depot/nix/pkgs/vault-acme/just-add-a-sleep.patch

diff --git a/acme/client.go b/acme/client.go
index 20f98a9..cc85277 100644
--- a/acme/client.go
+++ b/acme/client.go
@@ -3,6 +3,7 @@ package acme
 import (
 	"context"
 	"os"
+	"time"
 
 	"github.com/go-acme/lego/v3/certificate"
 	"github.com/go-acme/lego/v3/challenge/dns01"
@@ -42,6 +43,22 @@ func setupChallengeProviders(ctx context.Context, logger log.Logger, client *leg
 		nameServer := os.Getenv("LEGO_TEST_NAMESERVER")
 		isTesting := nameServer != ""
 		err = client.Challenge.SetDNS01Provider(provider,
+			dns01.WrapPreCheck(func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) {
+				ok, err := check(fqdn, value)
+				if !ok || err != nil {
+					return ok, err
+				}
+
+				if a.IgnoreDNSPropagation {
+					// Just wait 1 minute for stuff to settle...
+					const duration = 60 * time.Second
+					logger.Info("waiting %v for things to settle", duration)
+					time.Sleep(duration)
+					logger.Info("done waiting %v for things to settle", duration)
+				}
+
+				return true, nil
+			}),
 			dns01.CondOption(isTesting, dns01.AddRecursiveNameservers([]string{nameServer})),
 			dns01.CondOption(a.IgnoreDNSPropagation || isTesting, dns01.DisableCompletePropagationRequirement()))
 		if err != nil {
vault-acme: sleep in lieu of waiting "properly" for DNS propagation Once we've seen the TXT record on any nameserver, assume that it'll reach the rest of them within 60 seconds. This is an awful hack because some peculiarities of my setup don't work properly with the upstream lego code. 2022-03-17 01:03:41 +00:00			`diff --git a/acme/client.go b/acme/client.go`
			`index 20f98a9..cc85277 100644`
			`--- a/acme/client.go`
			`+++ b/acme/client.go`
			`@@ -3,6 +3,7 @@ package acme`
			`import (`
			`"context"`
			`"os"`
			`+ "time"`

			`"github.com/go-acme/lego/v3/certificate"`
			`"github.com/go-acme/lego/v3/challenge/dns01"`
			`@@ -42,6 +43,22 @@ func setupChallengeProviders(ctx context.Context, logger log.Logger, client *leg`
			`nameServer := os.Getenv("LEGO_TEST_NAMESERVER")`
			`isTesting := nameServer != ""`
			`err = client.Challenge.SetDNS01Provider(provider,`
			`+ dns01.WrapPreCheck(func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) {`
			`+ ok, err := check(fqdn, value)`
			`+ if !ok \|\| err != nil {`
			`+ return ok, err`
			`+ }`
			`+`
			`+ if a.IgnoreDNSPropagation {`
			`+ // Just wait 1 minute for stuff to settle...`
			`+ const duration = 60 * time.Second`
			`+ logger.Info("waiting %v for things to settle", duration)`
			`+ time.Sleep(duration)`
			`+ logger.Info("done waiting %v for things to settle", duration)`
			`+ }`
			`+`
			`+ return true, nil`
			`+ }),`
			`dns01.CondOption(isTesting, dns01.AddRecursiveNameservers([]string{nameServer})),`
			`dns01.CondOption(a.IgnoreDNSPropagation \|\| isTesting, dns01.DisableCompletePropagationRequirement()))`
			`if err != nil {`