0.9.0: add JSON5 support, enhance README certbot info, add SPEEDUP marks

* Add JSON5 support * Configuration file can be in JSON5 * Domain accounts file can also be in JSON5, but comments will be overwritten with next domain management (e.g. add, register, remove, etc.) * README/certbot: fix typo in path, add info about certbot configuration file * Add SPEEDUP marks for users that need faster performance (for whatever reason) * install.sh: migrate existing configuration file from temporary development commits
maddes-b · Aug 30, 2024 · 60e7518 · 60e7518
1 parent f96381b
commit 60e7518
Show file tree

Hide file tree

Showing 7 changed files with 64 additions and 30 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 ## from project: ignores for editors, etc.
 .vscode/
+*.code-workspace
 .venv*/
 *.venv*/
 

diff --git a/README.adoc b/README.adoc
@@ -12,7 +12,7 @@
 * One configuration for all: command line, certbot, acme.sh, etc.
 ** Allows switching between Let's Encrypt clients (certbot, acme.sh) without reconfiguration
 * All details of each registration is kept in files to reduce command line parameters and support multiple acme-dns server instances
-* Scripts only: Python 3.5+ with sh shell wrapper for Python Virtual Environment
+* Scripts only: Python 3.5+ with wrapper shell script (POSIX compatible) for handling Python Virtual Environment
 ////
 * Prepared for future acme-dns functionalities
 ** deregister a domain
@@ -31,7 +31,8 @@ Debian/Ubuntu: `apt install python3 python3-venv`
 
 === acme-dns-client-2
 
-Download acme-dns-client-2 and extract it to a temporary directory. Or directly `git clone`` it to a temporary directory. +
+Download acme-dns-client-2 and extract it to a temporary directory.
+Or directly `git clone` it to a temporary directory. +
 Make `install.sh` executable.
 Run it to install acme-dns-client-2 to `${PREFIX]/usr/local/bin`. `${PREFIX]` is useful for package maintainers of Linux distros. +
 It will also create an initial configuration file and initial domain accounts file in `${PREFIX]/etc/acme-dns-client`.
@@ -122,7 +123,7 @@ Warning! This will lead to a new DNS setup, that will break other setups.
 
 A single registration is needed for normal and wildcard certificate entries of a domain, e.g. `test.example.com` is also valid for `*.test.example.com`.
 
-Note: `--server` can be ommited if `default_server` is defined in configuration and fits the domain registration.
+Note: `--server` can be omitted if `default_server` is defined in configuration and fits the domain registration.
 
 ==== Register a new domain
 
@@ -135,7 +136,7 @@ acme-dns-client-2.sh register \
 
 ```
 acme-dns-client-2.sh add \
-  --domain 'test.example.com' --fulldomain 'a1a1a1a1-b2b2-c3c3-d4d4-e5e5e5e5e5e5.acme-auth.example.net' --username '<USERNAME>' --password '<PASSWORD>' --server 'https://acme-dns.example.net'
+  --domain 'test.example.com' --fulldomain 'a1a1a1a1-b2b2-c3c3-d4d4-e5e5e5e5e5e5.acme-dns.example.net' --username '<USERNAME>' --password '<PASSWORD>' --server 'https://acme-dns.example.net'
 ```
 
 === Check Domain Setup
@@ -149,14 +150,23 @@ If the setup shall be monitored during the setup procedure, then use shell comma
 
 Tested certbot version: 2.11.0
 
-After registration of the domains on the acme-dns server and checking their setup, request a certificate with certbot as following:
+After registration of the domains on the acme-dns server and checking their setup, request a certificate with certbot on the command line as following:
 ```
 certbot certonly [--test-cert] \
-  --manual --preferred-challenges dns --manual-auth-hook '/usr/local/sbin/acme-dns-client' \
+  --manual --preferred-challenges dns \
+  --manual-auth-hook '/usr/local/bin/acme-dns-client-2.sh certbot' \
   -d 'test.example.com' \
   -d '*.test.example.com' \
   ...
 ```
+or via a certbot configuration file: `certbot ... --config <file> ...`
+```
+...
+authenticator = manual
+preferred-challenges = dns
+manual-auth-hook = /usr/local/bin/acme-dns-client-2.sh certbot
+...
+```
 Afterwards no special parameters are needed:
 ```
 certbot renew [---force-renewal] \
@@ -211,4 +221,5 @@ acme.sh --deactivate [--server letsencrypt_test] -d 'test.example.com' -d '*.tes
 ```
 
 Enabling debug output can be done via `--debug 1`. Levels 2 and 3 are even more verbose. Use `--debug 2` for bug reports. +
-Warning! Using `--output-insecure` is only recommended for private tests. Do not post any output/log where this option was enabled.
+Warning! Using `--output-insecure` is only recommended for private tests.
+Do not post any output/log where this option was enabled.
diff --git a/acme-dns-client-2.py b/acme-dns-client-2.py
@@ -20,7 +20,7 @@
 ### TODO: complete docstrings
 
 
-__version__ = "0.8.0"
+__version__ = "0.9.0"
 __author__ = "Matthias \"Maddes\" Bücher"
 __license__ = "GPLv2"
 __copyright__ = "Copyright (C) 2024 Matthias \"Maddes\" Bücher"

diff --git a/acme-dns-client-2.sh b/acme-dns-client-2.sh
@@ -31,16 +31,15 @@ umask 0022
 ### Check for python module venv
 RC=0 ; { "python${PYTHON_VERSION}" -m venv -h >/dev/null ; } || RC="${?}"
 if [ "${RC}" -ne 0 ]; then
-  printf -- '%s\n' 'Python module "venv" missing. Either install via package manager or pip.' 1>&2
+  printf -- '%s\n' 'Python support for Virtual Environments via "venv" missing. Please install via package manager.' 1>&2
   return "${RC}" 2>/dev/null || exit "${RC}"
 fi
 
-unset -v SEPLINE
-
 ### Check for virtual environment for python version
 VENV_PATH="${SCRIPT_DIR}/${SCRIPT_PY_NAME%.py}.venv-py${PYTHON_VERSION}"
+CREATE=''
 if [ ! -d "${VENV_PATH}" ]; then
-  SEPLINE=1
+  CREATE='X'
   printf -- '%s\n' "--- Initializing Python Virtual Environment at ${VENV_PATH}" 1>&2
   RC=0 ; "python${PYTHON_VERSION}" -m venv "${VENV_PATH}" || RC="${?}"
   if [ "${RC}" -ne 0 ]; then
@@ -54,21 +53,35 @@ set +u ; ### workaround for older venv versions
 . "${VENV_PATH}/bin/activate"
 set -u
 
+unset -v PYTHON_VERSION RC SCRIPT_NAME SCRIPT_DIR SCRIPT_PY_NAME VENV_PATH
+
 ### Check for additional python packages in virtual environment
-PYTHON_MODULES='dnspython requests'
-for PYTHON_MODULE in ${PYTHON_MODULES}
- do
-  RC=0 ; { pip show -q "${PYTHON_MODULE}" 2>/dev/null ; } || RC="${?}"
-  if [ "${RC}" -ne 0 ]; then
-    SEPLINE=1
-    printf -- '%s\n' "--- Installing Python module ${PYTHON_MODULE}" 1>&2
-    RC=0 ; python -m pip install "${PYTHON_MODULE}" 1>&2 || RC="${?}"
-    if [ "${RC}" -ne 0 ]; then
-      printf -- '%s\n' 'Failed.' 1>&2
-      return "${RC}" 2>/dev/null || exit "${RC}"
-    fi
+( ### sub-shell to protect original positional arguments
+  DONT_CHECK='' ### SPEEDUP: disable with 'X' after virtual environment was created successfully the first time
+  if [ -z "${DONT_CHECK}" -o -n "${CREATE}" ];  then
+    PYTHON_MODULES='dnspython json5 requests'
+    PYTHON_MODULES_VERSION='>=1.6 any >=2.0'
+    set -- ${PYTHON_MODULES_VERSION}
+    for PYTHON_MODULE in ${PYTHON_MODULES}
+     do
+      PYTHON_MODULE_VERSION="${1}"
+      shift
+      RC=0 ; { pip show -q "${PYTHON_MODULE}" 2>/dev/null ; } || RC="${?}"
+      if [ "${RC}" -ne 0 ]; then
+        CREATE='X'
+        [ "${PYTHON_MODULE_VERSION}" != 'any' ] || PYTHON_MODULE_VERSION=''
+        printf -- '%s\n' "--- Installing Python module ${PYTHON_MODULE}${PYTHON_MODULE_VERSION:+ ${PYTHON_MODULE_VERSION}}" 1>&2
+        RC=0 ; { python -m pip install "${PYTHON_MODULE}${PYTHON_MODULE_VERSION}" 1>&2 ; } || RC="${?}"
+        if [ "${RC}" -ne 0 ]; then
+          printf -- '%s\n' 'Failed.' 1>&2
+          return "${RC}" 2>/dev/null || exit "${RC}"
+        fi
+      fi
+    done
+    [ -z "${CREATE}" ] || printf -- '--- Initialization done\n\n' 1>&2
   fi
-done
-[ -z "${SEPLINE:-}" ] || printf -- '--- Initialization done\n\n' 1>&2
+)
+
+unset -v CREATE
 
 SCRIPT_PATH="${0}" "${SCRIPT_PY_PATH}" "${@}"
diff --git a/acmednsclient2.py b/acmednsclient2.py
@@ -16,7 +16,7 @@
 ### TODO: complete docstrings
 
 
-__version__ = "0.8.0"
+__version__ = "0.9.0"
 __author__ = "Matthias \"Maddes\" Bücher"
 __license__ = "GPLv2"
 __copyright__ = "Copyright (C) 2024 Matthias \"Maddes\" Bücher"
@@ -27,7 +27,7 @@
 ### python standard modules
 import collections
 import datetime
-import json
+import json5 as json ### SPEEDUP: switch to standard 'json' module, but then avoid comments and extra commas in your configuration
 import os
 import typing
 

diff --git a/install.sh b/install.sh
@@ -8,7 +8,14 @@ chmod -c -- u=rwx-s,g=rx-s,o=-s "${ETCDIR}"
 chown -c -- root:root "${ETCDIR}"
 #
 ETCFILE="${ETCDIR}/config.json"
-[ -s "${ETCFILE}" ] || printf -- '{\n}\n' > "${ETCFILE}"
+if [ ! -s "${ETCFILE}" ]; then
+  if [ -s "${ETCDIR}/config.json5" ]; then
+    ### rename configuration file of <= 0.8.0 to configuration file name of 0.9.0+
+    mv -v "${ETCDIR}/config.json5" "${ETCFILE}"
+  else
+    printf -- '{\n}\n' > "${ETCFILE}"
+  fi
+fi
 chmod -c -- u=rw-s,g=r-s,o=-s "${ETCFILE}"
 chown -c -- root:root "${ETCFILE}"
 #

diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,5 @@
 # -*- coding: utf-8 -*-
+### https://docs.github.com/en/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems
+dnspython >= 1.6
+json5
 requests >= 2.0
-dnspython >= 2.0