crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-01-27 19:42:53 +03:00
Code Activity
10,392 Commits 847 Branches 151 Tags
dac0b2c187fd94de9725da623587729ef356b60d
Commit Graph

5 Commits

Author SHA1 Message Date
alexzorin
8ff7153019 snap: revert to checking snapctl file existence (#9018) 
While the previous approach of testing the functionality of snapctl
worked, the snapd developers told us they could not guarantee its
reliability.

---

As with #8955, I tested this on Debian 9, 10 and CentOS 7, 8, Stream.
 2021-09-03 07:47:12 -07:00
alexzorin
bdc48e6a32 snap: workaround for snapctl crash in plugin hook (#8955) 
* snap: workaround for snapctl crash in plugin hook

* test functionality, not existence
 2021-08-02 16:15:46 -07:00
ohemorange
fca7ec896a Improve error message for prepare-plug-plugin hook when certbot isn't installed (#8338) 
Provides a partial fix for #8182 by improving the error message.
 2020-09-30 12:43:24 -07:00
alexzorin
a2951b4db1 snap: Fix "stack smashing" error in wrapper (#8249) 
* snap: Fix "stack smashing" error in wrapper

certbot.wrapper had implicit dependencies on sed, awk and coreutils,
which were being accidentally provided through the host system. Because
certbot.wrapper modifies LD_LIBRARY_PATH, this was causing some systems
to load an incompatible combination of shared libraries, resulting sed
crashing.

This commit reduces the dependencies of this script to just gawk, and
explicitly stages it as part of the Certbot snap.

It additionally moves invocations of all host system programs to a
moment prior to the modification of LD_LIBRARY_PATH, and the invocation
of snapped programs to after the modification.

Fixes #8245

* snap: Don't modify LD_LIBRARY_PATH

* leftover tracing

* snap: revert curl/jq in wrapper, use gawk for now
 2020-09-04 20:51:01 +02:00
ohemorange
332def46da Require explicit confirmation of snap plugin permissions before connecting (#8013) 
Fixes #7667.

Implements the plan described in #7667.

Here's a terminal log showing that it does so:

```
# sudo snap connect certbot:plugin certbot-dns-dnsimple
error: cannot perform the following tasks:
- Run hook prepare-plug-plugin of snap "certbot" (run hook "prepare-plug-plugin": 
-----
Only connect this interface if you trust the plugin author to have root on the system
Run `snap set certbot trust-plugin-with-root=ok` to acknowledge this and then run this command again to perform the connection
-----)
# snap set certbot trust-plugin-with-root=ok
# sudo snap connect certbot:plugin certbot-dns-dnsimple
# sudo snap disconnect certbot:plugin certbot-dns-dnsimple:certbot
# sudo snap connect certbot:plugin certbot-dns-dnsimple
error: cannot perform the following tasks:
- Run hook prepare-plug-plugin of snap "certbot" (run hook "prepare-plug-plugin": 
-----
Only connect this interface if you trust the plugin author to have root on the system
Run `snap set certbot trust-plugin-with-root=ok` to acknowledge this and then run this command again to perform the connection
-----)
```

* Add plugin connection hook to accept root trust

* snapctl requires a configure hook to set options

* Add sh notice

* Update changelog
 2020-05-26 12:02:33 -07:00