From e419eb68718085fa2e2505eb4b4aa08145f7dc1c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Aug 2020 22:57:32 +0200
Subject: Ignore [accountd] section from lacme.conf when the --socket option is
 defined.

This allows remotely-controlled lacme processes being controlled without
modifying an config files.  See https://bugs.debian.org/955767 .
---
 Changelog         |  3 +++
 config/lacme.conf |  4 ++--
 lacme             |  2 +-
 lacme.8.md        | 17 ++++++++---------
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/Changelog b/Changelog
index 2b1bbe2..1e54354 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,9 @@
 lacme (0.7) UNRELEASED;
 
  + Adapt Apache2 snippet to Apache2 2.4.
+ + Ignore [accountd] section from lacme.conf when the --socket option is
+   defined.  This allows remotely-controlled lacme processes being
+   controlled without modifying an config files.
  * Makefile: major refactoring, add install and uninstall targets, honor
    BUILD_DOCDIR and DESTDIR variables.
  * Install lacme manual to section 8.
diff --git a/config/lacme.conf b/config/lacme.conf
index cf7edfd..9f4db72 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -95,8 +95,8 @@
 
 [accountd]
 # lacme-accound(1) section.  Comment out this section (including its
-# header) to make lacme(8) connect to an existing UNIX-domain socket
-# bound by a running acme-accountd(1) process.
+# header), or use the --socket= CLI option, to make lacme(8) connect to
+# an existing lacme-accountd(1) process via a UNIX-domain socket.
 
 # username to drop privileges to (setting both effective and real uid).
 # Preserve root privileges if the value is empty.
diff --git a/lacme b/lacme
index 566545b..8701047 100755
--- a/lacme
+++ b/lacme
@@ -87,7 +87,7 @@ do {
 
     my $h = Config::Tiny::->read_string($conf) or die Config::Tiny::->errstr()."\n";
     my $defaults = delete $h->{_} // {};
-    my $accountd = exists $h->{accountd} ? 1 : 0;
+    my $accountd = defined $OPTS{socket} ? 0 : exists $h->{accountd} ? 1 : 0;
     my %valid = (
         client => {
             socket  => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef),
diff --git a/lacme.8.md b/lacme.8.md
index e250858..8f8eb41 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -108,11 +108,9 @@ Generic options
     aborts if `path` is readable or writable by other users, or if its
     parent directory is writable by other users.
     This command-line option overrides the *socket* option of the
-    [`[client]` section](#client-section) of the configuration file.
-    Moreover this option is ignored when the configuration file has an
-    [`[accountd]` section](#accountd-section); in that case `lacme`
-    spawns [`lacme-accountd`(1)], and the two processes communicate
-    through a socket pair.
+    [`[client]` section](#client-section) of the configuration file; it
+    also causes the [`[accountd]` section](#accountd-section) to be
+    ignored.
 
 `-h`, `--help`
 
@@ -276,10 +274,11 @@ served during certificate issuance.
 `[accountd]` section
 ---------------------
 
-This section is used for configuring the [`lacme-accountd`(1)] process.
-If the section (including its header) is absent or commented out,
-`lacme` connects to an existing UNIX-domain socket bound by a running
-[`lacme-accountd`(1)] process.
+This section is used for configuring the [`lacme-accountd`(1)] child
+process.  If the section (including its header) is absent or commented
+out, or if the CLI option `--socket` is specified, then `lacme` connects
+to an existing [`lacme-accountd`(1)] process via the specified
+UNIX-domain socket.
 
 *user*
 
-- 
cgit v1.2.3