From 1d5a30b144fcfc166786ebc1413349f4b006a6b0 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 3 Jun 2020 12:06:03 +0200 Subject: [PATCH] evoacme: upstream release 20.06 --- CHANGELOG.md | 1 + evoacme/files/evoacme.sh | 21 ++++++++++----------- evoacme/files/make-csr.sh | 2 +- evoacme/files/vhost-domains.sh | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95496976..3c782fe4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release. * redis: create sudoers file if missing * redis: new syntax for match filter * redis: raise an error is port 6379 is used in "instance" mode +* evoacme: upstream release 20.06 ### Fixed diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh index 2009bd22..3b6d9771 100755 --- a/evoacme/files/evoacme.sh +++ b/evoacme/files/evoacme.sh @@ -118,21 +118,21 @@ main() { [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0 mkdir -p "${ACME_DIR}" - chown acme: "${ACME_DIR}" + chown root: "${ACME_DIR}" [ -w "${ACME_DIR}" ] || error "Directory ${ACME_DIR} is not writable" [ -d "${CSR_DIR}" ] || error "Directory ${CSR_DIR} is not found" mkdir -p "${CRT_DIR}" - chown acme: "${CRT_DIR}" + chown root: "${CRT_DIR}" [ -w "${CRT_DIR}" ] || error "Directory ${CRT_DIR} is not writable" mkdir -p "${LOG_DIR}" - chown acme: "${LOG_DIR}" + chown root: "${LOG_DIR}" [ -w "${LOG_DIR}" ] || error "Directory ${LOG_DIR} is not writable" mkdir -p "${HOOKS_DIR}" - chown acme: "${HOOKS_DIR}" + chown root: "${HOOKS_DIR}" [ -d "${HOOKS_DIR}" ] || error "Directory ${HOOKS_DIR} is not found" readonly VHOST=$(basename "$1" .conf) @@ -195,7 +195,7 @@ main() { [ -d "${NEW_DIR}" ] && error "${NEW_DIR} directory already exists, remove it manually." mkdir -p "${NEW_DIR}" - chown -R acme: "${CRT_DIR}" + chown -R root: "${CRT_DIR}" chmod -R 0700 "${CRT_DIR}" chmod -R g+rX "${CRT_DIR}" debug "New cert will be created in ${NEW_DIR}" @@ -218,15 +218,14 @@ main() { CERTBOT_REGISTRATION="${CERTBOT_REGISTRATION} --register-unsafely-without-email" fi - # Permissions checks for acme user - sudo -u acme test -r "${CSR_FILE}" || error "File ${CSR_FILE} is not readable by user 'acme'" - sudo -u acme test -w "${NEW_DIR}" || error "Directory ${NEW_DIR} is not writable by user 'acme'" + # Permissions checks + test -r "${CSR_FILE}" || error "File ${CSR_FILE} is not readable" + test -w "${NEW_DIR}" || error "Directory ${NEW_DIR} is not writable" # create a certificate with certbot # we disable the set -e during the certbot call set +e - sudo -u acme \ - "${CERTBOT_BIN}" \ + "${CERTBOT_BIN}" \ certonly \ ${CERTBOT_MODE} \ ${CERTBOT_REGISTRATION} \ @@ -304,7 +303,7 @@ readonly QUIET=${QUIET:-"0"} readonly TEST=${TEST:-"0"} readonly DRY_RUN=${DRY_RUN:-"0"} -readonly VERSION="19.11" +readonly VERSION="20.06" # Read configuration file, if it exists [ -r /etc/default/evoacme ] && . /etc/default/evoacme diff --git a/evoacme/files/make-csr.sh b/evoacme/files/make-csr.sh index b61d5adb..d7abb204 100755 --- a/evoacme/files/make-csr.sh +++ b/evoacme/files/make-csr.sh @@ -265,7 +265,7 @@ readonly ARGS=$@ readonly VERBOSE=${VERBOSE:-"0"} readonly QUIET=${QUIET:-"0"} -readonly VERSION="19.11" +readonly VERSION="20.06" # Read configuration file, if it exists [ -r /etc/default/evoacme ] && . /etc/default/evoacme diff --git a/evoacme/files/vhost-domains.sh b/evoacme/files/vhost-domains.sh index d2f9c61c..6bf91286 100755 --- a/evoacme/files/vhost-domains.sh +++ b/evoacme/files/vhost-domains.sh @@ -170,7 +170,7 @@ readonly ARGS=$@ readonly VERBOSE=${VERBOSE:-"0"} readonly QUIET=${QUIET:-"0"} -readonly VERSION="19.11" +readonly VERSION="20.06" readonly SRV_IP=${SRV_IP:-""}