From 89f8c948d7b39314d7fc997643874adc6be92462 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 22 Aug 2019 00:30:11 +0200 Subject: Use /run for the listening socket of the webserver component. --- config/lacme.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config/lacme.conf') diff --git a/config/lacme.conf b/config/lacme.conf index 39c8654..7c3833d 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -62,7 +62,7 @@ # Comma- or space-separated list of addresses to listen on, for instance # "0.0.0.0:80 [::]:80". # -#listen = /var/run/lacme-www.socket +#listen = /run/lacme-www.socket # Non-existent directory under which an external HTTP daemon is # configured to serve GET requests for challenge files under -- cgit v1.2.3 From f6913c09b9987ae8a6f65f5acfa7673278c701be Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 22:15:14 +0200 Subject: Install lacme manpage to section 8. As it's a system command, see hier(7) for details. --- config/lacme.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'config/lacme.conf') diff --git a/config/lacme.conf b/config/lacme.conf index 7c3833d..acafe81 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -8,11 +8,11 @@ # The value of "socket" specifies the path to the lacme-accountd(1) # UNIX-domain socket to connect to for signature requests from the ACME -# client. lacme(1) aborts if the socket is readable or writable by +# client. lacme(8) aborts if the socket is readable or writable by # other users, or if its parent directory is writable by other users. # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment # variable is set. -# This option is ignored when lacme-accountd(1) is spawned by lacme(1), +# This option is ignored when lacme-accountd(1) is spawned by lacme(8), # since the two processes communicate through a socket pair. See the # "accountd" section below for details. # @@ -88,14 +88,14 @@ # Whether to automatically install iptables(8) rules to open the # ADDRESS[:PORT] specified with listen. Theses rules are automatically -# removed once lacme(1) exits. +# removed once lacme(8) exits. # #iptables = No [accountd] # lacme-accound(1) section. Comment out this section (including its -# header) to make lacme(1) connect to an existing UNIX-domain socket +# header) to make lacme(8) connect to an existing UNIX-domain socket # bound by a running acme-accountd(1) process. # username to drop privileges to (setting both effective and real uid). -- cgit v1.2.3 From 294bc39102e9263a268b58fe29e03c9983ccfeca Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 22:29:37 +0200 Subject: Change default libexec dir from /usr/lib/lacme to /usr/libexec/lacme. --- config/lacme.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config/lacme.conf') diff --git a/config/lacme.conf b/config/lacme.conf index acafe81..236d203 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -31,7 +31,7 @@ # Path to the ACME client executable. # -#command = /usr/lib/lacme/client +#command = /usr/libexec/lacme/client # URI of the ACME server's directory. NOTE: Use the staging server # for testing @@ -84,7 +84,7 @@ # Path to the ACME webserver executable. # -#command = /usr/lib/lacme/webserver +#command = /usr/libexec/lacme/webserver # Whether to automatically install iptables(8) rules to open the # ADDRESS[:PORT] specified with listen. Theses rules are automatically -- cgit v1.2.3 From da8b727f156d23553eecb90e8731d39c6027cb02 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 4 Aug 2020 00:00:58 +0200 Subject: Makefile: Use variables for target directories etc. --- config/lacme.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'config/lacme.conf') diff --git a/config/lacme.conf b/config/lacme.conf index 236d203..cf7edfd 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -31,7 +31,7 @@ # Path to the ACME client executable. # -#command = /usr/libexec/lacme/client +#command = @@libexecdir@@/lacme/client # URI of the ACME server's directory. NOTE: Use the staging server # for testing @@ -62,7 +62,7 @@ # Comma- or space-separated list of addresses to listen on, for instance # "0.0.0.0:80 [::]:80". # -#listen = /run/lacme-www.socket +#listen = @@runstatedir@@/lacme-www.socket # Non-existent directory under which an external HTTP daemon is # configured to serve GET requests for challenge files under @@ -84,7 +84,7 @@ # Path to the ACME webserver executable. # -#command = /usr/libexec/lacme/webserver +#command = @@libexecdir@@/lacme/webserver # Whether to automatically install iptables(8) rules to open the # ADDRESS[:PORT] specified with listen. Theses rules are automatically @@ -111,11 +111,11 @@ # Path to the lacme-accountd(1) executable. # -#command = /usr/bin/lacme-accountd +#command = @@bindir@@/lacme-accountd # Path to the lacme-accountd(1) configuration file. # -#config = /etc/lacme/lacme-accountd.conf +#config = @@sysconfdir@@/lacme/lacme-accountd.conf # The (private) account key to use for signing requests. See # lacme-accountd(1) for details. -- cgit v1.2.3 From e419eb68718085fa2e2505eb4b4aa08145f7dc1c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 22:57:32 +0200 Subject: Ignore [accountd] section from lacme.conf when the --socket option is defined. This allows remotely-controlled lacme processes being controlled without modifying an config files. See https://bugs.debian.org/955767 . --- config/lacme.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config/lacme.conf') diff --git a/config/lacme.conf b/config/lacme.conf index cf7edfd..9f4db72 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -95,8 +95,8 @@ [accountd] # lacme-accound(1) section. Comment out this section (including its -# header) to make lacme(8) connect to an existing UNIX-domain socket -# bound by a running acme-accountd(1) process. +# header), or use the --socket= CLI option, to make lacme(8) connect to +# an existing lacme-accountd(1) process via a UNIX-domain socket. # username to drop privileges to (setting both effective and real uid). # Preserve root privileges if the value is empty. -- cgit v1.2.3