From f60f554e83fbcd78834169176dc527666b9f549c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Elan=20Ruusam=C3=A4e?= <glen@pld-linux.org>
Date: Fri, 7 Dec 2018 12:32:40 +0200
Subject: [PATCH] add hook-dns-01.sh

---
 dehydrated.spec |  9 +++++---
 hook-dns-01.sh  | 56 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100755 hook-dns-01.sh

diff --git a/dehydrated.spec b/dehydrated.spec
index abfe85d..bdff567 100644
--- a/dehydrated.spec
+++ b/dehydrated.spec
@@ -1,7 +1,7 @@
 Summary:	letsencrypt/acme client implemented as a shell-script
 Name:		dehydrated
 Version:	0.6.1
-Release:	1
+Release:	2
 License:	MIT
 Group:		Applications/Networking
 Source0:	https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
@@ -11,7 +11,8 @@ Source2:	lighttpd.conf
 Source3:	nginx.conf
 Source4:	domains.txt
 Source5:	hook.sh
-Source6:	crontab
+Source6:	hook-dns-01.sh
+Source7:	crontab
 Patch0:		pld.patch
 URL:		https://github.com/lukas2511/dehydrated
 BuildRequires:	rpmbuild(macros) >= 1.713
@@ -61,8 +62,9 @@ cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
 cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/nginx.conf
 cp -p docs/examples/config $RPM_BUILD_ROOT%{_sysconfdir}
 cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}
-cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/cron.d/%{name}
+cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/cron.d/%{name}
 install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
+install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
 cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf
 
 %clean
@@ -104,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
+%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook-dns-01.sh
 %attr(755,root,root) %{_sbindir}/%{name}
 %dir %attr(751,root,root) /var/lib/%{name}
 %dir %attr(700,root,root) /var/lib/%{name}/accounts
diff --git a/hook-dns-01.sh b/hook-dns-01.sh
new file mode 100755
index 0000000..6765936
--- /dev/null
+++ b/hook-dns-01.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
+
+set -e
+set -u
+set -o pipefail
+
+case "$1" in
+	"deploy_challenge")
+		echo ""
+		echo "Add the following to the zone definition of ${2}:"
+		echo "'_acme-challenge.${2}:${4}:300"
+		echo ""
+		echo -n "Press enter to continue..."
+		read tmp
+		echo ""
+	;;
+	"clean_challenge")
+		echo ""
+		echo "Now you can remove the following from the zone definition of ${2}:"
+		echo "'_acme-challenge.${2}:${4}:300"
+		echo ""
+		echo -n "Press enter to continue..."
+		read tmp
+		echo ""
+	;;
+	"deploy_cert")
+		DOMAIN="$2"
+		PRIVKEY="$3"
+		CERT="$4"
+		FULLCHAINCERT="$5"
+		CHAINCERT="$6"
+		TIMESTAMP="$7"
+		if [ -x /etc/rc.d/init.d/apache ]; then
+			echo " + Hook: Overwritting /etc/httpd/ssl/server.{crt,key}, /etc/httpd/ssl/ca.crt and reloading Apache..."
+			cp -a /etc/apache/server.crt /etc/apache/server.crt.letsencrypt~
+			cp -a /etc/apache/server.key /etc/apache/server.key.letsencrypt~
+			cp -a /etc/apache/ca.crt /etc/apache/ca.crt.letsencrypt~
+			cat "$CERT" > /etc/apache/server.crt
+			cat "$PRIVKEY" > /etc/apache/server.key
+			cat "$CHAINCERT" > /etc/apache/ca.crt
+			/sbin/service apache restart
+		fi
+	;;
+	"unchanged_cert")
+		# do nothing for now
+	;;
+	*)
+		echo "Unknown hook \"${1}\""
+		exit 1
+	;;
+esac
+
+exit 0
+
-- 
2.44.0