jobs - move certbot hooks to python

autoconf/prepare.sh

@@ -16,7 +16,7 @@ chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
 chmod ugo+x /opt/bunkerized-nginx/gen/main.py
 chmod ugo+x /opt/bunkerized-nginx/jobs/main.py
 chmod ugo+x /opt/bunkerized-nginx/jobs/reload.py
-chmod ugo+x /opt/bunkerized-nginx/jobs/certbot-*.sh
+chmod ugo+x /opt/bunkerized-nginx/jobs/certbot-*.py
 chmod 770 /opt/bunkerized-nginx
 chmod 440 /opt/bunkerized-nginx/settings.json
 

helpers/install.sh

@@ -845,7 +845,7 @@ do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/gen/main.py
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/main.py
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/reload.py
-do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/certbot-*.sh
+do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/certbot-*.py
 # Set permissions for /usr/local/bin/bunkerized-nginx
 do_and_check_cmd chown root:root /usr/local/bin/bunkerized-nginx
 do_and_check_cmd chmod 750 /usr/local/bin/bunkerized-nginx

jobs/CertbotNew.py

@@ -6,7 +6,7 @@ class CertbotNew(Job) :
 
 	def __init__(self, redis_host=None, copy_cache=False, domain="", email="", staging=False) :
 		name = "certbot-new"
-		data = ["certbot", "certonly", "--manual", "--preferred-challenges=http", "--manual-auth-hook", "/opt/bunkerized-nginx/jobs/certbot-auth.sh", "--manual-cleanup-hook", "/opt/bunkerized-nginx/jobs/certbot-cleanup.sh", "-n", "-d", domain, "--email", email, "--agree-tos"]
+		data = ["certbot", "certonly", "--manual", "--preferred-challenges=http", "--manual-auth-hook", "/opt/bunkerized-nginx/jobs/certbot-auth.py", "--manual-cleanup-hook", "/opt/bunkerized-nginx/jobs/certbot-cleanup.py", "-n", "-d", domain, "--email", email, "--agree-tos"]
 		if staging :
 			data.append("--staging")
 		type = "exec"

jobs/certbot-auth.py

@@ -0,0 +1,36 @@
+#!/usr/bin/python3
+
+import os, socket, sys, stat
+
+VALIDATION = os.getenv("CERTBOT_VALIDATION", None)
+TOKEN = os.getenv("CERTBOT_TOKEN", None)
+if VALIDATION == None or TOKEN = None :
+	sys.exit(1)
+
+try :
+	with open("/opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/" + TOKEN, "w") as f :
+		f.write(VALIDATION)
+except :
+	sys.exit(2)
+
+try :
+	if os.path.exists("/tmp/autoconf.sock") and stat.S_ISSOCK(os.stat("/tmp/autoconf.sock").st_mode) :
+		sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+		sock.connect("/tmp/autoconf.sock")
+		sock.sendall(b"lock")
+		data = sock.recv(512)
+		if data != b"ok" :
+			raise Exception("can't lock")
+		sock.sendall(b"acme")
+		data = sock.recv(512)
+		if data != b"ok" :
+			raise Exception("can't acme")
+		sock.sendall(b"unlock")
+		data = sock.recv(512)
+		if data != b"ok" :
+			raise Exception("can't unlock")
+		sock.sendall(b"close")
+except :
+	sys.exit(3)
+
+sys.exit(0)

jobs/certbot-auth.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-. /opt/bunkerized-nginx/entrypoint/utils.sh
-
-echo $CERTBOT_VALIDATION > /opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/$CERTBOT_TOKEN
-
-if [ -S "/tmp/autoconf.sock" ] ; then
-	echo -e "lock\nacme\nunlock" | socat UNIX-CONNECT:/tmp/autoconf.sock -
-fi

jobs/certbot-cleanup.py

@@ -0,0 +1,14 @@
+#!/usr/bin/python3
+
+import os, sys
+
+TOKEN = os.getenv("CERTBOT_TOKEN", None)
+if TOKEN == None :
+	sys.exit(1)
+
+try :
+	os.remove("/opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/" + TOKEN)
+except :
+	sys.exit(2)
+
+sys.exit(0)

jobs/certbot-cleanup.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-rm -f /opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/$CERTBOT_TOKEN