-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Confconsole Bookworm Let's Encrypt DNS-01 challenge fixes #82
Confconsole Bookworm Let's Encrypt DNS-01 challenge fixes #82
Conversation
Hey @OnGle can you please do a code review here ASAP? FWIW, there is a lot of discussion on the related issue: turnkeylinux/tracker#1876 You probably won't need it, but figured I might as well mention it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only really concerned with the save_config
thing. I'm ok pushing through with the lexicon package stuff if you want, just wanted to note it since it seems somewhat in opposition to the venv install.
…y, but as Stefan notes, it shouldn't\!)
|
||
def get_conf_value(conf: list[str], key: str) -> str: | ||
"""Given a list of config lines and a key, returns the (first) corresponding | ||
value (non case sensititive). If nothing found, returns empty string. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe this should actually return Optional[str]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, good call. Actually, it's not even being used, so I probably should just remove it?! I don't actually recall my intentions with that, so I'm just going to leave it there for now though...
@@ -158,21 +162,24 @@ restart_servers() { | |||
for servicename in $@; do | |||
info "(Re)starting $servicename" | |||
systemctl restart $servicename | tee -a $LOG | |||
[ "${PIPESTATUS[0]}" -eq 0 ] || EXIT_CODE=1 | |||
[[ "${PIPESTATUS[0]}" -eq 0 ]] || EXIT_CODE=1 | |||
done | |||
} | |||
|
|||
clean_finish() { | |||
# warning: do NOT use 'fatal' in this func as it will cause an inescapable recursive loop |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you add EXIT
to the trap signals in L216 then fatal
can just exit 1
and can be used here. the EXIT
trap is executed exactly once
[ $(which authbind) ] || fatal "Authbind not installed" | ||
[[ "$EUID" = "0" ]] || fatal "$APP must be run as root" | ||
[[ $(which dehydrated) ]] || fatal "Dehydrated not installed, or not in the \$PATH" | ||
[[ $(which authbind) ]] || fatal "Authbind not installed" | ||
|
||
for sig in INT TERM; do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be INT TERM EXIT
i also recommend using |
Thanks @a3s7p - great catches and good call to check via I've applied all of your suggested fixes, with exception of your suggestions re I'm going to merge this now. But I will circle back and add your suggestion to the tracker for future dev. |
Refactoring/bugfixing the Confconsole Let's Encrypt plugin...
Closes turnkeylinux/tracker#1876 (or at least will when I'm finished)
This work was undertaken to resolve the above noted bug for DNS-01 challenges. However I got a bit carried away and refactored and tidied the code a bit more than I originally intended...
This is currently untested, so will likely get another commit or 2.