-
-
Notifications
You must be signed in to change notification settings - Fork 15.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/acme: allowKeysForGroup has no effect after cert is already created #48845
Comments
Hey I made a PR that fixes this, would love to have somebody else make sure it fixes this problem: #72056 |
Lets re-open this issue. |
Hello, I'm a bot and I thank you in the name of the community for opening this issue. To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human. The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it. If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them. Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel. |
wasnt this fixed by the recent bugfix round @m1cr0man ? |
Yeah, that option has been removed Infact :P |
This option is now gone in favour of always making the certificates group readable and owned by the acme user, and letting users change only the group that will be applied to them. Closing this issue. |
Issue description
group
oruser
will not do anything till the next round of refreshallowKeysForGroup
do not actually propagate. The permissions of the key are not changed. Only of the surrounding directory.Steps to reproduce
security.acme.certs.<name>.group = "hello";
security.acme.certs.<name>.group = "world";
security.acme.certs.<name>.allowKeysForGroup =true;
hello
and that there are no group read permissions yetgroup
did change, by the permission bits still not allow read access togroup
even ifallowKeysForGroup
is setTechnical details
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste theresults.
The text was updated successfully, but these errors were encountered: