1 diff -ur dehydrated-0.6.2.orig/dehydrated dehydrated-0.6.2/dehydrated
2 --- dehydrated-0.6.2.orig/dehydrated 2018-04-25 21:22:40.000000000 +0000
3 +++ dehydrated-0.6.2/dehydrated 2018-12-19 22:44:07.875403000 +0000
8 # dehydrated by lukas2511
9 # Source: https://dehydrated.io
11 [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
12 [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
14 -umask 077 # paranoid umask, we're creating private keys
15 +umask 027 # allow root and dehydrated group only to protect private keys
17 # Close weird external file descriptors
21 # Check for config in various locations
22 if [[ -z "${CONFIG:-}" ]]; then
23 - for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
24 + for check_config in "/etc/dehydrated" "/etc/webapps/dehydrated" "/usr/local/etc/dehydrated" "/etc/webapps/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
25 if [[ -f "${check_config}/config" ]]; then
26 BASEDIR="${check_config}"
27 CONFIG="${check_config}/config"
34 + DEHYDRATED_USER="root"
35 + DEHYDRATED_GROUP="dehydrated"
38 if [[ -z "${CONFIG:-}" ]]; then
41 # Create new account directory or symlink to account directory from old CA
42 CAHASH="$(echo "${CA}" | urlbase64)"
43 - [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts"
44 + [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated//accounts"
45 if [[ ! -e "${ACCOUNTDIR}/${CAHASH}" ]]; then
46 OLDCAHASH="$(echo "${OLDCA}" | urlbase64)"
47 mkdir -p "${ACCOUNTDIR}"
49 mv "${BASEDIR}/private_key.json" "${ACCOUNT_KEY_JSON}"
52 - [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
53 + [[ -z "${CERTDIR}" ]] && CERTDIR="/var/lib/dehydrated//certs"
54 [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
55 [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
56 - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
57 + [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge"
58 [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
59 [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
60 [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
61 diff -ur dehydrated-0.6.2.orig/docs/examples/config dehydrated-0.6.2/docs/examples/config
62 --- dehydrated-0.6.2.orig/docs/examples/config 2018-04-25 21:22:40.000000000 +0000
63 +++ dehydrated-0.6.2/docs/examples/config 2018-12-19 22:42:55.015403000 +0000
65 #DOMAINS_TXT="${BASEDIR}/domains.txt"
67 # Output directory for generated certificates
68 -#CERTDIR="${BASEDIR}/certs"
69 +#CERTDIR="/var/lib/dehydrated/certs"
71 # Directory for account keys and registration information
72 #ACCOUNTDIR="${BASEDIR}/accounts"
74 # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
75 -#WELLKNOWN="/var/www/dehydrated"
76 +#WELLKNOWN="/var/lib/dehydrated/acme-challenge"
78 # Default keysize for private keys (default: 4096)
82 # BASEDIR and WELLKNOWN variables are exported and can be used in an external program
85 +HOOK=/etc/webapps/dehydrated/hook.sh
87 # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)