From d2481b146166fb8dfd4ea083dde56e73267a2507 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Thu, 17 Mar 2022 01:03:41 +0000 Subject: [PATCH] vault-acme: sleep in lieu of waiting "properly" for DNS propagation Once we've seen the TXT record on any nameserver, assume that it'll reach the rest of them within 60 seconds. This is an awful hack because some peculiarities of my setup don't work properly with the upstream lego code. --- nix/pkgs/vault-acme/default.nix | 2 ++ nix/pkgs/vault-acme/just-add-a-sleep.patch | 35 ++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 nix/pkgs/vault-acme/just-add-a-sleep.patch diff --git a/nix/pkgs/vault-acme/default.nix b/nix/pkgs/vault-acme/default.nix index 2121493cc2..8879b164c1 100644 --- a/nix/pkgs/vault-acme/default.nix +++ b/nix/pkgs/vault-acme/default.nix @@ -19,6 +19,8 @@ buildGoModule rec { sha256 = "sha256:0f3d89j51gcrvpxmlr3psvv9mm6y3rw4hwk3rs4rb3a6rj5yg2iq"; }; + patches = [ ./just-add-a-sleep.patch ]; + vendorSha256 = "sha256:07bqapnrf1fdyaxkna14s5calgj71sk2qysigd32hxl673zd06ic"; subPackages = [ diff --git a/nix/pkgs/vault-acme/just-add-a-sleep.patch b/nix/pkgs/vault-acme/just-add-a-sleep.patch new file mode 100644 index 0000000000..0f767e590e --- /dev/null +++ b/nix/pkgs/vault-acme/just-add-a-sleep.patch @@ -0,0 +1,35 @@ +diff --git a/acme/client.go b/acme/client.go +index 20f98a9..cc85277 100644 +--- a/acme/client.go ++++ b/acme/client.go +@@ -3,6 +3,7 @@ package acme + import ( + "context" + "os" ++ "time" + + "github.com/go-acme/lego/v3/certificate" + "github.com/go-acme/lego/v3/challenge/dns01" +@@ -42,6 +43,22 @@ func setupChallengeProviders(ctx context.Context, logger log.Logger, client *leg + nameServer := os.Getenv("LEGO_TEST_NAMESERVER") + isTesting := nameServer != "" + err = client.Challenge.SetDNS01Provider(provider, ++ dns01.WrapPreCheck(func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) { ++ ok, err := check(fqdn, value) ++ if !ok || err != nil { ++ return ok, err ++ } ++ ++ if a.IgnoreDNSPropagation { ++ // Just wait 1 minute for stuff to settle... ++ const duration = 60 * time.Second ++ logger.Info("waiting %v for things to settle", duration) ++ time.Sleep(duration) ++ logger.Info("done waiting %v for things to settle", duration) ++ } ++ ++ return true, nil ++ }), + dns01.CondOption(isTesting, dns01.AddRecursiveNameservers([]string{nameServer})), + dns01.CondOption(a.IgnoreDNSPropagation || isTesting, dns01.DisableCompletePropagationRequirement())) + if err != nil {