lego hook execution with bash -c #13

New Issue

jadyn · 2025-09-24T19:54:24Z

jadyn commented

2025-09-24 19:54:24 +00:00

Maybe we should use bash -c here:

base/roles/lego/files/lego_run.sh Line 34 in 5e777934ed

$LEGO_POST_RENEWAL_HOOK

if [[ -n "${LEGO_POST_RENEWAL_HOOK:-}" ]]; then
  /usr/bin/env bash -c "$LEGO_POST_RENEWAL_HOOK"
fi

Maybe we should use `bash -c` here: https://git.finally.coffee/finallycoffee/base/src/commit/5e777934ed333bcc7099a7a4e5702d5db743e972/roles/lego/files/lego_run.sh#L34 ```bash if [[ -n "${LEGO_POST_RENEWAL_HOOK:-}" ]]; then /usr/bin/env bash -c "$LEGO_POST_RENEWAL_HOOK" fi ```

transcaffeine commented

2025-10-14 16:52:43 +00:00

That assumes that $LEGO_POST_RENEWAL_HOOK is executable with bash - right now, it can be any (shell) executable, as long as it is executable, it works.

One could make the argument, that the same arguments usually passed with f.ex. certbot etc should be passed as positional arguments.

That assumes that `$LEGO_POST_RENEWAL_HOOK` is executable with bash - right now, it can be any (shell) executable, as long as it is executable, it works. One could make the argument, that the same arguments usually passed with f.ex. certbot etc should be passed as positional arguments.

jadyn commented

2025-11-28 11:18:46 +00:00

After the proposed change, every executable (with proper shebang) would still work as well as inline bash scripts.

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: finallycoffee/base#13