To the best of my understanding, we do not want plugins installed by e.g. pip to be loaded by snapped Certbot. And that our snap is designed in a way to only load Python code from within.
However, it seems that this does not hold. Reported on the forum:
- Install Ubuntu Focal
apt update && apt -y install snapd python3-pipsnap install --classic certbotpip3 install --user certbot-dns-hetzner
result:
root@nova-janet:~# certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
...<snip>
* dns-hetzner
Description: Obtain certificates using a DNS TXT record (if you are using
Hetzner for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-hetzner = certbot_dns_hetzner.dns_hetzner:Authenticator
...<snip>
also running python from inside snap run --shell certbot, one can see that /root/.local/lib/python3.8/site-packages is listed in sys.path:
>>> sys.path
['', '/snap/certbot/784/usr/lib/python38.zip', '/snap/certbot/784/usr/lib/python3.8', '/snap/certbot/784/usr/lib/python3.8/lib-dynload', '/snap/certbot/784/lib/python3.8/site-packages', '/root/.local/lib/python3.8/site-packages', '/snap/certbot/784/usr/lib/python3/dist-packages']
To the best of my understanding, we do not want plugins installed by e.g.
pipto be loaded by snapped Certbot. And that our snap is designed in a way to only load Python code from within.However, it seems that this does not hold. Reported on the forum:
apt update && apt -y install snapd python3-pipsnap install --classic certbotpip3 install --user certbot-dns-hetznerresult:
also running
pythonfrom insidesnap run --shell certbot, one can see that/root/.local/lib/python3.8/site-packagesis listed insys.path: