From patchwork Mon Nov 27 21:20:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 56877 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 123C227BBE9; Mon, 27 Nov 2023 21:22:37 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 1F60327BBE2 for ; Mon, 27 Nov 2023 21:22:36 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r7j3G-0000z9-PI; Mon, 27 Nov 2023 16:21:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r7j3F-0000yH-1d for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:57 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r7j3E-0005n3-Bp for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:56 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r7j3K-00018p-Hf for guix-patches@gnu.org; Mon, 27 Nov 2023 16:22:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH 1/4] In documentation, rename %certbot-deploy-hook back to %nginx-deploy-hook.. References: <87zfyzkkt4.fsf@lease-up.com> In-Reply-To: <87zfyzkkt4.fsf@lease-up.com> Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 27 Nov 2023 21:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67497@debbugs.gnu.org Cc: Bruno Victal , Felix Lechner Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17011200944317 (code B ref 67497); Mon, 27 Nov 2023 21:22:02 +0000 Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:34 +0000 Received: from localhost ([127.0.0.1]:44983 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j2s-00017Z-EW for submit@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:34 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j2q-00017R-DP for 67497@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=fGLAC27IcFWBrV0 /0tgLToXTmKm7Am3RZqyg3ig0EKs=; h=date:subject:cc:to:from; d=lease-up.com; b=UYrhuRJNbcug2ltieKPxdzTDgvB9kXaA8doLLF0zJouy3LEeddTI oQuSA12c+OuJAF5k9YU4xCeLI9+z0enC8rLb/MvCY8yIhuU7uUzDaH2mv5zlIj9si1Sxc3 j4lHmKuun4ONXNELQi2QuRXjEHLpZxwdOGTR12Bwk2YrK4pj0= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 4456cd9d (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 27 Nov 2023 21:21:25 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 00673cdd; Mon, 27 Nov 2023 21:21:24 +0000 (UTC) Date: Mon, 27 Nov 2023 13:20:51 -0800 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Bruno Victal made that change in commit fec8e513, but a nearby patch will offer the ability to specify a list of hooks. That makes it possible to name deploy hooks after the services they restart. Change-Id: I128f71f2e96159eef8821e21ea03ecf0c1c0a7f4 --- doc/guix.texi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) base-commit: 6e4914a037c8b332ab3f1149129c0bd1cea4640b diff --git a/doc/guix.texi b/doc/guix.texi index 767133cd0f..b0b1c05c73 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32032,8 +32032,8 @@ Certificate Services must be a @code{certbot-configuration} record as in this example: @lisp -(define %certbot-deploy-hook - (program-file "certbot-deploy-hook.scm" +(define %nginx-deploy-hook + (program-file "certbot-nginx-deploy-hook.scm" (with-imported-modules '((gnu services herd)) #~(begin (use-modules (gnu services herd)) @@ -32046,7 +32046,7 @@ Certificate Services (list (certificate-configuration (domains '("example.net" "www.example.net")) - (deploy-hook %certbot-deploy-hook)) + (deploy-hook %nginx-deploy-hook)) (certificate-configuration (domains '("bar.example.net"))))))) @end lisp From patchwork Mon Nov 27 21:20:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 56876 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 34D4A27BBE2; Mon, 27 Nov 2023 21:22:13 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5087627BBEA for ; Mon, 27 Nov 2023 21:22:11 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r7j3G-0000zF-U3; Mon, 27 Nov 2023 16:21:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r7j3F-0000yI-1h for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:57 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r7j3E-0005n5-FF for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:56 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r7j3K-00018w-Ta for guix-patches@gnu.org; Mon, 27 Nov 2023 16:22:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH 2/4] In certbot documentation, call environment variables by their proper name. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 27 Nov 2023 21:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67497@debbugs.gnu.org Cc: Bruno Victal , Felix Lechner Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17011200984339 (code B ref 67497); Mon, 27 Nov 2023 21:22:02 +0000 Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:38 +0000 Received: from localhost ([127.0.0.1]:44987 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j2v-00017u-OS for submit@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:38 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j2s-00017R-7n for 67497@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=fvjhNjgOq6aLOZO RmF4VZEHyzgSdcD/CUrbIl3wI0/c=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=ZP2JzvE2snqTnN+SJnNRw/HPPR8hxX78Rj4dqEqg EcIZHcmWIrhiGtE25DAhr5TLcaHVwpa16irPvNysdpph5Lky1Jf/iBFWG0eqaRxQJQcZ9k q5fOIQezwjdfYphlSa905m+7EotHPsRfGu7zYezMWZWHA+GSliJj9bo6BGLW8= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 79edd8b4 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 27 Nov 2023 21:21:27 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id de854032; Mon, 27 Nov 2023 21:21:26 +0000 (UTC) Date: Mon, 27 Nov 2023 13:20:52 -0800 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Certbot's hooks can be written in any language. in fact, they can be any kind of executable. Environment variables are widely used to communicate values across that type of fork(2) boundary. In the context here, it is more accurate to talk about environment variables. Change-Id: If0b476c3367a3108d9365d718a74faa7d9fe7530 --- doc/guix.texi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index b0b1c05c73..440a5f3efa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32139,24 +32139,24 @@ Certificate Services @item @code{authentication-hook} (default: @code{#f}) Command to be run in a shell once for each certificate challenge to be -answered. For this command, the shell variable @code{$CERTBOT_DOMAIN} +answered. For this command, the environment variable @code{$CERTBOT_DOMAIN} will contain the domain being authenticated, @code{$CERTBOT_VALIDATION} contains the validation string and @code{$CERTBOT_TOKEN} contains the file name of the resource requested when performing an HTTP-01 challenge. @item @code{cleanup-hook} (default: @code{#f}) Command to be run in a shell once for each certificate challenge that -have been answered by the @code{auth-hook}. For this command, the shell +have been answered by the @code{auth-hook}. For this command, the environment variables available in the @code{auth-hook} script are still available, and additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output of the @code{auth-hook} script. @item @code{deploy-hook} (default: @code{#f}) Command to be run in a shell once for each successfully issued -certificate. For this command, the shell variable +certificate. For this command, the environment variable @code{$RENEWED_LINEAGE} will point to the config live subdirectory (for example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new -certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will +certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will contain a space-delimited list of renewed certificate domains (for example, @samp{"example.com www.example.com"}. From patchwork Mon Nov 27 21:20:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 56878 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B672C27BBE9; Mon, 27 Nov 2023 21:22:39 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id DF6E427BBE2 for ; Mon, 27 Nov 2023 21:22:37 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r7j3H-0000zc-62; Mon, 27 Nov 2023 16:21:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r7j3F-0000yJ-58 for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:57 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r7j3E-0005nF-Sp for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:56 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r7j3L-000194-BK for guix-patches@gnu.org; Mon, 27 Nov 2023 16:22:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH 3/4] In certbot service, reduce code duplication. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 27 Nov 2023 21:22:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67497@debbugs.gnu.org Cc: Bruno Victal , Felix Lechner Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17011200984346 (code B ref 67497); Mon, 27 Nov 2023 21:22:03 +0000 Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:38 +0000 Received: from localhost ([127.0.0.1]:44989 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j2w-00017w-68 for submit@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:38 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j2u-00017R-UB for 67497@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=He5BdxLzrXx8Tx1 KMFb3ErmfgVyOv9pbVDeJ3mHo3fY=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=iaDHQSXKrxZmnbcU/jOx81gRwwINwcAuAdxrnmo2 qq7EWOOCtD96F/FMVkvbiJSPk480Wm0NJ2nhWPBaDuqyn5w8qOoi4+06JfnRqXbj5p4MTd h67+ux7XgP5bYCY4C44syK749A/f6XH8WFJYR4vrVxYZ/RN679BybMHhjPs2g= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 295fbbd1 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 27 Nov 2023 21:21:29 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 0cae772a; Mon, 27 Nov 2023 21:21:28 +0000 (UTC) Date: Mon, 27 Nov 2023 13:20:53 -0800 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The certbot command is can only be changed with a great deal of attention. The program branches early and constructs two separate invocations. Changes would generally have to be made in two places. Otherwise, a new bug might be introduced. This commit places the conditional inquestion inside the list so that future edits are more fool-proof. Change-Id: I4a54f8b78ff4722688de7772d3c26a6191d6ff89 --- gnu/services/certbot.scm | 58 +++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 31 deletions(-) diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 0c45471659..8490a69a99 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -100,37 +100,33 @@ (define certbot-command csr authentication-hook cleanup-hook deploy-hook) (let ((name (or custom-name (car domains)))) - (if challenge - (append - (list name certbot "certonly" "-n" "--agree-tos" - "--manual" - (string-append "--preferred-challenges=" challenge) - "--cert-name" name - "--manual-public-ip-logging-ok" - "-d" (string-join domains ",")) - (if csr `("--csr" ,csr) '()) - (if email - `("--email" ,email) - '("--register-unsafely-without-email")) - (if server `("--server" ,server) '()) - (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) - (if authentication-hook - `("--manual-auth-hook" ,authentication-hook) - '()) - (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '()) - (if deploy-hook `("--deploy-hook" ,deploy-hook) '())) - (append - (list name certbot "certonly" "-n" "--agree-tos" - "--webroot" "-w" webroot - "--cert-name" name - "-d" (string-join domains ",")) - (if csr `("--csr" ,csr) '()) - (if email - `("--email" ,email) - '("--register-unsafely-without-email")) - (if server `("--server" ,server) '()) - (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) - (if deploy-hook `("--deploy-hook" ,deploy-hook) '())))))) + (append + (list name + certbot + "certonly" + "-n" + "--agree-tos") + (if challenge + (append + (list "--manual" + (string-append "--preferred-challenges=" challenge) + "--manual-public-ip-logging-ok") + (if authentication-hook + (list "--manual-auth-hook" authentication-hook) + '()) + (if cleanup-hook + (list "--manual-cleanup-hook" cleanup-hook) + '())) + (list "--webroot" "-w" webroot)) + (list "--cert-name" name + "-d" (string-join domains ",")) + (if csr (list "--csr" csr) '()) + (if email + (list "--email" email) + (list "--register-unsafely-without-email")) + (if server (list "--server" server) '()) + (if rsa-key-size (list "--rsa-key-size" rsa-key-size) '()) + (if deploy-hook (list "--deploy-hook" deploy-hook) '()))))) certificates))) (program-file "certbot-command" From patchwork Mon Nov 27 21:20:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 56875 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D3F0727BBEC; Mon, 27 Nov 2023 21:22:11 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 842A227BBE2 for ; Mon, 27 Nov 2023 21:22:10 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r7j3H-0000zh-SG; Mon, 27 Nov 2023 16:21:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r7j3F-0000yf-Kb for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:57 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r7j3F-0005nN-CZ for guix-patches@gnu.org; Mon, 27 Nov 2023 16:21:57 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r7j3L-00019B-RD for guix-patches@gnu.org; Mon, 27 Nov 2023 16:22:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH 4/4] In certbot's client configuration, offer multiple deploy-hooks. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 27 Nov 2023 21:22:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67497@debbugs.gnu.org Cc: Bruno Victal , Felix Lechner Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.17011201074365 (code B ref 67497); Mon, 27 Nov 2023 21:22:03 +0000 Received: (at 67497) by debbugs.gnu.org; 27 Nov 2023 21:21:47 +0000 Received: from localhost ([127.0.0.1]:44992 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j34-00018L-KC for submit@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:47 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:56770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7j2w-00017R-OI for 67497@debbugs.gnu.org; Mon, 27 Nov 2023 16:21:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=BLbugcUu92iK3vE e1pNldPPel9aHTUmZ5cTIw35/KXg=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=GopeRi7SkYQWtakhR3nqqo2u5UL+Nj4cZQGfKXg0 970lgWTA/8WbKDeN5wil1XGI+XarGzbAX9URhsi2Ltf+qpsY7tzB611L0W4MmNfwdeHzhh YvQtih7BfbGzllx17RfzK6p9DwqG6Jc+x+QGvSz/IopGdK39q52d7kUQnv2lU= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id e2bd5eed (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 27 Nov 2023 21:21:31 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 5602a01d; Mon, 27 Nov 2023 21:21:30 +0000 (UTC) Date: Mon, 27 Nov 2023 13:20:54 -0800 Message-ID: <729de952f099681b99b1ffd4f3f5bed736cc6b43.1701120054.git.felix.lechner@lease-up.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The certbot program can accept multiple deploy hooks by repeating the relevant option on the command line. This commit makes that capability available to users. Certificates are often used to secure multiple services. It is helpful to have separate hooks for each service. It makes those hooks easier to maintain. It's also easier that way to re-use a hook for another certificate that may not serve to secure the same combination of services. Change-Id: I3a293daee47030d9bee7f366605aa63a14e98e38 --- doc/guix.texi | 11 ++++++----- gnu/services/certbot.scm | 20 +++++++++++++++++--- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 440a5f3efa..c5cbd0275d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32046,7 +32046,7 @@ Certificate Services (list (certificate-configuration (domains '("example.net" "www.example.net")) - (deploy-hook %nginx-deploy-hook)) + (deploy-hooks '(%nginx-deploy-hook))) (certificate-configuration (domains '("bar.example.net"))))))) @end lisp @@ -32151,14 +32151,15 @@ Certificate Services additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output of the @code{auth-hook} script. -@item @code{deploy-hook} (default: @code{#f}) -Command to be run in a shell once for each successfully issued -certificate. For this command, the environment variable +@item @code{deploy-hooks} (default: @code{'()}) +Commands to be run in a shell once for each successfully issued +certificate. For these commands, the environment variable @code{$RENEWED_LINEAGE} will point to the config live subdirectory (for example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new certificates and keys; the environment variable @code{$RENEWED_DOMAINS} will contain a space-delimited list of renewed certificate domains (for -example, @samp{"example.com www.example.com"}. +example, @samp{"example.com www.example.com"}. Please note that the singular +field @code{deploy-hook} was replaced by this field in the plural. @end table @end deftp diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 8490a69a99..9d5305174b 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -30,6 +30,7 @@ (define-module (gnu services certbot) #:use-module (gnu services web) #:use-module (gnu system shadow) #:use-module (gnu packages tls) + #:use-module (guix deprecation) #:use-module (guix i18n) #:use-module (guix records) #:use-module (guix gexp) @@ -62,8 +63,11 @@ (define-record-type* (default #f)) (cleanup-hook certificate-cleanup-hook (default #f)) + ;; TODO: remove singular deploy-hook; is deprecated (deploy-hook certificate-configuration-deploy-hook - (default #f))) + (default #f)) + (deploy-hooks certificate-configuration-deploy-hooks + (default '()))) (define-record-type* certbot-configuration make-certbot-configuration @@ -98,7 +102,8 @@ (define certbot-command (match-lambda (($ custom-name domains challenge csr authentication-hook - cleanup-hook deploy-hook) + cleanup-hook + deploy-hook deploy-hooks) (let ((name (or custom-name (car domains)))) (append (list name @@ -126,7 +131,16 @@ (define certbot-command (list "--register-unsafely-without-email")) (if server (list "--server" server) '()) (if rsa-key-size (list "--rsa-key-size" rsa-key-size) '()) - (if deploy-hook (list "--deploy-hook" deploy-hook) '()))))) + + (if deploy-hook + (begin + (warn-about-deprecation 'deploy-hook #f + #:replacement 'deploy-hooks) + (list "--deploy-hook" deploy-hook)) + '()) + (append-map (lambda (hook) + (list "--deploy-hook" hook)) + deploy-hooks))))) certificates))) (program-file "certbot-command"