From ded0c3eb5e2ccce4b32b3254c0dc755cb4d44acd Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Thu, 15 Sep 2016 11:37:57 +0200 Subject: [PATCH] Adapt for the rename to dehydrated --- createlinks | 8 +++---- .../hooks_clean_challenge.d/10smeserver.sh | 0 .../hooks_deploy_cert.d/10smeserver.sh | 0 .../migrate/Letsencrypt.sh2Dehydrated | 26 ++++++++++++++++++++++ .../templates/etc/cron.daily/dehydrated/10All | 11 +++++++++ .../templates/etc/cron.daily/letsencrypt.sh/10All | 11 --------- .../{letsencrypt.sh => dehydrated}/config/10Uri | 0 .../templates/etc/dehydrated/config/20BaseDir | 2 ++ .../config/30WellKnown | 0 .../config/40KeySize | 0 .../{letsencrypt.sh => dehydrated}/config/50Hook | 0 .../{letsencrypt.sh => dehydrated}/config/60Renew | 0 .../domains.txt/10domains | 0 .../domains.txt/template-begin | 0 .../conf/httpd.conf/80LetsencryptChallengeDir | 2 +- .../httpd/conf/httpd.conf/Ejabberd/80Letsencrypt | 2 +- .../conf/httpd.conf/LemonLDAPManager/80Letsencrypt | 2 +- .../conf/httpd.conf/LemonLDAPPortal/80Letsencrypt | 2 +- .../conf/httpd.conf/LemonLDAPSoap/80Letsencrypt | 2 +- .../UserManagerVirtualHost/80Letsencrypt | 2 +- .../conf/httpd.conf/VirtualHosts/80Letsencrypt | 2 +- .../httpd.conf/WebAppVirtualHost/80Letsencrypt | 2 +- .../templates/etc/letsencrypt.sh/config/20BaseDir | 2 -- root/sbin/e-smith/{letsencrypt.sh => dehydrated} | 4 ++-- smeserver-letsencrypt-client.spec | 18 +++++++++------ 25 files changed, 64 insertions(+), 34 deletions(-) rename root/etc/{letsencrypt.sh => dehydrated}/hooks_clean_challenge.d/10smeserver.sh (100%) rename root/etc/{letsencrypt.sh => dehydrated}/hooks_deploy_cert.d/10smeserver.sh (100%) create mode 100644 root/etc/e-smith/db/configuration/migrate/Letsencrypt.sh2Dehydrated create mode 100644 root/etc/e-smith/templates/etc/cron.daily/dehydrated/10All delete mode 100644 root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All rename root/etc/e-smith/templates/etc/{letsencrypt.sh => dehydrated}/config/10Uri (100%) create mode 100644 root/etc/e-smith/templates/etc/dehydrated/config/20BaseDir rename root/etc/e-smith/templates/etc/{letsencrypt.sh => dehydrated}/config/30WellKnown (100%) rename root/etc/e-smith/templates/etc/{letsencrypt.sh => dehydrated}/config/40KeySize (100%) rename root/etc/e-smith/templates/etc/{letsencrypt.sh => dehydrated}/config/50Hook (100%) rename root/etc/e-smith/templates/etc/{letsencrypt.sh => dehydrated}/config/60Renew (100%) rename root/etc/e-smith/templates/etc/{letsencrypt.sh => dehydrated}/domains.txt/10domains (100%) rename root/etc/e-smith/templates/etc/{letsencrypt.sh => dehydrated}/domains.txt/template-begin (100%) delete mode 100644 root/etc/e-smith/templates/etc/letsencrypt.sh/config/20BaseDir rename root/sbin/e-smith/{letsencrypt.sh => dehydrated} (92%) diff --git a/createlinks b/createlinks index 991af80..fca8584 100644 --- a/createlinks +++ b/createlinks @@ -2,9 +2,9 @@ use esmith::Build::CreateLinks qw(:all); -templates2events("/etc/letsencrypt.sh/config", qw(letsencrypt-update bootstrap-console-save)); -templates2events("/etc/cron.daily/letsencrypt.sh", qw(letsencrypt-update)); -templates2events("/etc/letsencrypt.sh/domains.txt", +templates2events("/etc/dehydrated/config", qw(letsencrypt-update bootstrap-console-save)); +templates2events("/etc/cron.daily/dehydrated", qw(letsencrypt-update)); +templates2events("/etc/dehydrated/domains.txt", qw( letsencrypt-update bootstrap-console-save @@ -16,4 +16,4 @@ templates2events("/etc/letsencrypt.sh/domains.txt", )); templates2events("/etc/httpd/conf/httpd.conf", qw(letsencrypt-update)); safe_symlink("sigusr1", "root/etc/e-smith/events/letsencrypt-update/services2adjust/httpd-e-smith"); -safe_symlink("/etc/e-smith/templates-default/template-begin-shell", "root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/template-begin"); +safe_symlink("/etc/e-smith/templates-default/template-begin-shell", "root/etc/e-smith/templates/etc/cron.daily/dehydrated/template-begin"); diff --git a/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh b/root/etc/dehydrated/hooks_clean_challenge.d/10smeserver.sh similarity index 100% rename from root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh rename to root/etc/dehydrated/hooks_clean_challenge.d/10smeserver.sh diff --git a/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh b/root/etc/dehydrated/hooks_deploy_cert.d/10smeserver.sh similarity index 100% rename from root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh rename to root/etc/dehydrated/hooks_deploy_cert.d/10smeserver.sh diff --git a/root/etc/e-smith/db/configuration/migrate/Letsencrypt.sh2Dehydrated b/root/etc/e-smith/db/configuration/migrate/Letsencrypt.sh2Dehydrated new file mode 100644 index 0000000..9ad0ff4 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/Letsencrypt.sh2Dehydrated @@ -0,0 +1,26 @@ +{ + my $ssl = $DB->get('modSSL'); + my $crt = $ssl->prop('crt'); + my $key = $ssl->prop('key'); + my $chain = $ssl->prop('CertificateChainFile'); + return unless ( + defined $crt && + defined $key && + defined $chain + ); + + my ($new_crt, $new_key, $new_chain) = ($crt, $key, $chain); + $new_crt =~ s|/home/e-smith/db/letsencrypt\.sh|/home/e-smith/db/dehydrated|; + $new_key =~ s|/home/e-smith/db/letsencrypt\.sh|/home/e-smith/db/dehydrated|; + $new_chain =~ s|/home/e-smith/db/letsencrypt\.sh|/home/e-smith/db/dehydrated|; + + return unless ( + $crt ne $new_crt && + $key ne $new_key && + $chain ne $new_chain + ); + + $ssl->set_prop('crt', $crt); + $ssl->set_prop('key', $key); + $ssl->set_prop('CertificateChainFile', $new_chain); +} diff --git a/root/etc/e-smith/templates/etc/cron.daily/dehydrated/10All b/root/etc/e-smith/templates/etc/cron.daily/dehydrated/10All new file mode 100644 index 0000000..0665c5b --- /dev/null +++ b/root/etc/e-smith/templates/etc/cron.daily/dehydrated/10All @@ -0,0 +1,11 @@ +{ + +if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){ + $OUT .= 'sleep $[ $RANDOM % 3600 ];' . "\n"; + $OUT .= "/sbin/e-smith/dehydrated -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/dehydrated.log\n"; + if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){ + $OUT .= "/usr/bin/dehydrated_revoke 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/dehydrated.log\n"; + } +} + +} diff --git a/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All b/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All deleted file mode 100644 index 35b504a..0000000 --- a/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All +++ /dev/null @@ -1,11 +0,0 @@ -{ - -if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){ - $OUT .= 'sleep $[ $RANDOM % 3600 ];' . "\n"; - $OUT .= "/sbin/e-smith/letsencrypt.sh -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; - if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){ - $OUT .= "/usr/bin/le_revoke.sh 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; - } -} - -} diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/10Uri b/root/etc/e-smith/templates/etc/dehydrated/config/10Uri similarity index 100% rename from root/etc/e-smith/templates/etc/letsencrypt.sh/config/10Uri rename to root/etc/e-smith/templates/etc/dehydrated/config/10Uri diff --git a/root/etc/e-smith/templates/etc/dehydrated/config/20BaseDir b/root/etc/e-smith/templates/etc/dehydrated/config/20BaseDir new file mode 100644 index 0000000..a1239c7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/dehydrated/config/20BaseDir @@ -0,0 +1,2 @@ +BASEDIR=/home/e-smith/db/dehydrated/ +DOMAINS_TXT=/etc/dehydrated/domains.txt diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/30WellKnown b/root/etc/e-smith/templates/etc/dehydrated/config/30WellKnown similarity index 100% rename from root/etc/e-smith/templates/etc/letsencrypt.sh/config/30WellKnown rename to root/etc/e-smith/templates/etc/dehydrated/config/30WellKnown diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/40KeySize b/root/etc/e-smith/templates/etc/dehydrated/config/40KeySize similarity index 100% rename from root/etc/e-smith/templates/etc/letsencrypt.sh/config/40KeySize rename to root/etc/e-smith/templates/etc/dehydrated/config/40KeySize diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/50Hook b/root/etc/e-smith/templates/etc/dehydrated/config/50Hook similarity index 100% rename from root/etc/e-smith/templates/etc/letsencrypt.sh/config/50Hook rename to root/etc/e-smith/templates/etc/dehydrated/config/50Hook diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/60Renew b/root/etc/e-smith/templates/etc/dehydrated/config/60Renew similarity index 100% rename from root/etc/e-smith/templates/etc/letsencrypt.sh/config/60Renew rename to root/etc/e-smith/templates/etc/dehydrated/config/60Renew diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/10domains b/root/etc/e-smith/templates/etc/dehydrated/domains.txt/10domains similarity index 100% rename from root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/10domains rename to root/etc/e-smith/templates/etc/dehydrated/domains.txt/10domains diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/template-begin b/root/etc/e-smith/templates/etc/dehydrated/domains.txt/template-begin similarity index 100% rename from root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/template-begin rename to root/etc/e-smith/templates/etc/dehydrated/domains.txt/template-begin diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir index 9d47da7..5030a90 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir @@ -2,7 +2,7 @@ if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){ $OUT .=<<"_EOF"; - + Options None AllowOverride None Order deny,allow diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt index 4a8d1ff..1d08d78 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt @@ -1,7 +1,7 @@ { if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ $OUT .=<<"_EOF"; - Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/ + Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/ Allow from all diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt index 4a8d1ff..1d08d78 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt @@ -1,7 +1,7 @@ { if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ $OUT .=<<"_EOF"; - Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/ + Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/ Allow from all diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt index 4a8d1ff..1d08d78 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt @@ -1,7 +1,7 @@ { if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ $OUT .=<<"_EOF"; - Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/ + Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/ Allow from all diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt index 4a8d1ff..1d08d78 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt @@ -1,7 +1,7 @@ { if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ $OUT .=<<"_EOF"; - Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/ + Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/ Allow from all diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt index 4a8d1ff..1d08d78 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt @@ -1,7 +1,7 @@ { if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ $OUT .=<<"_EOF"; - Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/ + Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/ Allow from all diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt index 6478c43..e9be5c5 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt @@ -1,4 +1,4 @@ - Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/ + Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/ Allow from all diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt index 6478c43..e9be5c5 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt @@ -1,4 +1,4 @@ - Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/challenges/ + Alias /.well-known/acme-challenge/ /var/lib/dehydrated/challenges/ Allow from all diff --git a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/20BaseDir b/root/etc/e-smith/templates/etc/letsencrypt.sh/config/20BaseDir deleted file mode 100644 index 3dfe3b5..0000000 --- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config/20BaseDir +++ /dev/null @@ -1,2 +0,0 @@ -BASEDIR=/home/e-smith/db/letsencrypt.sh/ -DOMAINS_TXT=/etc/letsencrypt.sh/domains.txt diff --git a/root/sbin/e-smith/letsencrypt.sh b/root/sbin/e-smith/dehydrated similarity index 92% rename from root/sbin/e-smith/letsencrypt.sh rename to root/sbin/e-smith/dehydrated index 07eab49..f89aa53 100644 --- a/root/sbin/e-smith/letsencrypt.sh +++ b/root/sbin/e-smith/dehydrated @@ -30,8 +30,8 @@ if (@domains > 0){ event_signal("letsencrypt-update"); } -# Execute the real letsencrypt script, passing any arg -system("/usr/bin/letsencrypt.sh", @ARGV); +# Execute the real dehydrated script, passing any arg +system("/usr/bin/dehydrated", @ARGV); # Enable proxypass again if (@domains > 0){ diff --git a/smeserver-letsencrypt-client.spec b/smeserver-letsencrypt-client.spec index c5f4035..2f7ced9 100644 --- a/smeserver-letsencrypt-client.spec +++ b/smeserver-letsencrypt-client.spec @@ -15,11 +15,11 @@ BuildArchitectures: noarch BuildRequires: e-smith-devtools Requires: e-smith-base -Requires: letsencrypt.sh +Requires: dehydrated %description Automatically get certificates from letsencrypt -Using https://github.com/lukas2511/letsencrypt.sh +Using https://github.com/lukas2511/dehydrated %changelog * Mon Jun 27 2016 Daniel Berteaud - 0.1.10-1.sme @@ -66,7 +66,7 @@ Using https://github.com/lukas2511/letsencrypt.sh %setup -q -n %{name}-%{version} %build -%{__mkdir_p} root/home/e-smith/db/letsencrypt.sh +%{__mkdir_p} root/home/e-smith/db/dehydrated perl createlinks %install @@ -74,9 +74,9 @@ perl createlinks (cd root; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) /bin/rm -f %{name}-%{version}-filelist /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ - --dir /home/e-smith/db/letsencrypt.sh 'attr(0750,root,root)' \ - --file /etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh 'attr(0755,root,root)' \ - --file /etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh 'attr(0755,root,root)' \ + --dir /home/e-smith/db/dehydrated 'attr(0750,root,root)' \ + --file /etc/dehydrated/hooks_deploy_cert.d/10smeserver.sh 'attr(0755,root,root)' \ + --file /etc/dehydrated/hooks_clean_challenge.d/10smeserver.sh 'attr(0755,root,root)' \ > %{name}-%{version}-filelist %clean @@ -88,4 +88,8 @@ rm -rf $RPM_BUILD_ROOT %pre %post - +# Migrate from letsencrypt.sh to dehydrated +if [ -d /home/e-smith/db/letsencrypt.sh/ ]; then + mv /home/e-smith/db/letsencrypt.sh/* /home/e-smith/db/dehydrated/ + rmdir /home/e-smith/db/letsencrypt.sh/ +fi