aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-18 01:14:23 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-20 20:16:34 +0100
commitad1856777bf108826008b60a1e70c1e3fbb94ec7 (patch)
tree1a13987984bd11a4fb01d655a3b8fa2a74dfae23
parent1c4fc8c431e69780625600a4ee8526e1a3cbb3f4 (diff)
Deprecate setting 'privkey' in [accountd] section of the lacme(8) configuration file.
One need to use the lacme-accountd(1) configuration file for that instead.
-rw-r--r--Changelog3
-rw-r--r--config/lacme-accountd.conf2
-rw-r--r--config/lacme.conf5
-rwxr-xr-xlacme6
-rw-r--r--lacme.8.md5
5 files changed, 8 insertions, 13 deletions
diff --git a/Changelog b/Changelog
index a700625..abdb3ef 100644
--- a/Changelog
+++ b/Changelog
@@ -32,6 +32,9 @@ lacme (0.7.1) upstream;
default value. The previous default /etc/lacme/lacme-accountd.conf
is still honored when there is the user running lacme doesn't have a
~/.config/lacme/lacme-account.conf configuration file.
+ * Deprecate setting 'privkey' in [accountd] section of the lacme(8)
+ configuration file. One need to use the lacme-accountd(1)
+ configuration file for that instead.
+ Improve nginx/apache2 snippets for direct serving of challenge files
(with the new 'challenge-directory' logic symlinks can be disabled).
+ Split Nginx and Apapche2 static configuration snippets into seperate
diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf
index 7248eb5..10f332e 100644
--- a/config/lacme-accountd.conf
+++ b/config/lacme-accountd.conf
@@ -4,8 +4,8 @@
# - file:FILE, for a private key in PEM format (optionally encrypted)
# - gpg:FILE, for a gpg-encrypted private key
#
-#privkey = gpg:/path/to/encrypted/account.key.gpg
#privkey = file:/path/to/account.key
+#privkey = gpg:/path/to/encrypted/account.key.gpg
# For a gpg-encrypted private account key, "gpg" specifies the binary
# gpg(1) to use, as well as some default options. Default: "gpg
diff --git a/config/lacme.conf b/config/lacme.conf
index 0deba7b..a6cb9c7 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -118,11 +118,6 @@
#
#config =
-# The (private) account key to use for signing requests. See
-# lacme-accountd(1) for details.
-#
-#privkey = file:/path/to/account.key
-
# Be quiet.
#
#quiet = Yes
diff --git a/lacme b/lacme
index 7800429..87a44be 100755
--- a/lacme
+++ b/lacme
@@ -115,7 +115,7 @@ do {
group => '',
command => '@@bindir@@/lacme-accountd',
config => '',
- privkey => undef,
+ privkey => '',
quiet => 'Yes',
}
);
@@ -501,6 +501,8 @@ sub acme_client($@) {
my ($client, $cleanup);
my $conf = $CONFIG->{client};
if (defined (my $accountd = $CONFIG->{accountd})) {
+ warn "Setting 'privkey' in lacme.conf's [accountd] section is deprecated and will become an error in a future release! "
+ ."Set it in lacme-accountd.conf instead.\n" if $accountd->{privkey} ne '';
socketpair($client, my $s, AF_UNIX, SOCK_STREAM, PF_UNSPEC) or die "socketpair: $!";
my $pid = fork() // "fork: $!";
unless ($pid) {
@@ -512,7 +514,7 @@ sub acme_client($@) {
my ($cmd, @args) = split(/\s+/, $accountd->{command}) or die "Empty accountd command\n";
push @args, '--stdio';
push @args, '--config='.$accountd->{config} if $accountd->{config} ne '';
- push @args, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey};
+ push @args, '--privkey='.$accountd->{privkey} if $accountd->{privkey} ne ''; # XXX deprecated in 0.8.0
push @args, '--quiet' unless lc $accountd->{quiet} eq 'no';
push @args, '--debug' if $OPTS{debug};
exec { $cmd } $cmd, @args or die;
diff --git a/lacme.8.md b/lacme.8.md
index c32469d..3852b13 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -316,11 +316,6 @@ UNIX-domain socket.
: Path to the [`lacme-accountd`(1)] configuration file.
-*privkey*
-
-: The (private) account key to use for signing requests. See
- [`lacme-accountd`(1)] for details.
-
*quiet*
: Be quiet. Possible values: `Yes`/`No`.