projects / packages / dehydrated.git / blame
| Commit | Line | Data |
|---|---|---|
| e91f3230 MK |
1 | diff -ur dehydrated-0.6.2.orig/dehydrated dehydrated-0.6.2/dehydrated |
| 2 | --- dehydrated-0.6.2.orig/dehydrated 2018-04-25 21:22:40.000000000 +0000 | |
| 3 | +++ dehydrated-0.6.2/dehydrated 2018-12-19 22:44:07.875403000 +0000 | |
| f5fc6721 ER |
4 | @@ -1,4 +1,4 @@ |
| 5 | -#!/usr/bin/env bash | |
| 6 | +#!/bin/bash | |
| 7 | ||
| e91f3230 MK |
8 | # dehydrated by lukas2511 |
| 9 | # Source: https://dehydrated.io | |
| 10 | @@ -11,7 +11,7 @@ | |
| 11 | [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob | |
| 12 | [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f | |
| 13 | ||
| 14 | -umask 077 # paranoid umask, we're creating private keys | |
| 15 | +umask 027 # allow root and dehydrated group only to protect private keys | |
| 16 | ||
| 17 | # Close weird external file descriptors | |
| 18 | exec 3>&- | |
| 19 | @@ -112,7 +112,7 @@ | |
| f5fc6721 ER |
20 | load_config() { |
| 21 | # Check for config in various locations | |
| 22 | if [[ -z "${CONFIG:-}" ]]; then | |
| 0b9f695c | 23 | - for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do |
| 657cacc7 | 24 | + for check_config in "/etc/dehydrated" "/etc/webapps/dehydrated" "/usr/local/etc/dehydrated" "/etc/webapps/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do |
| 0b9f695c | 25 | if [[ -f "${check_config}/config" ]]; then |
| f5fc6721 | 26 | BASEDIR="${check_config}" |
| 0b9f695c | 27 | CONFIG="${check_config}/config" |
| e91f3230 MK |
28 | @@ -148,8 +148,8 @@ |
| 29 | IP_VERSION= | |
| 30 | CHAINCACHE= | |
| 31 | AUTO_CLEANUP="no" | |
| 32 | - DEHYDRATED_USER= | |
| 33 | - DEHYDRATED_GROUP= | |
| 34 | + DEHYDRATED_USER="root" | |
| 35 | + DEHYDRATED_GROUP="dehydrated" | |
| 36 | API="auto" | |
| 37 | ||
| 38 | if [[ -z "${CONFIG:-}" ]]; then | |
| 39 | @@ -228,7 +228,7 @@ | |
| f19ccd97 | 40 | |
| 9792a66e | 41 | # Create new account directory or symlink to account directory from old CA |
| f19ccd97 ER |
42 | CAHASH="$(echo "${CA}" | urlbase64)" |
| 43 | - [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts" | |
| 9792a66e AM |
44 | + [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated//accounts" |
| 45 | if [[ ! -e "${ACCOUNTDIR}/${CAHASH}" ]]; then | |
| 46 | OLDCAHASH="$(echo "${OLDCA}" | urlbase64)" | |
| 47 | mkdir -p "${ACCOUNTDIR}" | |
| 06072c47 | 48 | @@ -257,11 +257,11 @@ load_config() { |
| e354c9b6 ER |
49 | mv "${BASEDIR}/private_key.json" "${ACCOUNT_KEY_JSON}" |
| 50 | fi | |
| 2e509387 | 51 | |
| e354c9b6 | 52 | - [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs" |
| 9792a66e | 53 | + [[ -z "${CERTDIR}" ]] && CERTDIR="/var/lib/dehydrated//certs" |
| 06072c47 | 54 | [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs" |
| 9792a66e | 55 | [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains" |
| 2e509387 ER |
56 | [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt" |
| 57 | - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated" | |
| f19ccd97 | 58 | + [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge" |
| 2e509387 | 59 | [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" |
| 9792a66e AM |
60 | [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf" |
| 61 | [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}" | |
| e91f3230 MK |
62 | diff -ur dehydrated-0.6.2.orig/docs/examples/config dehydrated-0.6.2/docs/examples/config |
| 63 | --- dehydrated-0.6.2.orig/docs/examples/config 2018-04-25 21:22:40.000000000 +0000 | |
| 64 | +++ dehydrated-0.6.2/docs/examples/config 2018-12-19 22:42:55.015403000 +0000 | |
| 06072c47 | 65 | @@ -52,16 +52,16 @@ |
| e354c9b6 ER |
66 | #DOMAINS_TXT="${BASEDIR}/domains.txt" |
| 67 | ||
| 68 | # Output directory for generated certificates | |
| 69 | -#CERTDIR="${BASEDIR}/certs" | |
| 70 | +#CERTDIR="/var/lib/dehydrated/certs" | |
| 71 | ||
| 06072c47 AM |
72 | # Output directory for alpn verification certificates |
| 73 | -#ALPNCERTDIR="${BASEDIR}/alpn-certs" | |
| 74 | +#ALPNCERTDIR="/var/lib/dehydrated//alpn-certs" | |
| 75 | ||
| e354c9b6 | 76 | # Directory for account keys and registration information |
| 3ec257e0 ER |
77 | #ACCOUNTDIR="${BASEDIR}/accounts" |
| 78 | ||
| 79 | # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) | |
| 80 | -#WELLKNOWN="/var/www/dehydrated" | |
| f19ccd97 | 81 | +#WELLKNOWN="/var/lib/dehydrated/acme-challenge" |
| 3ec257e0 ER |
82 | |
| 83 | # Default keysize for private keys (default: 4096) | |
| 84 | #KEYSIZE="4096" | |
| e91f3230 | 85 | @@ -77,7 +77,7 @@ |
| 3ec257e0 ER |
86 | # |
| 87 | # BASEDIR and WELLKNOWN variables are exported and can be used in an external program | |
| 88 | # default: <unset> | |
| 89 | -#HOOK= | |
| 90 | +HOOK=/etc/webapps/dehydrated/hook.sh | |
| 91 | ||
| 92 | # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) | |
| 93 | #HOOK_CHAIN="no" |