diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-18 01:14:23 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-20 20:16:34 +0100 |
commit | ad1856777bf108826008b60a1e70c1e3fbb94ec7 (patch) | |
tree | 1a13987984bd11a4fb01d655a3b8fa2a74dfae23 | |
parent | 1c4fc8c431e69780625600a4ee8526e1a3cbb3f4 (diff) |
Deprecate setting 'privkey' in [accountd] section of the lacme(8) configuration file.
One need to use the lacme-accountd(1) configuration file for that
instead.
-rw-r--r-- | Changelog | 3 | ||||
-rw-r--r-- | config/lacme-accountd.conf | 2 | ||||
-rw-r--r-- | config/lacme.conf | 5 | ||||
-rwxr-xr-x | lacme | 6 | ||||
-rw-r--r-- | lacme.8.md | 5 |
5 files changed, 8 insertions, 13 deletions
@@ -32,6 +32,9 @@ lacme (0.7.1) upstream; default value. The previous default /etc/lacme/lacme-accountd.conf is still honored when there is the user running lacme doesn't have a ~/.config/lacme/lacme-account.conf configuration file. + * Deprecate setting 'privkey' in [accountd] section of the lacme(8) + configuration file. One need to use the lacme-accountd(1) + configuration file for that instead. + Improve nginx/apache2 snippets for direct serving of challenge files (with the new 'challenge-directory' logic symlinks can be disabled). + Split Nginx and Apapche2 static configuration snippets into seperate diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf index 7248eb5..10f332e 100644 --- a/config/lacme-accountd.conf +++ b/config/lacme-accountd.conf @@ -4,8 +4,8 @@ # - file:FILE, for a private key in PEM format (optionally encrypted) # - gpg:FILE, for a gpg-encrypted private key # -#privkey = gpg:/path/to/encrypted/account.key.gpg #privkey = file:/path/to/account.key +#privkey = gpg:/path/to/encrypted/account.key.gpg # For a gpg-encrypted private account key, "gpg" specifies the binary # gpg(1) to use, as well as some default options. Default: "gpg diff --git a/config/lacme.conf b/config/lacme.conf index 0deba7b..a6cb9c7 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -118,11 +118,6 @@ # #config = -# The (private) account key to use for signing requests. See -# lacme-accountd(1) for details. -# -#privkey = file:/path/to/account.key - # Be quiet. # #quiet = Yes @@ -115,7 +115,7 @@ do { group => '', command => '@@bindir@@/lacme-accountd', config => '', - privkey => undef, + privkey => '', quiet => 'Yes', } ); @@ -501,6 +501,8 @@ sub acme_client($@) { my ($client, $cleanup); my $conf = $CONFIG->{client}; if (defined (my $accountd = $CONFIG->{accountd})) { + warn "Setting 'privkey' in lacme.conf's [accountd] section is deprecated and will become an error in a future release! " + ."Set it in lacme-accountd.conf instead.\n" if $accountd->{privkey} ne ''; socketpair($client, my $s, AF_UNIX, SOCK_STREAM, PF_UNSPEC) or die "socketpair: $!"; my $pid = fork() // "fork: $!"; unless ($pid) { @@ -512,7 +514,7 @@ sub acme_client($@) { my ($cmd, @args) = split(/\s+/, $accountd->{command}) or die "Empty accountd command\n"; push @args, '--stdio'; push @args, '--config='.$accountd->{config} if $accountd->{config} ne ''; - push @args, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey}; + push @args, '--privkey='.$accountd->{privkey} if $accountd->{privkey} ne ''; # XXX deprecated in 0.8.0 push @args, '--quiet' unless lc $accountd->{quiet} eq 'no'; push @args, '--debug' if $OPTS{debug}; exec { $cmd } $cmd, @args or die; @@ -316,11 +316,6 @@ UNIX-domain socket. : Path to the [`lacme-accountd`(1)] configuration file. -*privkey* - -: The (private) account key to use for signing requests. See - [`lacme-accountd`(1)] for details. - *quiet* : Be quiet. Possible values: `Yes`/`No`. |