diff options
| -rw-r--r-- | Changelog | 3 | ||||
| -rw-r--r-- | config/lacme-accountd.conf | 2 | ||||
| -rw-r--r-- | config/lacme.conf | 5 | ||||
| -rwxr-xr-x | lacme | 6 | ||||
| -rw-r--r-- | lacme.8.md | 5 | 
5 files changed, 8 insertions, 13 deletions
| @@ -32,6 +32,9 @@ lacme (0.7.1) upstream;     default value.  The previous default /etc/lacme/lacme-accountd.conf     is still honored when there is the user running lacme doesn't have a     ~/.config/lacme/lacme-account.conf configuration file. + * Deprecate setting 'privkey' in [accountd] section of the lacme(8) +   configuration file.  One need to use the lacme-accountd(1) +   configuration file for that instead.   + Improve nginx/apache2 snippets for direct serving of challenge files     (with the new 'challenge-directory' logic symlinks can be disabled).   + Split Nginx and Apapche2 static configuration snippets into seperate diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf index 7248eb5..10f332e 100644 --- a/config/lacme-accountd.conf +++ b/config/lacme-accountd.conf @@ -4,8 +4,8 @@  #   - file:FILE, for a private key in PEM format (optionally encrypted)  #   - gpg:FILE, for a gpg-encrypted private key  # -#privkey = gpg:/path/to/encrypted/account.key.gpg  #privkey = file:/path/to/account.key +#privkey = gpg:/path/to/encrypted/account.key.gpg  # For a gpg-encrypted private account key, "gpg" specifies the binary  # gpg(1) to use, as well as some default options.  Default: "gpg diff --git a/config/lacme.conf b/config/lacme.conf index 0deba7b..a6cb9c7 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -118,11 +118,6 @@  #  #config = -# The (private) account key to use for signing requests.  See -# lacme-accountd(1) for details. -# -#privkey = file:/path/to/account.key -  # Be quiet.  #  #quiet = Yes @@ -115,7 +115,7 @@ do {              group   => '',              command => '@@bindir@@/lacme-accountd',              config  => '', -            privkey => undef, +            privkey => '',              quiet   => 'Yes',          }      ); @@ -501,6 +501,8 @@ sub acme_client($@) {      my ($client, $cleanup);      my $conf = $CONFIG->{client};      if (defined (my $accountd = $CONFIG->{accountd})) { +        warn "Setting 'privkey' in lacme.conf's [accountd] section is deprecated and will become an error in a future release! " +            ."Set it in lacme-accountd.conf instead.\n" if $accountd->{privkey} ne '';          socketpair($client, my $s, AF_UNIX, SOCK_STREAM, PF_UNSPEC) or die "socketpair: $!";          my $pid = fork() // "fork: $!";          unless ($pid) { @@ -512,7 +514,7 @@ sub acme_client($@) {              my ($cmd, @args) = split(/\s+/, $accountd->{command}) or die "Empty accountd command\n";              push @args, '--stdio';              push @args, '--config='.$accountd->{config}   if $accountd->{config} ne ''; -            push @args, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey}; +            push @args, '--privkey='.$accountd->{privkey} if $accountd->{privkey} ne ''; # XXX deprecated in 0.8.0              push @args, '--quiet' unless lc $accountd->{quiet} eq 'no';              push @args, '--debug' if $OPTS{debug};              exec { $cmd } $cmd, @args or die; @@ -316,11 +316,6 @@ UNIX-domain socket.  :   Path to the [`lacme-accountd`(1)] configuration file. -*privkey* - -:   The (private) account key to use for signing requests.  See -    [`lacme-accountd`(1)] for details. -  *quiet*  :   Be quiet. Possible values: `Yes`/`No`. | 
