diff -ur dehydrated-0.6.2.orig/dehydrated dehydrated-0.6.2/dehydrated --- dehydrated-0.6.2.orig/dehydrated 2018-04-25 21:22:40.000000000 +0000 +++ dehydrated-0.6.2/dehydrated 2018-12-19 22:44:07.875403000 +0000 @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash # dehydrated by lukas2511 # Source: https://dehydrated.io @@ -11,7 +11,7 @@ [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f -umask 077 # paranoid umask, we're creating private keys +umask 027 # allow root and dehydrated group only to protect private keys # Close weird external file descriptors exec 3>&- @@ -112,7 +112,7 @@ load_config() { # Check for config in various locations if [[ -z "${CONFIG:-}" ]]; then - for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do + for check_config in "/etc/dehydrated" "/etc/webapps/dehydrated" "/usr/local/etc/dehydrated" "/etc/webapps/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do if [[ -f "${check_config}/config" ]]; then BASEDIR="${check_config}" CONFIG="${check_config}/config" @@ -148,8 +148,8 @@ IP_VERSION= CHAINCACHE= AUTO_CLEANUP="no" - DEHYDRATED_USER= - DEHYDRATED_GROUP= + DEHYDRATED_USER="root" + DEHYDRATED_GROUP="dehydrated" API="auto" if [[ -z "${CONFIG:-}" ]]; then @@ -228,7 +228,7 @@ # Create new account directory or symlink to account directory from old CA CAHASH="$(echo "${CA}" | urlbase64)" - [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts" + [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated//accounts" if [[ ! -e "${ACCOUNTDIR}/${CAHASH}" ]]; then OLDCAHASH="$(echo "${OLDCA}" | urlbase64)" mkdir -p "${ACCOUNTDIR}" @@ -257,11 +257,11 @@ load_config() { mv "${BASEDIR}/private_key.json" "${ACCOUNT_KEY_JSON}" fi - [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs" + [[ -z "${CERTDIR}" ]] && CERTDIR="/var/lib/dehydrated//certs" [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs" [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains" [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt" - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated" + [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge" [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf" [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}" diff -ur dehydrated-0.6.2.orig/docs/examples/config dehydrated-0.6.2/docs/examples/config --- dehydrated-0.6.2.orig/docs/examples/config 2018-04-25 21:22:40.000000000 +0000 +++ dehydrated-0.6.2/docs/examples/config 2018-12-19 22:42:55.015403000 +0000 @@ -52,16 +52,16 @@ #DOMAINS_TXT="${BASEDIR}/domains.txt" # Output directory for generated certificates -#CERTDIR="${BASEDIR}/certs" +#CERTDIR="/var/lib/dehydrated/certs" # Output directory for alpn verification certificates -#ALPNCERTDIR="${BASEDIR}/alpn-certs" +#ALPNCERTDIR="/var/lib/dehydrated//alpn-certs" # Directory for account keys and registration information #ACCOUNTDIR="${BASEDIR}/accounts" # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) -#WELLKNOWN="/var/www/dehydrated" +#WELLKNOWN="/var/lib/dehydrated/acme-challenge" # Default keysize for private keys (default: 4096) #KEYSIZE="4096" @@ -77,7 +77,7 @@ # # BASEDIR and WELLKNOWN variables are exported and can be used in an external program # default: -#HOOK= +HOOK=/etc/webapps/dehydrated/hook.sh # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) #HOOK_CHAIN="no"