hook + (program-file "certbot-nginx-deploy-hook.scm" + (with-imported-modules '((gnu services herd)) + #~(begin + (use-modules (gnu services herd)) + (with-shepherd-action 'nginx ('reload) result result))))) + (service certbot-service-type (certbot-configuration (email "foo@@example.net") (certificates (list (certificate-configuration - (domains '("example.net" "www.example.net"))) + (domains '("example.net" "www.example.net")) + (deploy-hook %nginx-deploy-hook)) (certificate-configuration (domains '("bar.example.net"))))))) @end lisp From patchwork Wed Apr 30 15:34:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 42181 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E208427BC4B; Wed, 30 Apr 2025 16:36:31 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id A732A27BC49 for ; Wed, 30 Apr 2025 16:36:30 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uA9Ti-0008Cm-HP; Wed, 30 Apr 2025 11:36:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uA9Th-0008Bz-8A for guix-patches@gnu.org; Wed, 30 Apr 2025 11:36:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uA9Tg-00087h-Tn; Wed, 30 Apr 2025 11:36:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=1tETzwYAOftCLDa/hqH6jzIVTXrNp2JAhTEPHEERjmQ=; b=lKpehxoNSMPA44nJqUQQhvIcHsTAAtWUjGrwUILhPzgra9O1On1784Nu5lFzlkAQay1mbqtArhZZMayvVTY4Bj+PEC5lR/bYvQ7cu6gbyXDo8IRq5GTgHal3vLKc78AZc/d7mHccSM2ABY9710A4bLtXbZjx/mPt+87JbUa1WAAfj/Ah468dbBLCsk3LGXd/CW25sV39ThgReyhuHX4qCXFjKyZuqH91/2MNu8QDeaFVeJCDj7df/VYC0ku82xbWIMkLXWeXqavgxY71HSfbrRgfMsrorH5j0LMZkUQ3rF/5aZ1/lVvWHu1Dda7+EQ0jYi/yhopsmUcT/0JxtMGAvA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uA9Tf-0002UY-0C; Wed, 30 Apr 2025 11:36:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH v2 2/4] In certbot documentation, call environment variables by their proper name. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: gabriel@erlikon.ch, ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Wed, 30 Apr 2025 15:36:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch help To: 67497@debbugs.gnu.org Cc: Carlo Zancanaro , Bruno Victal , Felix Lechner , Maxim Cournoyer , Gabriel Wicki , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Gabriel Wicki , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17460273179433 (code B ref 67497); Wed, 30 Apr 2025 15:36:02 +0000 Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:17 +0000 Received: from localhost ([127.0.0.1]:43925 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uA9Sv-0002Rp-8r for submit@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:17 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:49108) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uA9Sm-0002M8-D0 for 67497@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=m07dR0mb10lL5cW Oa5LSDtsYMk2tsHDsvBEVpeGOCbM=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=aNuFbiNqx4tHrRyV6XVsReNlwVI4sT932plZbyni enVj3mVR3dFGUv4alZxM8y4y1YCjYhA+XIdS6kgad1cFrhNVWgOwIW5qYV/9gVogKS10dh o+lOK1gLDTxPnZL+bVXJh6Oo2DCCfuMUvCHPz/ygrhkR+ecZQpDii+7np6Ey8= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 7d2d8054 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 30 Apr 2025 15:35:04 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id f371d704; Wed, 30 Apr 2025 15:35:03 +0000 (UTC) Date: Wed, 30 Apr 2025 08:34:37 -0700 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Certbot's hooks can be written in any language. in fact, they can be any kind of executable. Environment variables are widely used to communicate values across that type of fork(2) boundary. In the context here, it is more accurate to talk about environment variables. Change-Id: If0b476c3367a3108d9365d718a74faa7d9fe7530 --- doc/guix.texi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index b48255a16e0..1b0fa4f2a3a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35471,24 +35471,24 @@ Certificate Services @item @code{authentication-hook} (default: @code{#f}) Command to be run in a shell once for each certificate challenge to be -answered. For this command, the shell variable @code{$CERTBOT_DOMAIN} +answered. For this command, the environment variable @code{$CERTBOT_DOMAIN} will contain the domain being authenticated, @code{$CERTBOT_VALIDATION} contains the validation string and @code{$CERTBOT_TOKEN} contains the file name of the resource requested when performing an HTTP-01 challenge. @item @code{cleanup-hook} (default: @code{#f}) Command to be run in a shell once for each certificate challenge that -have been answered by the @code{auth-hook}. For this command, the shell +have been answered by the @code{auth-hook}. For this command, the environment variables available in the @code{auth-hook} script are still available, and additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output of the @code{auth-hook} script. @item @code{deploy-hook} (default: @code{#f}) Command to be run in a shell once for each successfully issued -certificate. For this command, the shell variable +certificate. For this command, the environment variable @code{$RENEWED_LINEAGE} will point to the config live subdirectory (for example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new -certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will +certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will contain a space-delimited list of renewed certificate domains (for example, @samp{"example.com www.example.com"}. From patchwork Wed Apr 30 15:34:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 42183 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3B60027BC4B; Wed, 30 Apr 2025 16:36:56 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B6FE427BC49 for ; Wed, 30 Apr 2025 16:36:55 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uA9Ti-0008Cn-Kr; Wed, 30 Apr 2025 11:36:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uA9Tg-0008BD-O4 for guix-patches@gnu.org; Wed, 30 Apr 2025 11:36:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uA9Tg-00087N-BX for guix-patches@gnu.org; Wed, 30 Apr 2025 11:36:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=zCJkFf51TQu9dbNr0UdsRwQjvyZBZvPXynF1+kB/utg=; b=gR14283tvRYcrSYKI3oStHO6dFlTg3doExD9XqEfXX0Q+YaVEHbHsBMuiUTXNY5/WH4QUhgIO9N1W6IZ3Pp17lGSB6h0EH9ZaDWh7d0CEFaIx6p/na2LHYz7CxPJqy3SXbDCw5Vyx+DYWyJrbaSBXlKQPVWGGUK+NHTDxScn1IUnkA/MVidPwtQREAhF0KySShZSy9FjsauEs3nhg9SJjxI+G7ZUl3L8/1h2nAbYHd9dQJW8lDvw+Q/1Hjf7WBNknPcxelIsxmK7ZtJgEDztBjeKQvfAradyD1FXRxl9cepBb69OYaVz/TtQrBRXU8QTPEQSYhuGHRONGFuMDhDbqA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uA9Tg-0002Up-1H for guix-patches@gnu.org; Wed, 30 Apr 2025 11:36:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH v2 3/4] In certbot service, reduce code duplication. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 30 Apr 2025 15:36:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch help To: 67497@debbugs.gnu.org Cc: Carlo Zancanaro , Bruno Victal , Felix Lechner , Maxim Cournoyer Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17460273219481 (code B ref 67497); Wed, 30 Apr 2025 15:36:03 +0000 Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:21 +0000 Received: from localhost ([127.0.0.1]:43929 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uA9Sy-0002Sq-Hl for submit@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:21 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:49108) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uA9Sn-0002M8-I4 for 67497@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=HEqbv6EViF+YxSJ wmA84LP4xnCFvOpeRkljgGH4fF3g=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=YEo0uKR6FTALBH+uxK59bsrRzqTfqTpwvwORycoQ f7+KRPyevQOJlAC4mXZ5L4Z2uDp+O7dvpnmwl2kBoioPKwZid0Q5AJpTsiryKYh4ngOF1u iD+sjUdQR0aZfa1Hx887/kzHVHzOH4ZyC/y7/CC+ozRpVMIy7DDtQuq+pqiqA= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 5b25eb73 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 30 Apr 2025 15:35:06 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id c961b6af; Wed, 30 Apr 2025 15:35:05 +0000 (UTC) Date: Wed, 30 Apr 2025 08:34:38 -0700 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The certbot command is can only be changed with a great deal of attention. The program branches early and constructs two separate invocations. Changes would generally have to be made in two places. Otherwise, a new bug might be introduced. This commit places the conditional inquestion inside the list so that future edits are more fool-proof. Change-Id: I4a54f8b78ff4722688de7772d3c26a6191d6ff89 --- gnu/services/certbot.scm | 60 ++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 33 deletions(-) diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index d6c7d175ff5..08a480ed3b1 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -142,39 +142,33 @@ (define certbot-command csr authentication-hook cleanup-hook deploy-hook) (let ((name (or custom-name (car domains)))) - (if challenge - (append - (list name certbot "certonly" "-n" "--agree-tos" - "--manual" - (string-append "--preferred-challenges=" challenge) - "--cert-name" name - "--manual-public-ip-logging-ok" - "-d" (string-join domains ",")) - (if csr `("--csr" ,csr) '()) - (if email - `("--email" ,email) - '("--register-unsafely-without-email")) - (if server `("--server" ,server) '()) - (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) - (if authentication-hook - `("--manual-auth-hook" ,authentication-hook) - '()) - (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '()) - (list "--deploy-hook" - (certbot-deploy-hook name deploy-hook))) - (append - (list name certbot "certonly" "-n" "--agree-tos" - "--webroot" "-w" webroot - "--cert-name" name - "-d" (string-join domains ",")) - (if csr `("--csr" ,csr) '()) - (if email - `("--email" ,email) - '("--register-unsafely-without-email")) - (if server `("--server" ,server) '()) - (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) - (list "--deploy-hook" - (certbot-deploy-hook name deploy-hook))))))) + (append + (list name + certbot + "certonly" + "-n" + "--agree-tos") + (if challenge + (append + (list "--manual" + (string-append "--preferred-challenges=" challenge) + "--manual-public-ip-logging-ok") + (if authentication-hook + (list "--manual-auth-hook" authentication-hook) + '()) + (if cleanup-hook + (list "--manual-cleanup-hook" cleanup-hook) + '())) + (list "--webroot" "-w" webroot)) + (list "--cert-name" name + "-d" (string-join domains ",")) + (if csr (list "--csr" csr) '()) + (if email + (list "--email" email) + (list "--register-unsafely-without-email")) + (if server (list "--server" server) '()) + (if rsa-key-size (list "--rsa-key-size" rsa-key-size) '()) + (if deploy-hook (list "--deploy-hook" deploy-hook) '()))))) certificates))) (program-file "certbot-command" From patchwork Wed Apr 30 15:34:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 42180 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D9C1227BC4A; Wed, 30 Apr 2025 16:36:31 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id BA45727BC4B for ; Wed, 30 Apr 2025 16:36:30 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uA9Ti-0008Cx-Tg; Wed, 30 Apr 2025 11:36:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uA9Tg-0008BH-OB for guix-patches@gnu.org; Wed, 30 Apr 2025 11:36:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uA9Tg-00087M-BN; Wed, 30 Apr 2025 11:36:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=T/ydOBh+2WE3sGJi6KXRvp2OXzf9il9X0mB3LWZHDQU=; b=RcZjDwxF0m9mcE/wgCWx8SpQ9hBR2w/XHEPuoRF+rCZGR8g4+dZuAZsF7XA+4kEdIIYihH3raaDrAtqiPUSzOuXPt5AGzZEQPH9tvQ5WvEPShXmt5AaHySmDPNKaCVjmCwHDogRaqrKEZcxxox2c6YytYO3P8ICrYSM82QaH8CM6mZ9EuLlZL3waaCiV3sHE49KRCYRl6lQgJhQ+kKUSuOSq+lck6aAik2E/fRXqxgeVFLSnLCraz3hX9xhbTPA18rFYdWV1DLKGnjOJw+c3pY0Y4ZOCZDB3snBsx/X6cnHZDamhxmqGJtw5Dj3/Ef78fXF2BThIfDRP8qWyEEn/WA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uA9Tf-0002Uf-H3; Wed, 30 Apr 2025 11:36:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH v2 4/4] In certbot's client configuration, offer multiple deploy-hooks. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: gabriel@erlikon.ch, ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Wed, 30 Apr 2025 15:36:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch help To: 67497@debbugs.gnu.org Cc: Carlo Zancanaro , Bruno Victal , Felix Lechner , Maxim Cournoyer , Gabriel Wicki , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Gabriel Wicki , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17460273209473 (code B ref 67497); Wed, 30 Apr 2025 15:36:03 +0000 Received: (at 67497) by debbugs.gnu.org; 30 Apr 2025 15:35:20 +0000 Received: from localhost ([127.0.0.1]:43927 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uA9Sv-0002SB-QX for submit@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:20 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:35816) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uA9So-0002MM-44 for 67497@debbugs.gnu.org; Wed, 30 Apr 2025 11:35:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=mmSDw5Y+P4Pk4EI 7DmeWJP2ZMqkwEfK9lYxSUn0i/mA=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=YUKYHFmU4EuFvSSG8+kKjndfl4kEBv5ZDw3WzwdV XsChkNvO88FasWvefpBKPeZMkW9EyDU5xnewIIzqs5ud/JkFzWwYcg8Ht+2H69y36YzoS7 ZaxX4lpUpt2bkqA5CpUowiCca+lvHDK4oyofM7N6YGnX6Y5WAVP5exq+mclKE= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 5d8c886e (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 30 Apr 2025 15:35:08 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 26a28ea1; Wed, 30 Apr 2025 15:35:07 +0000 (UTC) Date: Wed, 30 Apr 2025 08:34:39 -0700 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The certbot program can accept multiple deploy hooks by repeating the relevant option on the command line. This commit makes that capability available to users. Certificates are often used to secure multiple services. It is helpful to have separate hooks for each service. It makes those hooks easier to maintain. It's also easier that way to re-use a hook for another certificate that may not serve to secure the same combination of services. Change-Id: I3a293daee47030d9bee7f366605aa63a14e98e38 --- doc/guix.texi | 11 ++++++----- gnu/services/certbot.scm | 18 ++++++++++++++++-- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1b0fa4f2a3a..deb1f76d353 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35378,7 +35378,7 @@ Certificate Services (list (certificate-configuration (domains '("example.net" "www.example.net")) - (deploy-hook %nginx-deploy-hook)) + (deploy-hooks '(%nginx-deploy-hook))) (certificate-configuration (domains '("bar.example.net"))))))) @end lisp @@ -35483,14 +35483,15 @@ Certificate Services additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output of the @code{auth-hook} script. -@item @code{deploy-hook} (default: @code{#f}) -Command to be run in a shell once for each successfully issued -certificate. For this command, the environment variable +@item @code{deploy-hooks} (default: @code{'()}) +Commands to be run in a shell once for each successfully issued +certificate. For these commands, the environment variable @code{$RENEWED_LINEAGE} will point to the config live subdirectory (for example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will contain a space-delimited list of renewed certificate domains (for -example, @samp{"example.com www.example.com"}. +example, @samp{"example.com www.example.com"}. Please note that the singular +field @code{deploy-hook} was replaced by this field in the plural. @item @code{start-self-signed?} (default: @code{#t}) Whether to generate an initial self-signed certificate during system diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 08a480ed3b1..7a67b9bd7cb 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -30,6 +30,7 @@ (define-module (gnu services certbot) #:use-module (gnu services web) #:use-module (gnu system shadow) #:use-module (gnu packages tls) + #:use-module (guix deprecation) #:use-module (guix i18n) #:use-module (guix records) #:use-module (guix gexp) @@ -63,8 +64,11 @@ (define-record-type* (default #f)) (cleanup-hook certificate-cleanup-hook (default #f)) + ;; TODO: remove singular deploy-hook; is deprecated (deploy-hook certificate-configuration-deploy-hook (default #f)) + (deploy-hooks certificate-configuration-deploy-hooks + (default '())) (start-self-signed? certificate-configuration-start-self-signed? (default #t))) @@ -140,7 +144,8 @@ (define certbot-command (match-lambda (($ custom-name domains challenge csr authentication-hook - cleanup-hook deploy-hook) + cleanup-hook + deploy-hook deploy-hooks) (let ((name (or custom-name (car domains)))) (append (list name @@ -168,7 +173,16 @@ (define certbot-command (list "--register-unsafely-without-email")) (if server (list "--server" server) '()) (if rsa-key-size (list "--rsa-key-size" rsa-key-size) '()) - (if deploy-hook (list "--deploy-hook" deploy-hook) '()))))) + + (if deploy-hook + (begin + (warn-about-deprecation 'deploy-hook #f + #:replacement 'deploy-hooks) + (list "--deploy-hook" deploy-hook)) + '()) + (append-map (lambda (hook) + (list "--deploy-hook" hook)) + deploy-hooks))))) certificates))) (program-file "certbot-command"