diff --git a/nix/pkgs/vault-acme/default.nix b/nix/pkgs/vault-acme/default.nix index 2121493cc2..8879b164c1 100644 --- a/nix/pkgs/vault-acme/default.nix +++ b/nix/pkgs/vault-acme/default.nix @@ -19,6 +19,8 @@ buildGoModule rec { sha256 = "sha256:0f3d89j51gcrvpxmlr3psvv9mm6y3rw4hwk3rs4rb3a6rj5yg2iq"; }; + patches = [ ./just-add-a-sleep.patch ]; + vendorSha256 = "sha256:07bqapnrf1fdyaxkna14s5calgj71sk2qysigd32hxl673zd06ic"; subPackages = [ diff --git a/nix/pkgs/vault-acme/just-add-a-sleep.patch b/nix/pkgs/vault-acme/just-add-a-sleep.patch new file mode 100644 index 0000000000..0f767e590e --- /dev/null +++ b/nix/pkgs/vault-acme/just-add-a-sleep.patch @@ -0,0 +1,35 @@ +diff --git a/acme/client.go b/acme/client.go +index 20f98a9..cc85277 100644 +--- a/acme/client.go ++++ b/acme/client.go +@@ -3,6 +3,7 @@ package acme + import ( + "context" + "os" ++ "time" + + "github.com/go-acme/lego/v3/certificate" + "github.com/go-acme/lego/v3/challenge/dns01" +@@ -42,6 +43,22 @@ func setupChallengeProviders(ctx context.Context, logger log.Logger, client *leg + nameServer := os.Getenv("LEGO_TEST_NAMESERVER") + isTesting := nameServer != "" + err = client.Challenge.SetDNS01Provider(provider, ++ dns01.WrapPreCheck(func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) { ++ ok, err := check(fqdn, value) ++ if !ok || err != nil { ++ return ok, err ++ } ++ ++ if a.IgnoreDNSPropagation { ++ // Just wait 1 minute for stuff to settle... ++ const duration = 60 * time.Second ++ logger.Info("waiting %v for things to settle", duration) ++ time.Sleep(duration) ++ logger.Info("done waiting %v for things to settle", duration) ++ } ++ ++ return true, nil ++ }), + dns01.CondOption(isTesting, dns01.AddRecursiveNameservers([]string{nameServer})), + dns01.CondOption(a.IgnoreDNSPropagation || isTesting, dns01.DisableCompletePropagationRequirement())) + if err != nil {