From ab8c6b13b8ae5ef70469822d51eafccbed5ff4e0 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 5 Nov 2019 14:08:02 +0100
Subject: [PATCH] evoacme: upstream version 19.11

---
 CHANGELOG.md                   |  1 +
 evoacme/README.md              |  7 ++--
 evoacme/files/evoacme.sh       | 41 ++++++++++++++-----
 evoacme/files/make-csr.sh      | 75 +++++++++++++++++++++++-----------
 evoacme/files/vhost-domains.sh | 58 ++++++++++++++++++--------
 5 files changed, 126 insertions(+), 56 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1248d2f9..312f2981 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
 * apt: check if cron is installed before adding a cron job
 * apt: remove jessie/buster sources from Gandi servers
 * certbot : new role to install and configure certbot
+* evoacme: upstream version 19.11
 * evocheck: upstream version 19.10
 * evolinux-base: default value for "evolinux_ssh_group"
 * evolinux-base: install /sbin/deny
diff --git a/evoacme/README.md b/evoacme/README.md
index 684bdd1a..467a0c0d 100644
--- a/evoacme/README.md
+++ b/evoacme/README.md
@@ -1,10 +1,9 @@
 # Evoacme 2.0
 
-EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates.
+The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>
 
-It is a project hosted at [Evolix's forge](https://gitea.evolix.org/evolix/ansible-roles/)
-
-Evoacme is open source software licensed under the AGPLv3 License.
+Shell scripts are copied from the upstream repository after each release.
+No changes must be applied directly here ; patch upstream, release then copy here.
 
 ## Install
 
diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh
index 770cd8d4..2009bd22 100755
--- a/evoacme/files/evoacme.sh
+++ b/evoacme/files/evoacme.sh
@@ -10,17 +10,33 @@
 set -e
 set -u
 
-usage() {
+show_version() {
+    cat <<END
+evoacme version ${VERSION}
+
+Copyright 2009-2019 Evolix <info@evolix.fr>,
+                    Victor Laborie <vlaborie@evolix.fr>,
+                    Jérémy Lecour <jlecour@evolix.fr>,
+                    Benoit Série <bserie@evolix.fr>
+                    and others.
+
+evoacme comes with ABSOLUTELY NO WARRANTY.  This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the GNU Affero General Public License v3.0 for details.
+END
+}
+
+show_help() {
     cat <<EOT
 Usage: ${PROGNAME} NAME
-  NAME must be correspond to :
-  - a CSR in ${CSR_DIR}/NAME.csr
-  - a KEY in ${SSL_KEY_DIR}/NAME.key
+    NAME must be correspond to :
+    - a CSR in ${CSR_DIR}/NAME.csr
+    - a KEY in ${SSL_KEY_DIR}/NAME.key
 
-  If env variable TEST=1, certbot is run in staging mode
-  If env variable DRY_RUN=1, certbot is run in dry-run mode
-  If env variable QUIET=1, no message is output
-  If env variable VERBOSE=1, debug messages are output
+    If env variable TEST=1, certbot is run in staging mode
+    If env variable DRY_RUN=1, certbot is run in dry-run mode
+    If env variable QUIET=1, no message is output
+    If env variable VERBOSE=1, debug messages are output
 EOT
 }
 
@@ -36,7 +52,7 @@ debug() {
 }
 error() {
     >&2 echo "${PROGNAME}: $1"
-    [ "$1" = "invalid argument(s)" ] && >&2 usage
+    [ "$1" = "invalid argument(s)" ] && >&2 show_help
     exit 1
 }
 
@@ -75,7 +91,7 @@ sed_cert_path_for_nginx() {
         sed -i "s~${search}~${replace}~" "${vhost_full_path}"
         debug "Config in ${vhost_full_path} has been updated"
         $(command -v nginx) -t 2>/dev/null
-        [ "${?}" -eq 0 ] || $(command -v nginx) -t
+        [ "${?}" -eq 0 ] || $(command -v nginx) -t -q
     fi
 }
 x509_verify() {
@@ -98,7 +114,8 @@ main() {
     # check arguments
     [ "$#" -eq 1 ] || error "invalid argument(s)"
 
-    [ "$1" = "-h" ] || [ "$1" = "--help" ] && usage && exit 0
+    [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
+    [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
 
     mkdir -p "${ACME_DIR}"
     chown acme: "${ACME_DIR}"
@@ -287,6 +304,8 @@ readonly QUIET=${QUIET:-"0"}
 readonly TEST=${TEST:-"0"}
 readonly DRY_RUN=${DRY_RUN:-"0"}
 
+readonly VERSION="19.11"
+
 # Read configuration file, if it exists
 [ -r /etc/default/evoacme ] && . /etc/default/evoacme
 
diff --git a/evoacme/files/make-csr.sh b/evoacme/files/make-csr.sh
index e2cbb297..b61d5adb 100755
--- a/evoacme/files/make-csr.sh
+++ b/evoacme/files/make-csr.sh
@@ -9,27 +9,52 @@
 
 set -u
 
-usage() {
-    cat <<EOT
-Usage: ${PROGNAME} VHOST DOMAIN...
-VHOST must correspond to an Apache or Nginx enabled VHost
-If VHOST ends with ".conf" it is stripped,
-then files are seached at those paths:
-- /etc/apache2/sites-enables/VHOST.conf
-- /etc/nginx/sites-enabled/VHOST.conf
-- /etc/nginx/sites-enabled/VHOST
-DOMAIN... is a list of domains for the CSR (passed as arguments or input)
+show_version() {
+    cat <<END
+make-csr version ${VERSION}
 
-If env variable VERBOSE=1, debug messages are sent to stderr
+Copyright 2009-2019 Evolix <info@evolix.fr>,
+                    Victor Laborie <vlaborie@evolix.fr>,
+                    Jérémy Lecour <jlecour@evolix.fr>,
+                    Benoit Série <bserie@evolix.fr>
+                    and others.
+
+make-csr comes with ABSOLUTELY NO WARRANTY.  This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the GNU Affero General Public License v3.0 for details.
+END
+}
+
+show_help() {
+    cat <<EOT
+Usage: ${PROGNAME} VHOST DOMAIN [DOMAIN]
+    VHOST must correspond to an Apache or Nginx enabled VHost
+    If VHOST ends with ".conf" it is stripped,
+    then files are seached at those paths:
+    - /etc/apache2/sites-enables/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST
+
+    DOMAIN is a list of domains for the CSR (passed as arguments or input)
+
+    If env variable QUIET=1, no message is output
+    If env variable VERBOSE=1, debug messages are output
 EOT
 }
+
+log() {
+    if [ "${QUIET}" != "1" ]; then
+        echo "${PROGNAME}: $1"
+    fi
+}
 debug() {
-    if [ "${VERBOSE}" = 1 ]; then
+    if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
         >&2 echo "${PROGNAME}: $1"
     fi
 }
 error() {
     >&2 echo "${PROGNAME}: $1"
+    [ "$1" = "invalid argument(s)" ] && >&2 show_help
     exit 1
 }
 
@@ -173,13 +198,15 @@ EOF
 }
 
 main() {
+    # We must have at least 1 argument
+    [ "$#" -ge 1 ] || error "invalid argument(s)"
+    [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
+    [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
+
     if [ -t 0 ]; then
-        # We have STDIN, so we should have at least 2 arguments
-        if [ "$#" -lt 2 ]; then
-            >&2 echo "invalid arguments"
-            >&2 usage
-            exit 1
-        fi
+        # We have STDIN, so we should have 2 arguments
+        [ "$#" -eq 2 ] || error "invalid argument(s)"
+
         # read VHOST from first argument
         VHOST="$1"
         # remove the first argument
@@ -187,12 +214,9 @@ main() {
         # read domains from remaining arguments
         DOMAINS=$@
     else
-        # We don't have STDIN, so we should have only 1 argument
-        if [ "$#" != 1 ]; then
-            >&2 echo "invalid arguments"
-            >&2 usage
-            exit 1
-        fi
+        # We don't have STDIN, so we should have 1 argument
+        [ "$#" -eq 1 ] || error "invalid argument(s)"
+
         # read VHOST from first argument
         VHOST="$1"
         # read domains from input
@@ -239,6 +263,9 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
 readonly ARGS=$@
 
 readonly VERBOSE=${VERBOSE:-"0"}
+readonly QUIET=${QUIET:-"0"}
+
+readonly VERSION="19.11"
 
 # Read configuration file, if it exists
 [ -r /etc/default/evoacme ] && . /etc/default/evoacme
diff --git a/evoacme/files/vhost-domains.sh b/evoacme/files/vhost-domains.sh
index fd25ce86..d2f9c61c 100755
--- a/evoacme/files/vhost-domains.sh
+++ b/evoacme/files/vhost-domains.sh
@@ -9,27 +9,50 @@
 
 set -u
 
-usage() {
+show_version() {
+    cat <<END
+vhost-domains version ${VERSION}
+
+Copyright 2009-2019 Evolix <info@evolix.fr>,
+                    Victor Laborie <vlaborie@evolix.fr>,
+                    Jérémy Lecour <jlecour@evolix.fr>,
+                    Benoit Série <bserie@evolix.fr>
+                    and others.
+
+vhost-domains comes with ABSOLUTELY NO WARRANTY. This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the GNU Affero General Public License v3.0 for details.
+END
+}
+
+show_help() {
     cat <<EOT
 Usage: ${PROGNAME} VHOST
-VHOST must correspond to an Apache or Nginx enabled VHost
-If VHOST ends with ".conf" it is stripped,
-then files are seached at those paths:
-- /etc/apache2/sites-enables/VHOST.conf
-- /etc/nginx/sites-enabled/VHOST.conf
-- /etc/nginx/sites-enabled/VHOST
+    VHOST must correspond to an Apache or Nginx enabled VHost
+    If VHOST ends with ".conf" it is stripped,
+    then files are seached at those paths:
+    - /etc/apache2/sites-enables/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST.conf
+    - /etc/nginx/sites-enabled/VHOST
 
-If env variable VERBOSE=1, debug messages are sent to stderr
+    If env variable QUIET=1, no message is output
+    If env variable VERBOSE=1, debug messages are output
 EOT
 }
 
+log() {
+    if [ "${QUIET}" != "1" ]; then
+        echo "${PROGNAME}: $1"
+    fi
+}
 debug() {
-    if [ "${VERBOSE}" = 1 ]; then
+    if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
         >&2 echo "${PROGNAME}: $1"
     fi
 }
 error() {
     >&2 echo "${PROGNAME}: $1"
+    [ "$1" = "invalid argument(s)" ] && >&2 show_help
     exit 1
 }
 
@@ -118,14 +141,11 @@ first_vhost_file_found() {
 }
 
 main() {
-    if [ "$#" != 1 ]; then
-        >&2 usage
-        exit 1
-    fi
-    if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
-        usage
-        exit 0
-    fi
+    # check arguments
+    [ "$#" -eq 1 ] || error "invalid argument(s)"
+
+    [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
+    [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
 
     local vhost_name=$(basename "$1" .conf)
     local vhost_file=$(first_vhost_file_found "${vhost_name}")
@@ -148,6 +168,10 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
 readonly ARGS=$@
 
 readonly VERBOSE=${VERBOSE:-"0"}
+readonly QUIET=${QUIET:-"0"}
+
+readonly VERSION="19.11"
+
 readonly SRV_IP=${SRV_IP:-""}
 
 main $ARGS