paravoid
commented
1 year ago I wonder what the rationale for that is, given the certificate can be found by opening up $CERT_FILENAME?
Also related to the title of the bug not the content: it'd be awesome if the -script parameter did something smart when fed something that has spaces in it -- for example, passing it to /bin/sh -c. My use case is the same as the one I mentioned in the other bug above: being able to pass -script /bin/run-parts /etc/certspotter/hooks. Hope this makes sense!
AGWA
I think the entire PEM-encoded certificate chain should be fed to the script over stdin. Cert Spotter should ignore broken pipes in case the script closes stdin before reading anything. Question: what if the script forks with stdin still open and never reads?