From 2f66b284bdccce47f0e459c1a1cc8133651cf435 Mon Sep 17 00:00:00 2001 From: Thomas Lange Date: Fri, 14 May 2021 01:28:07 +0200 Subject: Move script to package/sbin directory Move the CertDeploy script to the package/sbin directory. This makes it possible to manage the "package" directory with tools like GNU Stow. See: https://www.gnu.org/software/stow/ --- certdeploy | 162 ------------------------------------------------ package/sbin/certdeploy | 162 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+), 162 deletions(-) delete mode 100755 certdeploy create mode 100755 package/sbin/certdeploy diff --git a/certdeploy b/certdeploy deleted file mode 100755 index 24eb79f..0000000 --- a/certdeploy +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/bash -#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# -# certdeploy – A deploy hook script for Certbot [by Thomas Lange] # -#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# -# # -# =================================== USAGE ================================== # -# # -# certdeploy [OPTIONS] source_directory target_directory # -# # -# =========================== COMMAND-LINE OPTIONS =========================== # -# # -# [-m mode] Mode for target certificate files (octal notation, 3-4 digits) # -# [-o owner] User ownership for certificate files in target directory # -# [-g group] Group ownership for certificate files in target directory # -# # -# [-M mode] Mode for target directory (octal notation, 3-4 digits) # -# [-O owner] User ownership for target directory # -# [-G group] Group ownership for target directory # -# # -# [-K] Filename for private key in target directory # -# [-I] Filename for intermediate in target directory # -# [-C] Filename for certificate in target directory # -# [-F] Filename for certificate chain in target directory # -# # -# ========================== COMMAND-LINE ARGUMENTS ========================== # -# # -# [$1]: Source directory of the certificate files # -# [$2]: Target directory in which the certificate files shall be copied # -# # -#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# - -#=============================================================================== -# Parse command-line options -#=============================================================================== -while getopts :m:o:g:M:O:G:K:I:C:F: option -do - case $option in - m) OPTION_FMODE="$OPTARG" ;; - o) OPTION_FOWNER="$OPTARG" ;; - g) OPTION_FGROUP="$OPTARG" ;; - M) OPTION_DMODE="$OPTARG" ;; - O) OPTION_DOWNER="$OPTARG" ;; - G) OPTION_DGROUP="$OPTARG" ;; - K) OPTION_TARGET_FILENAME_K="$OPTARG" ;; - I) OPTION_TARGET_FILENAME_I="$OPTARG" ;; - C) OPTION_TARGET_FILENAME_C="$OPTARG" ;; - F) OPTION_TARGET_FILENAME_F="$OPTARG" ;; - esac -done; shift $((OPTIND-1)) - -#=============================================================================== -# Check presence of required non-option arguments -#=============================================================================== -if [ -z "$1" ] -then - echo "$0: Missing argument #1: Path to source directory" >&2 - argument_errors_occurred=x -fi - -if [ -z "$2" ] -then - echo "$0: Missing argument #2: Path to target directory" >&2 - argument_errors_occurred=x -fi - -#=============================================================================== -# Check if argument presence-validation errors occurred -#=============================================================================== -[ ! -z "$argument_errors_occurred" ] && echo "Aborting ..." >&2 && exit 1 - -#=============================================================================== -# Define {source|target} directory path variable -#=============================================================================== -SOURCE_PATH="$1" -TARGET_PATH="$2" - -#=============================================================================== -# Define default {owner|group} variable -#=============================================================================== -DEFAULT_OWNER=$(id -u) -DEFAULT_GROUP=$(id -g) - -#=============================================================================== -# Define {file|directory} mode, owner and group variables -#=============================================================================== -FMODE="${OPTION_FMODE:-0600}" -FOWNER="${OPTION_FOWNER:-$DEFAULT_OWNER}" -FGROUP="${OPTION_FGROUP:-$DEFAULT_GROUP}" - -DMODE="${OPTION_DMODE:-0755}" -DOWNER="${OPTION_DOWNER:-$DEFAULT_OWNER}" -DGROUP="${OPTION_DGROUP:-$DEFAULT_GROUP}" - -# Allow only four digits (octal notation) for modes -DMODE="$(echo "$DMODE" | tr -dc '0-7' | cut -c 1-4)" -FMODE="$(echo "$FMODE" | tr -dc '0-7' | cut -c 1-4)" - -#=============================================================================== -# Define {source|target} filename variables -#=============================================================================== -SOURCE_FILENAME_K="privkey.pem" -SOURCE_FILENAME_I="chain.pem" -SOURCE_FILENAME_C="cert.pem" -SOURCE_FILENAME_F="fullchain.pem" - -TARGET_FILENAME_K="${OPTION_TARGET_FILENAME_K:-confidential.pem}" -TARGET_FILENAME_I="${OPTION_TARGET_FILENAME_I:-intermediate.pem}" -TARGET_FILENAME_C="${OPTION_TARGET_FILENAME_C:-certificate_only.pem}" -TARGET_FILENAME_F="${OPTION_TARGET_FILENAME_F:-certificate_full.pem}" - -#=============================================================================== -# Define {source|target} full path variables -#=============================================================================== -SOURCE_PATH_K="${SOURCE_PATH%/}/${SOURCE_FILENAME_K}" -SOURCE_PATH_I="${SOURCE_PATH%/}/${SOURCE_FILENAME_I}" -SOURCE_PATH_C="${SOURCE_PATH%/}/${SOURCE_FILENAME_C}" -SOURCE_PATH_F="${SOURCE_PATH%/}/${SOURCE_FILENAME_F}" - -TARGET_PATH_K="${TARGET_PATH%/}/${TARGET_FILENAME_K}" -TARGET_PATH_I="${TARGET_PATH%/}/${TARGET_FILENAME_I}" -TARGET_PATH_C="${TARGET_PATH%/}/${TARGET_FILENAME_C}" -TARGET_PATH_F="${TARGET_PATH%/}/${TARGET_FILENAME_F}" - -#=============================================================================== -# Check if source directory exists and is readable -#=============================================================================== -if [ ! -d "$SOURCE_PATH" ] || [ ! -r "$SOURCE_PATH" ] -then - echo "Directory »$SOURCE_PATH« doesn't exists or isn't readable." >&2 - echo "Aborting ..." >&2 && exit 1 -fi - -#=============================================================================== -# Check if certificate files exist and are readable -#=============================================================================== -for file in "$SOURCE_PATH_K" "$SOURCE_PATH_I" "$SOURCE_PATH_C" "$SOURCE_PATH_F" -do - if [ ! -f "$file" ] || [ ! -r "$file" ] - then - echo "File »$file« doesn't exists or isn't readable." >&2 - echo "Aborting ..." >&2 && exit 1 - fi -done - -#=============================================================================== -# Create target directory (with parents) for certificate files -#=============================================================================== -install -m "$DMODE" -o "$DOWNER" -g "$DGROUP" -d "$TARGET_PATH" - -#=============================================================================== -# Copy certificate files from source to the target destination -#=============================================================================== -install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_K" "$TARGET_PATH_K" -install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_I" "$TARGET_PATH_I" -install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_C" "$TARGET_PATH_C" -install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_F" "$TARGET_PATH_F" - -#=============================================================================== -# Print stats for target directory and certificate files -#=============================================================================== -stat -c "[%a:%A] [%U:%G] => %n" ${TARGET_PATH%/} -stat -c "[%a:%A] [%U:%G] => %n" ${TARGET_PATH%/}/* diff --git a/package/sbin/certdeploy b/package/sbin/certdeploy new file mode 100755 index 0000000..24eb79f --- /dev/null +++ b/package/sbin/certdeploy @@ -0,0 +1,162 @@ +#!/bin/bash +#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# +# certdeploy – A deploy hook script for Certbot [by Thomas Lange] # +#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# +# # +# =================================== USAGE ================================== # +# # +# certdeploy [OPTIONS] source_directory target_directory # +# # +# =========================== COMMAND-LINE OPTIONS =========================== # +# # +# [-m mode] Mode for target certificate files (octal notation, 3-4 digits) # +# [-o owner] User ownership for certificate files in target directory # +# [-g group] Group ownership for certificate files in target directory # +# # +# [-M mode] Mode for target directory (octal notation, 3-4 digits) # +# [-O owner] User ownership for target directory # +# [-G group] Group ownership for target directory # +# # +# [-K] Filename for private key in target directory # +# [-I] Filename for intermediate in target directory # +# [-C] Filename for certificate in target directory # +# [-F] Filename for certificate chain in target directory # +# # +# ========================== COMMAND-LINE ARGUMENTS ========================== # +# # +# [$1]: Source directory of the certificate files # +# [$2]: Target directory in which the certificate files shall be copied # +# # +#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# + +#=============================================================================== +# Parse command-line options +#=============================================================================== +while getopts :m:o:g:M:O:G:K:I:C:F: option +do + case $option in + m) OPTION_FMODE="$OPTARG" ;; + o) OPTION_FOWNER="$OPTARG" ;; + g) OPTION_FGROUP="$OPTARG" ;; + M) OPTION_DMODE="$OPTARG" ;; + O) OPTION_DOWNER="$OPTARG" ;; + G) OPTION_DGROUP="$OPTARG" ;; + K) OPTION_TARGET_FILENAME_K="$OPTARG" ;; + I) OPTION_TARGET_FILENAME_I="$OPTARG" ;; + C) OPTION_TARGET_FILENAME_C="$OPTARG" ;; + F) OPTION_TARGET_FILENAME_F="$OPTARG" ;; + esac +done; shift $((OPTIND-1)) + +#=============================================================================== +# Check presence of required non-option arguments +#=============================================================================== +if [ -z "$1" ] +then + echo "$0: Missing argument #1: Path to source directory" >&2 + argument_errors_occurred=x +fi + +if [ -z "$2" ] +then + echo "$0: Missing argument #2: Path to target directory" >&2 + argument_errors_occurred=x +fi + +#=============================================================================== +# Check if argument presence-validation errors occurred +#=============================================================================== +[ ! -z "$argument_errors_occurred" ] && echo "Aborting ..." >&2 && exit 1 + +#=============================================================================== +# Define {source|target} directory path variable +#=============================================================================== +SOURCE_PATH="$1" +TARGET_PATH="$2" + +#=============================================================================== +# Define default {owner|group} variable +#=============================================================================== +DEFAULT_OWNER=$(id -u) +DEFAULT_GROUP=$(id -g) + +#=============================================================================== +# Define {file|directory} mode, owner and group variables +#=============================================================================== +FMODE="${OPTION_FMODE:-0600}" +FOWNER="${OPTION_FOWNER:-$DEFAULT_OWNER}" +FGROUP="${OPTION_FGROUP:-$DEFAULT_GROUP}" + +DMODE="${OPTION_DMODE:-0755}" +DOWNER="${OPTION_DOWNER:-$DEFAULT_OWNER}" +DGROUP="${OPTION_DGROUP:-$DEFAULT_GROUP}" + +# Allow only four digits (octal notation) for modes +DMODE="$(echo "$DMODE" | tr -dc '0-7' | cut -c 1-4)" +FMODE="$(echo "$FMODE" | tr -dc '0-7' | cut -c 1-4)" + +#=============================================================================== +# Define {source|target} filename variables +#=============================================================================== +SOURCE_FILENAME_K="privkey.pem" +SOURCE_FILENAME_I="chain.pem" +SOURCE_FILENAME_C="cert.pem" +SOURCE_FILENAME_F="fullchain.pem" + +TARGET_FILENAME_K="${OPTION_TARGET_FILENAME_K:-confidential.pem}" +TARGET_FILENAME_I="${OPTION_TARGET_FILENAME_I:-intermediate.pem}" +TARGET_FILENAME_C="${OPTION_TARGET_FILENAME_C:-certificate_only.pem}" +TARGET_FILENAME_F="${OPTION_TARGET_FILENAME_F:-certificate_full.pem}" + +#=============================================================================== +# Define {source|target} full path variables +#=============================================================================== +SOURCE_PATH_K="${SOURCE_PATH%/}/${SOURCE_FILENAME_K}" +SOURCE_PATH_I="${SOURCE_PATH%/}/${SOURCE_FILENAME_I}" +SOURCE_PATH_C="${SOURCE_PATH%/}/${SOURCE_FILENAME_C}" +SOURCE_PATH_F="${SOURCE_PATH%/}/${SOURCE_FILENAME_F}" + +TARGET_PATH_K="${TARGET_PATH%/}/${TARGET_FILENAME_K}" +TARGET_PATH_I="${TARGET_PATH%/}/${TARGET_FILENAME_I}" +TARGET_PATH_C="${TARGET_PATH%/}/${TARGET_FILENAME_C}" +TARGET_PATH_F="${TARGET_PATH%/}/${TARGET_FILENAME_F}" + +#=============================================================================== +# Check if source directory exists and is readable +#=============================================================================== +if [ ! -d "$SOURCE_PATH" ] || [ ! -r "$SOURCE_PATH" ] +then + echo "Directory »$SOURCE_PATH« doesn't exists or isn't readable." >&2 + echo "Aborting ..." >&2 && exit 1 +fi + +#=============================================================================== +# Check if certificate files exist and are readable +#=============================================================================== +for file in "$SOURCE_PATH_K" "$SOURCE_PATH_I" "$SOURCE_PATH_C" "$SOURCE_PATH_F" +do + if [ ! -f "$file" ] || [ ! -r "$file" ] + then + echo "File »$file« doesn't exists or isn't readable." >&2 + echo "Aborting ..." >&2 && exit 1 + fi +done + +#=============================================================================== +# Create target directory (with parents) for certificate files +#=============================================================================== +install -m "$DMODE" -o "$DOWNER" -g "$DGROUP" -d "$TARGET_PATH" + +#=============================================================================== +# Copy certificate files from source to the target destination +#=============================================================================== +install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_K" "$TARGET_PATH_K" +install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_I" "$TARGET_PATH_I" +install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_C" "$TARGET_PATH_C" +install -m "$FMODE" -o "$FOWNER" -g "$FGROUP" "$SOURCE_PATH_F" "$TARGET_PATH_F" + +#=============================================================================== +# Print stats for target directory and certificate files +#=============================================================================== +stat -c "[%a:%A] [%U:%G] => %n" ${TARGET_PATH%/} +stat -c "[%a:%A] [%U:%G] => %n" ${TARGET_PATH%/}/* -- cgit v1.2.3