aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-08-03 22:57:32 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-08-04 01:39:39 +0200
commite419eb68718085fa2e2505eb4b4aa08145f7dc1c (patch)
treeb71aa88e60d4775bec2efece141acbb9f024a88d
parentda8b727f156d23553eecb90e8731d39c6027cb02 (diff)
Ignore [accountd] section from lacme.conf when the --socket option is defined.
This allows remotely-controlled lacme processes being controlled without modifying an config files. See https://bugs.debian.org/955767 .
-rw-r--r--Changelog3
-rw-r--r--config/lacme.conf4
-rwxr-xr-xlacme2
-rw-r--r--lacme.8.md17
4 files changed, 14 insertions, 12 deletions
diff --git a/Changelog b/Changelog
index 2b1bbe2..1e54354 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,9 @@
lacme (0.7) UNRELEASED;
+ Adapt Apache2 snippet to Apache2 2.4.
+ + Ignore [accountd] section from lacme.conf when the --socket option is
+ defined. This allows remotely-controlled lacme processes being
+ controlled without modifying an config files.
* Makefile: major refactoring, add install and uninstall targets, honor
BUILD_DOCDIR and DESTDIR variables.
* Install lacme manual to section 8.
diff --git a/config/lacme.conf b/config/lacme.conf
index cf7edfd..9f4db72 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -95,8 +95,8 @@
[accountd]
# lacme-accound(1) section. Comment out this section (including its
-# header) to make lacme(8) connect to an existing UNIX-domain socket
-# bound by a running acme-accountd(1) process.
+# header), or use the --socket= CLI option, to make lacme(8) connect to
+# an existing lacme-accountd(1) process via a UNIX-domain socket.
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty.
diff --git a/lacme b/lacme
index 566545b..8701047 100755
--- a/lacme
+++ b/lacme
@@ -87,7 +87,7 @@ do {
my $h = Config::Tiny::->read_string($conf) or die Config::Tiny::->errstr()."\n";
my $defaults = delete $h->{_} // {};
- my $accountd = exists $h->{accountd} ? 1 : 0;
+ my $accountd = defined $OPTS{socket} ? 0 : exists $h->{accountd} ? 1 : 0;
my %valid = (
client => {
socket => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef),
diff --git a/lacme.8.md b/lacme.8.md
index e250858..8f8eb41 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -108,11 +108,9 @@ Generic options
aborts if `path` is readable or writable by other users, or if its
parent directory is writable by other users.
This command-line option overrides the *socket* option of the
- [`[client]` section](#client-section) of the configuration file.
- Moreover this option is ignored when the configuration file has an
- [`[accountd]` section](#accountd-section); in that case `lacme`
- spawns [`lacme-accountd`(1)], and the two processes communicate
- through a socket pair.
+ [`[client]` section](#client-section) of the configuration file; it
+ also causes the [`[accountd]` section](#accountd-section) to be
+ ignored.
`-h`, `--help`
@@ -276,10 +274,11 @@ served during certificate issuance.
`[accountd]` section
---------------------
-This section is used for configuring the [`lacme-accountd`(1)] process.
-If the section (including its header) is absent or commented out,
-`lacme` connects to an existing UNIX-domain socket bound by a running
-[`lacme-accountd`(1)] process.
+This section is used for configuring the [`lacme-accountd`(1)] child
+process. If the section (including its header) is absent or commented
+out, or if the CLI option `--socket` is specified, then `lacme` connects
+to an existing [`lacme-accountd`(1)] process via the specified
+UNIX-domain socket.
*user*