Comments (7)
That is a feature, IIRC. If you look at the maintenance routines we only delete dirs after first deleting their contents deliberately. The idea is to prevent accidentally deleting useful files.
It's also simpler to implement in general (databases and such).
from certmagic.
I've done the easy work of opening a PR if you think this change would be beneficial, thanks for discussing.
from certmagic.
I think I get you, I guess where I went wrong was with misunderstanding the following:
"If the name is a directory (i.e. prefix of other keys), all keys prefixed by this key should be deleted."
Lines 82 to 87 in c61a4fe
I understood that to mean that implementations would delete all keys prefixed by a key, but it sounds like that's intended to convey that all keys prefixed by this key should already be deleted.
What do you think of something like this?
// Delete deletes the named key. If the name is a
// directory (i.e. a prefix for other keys), the named
// key must not be in use as a prefix in any existing
// keys. An error should be returned only if the key still
// exists when the method returns.
Curious to know whether you can see how I got there, or whether you think it should already be clear.
from certmagic.
That's a good point... hmm. As I think about it, I think the godoc should be correct, and maybe just fixing the file system implementation is best. Because otherwise every implementation needs to check if the "directory" is "empty" (query by prefix, etc) -- whereas we're just lucky the file system does this for us. But databases, etc, don't do that.
So yeah, we should probably change it to use RemoveAll(). It might be good if we have some sort of sanity check on the resulting path.
from certmagic.
Was there a particular sanity check you had in mind?
Maybe you were thinking about checking the directory exists? This currently should error with Remove
but wouldn't after swapping it for RemoveAll
, is that the concern?
from certmagic.
Hmm, not exactly... I am not sure I had a concrete idea for a sanity check. In theory all the paths used should be safe. 🤷♂️
from certmagic.
Yeah, thank you!
I might see what other implementations are doing in this regard, and possibly make adjustments if needed, but this is good for now. Thanks!
from certmagic.
Related Issues (20)
- Question: About `ACMEIssuer.AltTLSALPNPort` parameter HOT 3
- Feature Request: Use `log/slog` instead of Zap HOT 8
- Using Certmagic with pebble HOT 1
- DecisionFunc and certificate clean up HOT 2
- Gandi dns-01 challenge fail: 400 Absolute rrset_name must end with mydomain.org HOT 1
- How do I use CacheUnmanagedTLSCertificate correctly? HOT 6
- Support zerossl IP cert HOT 3
- Support customizable certificate validity period HOT 2
- Add: Deactivating an Authorization (7.5.2) HOT 4
- Certificate Import HOT 16
- Add proxy option for OCSP stapling requests HOT 6
- Ability to disable logs with `no information found to solve challenge for identifier` HOT 3
- Config option for what the Caddy ask endpoint protects / DecisionFunc HOT 2
- Can DNS be used alongside ALPN? HOT 5
- How to manually issue a certificate HOT 3
- Is FallbackServerName still experimental? HOT 3
- Question: How to issue wildcard certificates rather than exact subject name in OnDemand? HOT 3
- Implement ARI HOT 2
- How to disable logs? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certmagic.