starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-05-10 00:53:29 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

make shellcheck happy again

Browse Source
This commit is contained in:
Lukas Schauer
2021-03-29 19:14:03 +02:00
parent 095165ee96
commit e963438c5a
1 changed files with 64 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
dehydrated
View File

@@ -31,6 +31,22 @@ SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
BASEDIR="${SCRIPTDIR}" BASEDIR="${SCRIPTDIR}"
ORIGARGS=("${@}") ORIGARGS=("${@}")
noglob_set() {
if [[ -n "${ZSH_VERSION:-}" ]]; then
set +o noglob
else
set +f
fi
}
noglob_clear() {
if [[ -n "${ZSH_VERSION:-}" ]]; then
set -o noglob
else
set -f
fi
}
# Generate json.sh path matching string # Generate json.sh path matching string
json_path() { json_path() {
if [ ! "${1}" = "-p" ]; then if [ ! "${1}" = "-p" ]; then
@@ -55,7 +71,6 @@ get_json_array_values() {
# Get sub-dictionary from json # Get sub-dictionary from json
get_json_dict_value() { get_json_dict_value() {
local filter local filter
echo "$(json_path "${1:-}" "${2:-}")"
filter="$(printf 's/.*\[%s\][[:space:]]*\(.*\)/\\1/p' "$(json_path "${1:-}" "${2:-}")")" filter="$(printf 's/.*\[%s\][[:space:]]*\(.*\)/\\1/p' "$(json_path "${1:-}" "${2:-}")")"
sed -n "${filter}" | jsonsh sed -n "${filter}" | jsonsh
} }
@@ -103,13 +118,14 @@ jsonsh() {
local ESCAPE local ESCAPE
local CHAR local CHAR
if echo "test string" | egrep -ao --color=never "test" >/dev/null 2>&1 if echo "test string" | grep -Eao --color=never "test" >/dev/null 2>&1
then then
GREP='egrep -ao --color=never' GREP='grep -Eao --color=never'
else else
GREP='egrep -ao' GREP='grep -Eao'
fi fi
# shellcheck disable=SC2196
if echo "test string" | egrep -ao "test" >/dev/null 2>&1 if echo "test string" | egrep -ao "test" >/dev/null 2>&1
then then
ESCAPE='(\\[^u[:cntrl:]]|\\u[0-9a-fA-F]{4})' ESCAPE='(\\[^u[:cntrl:]]|\\u[0-9a-fA-F]{4})'
@@ -126,10 +142,11 @@ jsonsh() {
local SPACE='[[:space:]]+' local SPACE='[[:space:]]+'
# Force zsh to expand $A into multiple words # Force zsh to expand $A into multiple words
local is_wordsplit_disabled=$(unsetopt 2>/dev/null | grep -c '^shwordsplit$') local is_wordsplit_disabled
if [ $is_wordsplit_disabled != 0 ]; then setopt shwordsplit; fi is_wordsplit_disabled="$(unsetopt 2>/dev/null | grep -c '^shwordsplit$')"
$GREP "$STRING|$NUMBER|$KEYWORD|$SPACE|." | egrep -v "^$SPACE$" if [ "${is_wordsplit_disabled}" != "0" ]; then setopt shwordsplit; fi
if [ $is_wordsplit_disabled != 0 ]; then unsetopt shwordsplit; fi $GREP "$STRING|$NUMBER|$KEYWORD|$SPACE|." | grep -Ev "^$SPACE$"
if [ "${is_wordsplit_disabled}" != "0" ]; then unsetopt shwordsplit; fi
} }
parse_array () { parse_array () {
@@ -194,17 +211,14 @@ jsonsh() {
} }
parse_value () { parse_value () {
local jpath="${1:+$1,}${2:-}" isleaf=0 isempty=0 print=0 local jpath="${1:+$1,}${2:-}"
case "$token" in case "$token" in
'{') parse_object "$jpath" ;; '{') parse_object "$jpath" ;;
'[') parse_array "$jpath" ;; '[') parse_array "$jpath" ;;
# At this point, the only valid single-character tokens are digits. # At this point, the only valid single-character tokens are digits.
''|[!0-9]) throw "EXPECTED value GOT ${token:-EOF}" ;; ''|[!0-9]) throw "EXPECTED value GOT ${token:-EOF}" ;;
*) value=$token *) value="${token/\\\///}"
# replace solidus ("\/") in json strings with normalized value: "/" # replace solidus ("\/") in json strings with normalized value: "/"
value=$(echo "$value" | sed 's#\\/#/#g')
isleaf=1
[ "$value" = '""' ] && isempty=1
;; ;;
esac esac
[ "$value" = '' ] && return [ "$value" = '' ] && return
@@ -229,8 +243,7 @@ jsonsh() {
# Create (identifiable) temporary files # Create (identifiable) temporary files
_mktemp() { _mktemp() {
# shellcheck disable=SC2068 mktemp "${TMPDIR:-/tmp}/dehydrated-XXXXXX"
mktemp ${@:-} "${TMPDIR:-/tmp}/dehydrated-XXXXXX"
} }
# Check for script dependencies # Check for script dependencies
@@ -385,7 +398,7 @@ load_config() {
fi fi
# Allow globbing # Allow globbing
[[ -n "${ZSH_VERSION:-}" ]] && set +o noglob || set +f noglob_set
for check_config_d in "${CONFIG_D}"/*.sh; do for check_config_d in "${CONFIG_D}"/*.sh; do
if [[ -f "${check_config_d}" ]] && [[ -r "${check_config_d}" ]]; then if [[ -f "${check_config_d}" ]] && [[ -r "${check_config_d}" ]]; then
@@ -398,7 +411,7 @@ load_config() {
done done
# Disable globbing # Disable globbing
[[ -n "${ZSH_VERSION:-}" ]] && set -o noglob || set -f noglob_clear
fi fi
# Check for missing dependencies # Check for missing dependencies
@@ -479,6 +492,7 @@ load_config() {
fi fi
fi fi
# shellcheck disable=SC1090
[[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config" [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem" ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
ACCOUNT_KEY_JSON="${ACCOUNTDIR}/${CAHASH}/registration_info.json" ACCOUNT_KEY_JSON="${ACCOUNTDIR}/${CAHASH}/registration_info.json"
@@ -549,8 +563,8 @@ init_system() {
grep -q newOrder <<< "${CA_DIRECTORY}" && API=2 || API=1 grep -q newOrder <<< "${CA_DIRECTORY}" && API=2 || API=1
fi fi
if [[ ${API} -eq 1 ]]; then # shellcheck disable=SC2015
# shellcheck disable=SC2015 if [[ "${API}" = "1" ]]; then
CA_NEW_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-cert)" && CA_NEW_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-cert)" &&
CA_NEW_AUTHZ="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-authz)" && CA_NEW_AUTHZ="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-authz)" &&
CA_NEW_REG="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-reg)" && CA_NEW_REG="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-reg)" &&
@@ -561,7 +575,6 @@ init_system() {
# Since reg URI is missing from directory we will assume it is the same as CA_NEW_REG without the new part # Since reg URI is missing from directory we will assume it is the same as CA_NEW_REG without the new part
CA_REG=${CA_NEW_REG/new-reg/reg} CA_REG=${CA_NEW_REG/new-reg/reg}
else else
# shellcheck disable=SC2015
CA_NEW_ORDER="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newOrder)" && CA_NEW_ORDER="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newOrder)" &&
CA_NEW_NONCE="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newNonce)" && CA_NEW_NONCE="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newNonce)" &&
CA_NEW_ACCOUNT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newAccount)" && CA_NEW_ACCOUNT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newAccount)" &&
@@ -569,8 +582,6 @@ init_system() {
CA_REQUIRES_EAB="$(printf "%s" "${CA_DIRECTORY}" | get_json_bool_value -p '"meta","externalAccountRequired"' || echo false)" && CA_REQUIRES_EAB="$(printf "%s" "${CA_DIRECTORY}" | get_json_bool_value -p '"meta","externalAccountRequired"' || echo false)" &&
CA_REVOKE_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value revokeCert)" || CA_REVOKE_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value revokeCert)" ||
_exiterr "Problem retrieving ACME/CA-URLs, check if your configured CA points to the directory entrypoint." _exiterr "Problem retrieving ACME/CA-URLs, check if your configured CA points to the directory entrypoint."
# Since acct URI is missing from directory we will assume it is the same as CA_NEW_ACCOUNT without the new part
CA_ACCOUNT=${CA_NEW_ACCOUNT/new-acct/acct}
fi fi
# Export some environment variables to be used in hook script # Export some environment variables to be used in hook script
@@ -592,13 +603,14 @@ init_system() {
if [[ ! "${PARAM_ACCEPT_TERMS:-}" = "yes" ]]; then if [[ ! "${PARAM_ACCEPT_TERMS:-}" = "yes" ]]; then
printf '\n' >&2 printf '\n' >&2
printf 'To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: %s\n\n' "${CA_TERMS}" >&2 printf 'To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: %s\n\n' "${CA_TERMS}" >&2
printf 'To accept these terms of service run `%s --register --accept-terms`.\n' "${0}" >&2 printf 'To accept these terms of service run "%s --register --accept-terms".\n' "${0}" >&2
exit 1 exit 1
fi fi
echo "+ Generating account key..." echo "+ Generating account key..."
generated="true" generated="true"
local tmp_account_key="$(_mktemp)" local tmp_account_key
tmp_account_key="$(_mktemp)"
_openssl genrsa -out "${tmp_account_key}" "${KEYSIZE}" _openssl genrsa -out "${tmp_account_key}" "${KEYSIZE}"
cat "${tmp_account_key}" > "${ACCOUNT_KEY}" cat "${tmp_account_key}" > "${ACCOUNT_KEY}"
rm "${tmp_account_key}" rm "${tmp_account_key}"
@@ -702,11 +714,11 @@ init_system() {
# Read account information or request from CA if missing # Read account information or request from CA if missing
if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
if [[ ${API} -eq 1 ]]; then if [[ ${API} -eq 1 ]]; then
ACCOUNT_ID="$(cat "${ACCOUNT_KEY_JSON}" | jsonsh | get_json_int_value id)" ACCOUNT_ID="$(jsonsh < "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}" ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}"
else else
if [[ -e "${ACCOUNT_ID_JSON}" ]]; then if [[ -e "${ACCOUNT_ID_JSON}" ]]; then
ACCOUNT_URL="$(cat "${ACCOUNT_ID_JSON}" | jsonsh | get_json_string_value url)" ACCOUNT_URL="$(jsonsh < "${ACCOUNT_ID_JSON}" | get_json_string_value url)"
fi fi
# if account URL is not storred, fetch it from the CA # if account URL is not storred, fetch it from the CA
if [[ -z "${ACCOUNT_URL:-}" ]]; then if [[ -z "${ACCOUNT_URL:-}" ]]; then
@@ -772,7 +784,8 @@ deurlbase64() {
# Convert hex string to binary data # Convert hex string to binary data
hex2bin() { hex2bin() {
# Remove spaces, add leading zero, escape as hex string and parse with printf # Remove spaces, add leading zero, escape as hex string and parse with printf
printf -- "$(cat | _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g')" # shellcheck disable=SC2059
printf "%b" "$(cat | _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g')"
} }
# Convert binary data to hex string # Convert binary data to hex string
@@ -807,6 +820,7 @@ http_request() {
fi fi
set +e set +e
# shellcheck disable=SC2086
if [[ "${1}" = "head" ]]; then if [[ "${1}" = "head" ]]; then
statuscode="$(curl ${ip_version:-} ${CURL_OPTS} -A "dehydrated/${VERSION} curl/${CURL_VERSION}" -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)" statuscode="$(curl ${ip_version:-} ${CURL_OPTS} -A "dehydrated/${VERSION} curl/${CURL_VERSION}" -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)"
curlret="${?}" curlret="${?}"
@@ -846,8 +860,8 @@ http_request() {
# An exclusive hook for the {1}-request error might be useful (e.g., for sending an e-mail to admins) # An exclusive hook for the {1}-request error might be useful (e.g., for sending an e-mail to admins)
if [[ -n "${HOOK}" ]]; then if [[ -n "${HOOK}" ]]; then
errtxt="$(cat ${tempcont})" errtxt="$(cat "${tempcont}")"
errheaders="$(cat ${tempheaders})" errheaders="$(cat "${tempheaders}")"
"${HOOK}" "request_failure" "${statuscode}" "${errtxt}" "${1}" "${errheaders}" || _exiterr 'request_failure hook returned with non-zero exit code' "${HOOK}" "request_failure" "${statuscode}" "${errtxt}" "${1}" "${errheaders}" || _exiterr 'request_failure hook returned with non-zero exit code'
fi fi
@@ -925,8 +939,7 @@ extract_altnames() {
# SANs used, extract these # SANs used, extract these
altnames="$( <<<"${reqtext}" awk '/X509v3 Subject Alternative Name:/{print;getline;print;}' | tail -n1 )" altnames="$( <<<"${reqtext}" awk '/X509v3 Subject Alternative Name:/{print;getline;print;}' | tail -n1 )"
# split to one per line: # split to one per line:
# shellcheck disable=SC1003 altnames="$( <<<"${altnames}" _sed -e 's/^[[:space:]]*//; s/, /'"'$'\n'"'/g' )"
altnames="$( <<<"${altnames}" _sed -e 's/^[[:space:]]*//; s/, /\'$'\n''/g' )"
# we can only get DNS: ones signed # we can only get DNS: ones signed
if grep -qEv '^(DNS|othername):' <<<"${altnames}"; then if grep -qEv '^(DNS|othername):' <<<"${altnames}"; then
_exiterr "Certificate signing request contains non-DNS Subject Alternative Names" _exiterr "Certificate signing request contains non-DNS Subject Alternative Names"
@@ -1083,12 +1096,12 @@ sign_csr() {
if [[ ${num_pending_challenges} -ne 0 ]]; then if [[ ${num_pending_challenges} -ne 0 ]]; then
echo " + Deploying challenge tokens..." echo " + Deploying challenge tokens..."
if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]]; then if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]]; then
"${HOOK}" "deploy_challenge" ${deploy_args[@]} || _exiterr 'deploy_challenge hook returned with non-zero exit code' "${HOOK}" "deploy_challenge" "${deploy_args[@]}" || _exiterr 'deploy_challenge hook returned with non-zero exit code'
elif [[ -n "${HOOK}" ]]; then elif [[ -n "${HOOK}" ]]; then
# Run hook script to deploy the challenge token # Run hook script to deploy the challenge token
local idx=0 local idx=0
while [ ${idx} -lt ${num_pending_challenges} ]; do while [ ${idx} -lt ${num_pending_challenges} ]; do
"${HOOK}" "deploy_challenge" ${deploy_args[${idx}]} || _exiterr 'deploy_challenge hook returned with non-zero exit code' "${HOOK}" "deploy_challenge" "${deploy_args[${idx}]}" || _exiterr 'deploy_challenge hook returned with non-zero exit code'
idx=$((idx+1)) idx=$((idx+1))
done done
fi fi
@@ -1134,7 +1147,7 @@ sign_csr() {
echo " + Cleaning challenge tokens..." echo " + Cleaning challenge tokens..."
# Clean challenge tokens using chained hook # Clean challenge tokens using chained hook
[[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]] && ("${HOOK}" "clean_challenge" ${deploy_args[@]} || _exiterr 'clean_challenge hook returned with non-zero exit code') [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]] && ("${HOOK}" "clean_challenge" "${deploy_args[@]}" || _exiterr 'clean_challenge hook returned with non-zero exit code')
# Clean remaining challenge tokens if validation has failed # Clean remaining challenge tokens if validation has failed
local idx=0 local idx=0
@@ -1144,7 +1157,7 @@ sign_csr() {
# Delete alpn verification certificates # Delete alpn verification certificates
[[ "${CHALLENGETYPE}" = "tls-alpn-01" ]] && rm -f "${ALPNCERTDIR}/${challenge_names[${idx}]}.crt.pem" "${ALPNCERTDIR}/${challenge_names[${idx}]}.key.pem" [[ "${CHALLENGETYPE}" = "tls-alpn-01" ]] && rm -f "${ALPNCERTDIR}/${challenge_names[${idx}]}.crt.pem" "${ALPNCERTDIR}/${challenge_names[${idx}]}.key.pem"
# Clean challenge token using non-chained hook # Clean challenge token using non-chained hook
[[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && ("${HOOK}" "clean_challenge" ${deploy_args[${idx}]} || _exiterr 'clean_challenge hook returned with non-zero exit code') [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && ("${HOOK}" "clean_challenge" "${deploy_args[${idx}]}" || _exiterr 'clean_challenge hook returned with non-zero exit code')
idx=$((idx+1)) idx=$((idx+1))
done done
@@ -1192,7 +1205,7 @@ sign_csr() {
foundaltchain=1 foundaltchain=1
fi fi
if [ "${foundaltchain}" = "0" ]; then if [ "${foundaltchain}" = "0" ]; then
while read altcrturl; do while read -r altcrturl; do
if [ "${foundaltchain}" = "0" ]; then if [ "${foundaltchain}" = "0" ]; then
altcrt="$(signed_request "${altcrturl}" "")" altcrt="$(signed_request "${altcrturl}" "")"
altcn="$(get_last_cn "${altcrt}")" altcn="$(get_last_cn "${altcrt}")"
@@ -1292,7 +1305,7 @@ generate_alpn_certificate() {
tmp_openssl_cnf="$(_mktemp)" tmp_openssl_cnf="$(_mktemp)"
cat "${OPENSSL_CNF}" > "${tmp_openssl_cnf}" cat "${OPENSSL_CNF}" > "${tmp_openssl_cnf}"
printf "\n[SAN]\nsubjectAltName=DNS:%s\n" "${altname}" >> "${tmp_openssl_cnf}" printf "\n[SAN]\nsubjectAltName=DNS:%s\n" "${altname}" >> "${tmp_openssl_cnf}"
printf "1.3.6.1.5.5.7.1.31=critical,DER:04:20:${acmevalidation}\n" >> "${tmp_openssl_cnf}" printf "1.3.6.1.5.5.7.1.31=critical,DER:04:20:%s\n" "${acmevalidation}" >> "${tmp_openssl_cnf}"
SUBJ="/CN=${altname}/" SUBJ="/CN=${altname}/"
[[ "${OSTYPE:0:5}" = "MINGW" ]] && SUBJ="/${SUBJ}" [[ "${OSTYPE:0:5}" = "MINGW" ]] && SUBJ="/${SUBJ}"
_openssl req -x509 -new -sha256 -nodes -newkey rsa:2048 -keyout "${alpncertdir}/${altname}.key.pem" -out "${alpncertdir}/${altname}.crt.pem" -subj "${SUBJ}" -extensions SAN -config "${tmp_openssl_cnf}" _openssl req -x509 -new -sha256 -nodes -newkey rsa:2048 -keyout "${alpncertdir}/${altname}.key.pem" -out "${alpncertdir}/${altname}.crt.pem" -subj "${SUBJ}" -extensions SAN -config "${tmp_openssl_cnf}"
@@ -1326,7 +1339,8 @@ sign_domain() {
if [[ ! -r "${certdir}/privkey.pem" ]] || [[ "${PRIVATE_KEY_RENEW}" = "yes" ]]; then if [[ ! -r "${certdir}/privkey.pem" ]] || [[ "${PRIVATE_KEY_RENEW}" = "yes" ]]; then
echo " + Generating private key..." echo " + Generating private key..."
privkey="privkey-${timestamp}.pem" privkey="privkey-${timestamp}.pem"
local tmp_privkey="$(_mktemp)" local tmp_privkey
tmp_privkey="$(_mktemp)"
case "${KEY_ALGO}" in case "${KEY_ALGO}" in
rsa) _openssl genrsa -out "${tmp_privkey}" "${KEYSIZE}";; rsa) _openssl genrsa -out "${tmp_privkey}" "${KEYSIZE}";;
prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${tmp_privkey}";; prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${tmp_privkey}";;
@@ -1440,6 +1454,7 @@ command_version() {
revision="$(cd "${SCRIPTDIR}"; git rev-parse HEAD 2>/dev/null || echo "unknown")" revision="$(cd "${SCRIPTDIR}"; git rev-parse HEAD 2>/dev/null || echo "unknown")"
echo "GIT-Revision: ${revision}" echo "GIT-Revision: ${revision}"
echo "" echo ""
# shellcheck disable=SC1091
if [[ "${OSTYPE}" =~ (BSD|Darwin) ]]; then if [[ "${OSTYPE}" =~ (BSD|Darwin) ]]; then
echo "OS: $(uname -sr)" echo "OS: $(uname -sr)"
elif [[ -e /etc/os-release ]]; then elif [[ -e /etc/os-release ]]; then
@@ -1447,7 +1462,7 @@ command_version() {
elif [[ -e /usr/lib/os-release ]]; then elif [[ -e /usr/lib/os-release ]]; then
( . /usr/lib/os-release && echo "OS: $PRETTY_NAME" ) ( . /usr/lib/os-release && echo "OS: $PRETTY_NAME" )
else else
echo "OS: $(cat /etc/issue | grep -v ^$ | head -n1 | _sed 's/\\(r|n|l) .*//g')" echo "OS: $(grep -v '^$' /etc/issue | head -n1 | _sed 's/\\(r|n|l) .*//g')"
fi fi
echo "Used software:" echo "Used software:"
[[ -n "${BASH_VERSION:-}" ]] && echo " bash: ${BASH_VERSION}" [[ -n "${BASH_VERSION:-}" ]] && echo " bash: ${BASH_VERSION}"
@@ -1549,9 +1564,9 @@ command_sign_domains() {
if [[ -n "${PARAM_DOMAIN:-}" ]]; then if [[ -n "${PARAM_DOMAIN:-}" ]]; then
DOMAINS_TXT="$(_mktemp)" DOMAINS_TXT="$(_mktemp)"
if [[ -n "${PARAM_ALIAS:-}" ]]; then if [[ -n "${PARAM_ALIAS:-}" ]]; then
printf -- "${PARAM_DOMAIN} > ${PARAM_ALIAS}" > "${DOMAINS_TXT}" printf "%s > %s" "${PARAM_DOMAIN}" "${PARAM_ALIAS}" > "${DOMAINS_TXT}"
else else
printf -- "${PARAM_DOMAIN}" > "${DOMAINS_TXT}" printf "%s" "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
fi fi
elif [[ -e "${DOMAINS_TXT}" ]]; then elif [[ -e "${DOMAINS_TXT}" ]]; then
if [[ ! -r "${DOMAINS_TXT}" ]]; then if [[ ! -r "${DOMAINS_TXT}" ]]; then
@@ -1570,11 +1585,11 @@ command_sign_domains() {
alias="$(grep -Eo '>[^ ]+' <<< "${line}" || true)" alias="$(grep -Eo '>[^ ]+' <<< "${line}" || true)"
line="$(_sed -e 's/>[^ ]+[ ]*//g' <<< "${line}")" line="$(_sed -e 's/>[^ ]+[ ]*//g' <<< "${line}")"
aliascount="$(grep -Eo '>' <<< "${alias}" | awk 'END {print NR}' || true )" aliascount="$(grep -Eo '>' <<< "${alias}" | awk 'END {print NR}' || true )"
[ ${aliascount} -gt 1 ] && _exiterr "Only one alias per line is allowed in domains.txt!" [ "${aliascount}" -gt 1 ] && _exiterr "Only one alias per line is allowed in domains.txt!"
domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)" domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)" morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
[ ${aliascount} -lt 1 ] && alias="${domain}" || alias="${alias#>}" [ "${aliascount}" -lt 1 ] && alias="${domain}" || alias="${alias#>}"
export alias export alias
if [[ -z "${morenames}" ]];then if [[ -z "${morenames}" ]];then
@@ -1708,13 +1723,14 @@ command_sign_domains() {
if [[ ! "${skip}" = "yes" ]]; then if [[ ! "${skip}" = "yes" ]]; then
update_ocsp="yes" update_ocsp="yes"
[[ -z "${csr}" ]] || printf "%s" "${csr}" > "${certdir}/cert-${timestamp}.csr" [[ -z "${csr}" ]] || printf "%s" "${csr}" > "${certdir}/cert-${timestamp}.csr"
# shellcheck disable=SC2086
if [[ "${PARAM_KEEP_GOING:-}" = "yes" ]]; then if [[ "${PARAM_KEEP_GOING:-}" = "yes" ]]; then
skip_exit_hook=yes skip_exit_hook=yes
sign_domain "${certdir}" ${timestamp} ${domain} ${morenames} & sign_domain "${certdir}" "${timestamp}" "${domain}" ${morenames} &
wait $! || exit_with_errorcode=1 wait $! || exit_with_errorcode=1
skip_exit_hook=no skip_exit_hook=no
else else
sign_domain "${certdir}" ${timestamp} ${domain} ${morenames} sign_domain "${certdir}" "${timestamp}" "${domain}" ${morenames}
fi fi
fi fi
@@ -1778,6 +1794,7 @@ command_sign_csr() {
# gen cert # gen cert
certfile="$(_mktemp)" certfile="$(_mktemp)"
# shellcheck disable=SC2086
sign_csr "${csr}" ${altnames} 3> "${certfile}" sign_csr "${csr}" ${altnames} 3> "${certfile}"
# print cert # print cert
@@ -1882,7 +1899,7 @@ command_cleanup() {
fi fi
# Allow globbing # Allow globbing
[[ -n "${ZSH_VERSION:-}" ]] && set +o noglob || set +f noglob_set
# Loop over all certificate directories # Loop over all certificate directories
for certdir in "${CERTDIR}/"*; do for certdir in "${CERTDIR}/"*; do
@@ -1995,8 +2012,7 @@ main() {
fi fi
} }
# shellcheck disable=SC2199 [[ -z "${*}" ]] && eval set -- "--help"
[[ -z "${@}" ]] && eval set -- "--help"
while (( ${#} )); do while (( ${#} )); do
case "${1}" in case "${1}" in