starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-18 22:49:47 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

rewritten argument handling and moved to new main() method, added dependency checks, added _exiterr helper

Browse Source
This commit is contained in:
Lukas Schauer
2016-01-08 19:10:50 +01:00
parent 16bef17e45
commit 9f66bfdb50
1 changed files with 104 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
letsencrypt.sh
View File

@@ -8,6 +8,13 @@ umask 077 # paranoid umask, we're creating private keys
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
BASEDIR="${SCRIPTDIR}" BASEDIR="${SCRIPTDIR}"
check_dependencies() {
curl -V > /dev/null 2>&1 || _exiterr "This script requires curl."
openssl version > /dev/null 2>&1 || _exiterr "This script requres an openssl binary."
sed "" < /dev/null > /dev/null 2>&1 || _exiterr "This script requres sed."
grep -V > /dev/null 2>&1 || _exiterr "This script requres grep."
}
# Setup default config values, search for and load configuration files # Setup default config values, search for and load configuration files
load_config() { load_config() {
# Default values # Default values
@@ -149,6 +156,12 @@ init_system() {
fi fi
} }
# Print error message and exit with error
_exiterr() {
echo "ERROR: ${1}" >&2
exit 1
}
anti_newline() { anti_newline() {
tr -d '\n\r' tr -d '\n\r'
} }
@@ -384,6 +397,8 @@ sign_domain() {
# Usage: --cron (-c) # Usage: --cron (-c)
# Description: Sign/renew non-existant/changed/expiring certificates. # Description: Sign/renew non-existant/changed/expiring certificates.
command_sign_domains() { command_sign_domains() {
init_system
if [[ -n "${PARAM_DOMAIN:-}" ]]; then if [[ -n "${PARAM_DOMAIN:-}" ]]; then
# we are using a temporary domains.txt file so we don't need to duplicate any code # we are using a temporary domains.txt file so we don't need to duplicate any code
DOMAINS_TXT="$(mktemp)" DOMAINS_TXT="$(mktemp)"
@@ -453,6 +468,8 @@ command_sign_domains() {
# Usage: --revoke (-r) path/to/cert.pem # Usage: --revoke (-r) path/to/cert.pem
# Description: Revoke specified certificate # Description: Revoke specified certificate
command_revoke() { command_revoke() {
init_system
cert="${1}" cert="${1}"
if [[ -L "${cert}" ]]; then if [[ -L "${cert}" ]]; then
# follow symlink and use real certificate name (so we move the real file and not the symlink at the end) # follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
@@ -514,124 +531,106 @@ command_help() {
# Description: Output configuration variables for use in other scripts # Description: Output configuration variables for use in other scripts
command_env() { command_env() {
echo "# letsencrypt.sh configuration" echo "# letsencrypt.sh configuration"
typeset -p CA LICENSE BASEDIR WELLKNOWN PRIVATE_KEY KEYSIZE OPENSSL_CNF HOOK RENEW_DAYS PRIVATE_KEY_RENEW CONTACT_EMAIL load_config
exit 0 typeset -p CA LICENSE HOOK RENEW_DAYS PRIVATE_KEY KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
} }
args="" main() {
# change long args to short args COMMAND=""
# inspired by http://kirk.webfinish.com/?p=45 set_command() {
for arg; do [[ -z "${COMMAND}" ]] || _exiterr "Only one command can be executed at a time. See help (-h) for more information."
case "${arg}" in COMMAND="${1}"
--help) args="${args}-h ";; }
--cron) args="${args}-c ";;
--domain) args="${args}-d ";; check_parameters() {
--force ) args="${args}-x ";; if [[ -z "${1:-}" ]]; then
--revoke) args="${args}-r ";; echo "The specified command requires additional parameters. See help:" >&2
--privkey) args="${args}-p ";;
--config) args="${args}-f ";;
--env) args="${args}-e ";;
--*)
echo "Unknown parameter detected: ${arg}" >&2
echo >&2 echo >&2
command_help >&2 command_help >&2
exit 1 exit 1
;; elif [[ "${1:0:1}" = "-" ]]; then
# pass through anything else _exiterr "Invalid argument: ${1}"
*) args="${args}\"${arg}\" ";; fi
esac }
done
# Reset the positional parameters to the short options while (( "${#}" )); do
eval set -- "${args}" case "${1}" in
--help|-h)
command_help
exit 0
;;
COMMAND="" --env|-e)
set_command() { set_command env
if [[ ! -z "${COMMAND}" ]]; then ;;
echo "Only one command can be executed at a time." >&2
echo "See help (-h) for more information." >&2
exit 1
fi
COMMAND="${1}"
}
check_parameters() { --cron|-c)
if [[ -z "${@}" ]]; then set_command sign_domains
echo "The specified command requires additional parameters. See help:" >&2 ;;
echo >&2
command_help >&2 --revoke|-r)
exit 1 shift 1
fi set_command revoke
} check_parameters "${1:-}"
PARAM_REVOKECERT="${1}"
;;
while getopts ":hcer:d:xf:p:" option; do
case "${option}" in
h)
command_help
exit 0
;;
c)
set_command sign_domains
;;
e)
set_command env
;;
r)
set_command revoke
check_parameters "${OPTARG:-}"
revoke_me="${OPTARG}"
;;
d)
# PARAM_Usage: --domain (-d) domain.tld # PARAM_Usage: --domain (-d) domain.tld
# PARAM_Description: Use specified domain name instead of domains.txt, use multiple times for certificate with SAN names # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!)
check_parameters "${OPTARG:-}" --domain|-d)
if [[ -z "${PARAM_DOMAIN:-}" ]]; then shift 1
PARAM_DOMAIN="${OPTARG}" check_parameters "${1:-}"
else if [[ -z "${PARAM_DOMAIN:-}" ]]; then
PARAM_DOMAIN="${PARAM_DOMAIN} ${OPTARG}" PARAM_DOMAIN="${1}"
fi else
;; PARAM_DOMAIN="${PARAM_DOMAIN} ${1}"
x) fi
;;
# PARAM_Usage: --force (-x) # PARAM_Usage: --force (-x)
# PARAM_Description: force renew of certificate even if it is longer valid than value in RENEW_DAYS # PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS
PARAM_FORCE="yes" --force|-x)
;; PARAM_FORCE="yes"
f) ;;
# PARAM_Usage: --config (-f) path/to/config.sh
# PARAM_Description: Use specified config file
check_parameters "${OPTARG:-}"
CONFIG="${OPTARG}"
;;
p)
# PARAM_Usage: --privkey (-p) path/to/key.pem # PARAM_Usage: --privkey (-p) path/to/key.pem
# PARAM_Description: Use specified private key instead of account key (useful for revocation) # PARAM_Description: Use specified private key instead of account key (useful for revocation)
check_parameters "${OPTARG:-}" --privkey|-p)
PARAM_PRIVATE_KEY="${OPTARG}" shift 1
;; check_parameters "${1:-}"
*) PARAM_PRIVATE_KEY="${1}"
echo "Unknown parameter detected: -${OPTARG}" >&2 ;;
echo >&2
command_help >&2 # PARAM_Usage: --config (-f) path/to/config.sh
exit 1 # PARAM_Description: Use specified config file
;; --config|-f)
shift 1
check_parameters "${1:-}"
CONFIG="${1}"
;;
*)
echo "Unknown parameter detected: ${1}" >&2
echo >&2
command_help >&2
exit 1
;;
esac
shift 1
done
case "${COMMAND}" in
env) command_env;;
sign_domains) command_sign_domains;;
revoke) command_revoke "${PARAM_REVOKECERT}";;
*) command_help; exit1;;
esac esac
done }
if [[ -z "${COMMAND}" ]]; then # Check for missing dependencies
command_help check_dependencies
exit 1
fi
init_system # Run script
main "${@:-}"
case "${COMMAND}" in
sign_domains)
command_sign_domains
;;
env)
command_env
;;
revoke)
command_revoke "${revoke_me}"
;;
esac