rewritten argument handling and moved to new main() method, added dependency checks, added _exiterr helper

This commit is contained in:
Lukas Schauer
2016-01-08 19:10:50 +01:00
parent 16bef17e45
commit 9f66bfdb50
+78 -79
View File
@@ -8,6 +8,13 @@ umask 077 # paranoid umask, we're creating private keys
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
BASEDIR="${SCRIPTDIR}" BASEDIR="${SCRIPTDIR}"
check_dependencies() {
curl -V > /dev/null 2>&1 || _exiterr "This script requires curl."
openssl version > /dev/null 2>&1 || _exiterr "This script requres an openssl binary."
sed "" < /dev/null > /dev/null 2>&1 || _exiterr "This script requres sed."
grep -V > /dev/null 2>&1 || _exiterr "This script requres grep."
}
# Setup default config values, search for and load configuration files # Setup default config values, search for and load configuration files
load_config() { load_config() {
# Default values # Default values
@@ -149,6 +156,12 @@ init_system() {
fi fi
} }
# Print error message and exit with error
_exiterr() {
echo "ERROR: ${1}" >&2
exit 1
}
anti_newline() { anti_newline() {
tr -d '\n\r' tr -d '\n\r'
} }
@@ -384,6 +397,8 @@ sign_domain() {
# Usage: --cron (-c) # Usage: --cron (-c)
# Description: Sign/renew non-existant/changed/expiring certificates. # Description: Sign/renew non-existant/changed/expiring certificates.
command_sign_domains() { command_sign_domains() {
init_system
if [[ -n "${PARAM_DOMAIN:-}" ]]; then if [[ -n "${PARAM_DOMAIN:-}" ]]; then
# we are using a temporary domains.txt file so we don't need to duplicate any code # we are using a temporary domains.txt file so we don't need to duplicate any code
DOMAINS_TXT="$(mktemp)" DOMAINS_TXT="$(mktemp)"
@@ -453,6 +468,8 @@ command_sign_domains() {
# Usage: --revoke (-r) path/to/cert.pem # Usage: --revoke (-r) path/to/cert.pem
# Description: Revoke specified certificate # Description: Revoke specified certificate
command_revoke() { command_revoke() {
init_system
cert="${1}" cert="${1}"
if [[ -L "${cert}" ]]; then if [[ -L "${cert}" ]]; then
# follow symlink and use real certificate name (so we move the real file and not the symlink at the end) # follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
@@ -514,124 +531,106 @@ command_help() {
# Description: Output configuration variables for use in other scripts # Description: Output configuration variables for use in other scripts
command_env() { command_env() {
echo "# letsencrypt.sh configuration" echo "# letsencrypt.sh configuration"
typeset -p CA LICENSE BASEDIR WELLKNOWN PRIVATE_KEY KEYSIZE OPENSSL_CNF HOOK RENEW_DAYS PRIVATE_KEY_RENEW CONTACT_EMAIL load_config
exit 0 typeset -p CA LICENSE HOOK RENEW_DAYS PRIVATE_KEY KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
} }
args="" main() {
# change long args to short args
# inspired by http://kirk.webfinish.com/?p=45
for arg; do
case "${arg}" in
--help) args="${args}-h ";;
--cron) args="${args}-c ";;
--domain) args="${args}-d ";;
--force ) args="${args}-x ";;
--revoke) args="${args}-r ";;
--privkey) args="${args}-p ";;
--config) args="${args}-f ";;
--env) args="${args}-e ";;
--*)
echo "Unknown parameter detected: ${arg}" >&2
echo >&2
command_help >&2
exit 1
;;
# pass through anything else
*) args="${args}\"${arg}\" ";;
esac
done
# Reset the positional parameters to the short options
eval set -- "${args}"
COMMAND="" COMMAND=""
set_command() { set_command() {
if [[ ! -z "${COMMAND}" ]]; then [[ -z "${COMMAND}" ]] || _exiterr "Only one command can be executed at a time. See help (-h) for more information."
echo "Only one command can be executed at a time." >&2
echo "See help (-h) for more information." >&2
exit 1
fi
COMMAND="${1}" COMMAND="${1}"
} }
check_parameters() { check_parameters() {
if [[ -z "${@}" ]]; then if [[ -z "${1:-}" ]]; then
echo "The specified command requires additional parameters. See help:" >&2 echo "The specified command requires additional parameters. See help:" >&2
echo >&2 echo >&2
command_help >&2 command_help >&2
exit 1 exit 1
elif [[ "${1:0:1}" = "-" ]]; then
_exiterr "Invalid argument: ${1}"
fi fi
} }
while getopts ":hcer:d:xf:p:" option; do while (( "${#}" )); do
case "${option}" in case "${1}" in
h) --help|-h)
command_help command_help
exit 0 exit 0
;; ;;
c)
set_command sign_domains --env|-e)
;;
e)
set_command env set_command env
;; ;;
r)
set_command revoke --cron|-c)
check_parameters "${OPTARG:-}" set_command sign_domains
revoke_me="${OPTARG}"
;; ;;
d)
--revoke|-r)
shift 1
set_command revoke
check_parameters "${1:-}"
PARAM_REVOKECERT="${1}"
;;
# PARAM_Usage: --domain (-d) domain.tld # PARAM_Usage: --domain (-d) domain.tld
# PARAM_Description: Use specified domain name instead of domains.txt, use multiple times for certificate with SAN names # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!)
check_parameters "${OPTARG:-}" --domain|-d)
shift 1
check_parameters "${1:-}"
if [[ -z "${PARAM_DOMAIN:-}" ]]; then if [[ -z "${PARAM_DOMAIN:-}" ]]; then
PARAM_DOMAIN="${OPTARG}" PARAM_DOMAIN="${1}"
else else
PARAM_DOMAIN="${PARAM_DOMAIN} ${OPTARG}" PARAM_DOMAIN="${PARAM_DOMAIN} ${1}"
fi fi
;; ;;
x)
# PARAM_Usage: --force (-x) # PARAM_Usage: --force (-x)
# PARAM_Description: force renew of certificate even if it is longer valid than value in RENEW_DAYS # PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--force|-x)
PARAM_FORCE="yes" PARAM_FORCE="yes"
;; ;;
f)
# PARAM_Usage: --config (-f) path/to/config.sh
# PARAM_Description: Use specified config file
check_parameters "${OPTARG:-}"
CONFIG="${OPTARG}"
;;
p)
# PARAM_Usage: --privkey (-p) path/to/key.pem # PARAM_Usage: --privkey (-p) path/to/key.pem
# PARAM_Description: Use specified private key instead of account key (useful for revocation) # PARAM_Description: Use specified private key instead of account key (useful for revocation)
check_parameters "${OPTARG:-}" --privkey|-p)
PARAM_PRIVATE_KEY="${OPTARG}" shift 1
check_parameters "${1:-}"
PARAM_PRIVATE_KEY="${1}"
;; ;;
# PARAM_Usage: --config (-f) path/to/config.sh
# PARAM_Description: Use specified config file
--config|-f)
shift 1
check_parameters "${1:-}"
CONFIG="${1}"
;;
*) *)
echo "Unknown parameter detected: -${OPTARG}" >&2 echo "Unknown parameter detected: ${1}" >&2
echo >&2 echo >&2
command_help >&2 command_help >&2
exit 1 exit 1
;; ;;
esac esac
shift 1
done done
if [[ -z "${COMMAND}" ]]; then
command_help
exit 1
fi
init_system
case "${COMMAND}" in case "${COMMAND}" in
sign_domains) env) command_env;;
command_sign_domains sign_domains) command_sign_domains;;
;; revoke) command_revoke "${PARAM_REVOKECERT}";;
env) *) command_help; exit1;;
command_env
;;
revoke)
command_revoke "${revoke_me}"
;;
esac esac
}
# Check for missing dependencies
check_dependencies
# Run script
main "${@:-}"