M/e) UdZddlZddlmZddlmZddlmZddlmZddlmZddlm Z dd lm Z dd l m Z dd l m Z dd l mZdd lmZdd lm Zej(eZdej.ddfdZdedeefdZdededdfdZdej.ddfdZeZeeed<deddfdZ dej.deeddfdZ!gZ"eeed<deddfdZ#deedeeddfdZ$dej.deed eddfd!Z%dej.deed eddfd"Z&dedeed ed#e'd$e'ddf d%Z(d+d&eded'eeeefdefd(Z)d)edeefd*Z*y),z;Facilities for implementing hooks that call shell commands.N)Dict)List)Optional)Set) configuration)errors)util) filesystem)misc)os)opsconfigreturnct|jdt|jdt|jdt|jdy)z#Check hook commands are executable.prepostdeployrenewN) validate_hookpre_hook post_hook deploy_hook renew_hook)rs 9/usr/lib/python3/dist-packages/certbot/_internal/hooks.pyvalidate_hooksrs@&//5)&""F+&$$h/&##W- shell_cmdctj|s+tj|tj|sytj j |S)zExtract the program run by a shell command. :param str shell_cmd: command to be executed :returns: basename of command or None if the command isn't found :rtype: str or None N)r exe_exists plug_util path_surgeryr pathbasename)rs r_progr$sB ??9 %y)y) 77  I &&r hook_namec|r}|jddd}t|s\tjd}tjj |r |d|d}n d|d|d|d }t j|yy) zCheck that a command provided as a hook is plausibly executable. :raises .errors.HookCommandNotFound: if the command is not found NrPATHz-hook command z exists, but is not executable.zUnable to find z in the PATH. (PATH is z0) See also the --disable-hook-validation option.)splitr$r environr"existsrHookCommandNotFound)rr%cmdr"msgs rrr.s oodA&q)Sz::f%Dww~~c"^I;6UV&i[seC[fMO ,,S1 1rc|jdk(r1|jr%t|jD] }t ||j }|r t |yy)aRun pre-hooks if they exist and haven't already been run. When Certbot is running with the renew subcommand, this function runs any hooks found in the config.renewal_pre_hooks_dir (if they have not already been run) followed by any pre-hook in the config. If hooks in config.renewal_pre_hooks_dir are run and the pre-hook in the config is a path to one of these scripts, it is not run twice. :param configuration.NamespaceConfig config: Certbot settings rN)verbdirectory_hooks list_hooksrenewal_pre_hooks_dir_run_pre_hook_if_necessaryr)rhookr-s rrrBsU{{g&"8"8v;;< -D &t , - //C "3' rexecuted_pre_hookscommandc|tvrtjd|ytd|tj |y)zRun the specified pre-hook if we haven't already. If we've already run this exact command before, a message is logged saying the pre-hook was skipped. :param str command: pre-hook to be run z*Pre-hook command already run, skipping: %szpre-hookN)r6loggerinfo _run_hookaddr7s rr4r4Zs4$$ @'J*g&w'rrenewed_domainscR|j}|jdk(r@|jr%t|jD] }t ||r t |yy|rJdj |}t|dkDrtjd|dd}td||ddyy) aRun post-hooks if defined. This function also registers any executables found in config.renewal_post_hooks_dir to be run when Certbot is used with the renew subcommand. If the verb is renew, we delay executing any post-hooks until :func:`run_saved_post_hooks` is called. In this case, this function registers all hooks found in config.renewal_post_hooks_dir to be called followed by any post-hook in the config. If the post-hook in the config is a path to an executable in the post-hook directory, it is not scheduled to be run twice. :param configuration.NamespaceConfig config: Certbot settings r i}z?Limiting RENEWED_DOMAINS environment variable to 32k charactersN post-hookRENEWED_DOMAINSFAILED_DOMAINS) rr0r1r2renewal_post_hooks_dir_run_eventuallyjoinlenr9warningr;)rr>r-r5renewed_domains_strs rrrjs,   C {{g  ! !"6#@#@A &% &  C   !hh7 " #f , NN\ ]"5gv">   #6#%    r post_hooksc@|tvrtj|yy)zRegisters a post-hook to be run eventually. All commands given to this function will be run exactly once in the order they were given when :func:`run_saved_post_hooks` is called. :param str command: post-hook to register to be run N)rLappendr=s rrGrGsj '"!rfailed_domainscdj|}dj|}t|dkDrtjd|dd}t|dkDrtjd|dd}tD]}t d|||dy)zGRun any post hooks that were saved up in the course of the 'renew' verbr@i>z?Limiting RENEWED_DOMAINS environment variable to 16k charactersNz>Limiting FAILED_DOMAINS environment variable to 16k charactersrArC)rHrIr9rJrLr;)r>rOrKfailed_domains_strr-s rrun_saved_post_hooksrRs((?3.1 &(XY1'6: 'WX0&9   #6"4   rdomains lineage_pathcx|jr.t|j|||j|jyy)aRun post-issuance hook if defined. :param configuration.NamespaceConfig config: Certbot settings :param domains: domains in the obtained certificate :type domains: `list` of `str` :param str lineage_path: live directory path for the new cert N)r_run_deploy_hookdry_runrun_deploy_hooks)rrSrTs rrrs6++W%v~~v7N7N Prct}|jrNt|jD]6}t ||||j |j |j|8|jr]|j|vr!tjd|jyt |j|||j |j yy)a]Run post-renewal hooks. This function runs any hooks found in config.renewal_deploy_hooks_dir followed by any renew-hook in the config. If the renew-hook in the config is a path to a script in config.renewal_deploy_hooks_dir, it is not run twice. If Certbot is doing a dry run, no hooks are run and messages are logged saying that they were skipped. :param configuration.NamespaceConfig config: Certbot settings :param domains: domains in the obtained certificate :type domains: `list` of `str` :param str lineage_path: live directory path for the new cert z0Skipping deploy-hook '%s' as it was already run.N) setr1r2renewal_deploy_hooks_dirrVrWrXr<rr9r:)rrSrTexecuted_dir_hooksr5s rrrs$ v>>? )D T7L&..&JaJa b  " "4 ( )    2 2 KKJ)) + V..)6>>6;R;R T rrWrXc|r|stjd|ydj|tjd<|tjd<t d|y)atRun the specified deploy-hook (if not doing a dry run). If dry_run is True, command is not run and a message is logged saying that it was skipped. If dry_run is False, the hook is run after setting the appropriate environment variables. :param str command: command to run as a deploy-hook :param domains: domains in the obtained certificate :type domains: `list` of `str` :param str lineage_path: live directory path for the new cert :param bool dry_run: True iff Certbot is doing a dry run :param bool run_deploy_hooks: True if deploy hooks should run despite Certbot doing a dry run z)Dry run: skipping deploy hook command: %sNr@rDRENEWED_LINEAGEz deploy-hook)r9r:rHr r*r;)r7rSrTrWrXs rrVrVsP ' ? $'HHW$5BJJ !$0BJJ ! mW%rcmd_name extra_envctj}|j|xsitj|||\}}}t j d|d||||S)aHRun a hook command. :param str cmd_name: the user facing name of the hook being run :param shell_cmd: shell command to execute :type shell_cmd: `list` of `str` or `str` :param dict extra_env: extra environment variables to set :type extra_env: `dict` of `str` to `str` :returns: stderr if there was any)envzHook '')r env_no_snap_for_external_callsupdater execute_command_status display_opsreport_executed_command)r_rr`rb returncodeerrouts rr;r;sb  - - /CJJyB66)&JS''& !(zlist_hooks..+s Ha Xq)Hs*-~)r listdirr is_executableendswithsorted)rlallpathsr"hookss` rr2r2"sXI2::h3GHH& dd**B*B4*HQUQ^Q^_bQcT dE d %= esA"A"A"ro)+__doc__loggingtypingrrrrcertbotrrr certbot.compatr r r certbot.displayr rgcertbot.pluginsr getLogger__name__r9NamespaceConfigrstrr$rrrZr6__annotations__r4rrLrGrRrrboolrVr;r2rrrsA!%.-   8 $.=88.T.'S'Xc]'"2S2S2T2((]22(t(* #uCH$ ( ( ( /  ) )/ #Y/  / d DI #S #T # $s) T#Y SW 4 P 55 PS P! P&* PT}44TtCyT T%)TB&c&DI&S&SW&'+&04&4c3h8P\_$  c r