From 795d987b9b8242ce9e8efe17696202ddb5ea3451 Mon Sep 17 00:00:00 2001 From: oittaa <8972248+oittaa@users.noreply.github.com> Date: Sat, 20 Jul 2024 13:11:39 +0200 Subject: [PATCH 1/3] [cron] sleep random seconds (<59), if not interactive or forced https://github.com/acmesh-official/acme.sh/pull/944#issuecomment-707255200 Let's Encrypt employee said in the comments "we do see peaks at the beginning of minutes and even seconds; the finer-grained time randomization, the better." This adds a random amount of sleep second before beginning the cron job. I considered reading from `/dev/urandom` and so on, but we aren't doing anything security critical here so I thought that just using the process number modulo 59 (the largest prime <= 60) should give decent variability across the systems. The starting hour and minute are already randomized during the installation. --- acme.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/acme.sh b/acme.sh index c3564e68..39b4722b 100755 --- a/acme.sh +++ b/acme.sh @@ -6737,6 +6737,11 @@ cron() { export _ACME_IN_CRON=1 _initpath _info "$(__green "===Starting cron===")" + if [ -z "$FORCE" ] && [ -z "$__INTERACTIVE" ]; then + random_sec=$(_math $$ % 59) + _info "Sleeping for $random_sec seconds." + _sleep $random_sec + fi if [ "$AUTO_UPGRADE" = "1" ]; then export LE_WORKING_DIR ( From 9f9a56d38e46e7247a8a153df0b4e322eb3fd6f3 Mon Sep 17 00:00:00 2001 From: oittaa <8972248+oittaa@users.noreply.github.com> Date: Sun, 18 Aug 2024 18:04:33 +0200 Subject: [PATCH 2/3] Update PebbleStrict.yml `docker-compose` -> `docker compose` `docker-compose` was removed in https://github.com/actions/runner-images/issues/9692 --- .github/workflows/PebbleStrict.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index 3f8fdb62..5c551962 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -37,7 +37,7 @@ jobs: - name: Install tools run: sudo apt-get install -y socat - name: Run Pebble - run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d + run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker compose up -d - name: Set up Pebble run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4 - name: Clone acmetest @@ -69,4 +69,4 @@ jobs: - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && ./letest.sh \ No newline at end of file + run: cd ../acmetest && ./letest.sh From c228069023eccd1267f4ece31cecf6533e294afa Mon Sep 17 00:00:00 2001 From: Oittaa Date: Mon, 19 Aug 2024 23:54:41 +0200 Subject: [PATCH 3/3] Sync PebbleStrict.yml from the dev branch --- .github/workflows/PebbleStrict.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index 5c551962..b0326332 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -69,4 +69,4 @@ jobs: - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && ./letest.sh + run: cd ../acmetest && ./letest.sh \ No newline at end of file