evoacme: upstream version 19.11

2019-11-05 14:08:02 +01:00 · 2019-11-05 14:08:02 +01:00 · ab8c6b13b8
parent 7e50a460a8
commit ab8c6b13b8
5 changed files with 126 additions and 56 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
 * apt: check if cron is installed before adding a cron job
 * apt: remove jessie/buster sources from Gandi servers
 * certbot : new role to install and configure certbot
+* evoacme: upstream version 19.11
 * evocheck: upstream version 19.10
 * evolinux-base: default value for "evolinux_ssh_group"
 * evolinux-base: install /sbin/deny
--- a/evoacme/README.md
+++ b/evoacme/README.md
@ -1,10 +1,9 @@
 # Evoacme 2.0

-EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates.
+The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>

-It is a project hosted at [Evolix's forge](https://gitea.evolix.org/evolix/ansible-roles/)
-
-Evoacme is open source software licensed under the AGPLv3 License.
+Shell scripts are copied from the upstream repository after each release.
+No changes must be applied directly here ; patch upstream, release then copy here.

 ## Install

--- a/evoacme/files/evoacme.sh
+++ b/evoacme/files/evoacme.sh
@ -10,17 +10,33 @@
 set -e
 set -u

-usage() {
+show_version() {
+    cat <<END
+evoacme version ${VERSION}
+
+Copyright 2009-2019 Evolix <info@evolix.fr>,
+                    Victor Laborie <vlaborie@evolix.fr>,
+                    Jérémy Lecour <jlecour@evolix.fr>,
+                    Benoit Série <bserie@evolix.fr>
+                    and others.
+
+evoacme comes with ABSOLUTELY NO WARRANTY.  This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the GNU Affero General Public License v3.0 for details.
+END
+}
+
+show_help() {
    cat <<EOT
 Usage: ${PROGNAME} NAME
-  NAME must be correspond to :
-  - a CSR in ${CSR_DIR}/NAME.csr
-  - a KEY in ${SSL_KEY_DIR}/NAME.key
+    NAME must be correspond to :
+    - a CSR in ${CSR_DIR}/NAME.csr
+    - a KEY in ${SSL_KEY_DIR}/NAME.key

-  If env variable TEST=1, certbot is run in staging mode
-  If env variable DRY_RUN=1, certbot is run in dry-run mode
-  If env variable QUIET=1, no message is output
-  If env variable VERBOSE=1, debug messages are output
+    If env variable TEST=1, certbot is run in staging mode
+    If env variable DRY_RUN=1, certbot is run in dry-run mode
+    If env variable QUIET=1, no message is output
+    If env variable VERBOSE=1, debug messages are output
 EOT
 }

@ -36,7 +52,7 @@ debug() {
 }
 error() {
    >&2 echo "${PROGNAME}: $1"
-    [ "$1" = "invalid argument(s)" ] && >&2 usage
+    [ "$1" = "invalid argument(s)" ] && >&2 show_help
    exit 1
 }

@ -75,7 +91,7 @@ sed_cert_path_for_nginx() {
        sed -i "s~${search}~${replace}~" "${vhost_full_path}"
        debug "Config in ${vhost_full_path} has been updated"
        $(command -v nginx) -t 2>/dev/null
-        [ "${?}" -eq 0 ] || $(command -v nginx) -t
+        [ "${?}" -eq 0 ] || $(command -v nginx) -t -q
    fi
 }
 x509_verify() {
@ -98,7 +114,8 @@ main() {
    # check arguments
    [ "$#" -eq 1 ] || error "invalid argument(s)"

-    [ "$1" = "-h" ] || [ "$1" = "--help" ] && usage && exit 0
+    [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
+    [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0

    mkdir -p "${ACME_DIR}"
    chown acme: "${ACME_DIR}"
@ -287,6 +304,8 @@ readonly QUIET=${QUIET:-"0"}
 readonly TEST=${TEST:-"0"}
 readonly DRY_RUN=${DRY_RUN:-"0"}

+readonly VERSION="19.11"
+
 # Read configuration file, if it exists
 [ -r /etc/default/evoacme ] && . /etc/default/evoacme

--- a/evoacme/files/make-csr.sh
+++ b/evoacme/files/make-csr.sh
@ -9,27 +9,52 @@

 set -u

-usage() {
-    cat <<EOT
-Usage: ${PROGNAME} VHOST DOMAIN...
-VHOST must correspond to an Apache or Nginx enabled VHost
-If VHOST ends with ".conf" it is stripped,
-then files are seached at those paths:
- /etc/apache2/sites-enables/VHOST.conf
- /etc/nginx/sites-enabled/VHOST.conf
- /etc/nginx/sites-enabled/VHOST
-DOMAIN... is a list of domains for the CSR (passed as arguments or input)
+show_version() {
+    cat <<END
+make-csr version ${VERSION}

-If env variable VERBOSE=1, debug messages are sent to stderr
+Copyright 2009-2019 Evolix <info@evolix.fr>,
+                    Victor Laborie <vlaborie@evolix.fr>,
+                    Jérémy Lecour <jlecour@evolix.fr>,
+                    Benoit Série <bserie@evolix.fr>
+                    and others.
+
+make-csr comes with ABSOLUTELY NO WARRANTY.  This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the GNU Affero General Public License v3.0 for details.
+END
+}
+
+show_help() {
+    cat <<EOT
+Usage: ${PROGNAME} VHOST DOMAIN [DOMAIN]
+    VHOST must correspond to an Apache or Nginx enabled VHost
+    If VHOST ends with ".conf" it is stripped,
+    then files are seached at those paths:
+    - /etc/apache2/sites-enables/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST
+
+    DOMAIN is a list of domains for the CSR (passed as arguments or input)
+
+    If env variable QUIET=1, no message is output
+    If env variable VERBOSE=1, debug messages are output
 EOT
 }
+
+log() {
+    if [ "${QUIET}" != "1" ]; then
+        echo "${PROGNAME}: $1"
+    fi
+}
 debug() {
-    if [ "${VERBOSE}" = 1 ]; then
+    if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
        >&2 echo "${PROGNAME}: $1"
    fi
 }
 error() {
    >&2 echo "${PROGNAME}: $1"
+    [ "$1" = "invalid argument(s)" ] && >&2 show_help
    exit 1
 }

@ -173,13 +198,15 @@ EOF
 }

 main() {
+    # We must have at least 1 argument
+    [ "$#" -ge 1 ] || error "invalid argument(s)"
+    [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
+    [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
+
    if [ -t 0 ]; then
-        # We have STDIN, so we should have at least 2 arguments
-        if [ "$#" -lt 2 ]; then
-            >&2 echo "invalid arguments"
-            >&2 usage
-            exit 1
-        fi
+        # We have STDIN, so we should have 2 arguments
+        [ "$#" -eq 2 ] || error "invalid argument(s)"
+
        # read VHOST from first argument
        VHOST="$1"
        # remove the first argument
@ -187,12 +214,9 @@ main() {
        # read domains from remaining arguments
        DOMAINS=$@
    else
-        # We don't have STDIN, so we should have only 1 argument
-        if [ "$#" != 1 ]; then
-            >&2 echo "invalid arguments"
-            >&2 usage
-            exit 1
-        fi
+        # We don't have STDIN, so we should have 1 argument
+        [ "$#" -eq 1 ] || error "invalid argument(s)"
+
        # read VHOST from first argument
        VHOST="$1"
        # read domains from input
@ -239,6 +263,9 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
 readonly ARGS=$@

 readonly VERBOSE=${VERBOSE:-"0"}
+readonly QUIET=${QUIET:-"0"}
+
+readonly VERSION="19.11"

 # Read configuration file, if it exists
 [ -r /etc/default/evoacme ] && . /etc/default/evoacme
--- a/evoacme/files/vhost-domains.sh
+++ b/evoacme/files/vhost-domains.sh
@ -9,27 +9,50 @@

 set -u

-usage() {
+show_version() {
+    cat <<END
+vhost-domains version ${VERSION}
+
+Copyright 2009-2019 Evolix <info@evolix.fr>,
+                    Victor Laborie <vlaborie@evolix.fr>,
+                    Jérémy Lecour <jlecour@evolix.fr>,
+                    Benoit Série <bserie@evolix.fr>
+                    and others.
+
+vhost-domains comes with ABSOLUTELY NO WARRANTY. This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the GNU Affero General Public License v3.0 for details.
+END
+}
+
+show_help() {
    cat <<EOT
 Usage: ${PROGNAME} VHOST
-VHOST must correspond to an Apache or Nginx enabled VHost
-If VHOST ends with ".conf" it is stripped,
-then files are seached at those paths:
- /etc/apache2/sites-enables/VHOST.conf
- /etc/nginx/sites-enabled/VHOST.conf
- /etc/nginx/sites-enabled/VHOST
+    VHOST must correspond to an Apache or Nginx enabled VHost
+    If VHOST ends with ".conf" it is stripped,
+    then files are seached at those paths:
+    - /etc/apache2/sites-enables/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST

-If env variable VERBOSE=1, debug messages are sent to stderr
+    If env variable QUIET=1, no message is output
+    If env variable VERBOSE=1, debug messages are output
 EOT
 }

+log() {
+    if [ "${QUIET}" != "1" ]; then
+        echo "${PROGNAME}: $1"
+    fi
+}
 debug() {
-    if [ "${VERBOSE}" = 1 ]; then
+    if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
        >&2 echo "${PROGNAME}: $1"
    fi
 }
 error() {
    >&2 echo "${PROGNAME}: $1"
+    [ "$1" = "invalid argument(s)" ] && >&2 show_help
    exit 1
 }

@ -118,14 +141,11 @@ first_vhost_file_found() {
 }

 main() {
-    if [ "$#" != 1 ]; then
-        >&2 usage
-        exit 1
-    fi
-    if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
-        usage
-        exit 0
-    fi
+    # check arguments
+    [ "$#" -eq 1 ] || error "invalid argument(s)"
+
+    [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
+    [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0

    local vhost_name=$(basename "$1" .conf)
    local vhost_file=$(first_vhost_file_found "${vhost_name}")
@ -148,6 +168,10 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
 readonly ARGS=$@

 readonly VERBOSE=${VERBOSE:-"0"}
+readonly QUIET=${QUIET:-"0"}
+
+readonly VERSION="19.11"
+
 readonly SRV_IP=${SRV_IP:-""}

 main $ARGS