1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# Scadere
Scadere is a TLS certificate renewal reminder. It checks for certificates
that are about to expire and provides an Atom feed for notification.
## Installation
The recommended installtion method is through your distribution.
Installing from source should only be considered as a last resort;
if you are capable of doing so, please also package scadere
for your distribution.
Scadere requires Python 3.11 or above, and uses [flit] 3.11 or above
as the PEP 517 build backend. Installation can be done
with `flit install` or `pip install .`.
With `scadere-check` and `scadere-listen` under `$prefix/bin`,
the manual pages can be built and installed using `make(1p)`,
GNU [help2man] and `install(1)`:
cd doc
make PREFIX=$prefix
make install PREFIX=$prefix
(FYI, GNU make has an extension that allows specifying `--directory=doc`,
which can save you from having to change the directory.)
## Usage
### Expiration checking
```console
$ scadere-check --help
Usage: scadere-check [-h] [-v] [-d DAYS] [-o PATH] HOST[:PORT]...
Check TLS certificate expiration of HOST, where PORT defaults to 443.
Options:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-d DAYS, --days=DAYS days before expiration (default to 7)
-o PATH, --output=PATH
output file (default to stdout)
```
It is recommended to schedule `scadere-check` chronically.
See `contrib/scadere-check.*` for an example systemd timer configuration.
### Expiration notification
```console
$ scadere-listen --help
Usage: scadere-listen [-h] [-v] [-t TITLE] PATH URL [[HOST][:PORT]]
Serve at URL Atom feeds for TLS certificate renewal reminder.
It is possible for clients to filter domains
using one or more "domain" URL queries.
The certificate information is read from the file at PATH,
which is generated by scadere-check(1).
The server listens for TCP connections coming to HOST:PORT,
where HOST defaults to localhost and PORT is selected randomly
if not specified.
Options:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-t TITLE, --title=TITLE
title of Atom feeds (default to PATH's filename)
```
A sample `scadere-listen.service` for systemd
is also availble under the `contrib` directory.
## Hacking
Unit testing is done with [pytest], [pytest-asyncio],
[Hypothesis] and [trustme]. Since scadere itself does not depend
on any Python package, it is safe to be tested in-tree:
PYTHONPATH=src pytest
## Contributing
Issues should be reported to [chung@loa.loang.net][loang mailing list].
The mailing list also welcomes patches. Please maintain
a full branch [coverage], keep the [hobgoblins][flake8] happy,
and ensure the software is easy to [reuse]:
PYTHONPATH=src coverage run && coverage report
flake8
reuse lint
Patches should be sent using [`git send-email`][git send-email]
with the following configuration:
git config sendemail.to 'chung@loa.loang.net'
git config format.subjectPrefix 'PATCH scadere'
## Copying
Scadere is free software: you can redistribute and/or modify it
under the terms of the GNU [Affero General Public License][agpl]
version 3 or later.
[flit]: https://flit.pypa.io
[help2man]: https://www.gnu.org/software/help2man
[pytest]: https://docs.pytest.org
[pytest-asyncio]: https://pytest-asyncio.rtfd.io
[Hypothesis]: https://hypothesis.rtfd.io
[trustme]: https://trustme.rtfd.io
[loang mailing list]: https://loa.loang.net/chung
[coverage]: https://coverage.rtfd.io
[flake8]: https://flake8.pycqa.org
[reuse]: https://reuse.software
[git send-email]: https://git-send-email.io
[agpl]: https://www.gnu.org/licenses/agpl
|
