Skip to content

Review

Jump to bottom
Valentin Hilbig edited this page Mar 23, 2018 · 4 revisions
  • Sample config and hook.sh (both are in the "current" directory)
  • dehydrated is checked out in subdirectory letsencypt.sh and called from the "current" directory with following script:
export LC_ALL=C.UTF-8
exec letsencrypt.sh/letsencrypt.sh -c "$@"

This fork of dehydrated is code reviewed

I do not review it to check it for errors. I do review it such, that I am certain, nobody introduces harmful things, for example things, which break my setup.

All important issues (important from my perspective) found with source review are noted here.

I currently run dehydrated with a minimum setup and a hook. Hence I need compatibility to, how it was at the beginning. Things before v0.3.0 are documented out of my memory.

Review status

Overall status: Codebase is used at my side. It is believed to be OK. I was only partially reviewed as follows:

  • 61f0b7ed7a2e805e08aa1f2412fb9b869a04fdeb was the first commit and never reviewed.
  • 61f0b7ed7a2e805e08aa1f2412fb9b869a04fdeb..7d0ef222393ce419b6345b094b9dc385d3b24adc was not reviewed
  • 7d0ef222393ce419b6345b094b9dc385d3b24adc not thoroughly checked, but was the first version used by me
  • 7d0ef222393ce419b6345b094b9dc385d3b24adc..d5b285868e35992027599d25411d80dfd0bf1048 I do not remember, so we must assume it was not reviewed
  • d5b285868e35992027599d25411d80dfd0bf1048 was used by me for several months. I believe it is OK.
  • d5b285868e35992027599d25411d80dfd0bf1048..992beecbdbf89ec071624af6d46814239d808bcc completely reviewed

Note:

  • SHAa..SHAb means, that the patches were reviewed, not the complete code.
  • SHA means, that the code seen in the given SHA was reviewed

v0.3.0

  • default for WELLKNOWN changed from "${BASEDIR}/.acme-challenges" to /var/www/letsencrypt
  • new option -g which comes handy for cron usage

echo 'WELLKNOWN="${BASEDIR}/.acme-challenges"' >> config

d5b285868e35992027599d25411d80dfd0bf1048

  • config.sh was renamed to config

mv config.sh config

v0.2.0

  • hook.sh may see a new action unchanged_cert. In my case this is simply ignored.

Update hook.sh accordingly

7d0ef222393ce419b6345b094b9dc385d3b24adc

  • hook.sh got one more parameter, the timestamp

No changes needed usually

v0.1.0

  • hook.sh sees actions for deploy_challenge, clean_challenge and deploy_cert.

Create hook.sh and config.sh

History

  • I did not start with v0.1.0, I did start with commit 7d0ef222393ce419b6345b094b9dc385d3b24adc, which already included timestamps for hook.sh. Because I needed this.

  • My first hook.sh used scp and ssh to do things on the remote. So it needed a full blown ssh access.

  • I did not update to v0.2.0, instead I jumped to commit d5b285868e35992027599d25411d80dfd0bf1048, because config.sh was renamed to config at that point.

  • hook.sh was updated to use sftp only. This made it possible to remove ssh access and replace it by sftp-only access ("internal sftp-server" of ssh)

Clone this wiki locally