oathtool not present in docker image

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol

https://acme.sh

GNU General Public License v3.0

39.65k stars 5k forks source link

oathtool not present in docker image #1541

Closed Linus9000 closed 5 years ago

Linus9000 commented 6 years ago

I'm trying to use inwx DNS API while running acme.sh in docker. I have 2FA enabled, so creating the record fails. The log states:

[Fri Apr 20 06:15:49 GMT 2018] Please install oathtool to use 2 Factor Authentication.

Would including oathtool in the official image be possible?

FernandoMiguel commented 6 years ago

Neil doesn't usually accept more binaries in acme.sh If you have that requirement, it would probably be easier to make your own Docker FROM acme.sh image and add that package on build

Linus9000 commented 6 years ago

The wiki page states:

As one of the big docker fans, I understand that we hate to install anything on a docker host, even if it's just copying a shell script.

Building an infrastructure of some sort to periodically rebuild the image quite heavily contradicts this. Also, everyone who wants to use this feature would have to do this (at least I wouldn't trust an image that someone else built if it's not the maintainer of the software itself). If Neil decides he won't put this in, sure, no other choice then.

I'd still be very happy if I could use all functionality if acme.sh when using the official image :)

FernandoMiguel commented 6 years ago

an alternative is to link the bin folder into the docker container

personally, a simple docker with FROM and and ADD is super simple to do.

Linus9000 commented 6 years ago

Of course it's simple, but it's only one step. How to efficiently do this for multiple servers? Of course I might setup GitHub and Docker Hub so I can regularly create the modded image (well, I hope so, never done that), but should everyone who wants to use this functionality have to do this? The point of this is not that I with my two servers can easily solve this, I know how to do that. I'm talking about potential use for others who might save hours themselves to set this up (because of internal repo only, no CI available or whatever).

Just as I said, I'd be happy if it will be implemented (maybe it was an oversight even, 2FA support for at least INWX isn't that old and maybe it didn't come up yet). I'm fine with it whatever happens :)

FernandoMiguel commented 6 years ago

well, in automation, MFA doesnt work :) there is no way for machines to fill in those.

so you should use API tokens instead

Neilpang commented 6 years ago

the docker image is based on busybox, if it's easy to install oathtool without making image size too large, I'm ok.
Please make sure oathtool can work, especially for auto renewal.

please send a PR.

Thanks.

maxemann96 commented 5 years ago

I think this can be closed because of #2182 ?