diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-08-03 22:57:32 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-08-04 01:39:39 +0200 |
commit | e419eb68718085fa2e2505eb4b4aa08145f7dc1c (patch) | |
tree | b71aa88e60d4775bec2efece141acbb9f024a88d | |
parent | da8b727f156d23553eecb90e8731d39c6027cb02 (diff) |
Ignore [accountd] section from lacme.conf when the --socket option is defined.
This allows remotely-controlled lacme processes being controlled without
modifying an config files. See https://bugs.debian.org/955767 .
-rw-r--r-- | Changelog | 3 | ||||
-rw-r--r-- | config/lacme.conf | 4 | ||||
-rwxr-xr-x | lacme | 2 | ||||
-rw-r--r-- | lacme.8.md | 17 |
4 files changed, 14 insertions, 12 deletions
@@ -1,6 +1,9 @@ lacme (0.7) UNRELEASED; + Adapt Apache2 snippet to Apache2 2.4. + + Ignore [accountd] section from lacme.conf when the --socket option is + defined. This allows remotely-controlled lacme processes being + controlled without modifying an config files. * Makefile: major refactoring, add install and uninstall targets, honor BUILD_DOCDIR and DESTDIR variables. * Install lacme manual to section 8. diff --git a/config/lacme.conf b/config/lacme.conf index cf7edfd..9f4db72 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -95,8 +95,8 @@ [accountd] # lacme-accound(1) section. Comment out this section (including its -# header) to make lacme(8) connect to an existing UNIX-domain socket -# bound by a running acme-accountd(1) process. +# header), or use the --socket= CLI option, to make lacme(8) connect to +# an existing lacme-accountd(1) process via a UNIX-domain socket. # username to drop privileges to (setting both effective and real uid). # Preserve root privileges if the value is empty. @@ -87,7 +87,7 @@ do { my $h = Config::Tiny::->read_string($conf) or die Config::Tiny::->errstr()."\n"; my $defaults = delete $h->{_} // {}; - my $accountd = exists $h->{accountd} ? 1 : 0; + my $accountd = defined $OPTS{socket} ? 0 : exists $h->{accountd} ? 1 : 0; my %valid = ( client => { socket => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef), @@ -108,11 +108,9 @@ Generic options aborts if `path` is readable or writable by other users, or if its parent directory is writable by other users. This command-line option overrides the *socket* option of the - [`[client]` section](#client-section) of the configuration file. - Moreover this option is ignored when the configuration file has an - [`[accountd]` section](#accountd-section); in that case `lacme` - spawns [`lacme-accountd`(1)], and the two processes communicate - through a socket pair. + [`[client]` section](#client-section) of the configuration file; it + also causes the [`[accountd]` section](#accountd-section) to be + ignored. `-h`, `--help` @@ -276,10 +274,11 @@ served during certificate issuance. `[accountd]` section --------------------- -This section is used for configuring the [`lacme-accountd`(1)] process. -If the section (including its header) is absent or commented out, -`lacme` connects to an existing UNIX-domain socket bound by a running -[`lacme-accountd`(1)] process. +This section is used for configuring the [`lacme-accountd`(1)] child +process. If the section (including its header) is absent or commented +out, or if the CLI option `--socket` is specified, then `lacme` connects +to an existing [`lacme-accountd`(1)] process via the specified +UNIX-domain socket. *user* |