From 11813c31a467a805d7e99b9776124dfe0147fdc8 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Wed, 30 Jun 2021 14:29:03 +0200
Subject: [PATCH] certbot: add script for manual deploy hooks execution

---
 CHANGELOG.md                         |  2 ++
 certbot/files/hooks/manual-deploy.sh | 40 ++++++++++++++++++++++++++++
 certbot/tasks/main.yml               |  8 ++++++
 3 files changed, 50 insertions(+)
 create mode 100755 certbot/files/hooks/manual-deploy.sh

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bf701c3b..bbeebf5a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
 
 ### Added
 
+* certbot: add script for manual deploy hooks execution
+
 ### Changed
 
 ### Fixed
diff --git a/certbot/files/hooks/manual-deploy.sh b/certbot/files/hooks/manual-deploy.sh
new file mode 100755
index 00000000..70307070
--- /dev/null
+++ b/certbot/files/hooks/manual-deploy.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -u
+
+error() {
+    >&2 echo "${PROGNAME}: $1"
+    exit 1
+}
+debug() {
+    if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
+        >&2 echo "${PROGNAME}: $1"
+    fi
+}
+found_renewed_lineage() {
+    test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
+}
+main() {
+    if [ -z "${RENEWED_LINEAGE:-}" ]; then
+        error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
+    fi
+    if [ "${VERBOSE}" = "1" ]; then
+        xargs_verbose="--verbose"
+    else
+        xargs_verbose=""
+    fi
+    if found_renewed_lineage; then
+        find "${hooks_dir}" -mindepth 1 -maxdepth 1 -type f -executable -print0 | sort --zero-terminated --dictionary-order | xargs ${xargs_verbose} --no-run-if-empty --null --max-args=1 sh -c
+    else
+        error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
+    fi
+    
+}
+
+PROGNAME=$(basename "$0")
+VERBOSE=${VERBOSE:-"0"}
+QUIET=${QUIET:-"0"}
+
+hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
+
+main
\ No newline at end of file
diff --git a/certbot/tasks/main.yml b/certbot/tasks/main.yml
index e280875c..9259e027 100644
--- a/certbot/tasks/main.yml
+++ b/certbot/tasks/main.yml
@@ -29,6 +29,14 @@
     owner: root
     group: root
 
+- name: Manual deploy hook is present
+  copy:
+    src: hooks/manual-deploy.sh
+    dest: /etc/letsencrypt/renewal-hooks/manual-deploy.sh
+    mode: "0700"
+    owner: root
+    group: root
+
 - name: "sync_remote is configured with servers"
   lineinfile:
     dest: /etc/letsencrypt/renewal-hooks/deploy/sync_remote.cf