a `@sdZddlmZddlZddlmZddlmZddlmZddlm Z ddl m Z dd l m Z dd l m Z ddlm ZeeZd d Zd dZddZddZeZddZddZgZddZddZddZddZdd Z d!d"Z!d#d$Z"dS)%z;Facilities for implementing hooks that call shell commands.)print_functionN)List)Set)errors)util) filesystem)misc)oscCs4t|jdt|jdt|jdt|jddS)z#Check hook commands are executable.ZpreZpostZdeployrenewN) validate_hookpre_hook post_hook deploy_hook renew_hook)configr9/usr/lib/python3/dist-packages/certbot/_internal/hooks.pyvalidate_hookss   rcCs.t|s"t|t|s"dStj|S)zExtract the program run by a shell command. :param str shell_cmd: command to be executed :returns: basename of command or None if the command isn't found :rtype: str or None N)rZ exe_exists plug_utilZ path_surgeryr pathbasename) shell_cmdrrr_progs   rcCs\|rX|ddd}t|sXtjd}tj|r@d||}nd|||}t|dS)zCheck that a command provided as a hook is plausibly executable. :raises .errors.HookCommandNotFound: if the command is not found NrPATHz3{1}-hook command {0} exists, but is not executable.z>Unable to find {2}-hook command {0} in the PATH. (PATH is {1})) splitrr environrexistsformatrZHookCommandNotFound)rZ hook_namecmdrmsgrrrr *s  r cCs>|jdkr(|jr(t|jD] }t|q|j}|r:t|dS)aRun pre-hooks if they exist and haven't already been run. When Certbot is running with the renew subcommand, this function runs any hooks found in the config.renewal_pre_hooks_dir (if they have not already been run) followed by any pre-hook in the config. If hooks in config.renewal_pre_hooks_dir are run and the pre-hook in the config is a path to one of these scripts, it is not run twice. :param configuration.NamespaceConfig config: Certbot settings r N)verbdirectory_hooks list_hooksZrenewal_pre_hooks_dir_run_pre_hook_if_necessaryr )rhookrrrrr <s  r cCs.|tvrtd|ntd|t|dS)zRun the specified pre-hook if we haven't already. If we've already run this exact command before, a message is logged saying the pre-hook was skipped. :param str command: pre-hook to be run z*Pre-hook command already run, skipping: %szpre-hookN)executed_pre_hooksloggerinfo _run_hookaddcommandrrrr$Ts  r$cCsN|j}|jdkr<|jr.t|jD] }t|q |rJt|n|rJtd|dS)aRun post-hooks if defined. This function also registers any executables found in config.renewal_post_hooks_dir to be run when Certbot is used with the renew subcommand. If the verb is renew, we delay executing any post-hooks until :func:`run_saved_post_hooks` is called. In this case, this function registers all hooks found in config.renewal_post_hooks_dir to be called followed by any post-hook in the config. If the post-hook in the config is a path to an executable in the post-hook directory, it is not scheduled to be run twice. :param configuration.NamespaceConfig config: Certbot settings r post-hookN)r r!r"r#Zrenewal_post_hooks_dir_run_eventuallyr))rrr%rrrr ds   r cCs|tvrt|dS)zRegisters a post-hook to be run eventually. All commands given to this function will be run exactly once in the order they were given when :func:`run_saved_post_hooks` is called. :param str command: post-hook to register to be run N) post_hooksappendr+rrrr.s r.cCstD]}td|qdS)zGRun any post hooks that were saved up in the course of the 'renew' verbr-N)r/r))rrrrrun_saved_post_hookssr1cCs|jrt|j|||jdS)aRun post-issuance hook if defined. :param configuration.NamespaceConfig config: Certbot settings :param domains: domains in the obtained certificate :type domains: `list` of `str` :param str lineage_path: live directory path for the new cert N)r_run_deploy_hookdry_run)rdomains lineage_pathrrrrs rcCslt}|jr6t|jD]}t||||j||q|jrh|j|vrVt d|jnt|j|||jdS)a]Run post-renewal hooks. This function runs any hooks found in config.renewal_deploy_hooks_dir followed by any renew-hook in the config. If the renew-hook in the config is a path to a script in config.renewal_deploy_hooks_dir, it is not run twice. If Certbot is doing a dry run, no hooks are run and messages are logged saying that they were skipped. :param configuration.NamespaceConfig config: Certbot settings :param domains: domains in the obtained certificate :type domains: `list` of `str` :param str lineage_path: live directory path for the new cert z0Skipping deploy-hook '%s' as it was already run.N) setr"r#Zrenewal_deploy_hooks_dirr2r3r*rr'r()rr4r5Zexecuted_dir_hooksr%rrrrs  rcCs<|rtd|dSd|tjd<|tjd<td|dS)aRun the specified deploy-hook (if not doing a dry run). If dry_run is True, command is not run and a message is logged saying that it was skipped. If dry_run is False, the hook is run after setting the appropriate environment variables. :param str command: command to run as a deploy-hook :param domains: domains in the obtained certificate :type domains: `list` of `str` :param str lineage_path: live directory path for the new cert :param bool dry_run: True iff Certbot is doing a dry run z)Dry run: skipping deploy hook command: %sN ZRENEWED_DOMAINSZRENEWED_LINEAGEz deploy-hook)r'Zwarningjoinr rr))r,r4r5r3rrrr2s r2cCstj||td\}}|S)zRun a hook command. :param str cmd_name: the user facing name of the hook being run :param shell_cmd: shell command to execute :type shell_cmd: `list` of `str` or `str` :returns: stderr if there was any)env)rZexecute_commandrZenv_no_snap_for_external_calls)Zcmd_namererr_rrrr)sr)cs.fddtD}dd|D}t|S)zList paths to all hooks found in dir_path in sorted order. :param str dir_path: directory to search :returns: `list` of `str` :rtype: sorted list of absolute paths to executables in dir_path c3s|]}tj|VqdS)N)r rr8).0fdir_pathrr zlist_hooks..cSs$g|]}t|r|ds|qS)~)rZ is_executableendswith)r<rrrr rAzlist_hooks..)r listdirsorted)r?ZallpathsZhooksrr>rr#s r#)#__doc__Z __future__rZloggingZacme.magic_typingrrZcertbotrrZcertbot.compatrrr Zcertbot.pluginsrZ getLogger__name__r'rrr r r6r&r$r r/r.r1rrr2r)r#rrrrs4