switch certifix-client to luahttp

2025-10-19 14:07:27 +01:00
parent 53244beab8
commit 87c45dec67
3 changed files with 29 additions and 19 deletions
--- a/modules/tls-certificate/certifix-client.nix
+++ b/modules/tls-certificate/certifix-client.nix
@@ -23,7 +23,7 @@ oneshot {
  inherit name;
  up = ''
    (in_outputs ${name}
-     SSL_CA_CERT_FILE=${caCertFile} ${certifix-client}/bin/certifix-client --subject ${subject} --secret ${secretFile} --key-out key --certificate-out cert ${serviceUrl}
+     SSL_CERT_FILE=${caCertFile} ${certifix-client}/bin/certifix-client --subject ${subject} --secret ${secretFile} --key-out key --certificate-out cert ${serviceUrl}
    )
  '';
 }
--- a/pkgs/certifix-client/certifix-client.fnl
+++ b/pkgs/certifix-client/certifix-client.fnl
@@ -7,7 +7,9 @@
 (local pkey (require :openssl.pkey))
 (local xn (require :openssl.x509.name))

-(local http (require :fetch))
+(local request (require :http.request))
+(local http_tls (require :http.tls))
+(local x509 (require :openssl.x509))

 (macro ncall [f]
  `(case ,f
@@ -62,22 +64,27 @@
    (: :addAttribute :challengePassword [options.secret])
    (: :sign pk)))

+(fn http-post [url  body]
+  (let [r (request.new_from_uri url)
+        h r.headers]
+    (h:upsert ":method" :POST)
+    (h:upsert "content-type" "application/x-pem-file")
+    (when body
+      (r:set_body body))
+    (or
+     (case (r:go)
+       (headers stream)
+       (if (= (headers:get ":status") "200")
+           (stream:get_body_as_string)
+           (error (.. "error response from server: "
+                      (headers:get ":status"))))

-(fn http-post [url body]
-  (match
-      (http.request "POST" url
-                    "" 0
-                    "application/x-pem-file"
-                    body)
-    s s
-    (nil code msg) (error (.. "Error " code " POST " url ": " msg))))
-
+       (nil failure)
+       (error (.. "error: " failure))))))

 (fn run []
  (let [pk (private-key)
        csr (signing-request pk)
-    ;; key-out (or options.key-out-handle io.stdout)
-    ;; cert-out (or options.cert-out-handle io.stdout)
        cert (http-post options.server (csr:toPEM))]
    (with-open [f (ncall (io.open options.key-out :w))]
      (f:write (pk:toPEM :private)))
--- a/pkgs/certifix-client/default.nix
+++ b/pkgs/certifix-client/default.nix
@@ -7,9 +7,7 @@
  lua,
  anoia,
  lualinux,
-  fetch-freebsd,
  openssl,
-  luaossl',
  stdenv,
 }:
 let
@@ -20,7 +18,6 @@ stdenv.mkDerivation {
  src = ./.;

  buildInputs = [
-    fetch-freebsd
    openssl
    lua
  ];
@@ -30,12 +27,18 @@ stdenv.mkDerivation {
    mkdir -p $out/bin
    cp -p ${
      writeFennel name {
-        packages = [
-          fetch-freebsd
+        packages = with lua.pkgs; [
          fennel
          anoia
          lualinux
-          luaossl'
+          luaossl
+          http
+          lpeg
+          lpeg_patterns
+          basexx
+          cqueues
+          fifo
+          binaryheap
        ];
        mainFunction = "run";
      } ./${name}.fnl