Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show LetsEncrypt certinfo on dietpi-banner for non-root users #7121

Merged
merged 12 commits into from
Jun 26, 2024
Merged

Show LetsEncrypt certinfo on dietpi-banner for non-root users #7121

merged 12 commits into from
Jun 26, 2024

Conversation

FrapiFrance
Copy link
Contributor

Non-root users can't see LetsEncrypt valid end date because no access to /etc/letsencrypt/live/*
So LetsEncrypt shows "No certificate found".
This side script with sudo allows everybody to see Let's Encrypt cert status

@MichaIng
Copy link
Owner

Thanks, makes sense to handle non-root cases gracefully. However, always using sudo (even doubled, again within the script) and a dedicated script is high overhead. We should change it like that:

  • Behave like before when user is root.
  • Turn the dedicated script into a function within main script. It can be called via sudo bash -c "$(deflare -f function); function".

@MichaIng MichaIng added this to the v9.6 milestone Jun 22, 2024
MichaIng
MichaIng reviewed Jun 22, 2024
View reviewed changes
dietpi/func/dietpi-banner Outdated Show resolved Hide resolved
@FrapiFrance
Copy link
Contributor Author 

* Behave like before when user is root.
* Turn the dedicated script into a function within main script. It can be called via `sudo bash -c "$(deflare -f function); function"`.

Right, I will do that.

Thanks

@FrapiFrance FrapiFrance marked this pull request as draft June 25, 2024 13:44
@FrapiFrance FrapiFrance marked this pull request as ready for review June 25, 2024 14:24
@FrapiFrance FrapiFrance marked this pull request as draft June 25, 2024 14:26
@FrapiFrance FrapiFrance marked this pull request as ready for review June 25, 2024 14:34
@MichaIng
Minor coding enhancements
c611479 
Use dash instead of bash for printing LE cert status via sudo, merge NOPASSWD check and actual sudo call into one, and avoid command substitutions where possible.
@MichaIng
Copy link
Owner

I found a way to merge the sudo -n test with the actual sudo call: sudo errors are now muted, and instead the NOPASSWD info is shown. But since the file descriptor bindings within the sudo shell seem to be done earlier, it is possible to keep printing openssl errors (or any error within the sudo shell) in the banner, which I find important in case of other issues.

It is not perfect: If sudo or dash (the actual process, not the contained commands) fail for some other reason than missing NOPASSWD, you won't see their errors anymore and the NOPASSWD info is misleading. But those would then only be possible instead of corrupted files or configs, which should be recognised early elsewhere.

@MichaIng MichaIng merged commit e4c8c86 into MichaIng:dev Jun 26, 2024
1 check passed
@MichaIng MichaIng mentioned this pull request Jul 2, 2024
Merged
This was referenced Jul 2, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaIng MichaIng MichaIng approved these changes

Assignees

@FrapiFrance FrapiFrance

Labels
Enhancement 💨
Projects
None yet
Milestone
v9.6
Development

Successfully merging this pull request may close these issues.
2 participants
@FrapiFrance @MichaIng