Commit 781f0cf2 authored by Félix Baylac-Jacqué's avatar Félix Baylac-Jacqué
Browse files

nixos/tests/acme.nix: remove pebble custom endpoint patch 

The recent custom endpoint addition allows us to directly point
certbot to the custom Pebble directory endpoint.

Thanks to that, we can ditch the Pebble patch we were using so far;
making this test maintenance easier.
parent 5671fa23

nixos/tests/acme.nix

+7 −2
Original line number Diff line number Diff line
@@ -12,9 +12,12 @@ in import ./make-test.nix { 
      networking.extraHosts = ''

        ${config.networking.primaryIPAddress} standalone.com

      '';

      security.acme.certs."standalone.com" = {

      security.acme = {

        server = "https://acme-v02.api.letsencrypt.org/dir";

        certs."standalone.com" = {

            webroot = "/var/lib/acme/acme-challenges";

        };

      };

      systemd.targets."acme-finished-standalone.com" = {};

      systemd.services."acme-standalone.com" = {

        wants = [ "acme-finished-standalone.com.target" ];
@@ -54,6 +57,8 @@ in import ./make-test.nix { 
        '';

      };



      security.acme.server = "https://acme-v02.api.letsencrypt.org/dir";



      nesting.clone = [

        ({pkgs, ...}: {

nixos/tests/common/letsencrypt/0001-Change-ACME-directory-endpoint-to-directory.patch

deleted100644 → 0
+0 −25
Original line number Diff line number Diff line 
From c3b4004386074342d22cab5e129c1f7e623f4272 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?F=C3=A9lix=20Baylac-Jacqu=C3=A9?= <felix@alternativebit.fr>

Date: Mon, 21 Oct 2019 10:56:13 +0200

Subject: [PATCH] Change ACME directory endpoint to /directory



---

 wfe/wfe.go | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)



diff --git a/wfe/wfe.go b/wfe/wfe.go

index e24797f..10d29fb 100644

--- a/wfe/wfe.go

+++ b/wfe/wfe.go

@@ -39,7 +39,7 @@ const (

 	// Note: We deliberately pick endpoint paths that differ from Boulder to

 	// exercise clients processing of the /directory response

 	// We export the DirectoryPath so that the pebble binary can reference it

-	DirectoryPath     = "/dir"

+	DirectoryPath     = "/directory"

 	noncePath         = "/nonce-plz"

 	newAccountPath    = "/sign-me-up"

 	acctPath          = "/my-account/"

-- 

2.23.0

nixos/tests/common/letsencrypt/default.nix

+1 −11
Original line number Diff line number Diff line
@@ -62,17 +62,7 @@ let 
  siteDomain = "letsencrypt.org";

  siteCertFile = snakeOilCerts.${siteDomain}.cert;

  siteKeyFile = snakeOilCerts.${siteDomain}.key;

  pebble = pkgs.pebble.overrideAttrs (attrs: {

    # The pebble directory endpoint is /dir when the bouder (official

    # ACME server) is /directory. Sadly, this endpoint is hardcoded,

    # we have to patch it.

    #

    # Tried to upstream, that said upstream maintainers rather keep

    # this custom endpoint to test ACME clients robustness. See

    # https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242

    patches = [ ./0001-Change-ACME-directory-endpoint-to-directory.patch ];

  });



  pebble = pkgs.pebble;

  resolver = let

    message = "You need to define a resolver for the letsencrypt test module.";

    firstNS = lib.head config.networking.nameservers;