]>
Commit | Line | Data |
---|---|---|
e91f3230 MK |
1 | diff -ur dehydrated-0.6.2.orig/dehydrated dehydrated-0.6.2/dehydrated |
2 | --- dehydrated-0.6.2.orig/dehydrated 2018-04-25 21:22:40.000000000 +0000 | |
3 | +++ dehydrated-0.6.2/dehydrated 2018-12-19 22:44:07.875403000 +0000 | |
f5fc6721 ER |
4 | @@ -1,4 +1,4 @@ |
5 | -#!/usr/bin/env bash | |
6 | +#!/bin/bash | |
7 | ||
e91f3230 MK |
8 | # dehydrated by lukas2511 |
9 | # Source: https://dehydrated.io | |
10 | @@ -11,7 +11,7 @@ | |
11 | [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob | |
12 | [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f | |
13 | ||
14 | -umask 077 # paranoid umask, we're creating private keys | |
15 | +umask 027 # allow root and dehydrated group only to protect private keys | |
16 | ||
17 | # Close weird external file descriptors | |
18 | exec 3>&- | |
19 | @@ -112,7 +112,7 @@ | |
f5fc6721 ER |
20 | load_config() { |
21 | # Check for config in various locations | |
22 | if [[ -z "${CONFIG:-}" ]]; then | |
0b9f695c | 23 | - for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do |
657cacc7 | 24 | + for check_config in "/etc/dehydrated" "/etc/webapps/dehydrated" "/usr/local/etc/dehydrated" "/etc/webapps/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do |
0b9f695c | 25 | if [[ -f "${check_config}/config" ]]; then |
f5fc6721 | 26 | BASEDIR="${check_config}" |
0b9f695c | 27 | CONFIG="${check_config}/config" |
e91f3230 MK |
28 | @@ -148,8 +148,8 @@ |
29 | IP_VERSION= | |
30 | CHAINCACHE= | |
31 | AUTO_CLEANUP="no" | |
32 | - DEHYDRATED_USER= | |
33 | - DEHYDRATED_GROUP= | |
34 | + DEHYDRATED_USER="root" | |
35 | + DEHYDRATED_GROUP="dehydrated" | |
36 | API="auto" | |
37 | ||
38 | if [[ -z "${CONFIG:-}" ]]; then | |
39 | @@ -228,7 +228,7 @@ | |
f19ccd97 | 40 | |
9792a66e | 41 | # Create new account directory or symlink to account directory from old CA |
f19ccd97 ER |
42 | CAHASH="$(echo "${CA}" | urlbase64)" |
43 | - [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts" | |
9792a66e AM |
44 | + [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated//accounts" |
45 | if [[ ! -e "${ACCOUNTDIR}/${CAHASH}" ]]; then | |
46 | OLDCAHASH="$(echo "${OLDCA}" | urlbase64)" | |
47 | mkdir -p "${ACCOUNTDIR}" | |
06072c47 | 48 | @@ -257,11 +257,11 @@ load_config() { |
e354c9b6 ER |
49 | mv "${BASEDIR}/private_key.json" "${ACCOUNT_KEY_JSON}" |
50 | fi | |
2e509387 | 51 | |
e354c9b6 | 52 | - [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs" |
9792a66e | 53 | + [[ -z "${CERTDIR}" ]] && CERTDIR="/var/lib/dehydrated//certs" |
06072c47 | 54 | [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs" |
9792a66e | 55 | [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains" |
2e509387 ER |
56 | [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt" |
57 | - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated" | |
f19ccd97 | 58 | + [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge" |
2e509387 | 59 | [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" |
9792a66e AM |
60 | [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf" |
61 | [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}" | |
e91f3230 MK |
62 | diff -ur dehydrated-0.6.2.orig/docs/examples/config dehydrated-0.6.2/docs/examples/config |
63 | --- dehydrated-0.6.2.orig/docs/examples/config 2018-04-25 21:22:40.000000000 +0000 | |
64 | +++ dehydrated-0.6.2/docs/examples/config 2018-12-19 22:42:55.015403000 +0000 | |
06072c47 | 65 | @@ -52,16 +52,16 @@ |
e354c9b6 ER |
66 | #DOMAINS_TXT="${BASEDIR}/domains.txt" |
67 | ||
68 | # Output directory for generated certificates | |
69 | -#CERTDIR="${BASEDIR}/certs" | |
70 | +#CERTDIR="/var/lib/dehydrated/certs" | |
71 | ||
06072c47 AM |
72 | # Output directory for alpn verification certificates |
73 | -#ALPNCERTDIR="${BASEDIR}/alpn-certs" | |
74 | +#ALPNCERTDIR="/var/lib/dehydrated//alpn-certs" | |
75 | ||
e354c9b6 | 76 | # Directory for account keys and registration information |
3ec257e0 ER |
77 | #ACCOUNTDIR="${BASEDIR}/accounts" |
78 | ||
79 | # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) | |
80 | -#WELLKNOWN="/var/www/dehydrated" | |
f19ccd97 | 81 | +#WELLKNOWN="/var/lib/dehydrated/acme-challenge" |
3ec257e0 ER |
82 | |
83 | # Default keysize for private keys (default: 4096) | |
84 | #KEYSIZE="4096" | |
e91f3230 | 85 | @@ -77,7 +77,7 @@ |
3ec257e0 ER |
86 | # |
87 | # BASEDIR and WELLKNOWN variables are exported and can be used in an external program | |
88 | # default: <unset> | |
89 | -#HOOK= | |
90 | +HOOK=/etc/webapps/dehydrated/hook.sh | |
91 | ||
92 | # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) | |
93 | #HOOK_CHAIN="no" |