Dehydrated does not gracefully handle non-zero return codes from hook functions #733
Comments
tadgy
changed the title
|
I am entirely unable to replicate this issue at all, using dehydrated 0.6.5, and both by using HOOK=<script> in the config file, and by using --hook/-k to specify the hook script. In both cases my defined exit_hook is being called. So this may be an issue with your hook script instead. |
|
Hey - thanks for the reply. As you weren't able to reproduce this I dug a little deeper and have figured out the problem. It's party due to my hook script, and party due to dehydrated.... But the second part of the problem lies within dehydrated. When the hook script is called, set -e is in effect by the looks of it, so a non-zero exit code from that script causes dehydrated to stop dead in its tracks. I can reproduce this behavior with other functions within the hook script - the non-zero return code just stops dehydrated on the spot, with no error or indication why it has failed. My suggested fix is to make it explicit in the example hook script that you MUST return a zero value from your functions, and document it on the website. Otherwise the fixes are in the dehydrated code itself - turn off set -e around the calls to the hook scripts and add some proper error handling, to tell the user what is going on. IMO, dehydrated should not just stop with no error because of a user supplied hook script - there should be proper error checking... it's normal practice to validate user data, why not the results of user code? :) Anyway, hope that helps! |
tadgy
changed the title
|
I added lots of error messages for failed hook scripts, this issue should be resolved by that. |
There is a bug in all versions of dehydrated from 0.9.3 onward which prevents any exit_hook defined in the script configured with HOOK= when dehydrated is being run with -c.
Doing some tracing, the bug seemed to appear just after the 0.6.2 release but before the 0.6.3 release; but I can't point it down to a specific commit as I'm not familiar with the code at this time. Perhaps a commenter will be able to provide the exact commit?
In any case, this bug is a regression on the previous behavior of 0.6.2 and contrary to the dehydrated documentation.
Hopefully this issue report will prevent others from taring their hair out wondering what went wrong with a dehydrated upgrade, as I have been doing! :D
I hope someone on the dehydrated team can look at this urgently, given it's impact on administrators abilities to cleanly restart services after new certificates have been issued.
Thanks for the good work! :)
[Edit: corrected version numbers - it's not 0.9.3+, it's 0.6.3+ - sorry about that!]
The text was updated successfully, but these errors were encountered: