[pve-devel] [common 6/9] command composer for acme.sh

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Oct 18 11:27:31 CEST 2019 

On October 14, 2019 1:08 pm, Wolfgang Link wrote:
> This composer supports two different operations.
> pve-setup:     this operation adds the DNS TXT record.
> pve-teardown:  this operation removes the DNS TXT record
> ---
>  src/PVE/ACME/ACME_sh.pm | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> diff --git a/src/PVE/ACME/ACME_sh.pm b/src/PVE/ACME/ACME_sh.pm
> index db8af9a..40be772 100644
> --- a/src/PVE/ACME/ACME_sh.pm
> +++ b/src/PVE/ACME/ACME_sh.pm
> @@ -38,6 +38,22 @@ my $get_dnsapi_conf = sub {
>      return ($api_plugin, "$API_CRED_DIR/$api_plugin.cred");
>  };
>  
> +my $compose_cmd = sub {
> +    my ($op, $token, $domain, $alias) = @_;

$token is not the token from the challenge, but the base64url-encoded, 
hashed key_authorization? please name variables for what they actually 
contain..

> +
> +    my ($dns_api_plugin, $cred_file_path) = &$get_dnsapi_conf();
> +
> +    # valid operations for this composer are pve-setup and pve-teardown
> +    my @cmd = ('/usr/sbin/acme', "--$op");
> +    push @cmd, '--webroot', $dns_api_plugin;

huh? webroot is something different altogether, why use this term here?

> +    push @cmd, '--domain', "_acme-challenge.$domain";

either the domain is $domain (if it is still used to derive some 
validation response value somehow?)

> +    push @cmd, '--token', $token;

same here..

> +    push @cmd, '--accountconf', $cred_file_path;
> +    push @cmd, '--challenge-alias', $alias if defined($alias);

or the domain should be replaced with the aliased domain, since it just 
signifies under which key the TXT record is created?

this command is supposed to be just a thin wrapper around the DNS API 
plugins, I'd expect the following:

acme --pve-setup --plugin-conf $cred_file_path --plugin foo --domain $fulldomain --txtvalue $txtvalue

where $fulldomain is either the regular domain, or the alias.. or am I 
missing something here?

> +
> +    return \@cmd;
> +};
> +
>  sub validating_url {
>      my ($class, $acme, $auth, $auth_url, $node_config) = @_;
>  
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>

More information about the pve-devel mailing list