evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Be sure to check the exit code of certbot

Browse source 
If we use set -e but no -o pipefail with a pipe, the last command exit code is
used by set -e.

certbot | grep -v something

If the grep exit with a non-zero exit code, set -e stop the execution of the
script.  We don't care about that grep, so we now use the PIPESTATUS.
This commit is contained in:
Benoît S. 2018-03-05 14:44:21 +01:00
parent 77cc1cce7d
commit cdaad871b3
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
evoacme/files/evoacme.sh
View file

@ -204,6 +204,8 @@ main() {
sudo -u acme test -w "${NEW_DIR}" || error "Directory ${NEW_DIR} is not writable by user 'acme'"
# create a certificate with certbot
# we disable the set -e during the certbot call
set +e
sudo -u acme \
"${CERTBOT_BIN}" \
certonly \
@ -220,6 +222,11 @@ main() {
2>&1 \
| grep -v "certbot.crypto_util"
if [ "${PIPESTATUS[0]}" != "0" ]; then
error "Certbot has exited with a non-zero exit code"
fi
set -e
if [ "${DRY_RUN}" = "1" ]; then
debug "In dry-run mode, we stop here. Bye"
exit 0