From ad1856777bf108826008b60a1e70c1e3fbb94ec7 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 18 Feb 2021 01:14:23 +0100 Subject: Deprecate setting 'privkey' in [accountd] section of the lacme(8) configuration file. One need to use the lacme-accountd(1) configuration file for that instead. --- Changelog | 3 +++ config/lacme-accountd.conf | 2 +- config/lacme.conf | 5 ----- lacme | 6 ++++-- lacme.8.md | 5 ----- 5 files changed, 8 insertions(+), 13 deletions(-) diff --git a/Changelog b/Changelog index a700625..abdb3ef 100644 --- a/Changelog +++ b/Changelog @@ -32,6 +32,9 @@ lacme (0.7.1) upstream; default value. The previous default /etc/lacme/lacme-accountd.conf is still honored when there is the user running lacme doesn't have a ~/.config/lacme/lacme-account.conf configuration file. + * Deprecate setting 'privkey' in [accountd] section of the lacme(8) + configuration file. One need to use the lacme-accountd(1) + configuration file for that instead. + Improve nginx/apache2 snippets for direct serving of challenge files (with the new 'challenge-directory' logic symlinks can be disabled). + Split Nginx and Apapche2 static configuration snippets into seperate diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf index 7248eb5..10f332e 100644 --- a/config/lacme-accountd.conf +++ b/config/lacme-accountd.conf @@ -4,8 +4,8 @@ # - file:FILE, for a private key in PEM format (optionally encrypted) # - gpg:FILE, for a gpg-encrypted private key # -#privkey = gpg:/path/to/encrypted/account.key.gpg #privkey = file:/path/to/account.key +#privkey = gpg:/path/to/encrypted/account.key.gpg # For a gpg-encrypted private account key, "gpg" specifies the binary # gpg(1) to use, as well as some default options. Default: "gpg diff --git a/config/lacme.conf b/config/lacme.conf index 0deba7b..a6cb9c7 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -118,11 +118,6 @@ # #config = -# The (private) account key to use for signing requests. See -# lacme-accountd(1) for details. -# -#privkey = file:/path/to/account.key - # Be quiet. # #quiet = Yes diff --git a/lacme b/lacme index 7800429..87a44be 100755 --- a/lacme +++ b/lacme @@ -115,7 +115,7 @@ do { group => '', command => '@@bindir@@/lacme-accountd', config => '', - privkey => undef, + privkey => '', quiet => 'Yes', } ); @@ -501,6 +501,8 @@ sub acme_client($@) { my ($client, $cleanup); my $conf = $CONFIG->{client}; if (defined (my $accountd = $CONFIG->{accountd})) { + warn "Setting 'privkey' in lacme.conf's [accountd] section is deprecated and will become an error in a future release! " + ."Set it in lacme-accountd.conf instead.\n" if $accountd->{privkey} ne ''; socketpair($client, my $s, AF_UNIX, SOCK_STREAM, PF_UNSPEC) or die "socketpair: $!"; my $pid = fork() // "fork: $!"; unless ($pid) { @@ -512,7 +514,7 @@ sub acme_client($@) { my ($cmd, @args) = split(/\s+/, $accountd->{command}) or die "Empty accountd command\n"; push @args, '--stdio'; push @args, '--config='.$accountd->{config} if $accountd->{config} ne ''; - push @args, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey}; + push @args, '--privkey='.$accountd->{privkey} if $accountd->{privkey} ne ''; # XXX deprecated in 0.8.0 push @args, '--quiet' unless lc $accountd->{quiet} eq 'no'; push @args, '--debug' if $OPTS{debug}; exec { $cmd } $cmd, @args or die; diff --git a/lacme.8.md b/lacme.8.md index c32469d..3852b13 100644 --- a/lacme.8.md +++ b/lacme.8.md @@ -316,11 +316,6 @@ UNIX-domain socket. : Path to the [`lacme-accountd`(1)] configuration file. -*privkey* - -: The (private) account key to use for signing requests. See - [`lacme-accountd`(1)] for details. - *quiet* : Be quiet. Possible values: `Yes`/`No`. -- cgit v1.2.3