mirror of
https://github.com/certbot/certbot.git
synced 2026-06-07 07:42:08 -04:00
a2951b4db1
* snap: Fix "stack smashing" error in wrapper certbot.wrapper had implicit dependencies on sed, awk and coreutils, which were being accidentally provided through the host system. Because certbot.wrapper modifies LD_LIBRARY_PATH, this was causing some systems to load an incompatible combination of shared libraries, resulting sed crashing. This commit reduces the dependencies of this script to just gawk, and explicitly stages it as part of the Certbot snap. It additionally moves invocations of all host system programs to a moment prior to the modification of LD_LIBRARY_PATH, and the invocation of snapped programs to after the modification. Fixes #8245 * snap: Don't modify LD_LIBRARY_PATH * leftover tracing * snap: revert curl/jq in wrapper, use gawk for now
11 lines
484 B
Bash
11 lines
484 B
Bash
#!/bin/sh -e
|
|
|
|
if [ "$(snapctl get trust-plugin-with-root)" = "ok" ]; then
|
|
# allow the connection, but reset config to allow for other slots to go through this auth flow
|
|
snapctl unset trust-plugin-with-root
|
|
exit 0
|
|
else
|
|
echo "Only connect this interface if you trust the plugin author to have root on the system"
|
|
echo "Run \`snap set $SNAP_NAME trust-plugin-with-root=ok\` to acknowledge this and then run this command again to perform the connection"
|
|
exit 1
|
|
fi
|