Adapt for the rename to dehydrated

8 years ago · ded0c3eb5e
parent fe296869b3
commit ded0c3eb5e
25 changed files with 64 additions and 34 deletions
--- a/8
+++ b/8
@ -2,9 +2,9 @@

 use esmith::Build::CreateLinks qw(:all);

-templates2events("/etc/letsencrypt.sh/config", qw(letsencrypt-update bootstrap-console-save));
-templates2events("/etc/cron.daily/letsencrypt.sh", qw(letsencrypt-update));
-templates2events("/etc/letsencrypt.sh/domains.txt",
+templates2events("/etc/dehydrated/config", qw(letsencrypt-update bootstrap-console-save));
+templates2events("/etc/cron.daily/dehydrated", qw(letsencrypt-update));
+templates2events("/etc/dehydrated/domains.txt",
                 qw(
                   letsencrypt-update
                   bootstrap-console-save
@ -16,4 +16,4 @@ templates2events("/etc/letsencrypt.sh/domains.txt",
                 ));
 templates2events("/etc/httpd/conf/httpd.conf", qw(letsencrypt-update));
 safe_symlink("sigusr1", "root/etc/e-smith/events/letsencrypt-update/services2adjust/httpd-e-smith");
-safe_symlink("/etc/e-smith/templates-default/template-begin-shell", "root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/template-begin");
+safe_symlink("/etc/e-smith/templates-default/template-begin-shell", "root/etc/e-smith/templates/etc/cron.daily/dehydrated/template-begin");
--- a/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh
+++ b/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh
--- a/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh
+++ b/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh
--- a/root/etc/e-smith/db/configuration/migrate/Letsencrypt.sh2Dehydrated
+++ b/root/etc/e-smith/db/configuration/migrate/Letsencrypt.sh2Dehydrated
@ -0,0 +1,26 @@
+{
+  my $ssl   = $DB->get('modSSL');
+  my $crt   = $ssl->prop('crt');
+  my $key   = $ssl->prop('key');
+  my $chain = $ssl->prop('CertificateChainFile');
+  return unless (
+    defined $crt &&
+    defined $key &&
+    defined $chain
+  );
+
+  my ($new_crt, $new_key, $new_chain) = ($crt, $key, $chain);
+  $new_crt   =~ s|/home/e-smith/db/letsencrypt\.sh|/home/e-smith/db/dehydrated|;
+  $new_key   =~ s|/home/e-smith/db/letsencrypt\.sh|/home/e-smith/db/dehydrated|;
+  $new_chain =~ s|/home/e-smith/db/letsencrypt\.sh|/home/e-smith/db/dehydrated|;
+
+  return unless (
+    $crt ne $new_crt &&
+    $key ne $new_key &&
+    $chain ne $new_chain
+  );
+
+  $ssl->set_prop('crt', $crt);
+  $ssl->set_prop('key', $key);
+  $ssl->set_prop('CertificateChainFile', $new_chain);
+}
--- a/root/etc/e-smith/templates/etc/cron.daily/dehydrated/10All
+++ b/root/etc/e-smith/templates/etc/cron.daily/dehydrated/10All
@ -0,0 +1,11 @@
+{
+
+if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
+  $OUT .= 'sleep $[ $RANDOM % 3600 ];' . "\n";
+  $OUT .= "/sbin/e-smith/dehydrated -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/dehydrated.log\n";
+  if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){
+    $OUT .= "/usr/bin/dehydrated_revoke 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/dehydrated.log\n";
+  }
+}
+
+}
--- a/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All
+++ b/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All
@ -1,11 +0,0 @@
-{
-
-if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
-  $OUT .= 'sleep $[ $RANDOM % 3600 ];' . "\n";
-  $OUT .= "/sbin/e-smith/letsencrypt.sh -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
-  if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){
-    $OUT .= "/usr/bin/le_revoke.sh 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
-  }
-}
-
-}
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/10Uri
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config/10Uri
--- a/root/etc/e-smith/templates/etc/dehydrated/config/20BaseDir
+++ b/root/etc/e-smith/templates/etc/dehydrated/config/20BaseDir
@ -0,0 +1,2 @@
+BASEDIR=/home/e-smith/db/dehydrated/
+DOMAINS_TXT=/etc/dehydrated/domains.txt
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/30WellKnown
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config/30WellKnown
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/40KeySize
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config/40KeySize
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/50Hook
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config/50Hook
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/60Renew
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config/60Renew
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/10domains
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/10domains
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/template-begin
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/template-begin
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir
@ -2,7 +2,7 @@
  if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
    $OUT .=<<"_EOF";

-<Directory /var/lib/letsencrypt.sh/challenges>
+<Directory /var/lib/dehydrated/challenges>
    Options None
    AllowOverride None
    Order deny,allow
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt
@ -1,7 +1,7 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
-    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/
+    Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt
@ -1,7 +1,7 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
-    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/
+    Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt
@ -1,7 +1,7 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
-    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/
+    Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt
@ -1,7 +1,7 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
-    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/
+    Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt
@ -1,7 +1,7 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
-    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/
+    Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt
@ -1,4 +1,4 @@
-    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/
+    Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt
@ -1,4 +1,4 @@
-    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/
+    Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/20BaseDir
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config/20BaseDir
@ -1,2 +0,0 @@
-BASEDIR=/home/e-smith/db/letsencrypt.sh/
-DOMAINS_TXT=/etc/letsencrypt.sh/domains.txt
--- a/root/sbin/e-smith/letsencrypt.sh
+++ b/root/sbin/e-smith/letsencrypt.sh
@ -30,8 +30,8 @@ if (@domains > 0){
    event_signal("letsencrypt-update");
 }

-# Execute the real letsencrypt script, passing any arg
-system("/usr/bin/letsencrypt.sh", @ARGV);
+# Execute the real dehydrated script, passing any arg
+system("/usr/bin/dehydrated", @ARGV);

 # Enable proxypass again
 if (@domains > 0){
--- a/smeserver-letsencrypt-client.spec
+++ b/smeserver-letsencrypt-client.spec
@ -15,11 +15,11 @@ BuildArchitectures: noarch
 BuildRequires: e-smith-devtools

 Requires: e-smith-base
-Requires: letsencrypt.sh
+Requires: dehydrated

 %description
 Automatically get certificates from letsencrypt
-Using https://github.com/lukas2511/letsencrypt.sh
+Using https://github.com/lukas2511/dehydrated

 %changelog
 * Mon Jun 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.10-1.sme
@ -66,7 +66,7 @@ Using https://github.com/lukas2511/letsencrypt.sh
 %setup -q -n %{name}-%{version}

 %build
-%{__mkdir_p} root/home/e-smith/db/letsencrypt.sh
+%{__mkdir_p} root/home/e-smith/db/dehydrated
 perl createlinks

 %install
@ -74,9 +74,9 @@ perl createlinks
 (cd root; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
 /bin/rm -f %{name}-%{version}-filelist
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
-  --dir /home/e-smith/db/letsencrypt.sh 'attr(0750,root,root)' \
-  --file /etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh 'attr(0755,root,root)' \
-  --file /etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh 'attr(0755,root,root)' \
+  --dir /home/e-smith/db/dehydrated 'attr(0750,root,root)' \
+  --file /etc/dehydrated/hooks_deploy_cert.d/10smeserver.sh 'attr(0755,root,root)' \
+  --file /etc/dehydrated/hooks_clean_challenge.d/10smeserver.sh 'attr(0755,root,root)' \
  > %{name}-%{version}-filelist

 %clean
@ -88,4 +88,8 @@ rm -rf $RPM_BUILD_ROOT
 %pre

 %post
-
+# Migrate from letsencrypt.sh to dehydrated
+if [ -d /home/e-smith/db/letsencrypt.sh/ ]; then
+  mv /home/e-smith/db/letsencrypt.sh/* /home/e-smith/db/dehydrated/
+  rmdir /home/e-smith/db/letsencrypt.sh/
+fi