acmesmith 2.6.1 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1800e04848970a25e7d2269f2b9a1351c7fc524559a00e4d9be970253ee84da7
-  data.tar.gz: 9ef3bf5fa577c0b0e365f9543bcd1e9732230df888e9baf7c443b7b7b02e178e
+  metadata.gz: '00710093e0dc9f9ec6ba1d54bf67585d45efa053e8a6bd7250c638abfce17908'
+  data.tar.gz: ecff83969fbf75e8566f1f75638b35937615af3d9fe05a759663d1a82b5d11af
 SHA512:
-  metadata.gz: ec36a85fdb1757428338a49406240ac0066b2e058cc07938782db9e739f5afcfa91386085733038983ccce91e6fd7e71924d531be33a5b22492dff36d5e5f947
-  data.tar.gz: 624517367e2c044b59aa6821f8936ccc941a1ba7954aceaf47c8ff74098f129186fe8ba97efa3e213aea5b153f54fa9fd0675c7791b75c4efc9ed8482ee71887
+  metadata.gz: 6df65f1bef30badd2f6691bebeeadf2548d878404a31b166a8fb607aae1027c02345162db7068bb3eb276718aae819dd31ec0188a6075d6fd69d28252d4c79d6
+  data.tar.gz: c2689ab6ffcd876a5af2c7c4b25c1b4b2553c20c07472b8698d1b43787ad2ed5bac72354381aa76b4da6fb64fd5a2f60b2ee09006f58caa1b16083e12067e391

data/.github/workflows/build.yml

@@ -18,20 +18,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby-version: ['3.1', '3.2', '3.3']
-    container:
-      image: public.ecr.aws/sorah/ruby:${{ matrix.ruby-version }}-dev
+        ruby-version: ['3.2', '3.3', '3.4']
     steps:
-
-      - name: Cache bundled gems
-        uses: actions/cache@v1
-        id: rspec-bundle
-        with:
-          path: ~/bundle
-          key: ${{ runner.os }}-${{ matrix.ruby-version }}
-
       - uses: actions/checkout@master
-      - run: 'bundle install --path ~/bundle'
+      - uses: sorah-rbpkg/actions@v2
+        with:
+          ruby-version: "${{ matrix.ruby-version }}"
+          bundler-cache: true
       - run: 'bundle exec rspec -fd'
 
   integration-pebble:
@@ -40,7 +33,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby-version: ['3.1', '3.2', '3.3']
+        ruby-version: ['3.2', '3.3', '3.4']
 
         # FIXME: once GitHub Actions gains support of adding command line arguments to container
       #    services:
@@ -63,16 +56,14 @@ jobs:
     steps:
       - uses: actions/checkout@master
 
-      - name: Cache bundled gems
-        uses: actions/cache@v1
-        id: instegration-pebble-bundle
+      - uses: sorah-rbpkg/actions@v2
         with:
-          path: ~/bundle
-          key: ${{ runner.os }}-${{ matrix.ruby-version }}
+          ruby-version: "${{ matrix.ruby-version }}"
+          bundler-cache: true
 
       - run: 'docker run -d --net=host --rm letsencrypt/pebble pebble -config /test/config/pebble-config.json -strict -dnsserver 127.0.0.1:8053'
       - run: 'docker run -d --net=host --rm letsencrypt/pebble-challtestsrv pebble-challtestsrv -management :8055 -defaultIPv4 127.0.0.1'
-      - run: 'docker run --net=host -e CI --rm -v $(pwd):/work -v $(realpath ~/bundle):/bundle public.ecr.aws/sorah/ruby:${{ matrix.ruby-version  }}-dev sh -c "cd /work && bundle install --path /bundle && bundle exec rspec -fd -t integration_pebble"'
+      - run: 'bundle exec rspec -fd -t integration_pebble'
 
   docker-build:
     name: docker-build

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## v2.7.0 (2025-04-28)
+
+### Enhancements
+
+- autorenew: gains new option `--remaining-life` (`-r`) to specify threshold in ratio of remaining lifetime to total lifetime, e.g. `1/3`, `50%`.
+
+### New behaviour
+
+- autonenew: in addition to above, the default option is now adjusted to `--reamining-life 1/3` instead of `--days 7`. This conforms to the Let's Encrypt recommendation to renew certificates when its remaining lifetime is less than 1/3 of the total lifetime.
+- docker: our provided Docker image now bundles rexml instead of nokogiri for aws-sdk-route53.
+
+
 ## v2.6.1 (2024-12-05)
 
 ### Fixes

data/Dockerfile

@@ -1,4 +1,4 @@
-FROM sorah/ruby:3.2-dev as builder
+FROM sorah/ruby:3.4-dev as builder
 
 #RUN apt-get update \
 #    && apt-get install -y libmysqlclient-dev git-core \
@@ -12,7 +12,7 @@ RUN sed -i -e 's|Acmesmith::VERSION|"0.0.0"|g' -e '/^require.*acmesmith.version/
 
 RUN bundle install --path /gems --jobs 100 --without development
 
-FROM sorah/ruby:3.2
+FROM sorah/ruby:3.4
 
 #RUN apt-get update \
 #    && apt-get install -y libmysqlclient20 \

data/Gemfile

@@ -3,4 +3,4 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in acmesmith.gemspec
 gemspec
 
-gem 'nokogiri'
+gem 'rexml'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    acmesmith (2.6.1)
+    acmesmith (2.7.0)
       acme-client (>= 2.0.7, < 3)
       aws-sdk-acm
       aws-sdk-route53
@@ -50,14 +50,10 @@ GEM
     jmespath (1.6.2)
     json (2.9.0)
     logger (1.6.2)
-    mini_portile2 (2.8.8)
     net-http (0.6.0)
       uri
-    nokogiri (1.16.8)
-      mini_portile2 (~> 2.8.2)
-      racc (~> 1.4)
-    racc (1.8.1)
     rake (13.2.1)
+    rexml (3.4.1)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -72,7 +68,7 @@ GEM
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
     thor (1.3.2)
-    uri (1.0.2)
+    uri (1.0.3)
 
 PLATFORMS
   ruby
@@ -80,8 +76,8 @@ PLATFORMS
 DEPENDENCIES
   acmesmith!
   bundler
-  nokogiri
   rake
+  rexml
   rspec
 
 BUNDLED WITH

data/README.md

@@ -67,7 +67,7 @@ $ acmesmith save-pkcs12      COMMON_NAME --output=PATH  # Save certificate and p
 ```
 
 ```
-$ acmesmith autorenew [-d DAYS] # Renew certificates which being expired soon
+$ acmesmith autorenew [-r RATIO] [-d DAYS] # Renew certificates which being expired soon. Default to -r 1/3
 ```
 
 ```

data/lib/acmesmith/client.rb

@@ -122,14 +122,23 @@ module Acmesmith
       SaveCertificateService.new(cert, **kwargs).perform!
     end
 
-    def autorenew(days: 7, common_names: nil)
+    def autorenew(days: 30, remaining_life: nil, common_names: nil)
       (common_names || storage.list_certificates).each do |cn|
         puts "=> #{cn}"
         cert = storage.get_certificate(cn)
         not_after = cert.certificate.not_after.utc
 
-        puts "   Not valid after: #{not_after}"
-        next unless (cert.certificate.not_after.utc - Time.now.utc) < (days.to_i * 86400)
+        lifetime = cert.certificate.not_after.utc - cert.certificate.not_before.utc
+        remaining = cert.certificate.not_after.utc - Time.now.utc
+        ratio = Rational(remaining,lifetime)
+
+        has_to_renew = false
+        has_to_renew ||= days && remaining < (days.to_i * 86400)
+        has_to_renew ||= remaining_life && ratio < remaining_life
+
+        puts "   Not valid after: #{not_after} (lifetime=#{format_duration(lifetime+1)}, remaining=#{format_duration(remaining)}, #{"%0.2f" % (ratio.to_f*100)}%)"
+        next unless has_to_renew
+
         puts " * Renewing: CN=#{cert.common_name}, SANs=#{cert.sans.join(',')}"
         order_with_private_key(cert.common_name, *cert.sans, private_key: regenerate_private_key(cert.public_key))
       end
@@ -145,6 +154,22 @@ module Acmesmith
 
     private
 
+    # @param [Numeric] duration
+    def format_duration(duration)
+      raise ArgumentError if !duration.is_a?(Numeric) || duration < 0
+
+      # Calculate components using divmod
+      days, remainder  = duration.divmod(86400)
+      hours, remainder = remainder.divmod(3600)
+      minutes, seconds = remainder.divmod(60)
+
+      # Create [value, unit] pairs, filter out zero values, format, and join
+      [[days, 'd'], [hours, 'h'], [minutes, 'm'], [seconds, 's']]
+        .select { |v,| v > 0 }
+        .map { |v, unit| "#{v.to_i}#{unit}" }
+        .join
+    end
+
 
     def config
       @config

data/lib/acmesmith/command.rb

@@ -143,9 +143,20 @@ module Acmesmith
     end
 
     desc "autorenew [COMMON_NAMES]", "request renewal of certificates which expires soon"
-    method_option :days, type: :numeric, aliases: %w(-d), default: 7, desc: 'specify threshold in days to select certificates to renew'
+    method_option :days, type: :numeric, aliases: %w(-d), default: nil, desc: 'specify threshold in days to select certificates to renew'
+    method_option :remaining_life, type: :string, aliases: %w(-r), default: '1/3', desc: "Specify threshold based on remaining life. Accepts a percentage ('20%') or fraction ('1/3')"
     def autorenew(*common_names)
-      client.autorenew(days: options[:days], common_names: common_names.empty? ? nil : common_names)
+      remaining_life = case options[:remaining_life]
+                       when %r{\A\d+/\d+\z}
+                         Rational(options[:remaining_life])
+                       when %r{\A([\d.]+)%\z}
+                         Rational($1.to_f, 100)
+                       when nil
+                         nil
+                       else
+                         raise ArgumentError, "invalid format for --remaining-life: it must be in '..%' or '../..'"
+                       end
+      client.autorenew(days: options[:days], remaining_life: remaining_life, common_names: common_names.empty? ? nil : common_names)
     end
 
     desc "add-san COMMON_NAME [ADDITIONAL_SANS]", "request renewal of existing certificate with additional SANs"

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "2.6.1"
+  VERSION = "2.7.0"
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 2.6.1
+  version: 2.7.0
 platform: ruby
 authors:
 - Sorah Fukumori
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-04 00:00:00.000000000 Z
+date: 2025-04-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -200,7 +199,6 @@ homepage: https://github.com/sorah/acmesmith
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -215,8 +213,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.6
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: ACME client (Let's encrypt client) to manage certificate in multi server
   environment with cloud services (e.g. AWS)