Fails to import config from file using absolute path #592

gareththered · 2023-06-09T12:25:18Z

Describe the bug

Attempting to import ACME DNS api_token from a file fails if the path to the file is absolute.

Steps to reproduce

This is in a Docker Swarm stack, where the api_token is a Docker Secret.

The compose file is:

version: "3.8"

services:
  maddy:
    image: foxcpp/maddy
    environment:
      - MADDY_HOSTNAME=mx1.mydomain.here
      - MADDY_DOMAIN=int.mydomain.here
    secrets:
      - gandi_key
    volumes:
      - /persistent/maddy/data1:/data
    # stdin_open: true
    # tty: true
    # entrypoint: /bin/sh
    ports:
      - 25:25
      - 465:465
      - 587:587
      - 2525:2525
    deploy:
      restart_policy:
        condition: on-failure

secrets:
  gandi_key:
    external: true

With the stdin_open, tty, & entrypoint commented as above, the container fails instantaneously, with only:

/data/maddy.conf:45: unknown import: /run/secrets/gandi_key

in the container log.

Log files

It fails to start with:

/data/maddy.conf:45: unknown import: /run/secrets/gandi_key

No other logs are generated, even with debug = true set.

Configuration file

Extract from /data/maddy.conf:

tls.loader.acme acme_tls {
    debug on
    hostname mx1.mydomain.here
    store_path /data/acme
    email [email protected]
    agreed # indicate your agreement with Let's Encrypt ToS
    ca https://acme-v02.api.letsencrypt.org/directory
    test_ca https://acme-staging-v02.api.letsencrypt.org/directory
    challenge dns-01
    dns gandi {
      import /run/secrets/gandi_key
      # import ../run/secrets/gandi_net
    }
}

and the file /run/secrets/gandi_key is populated by Docker to contain a single line:

api_token "myRealGandiApiToken"

Environment information

Latest version running on Docker Swarm

Additional Information

If I change the import to be relative to the /data working directory, by preceding it with .. :

    dns gandi {
       import ../run/secrets/gandi_net
    }

it seems to work:

/ # maddy run
tls.loader.acme/maintenance: started background certificate maintenance {"cache":"0xc0000acd20"}
table.file: ignoring non-existent file: /etc/maddy/aliases
tls.loader.acme/obtain: acquiring lock  {"identifier":"mx1.mydomain.herek"}
tls.loader.acme/obtain: lock acquired   {"identifier":"mx1.mydomain.here"}
tls.loader.acme/obtain: obtaining certificate   {"identifier":"mx1.mydomain.here"}

and so on.

The text was updated successfully, but these errors were encountered:

foxcpp · 2023-06-27T16:07:16Z

Configuration forces all paths to be interpreted as relative to the config directory (/data for Docker). I guess this should be fixed to not apply for absolute paths.

See #592.

gareththered added the bug Something isn't working. label Jun 9, 2023

foxcpp added a commit that referenced this issue Jun 27, 2023

cfgparser: Do not interpret absolute paths relatively to the config dir

b5aa593

See #592.

foxcpp added the ready-for-release Feature is implemented and available for testing in dev branch. It will be included in the next rele label Jun 27, 2023

foxcpp self-assigned this Jan 21, 2024

foxcpp closed this as completed Jan 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fails to import config from file using absolute path #592

Fails to import config from file using absolute path #592

gareththered commented Jun 9, 2023

foxcpp commented Jun 27, 2023 •

edited

Loading

Fails to import config from file using absolute path #592

Fails to import config from file using absolute path #592

Comments

gareththered commented Jun 9, 2023

Describe the bug

Steps to reproduce

Log files

Configuration file

Environment information

Additional Information

foxcpp commented Jun 27, 2023 • edited Loading

foxcpp commented Jun 27, 2023 •

edited

Loading