diff --git a/src/freedombone b/src/freedombone index 89f200c5..b78ab31b 100755 --- a/src/freedombone +++ b/src/freedombone @@ -37,6 +37,11 @@ export TEXTDOMAINDIR="/usr/share/locale" DEFAULT_LANGUAGE=$(echo $LANG) +source /usr/local/bin/${PROJECT_NAME}-utils-git +if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then + source /usr/bin/${PROJECT_NAME}-utils-git +fi + # username created by default within a debian image GENERIC_IMAGE_USERNAME='fbone' @@ -618,61 +623,6 @@ function show_help { exit 0 } -function git_clone { - repo_url="$1" - destination_dir="$2" - if [[ "$repo_url" == "ssh:"* ]]; then - if [ "${FRIENDS_MIRRORS_SERVER}" ]; then - if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then - if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then - if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then - echo "sshpass -p \"$FRIENDS_MIRRORS_PASSWORD\" git clone $repo_url $destination_dir" - sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir" - return - fi - fi - fi - fi - fi - echo "git clone $repo_url $destination_dir" - git clone "$repo_url" "$destination_dir" -} - -function git_pull { - if [ ! $1 ]; then - echo $'git_pull no repo specified' - fi - - git stash - git remote set-url origin $1 - git checkout master - if [ "${FRIENDS_MIRRORS_SERVER}" ]; then - if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then - if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then - if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then - sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull - if [ $2 ]; then - git checkout $2 -b $2 - fi - return - fi - fi - fi - fi - git pull - - if [ $2 ]; then - # delete any existing branch - git branch -D $2 - # check out the new branch - git checkout $2 -b $2 - if [ ! "$?" = "0" ]; then - echo $"Unable to checkout $1 $2" - exit 72357 - fi - fi -} - function remove_database { app_name="$1" if [ ! -d $INSTALL_DIR ]; then diff --git a/src/freedombone-addcert b/src/freedombone-addcert index 58e335e3..c66fb6ac 100755 --- a/src/freedombone-addcert +++ b/src/freedombone-addcert @@ -36,6 +36,11 @@ export TEXTDOMAINDIR="/usr/share/locale" CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt +source /usr/local/bin/${PROJECT_NAME}-utils-git +if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then + source /usr/bin/${PROJECT_NAME}-utils-git +fi + HOSTNAME= LETSENCRYPT_HOSTNAME= COUNTRY_CODE="US" @@ -56,112 +61,66 @@ FRIENDS_MIRRORS_SSH_PORT= MY_MIRRORS_PASSWORD= function read_repo_servers { - if [ -f $CONFIGURATION_FILE ]; then - if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then - FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then - FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then - MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then - FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - fi + if [ -f $CONFIGURATION_FILE ]; then + if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then + FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then + FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then + MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then + FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + fi - if [ ! $FRIENDS_MIRRORS_SERVER ]; then - return - fi - if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then - return - fi + if [ ! $FRIENDS_MIRRORS_SERVER ]; then + return + fi + if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then + return + fi - MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME} - if [ ! -f $MAIN_COMMAND ]; then - MAIN_COMMAND=/usr/bin/${PROJECT_NAME} - fi + MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME} + if [ ! -f $MAIN_COMMAND ]; then + MAIN_COMMAND=/usr/bin/${PROJECT_NAME} + fi - REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g')) + REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g')) - for line in "${REPOS[@]}" - do - repo_name=$(echo "$line" | awk -F '=' '{print $1}') - mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}') - friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}" - ${repo_name}="${friends_repo_url}" - done -} - -function git_clone { - repo_url="$1" - destination_dir="$2" - if [[ "$repo_url" == "ssh:"* ]]; then - if [ "${FRIENDS_MIRRORS_SERVER}" ]; then - if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then - if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then - if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then - sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir" - return - fi - fi - fi - fi - fi - git clone "$repo_url" "$destination_dir" -} - -function git_pull { - if [ ! $1 ]; then - echo $'git_pull no repo specified' - fi - - git stash - git remote set-url origin $1 - git checkout master - if [ "${FRIENDS_MIRRORS_SERVER}" ]; then - if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then - if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then - if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then - sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull - if [ $2 ]; then - git checkout $2 -b $2 - fi - return - fi - fi - fi - fi - git pull - - if [ $2 ]; then - git checkout $2 -b $2 - fi + for line in "${REPOS[@]}" + do + repo_name=$(echo "$line" | awk -F '=' '{print $1}') + mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}') + friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}" + ${repo_name}="${friends_repo_url}" + done } function show_help { - echo '' - echo $"${PROJECT_NAME}-addcert -h [hostname] -c [country code] -a [area] -l [location]" - echo $' -o [organisation] -u [unit] --ca "" --nodh ""' - echo '' - echo $'Creates a self-signed certificate for the given hostname' - echo '' - echo $' --help Show help' - echo $' -h --hostname [name] Hostname' - echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt' - echo $' -s --server [url] Lets Encrypt server URL' - echo $' -c --country [code] Optional country code (eg. US, GB, etc)' - echo $' -a --area [description] Optional area description' - echo $' -l --location [locn] Optional location name' - echo $' -o --organisation [name] Optional organisation name' - echo $' -u --unit [name] Optional unit name' - echo $' --email [address] Email address for letsencrypt' - echo $' --dhkey [bits] DH key length in bits' - echo $' --nodh "" Do not calculate DH params' - echo $' --ca "" Certificate authority cert' - echo '' - exit 0 + echo '' + echo $"${PROJECT_NAME}-addcert -h [hostname] -c [country code] -a [area] -l [location]" + echo $' -o [organisation] -u [unit] --ca "" --nodh ""' + echo '' + echo $'Creates a self-signed certificate for the given hostname' + echo '' + echo $' --help Show help' + echo $' -h --hostname [name] Hostname' + echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt' + echo $' -s --server [url] Lets Encrypt server URL' + echo $' -c --country [code] Optional country code (eg. US, GB, etc)' + echo $' -a --area [description] Optional area description' + echo $' -l --location [locn] Optional location name' + echo $' -o --organisation [name] Optional organisation name' + echo $' -u --unit [name] Optional unit name' + echo $' --email [address] Email address for letsencrypt' + echo $' --dhkey [bits] DH key length in bits' + echo $' --nodh "" Do not calculate DH params' + echo $' --ca "" Certificate authority cert' + echo '' + exit 0 } while [[ $# > 1 ]] @@ -169,217 +128,217 @@ do key="$1" case $key in - --help) - show_help - ;; - -h|--hostname) - shift - HOSTNAME="$1" - ;; - -e|--letsencrypt) - shift - LETSENCRYPT_HOSTNAME="$1" - ;; - --email) - shift - MY_EMAIL_ADDRESS="$1" - ;; - -s|--server) - shift - LETSENCRYPT_SERVER="$1" - ;; - -c|--country) - shift - COUNTRY_CODE="$1" - ;; - -a|--area) - shift - AREA="$1" - ;; - -l|--location) - shift - LOCATION="$1" - ;; - -o|--organisation) - shift - ORGANISATION="$1" - ;; - -u|--unit) - shift - UNIT="$1" - ;; - --ca) - shift - EXTENSIONS="-extensions v3_ca" - ORGANISATION="Freedombone-CA" - ;; - --nodh) - shift - NODH="true" - ;; - --dhkey) - shift - DH_KEYLENGTH=${1} - ;; - *) - # unknown option - ;; + --help) + show_help + ;; + -h|--hostname) + shift + HOSTNAME="$1" + ;; + -e|--letsencrypt) + shift + LETSENCRYPT_HOSTNAME="$1" + ;; + --email) + shift + MY_EMAIL_ADDRESS="$1" + ;; + -s|--server) + shift + LETSENCRYPT_SERVER="$1" + ;; + -c|--country) + shift + COUNTRY_CODE="$1" + ;; + -a|--area) + shift + AREA="$1" + ;; + -l|--location) + shift + LOCATION="$1" + ;; + -o|--organisation) + shift + ORGANISATION="$1" + ;; + -u|--unit) + shift + UNIT="$1" + ;; + --ca) + shift + EXTENSIONS="-extensions v3_ca" + ORGANISATION="Freedombone-CA" + ;; + --nodh) + shift + NODH="true" + ;; + --dhkey) + shift + DH_KEYLENGTH=${1} + ;; + *) + # unknown option + ;; esac shift done if [ ! $HOSTNAME ]; then - if [ ! $LETSENCRYPT_HOSTNAME ]; then - echo $'No hostname specified' - exit 5748 - fi + if [ ! $LETSENCRYPT_HOSTNAME ]; then + echo $'No hostname specified' + exit 5748 + fi fi if ! which openssl > /dev/null ;then - echo $"$0: openssl is not installed, exiting" 1>&2 - exit 5689 + echo $"$0: openssl is not installed, exiting" 1>&2 + exit 5689 fi if [ ! -d /etc/ssl/mycerts ]; then - mkdir /etc/ssl/mycerts + mkdir /etc/ssl/mycerts fi CERTFILE=$HOSTNAME function add_cert_letsencrypt { - CERTFILE=$LETSENCRYPT_HOSTNAME + CERTFILE=$LETSENCRYPT_HOSTNAME - # obtain the email address for the admin user - if [ ! $MY_EMAIL_ADDRESS ]; then - if [ -f $CONFIGURATION_FILE ]; then - if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then - MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}') - fi - fi - fi - if [ ! $MY_EMAIL_ADDRESS ]; then - if [ -f $COMPLETION_FILE ]; then - if grep -q "Admin user:" $COMPLETION_FILE; then - ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') - MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME - fi - fi - fi + # obtain the email address for the admin user + if [ ! $MY_EMAIL_ADDRESS ]; then + if [ -f $CONFIGURATION_FILE ]; then + if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then + MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}') + fi + fi + fi + if [ ! $MY_EMAIL_ADDRESS ]; then + if [ -f $COMPLETION_FILE ]; then + if grep -q "Admin user:" $COMPLETION_FILE; then + ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') + MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME + fi + fi + fi - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR - fi - cd $INSTALL_DIR + if [ ! -d $INSTALL_DIR ]; then + mkdir -p $INSTALL_DIR + fi + cd $INSTALL_DIR - # obtain the repo - if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then - git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt - if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then - exit 76283 - fi - else - cd ${INSTALL_DIR}/letsencrypt - git_pull $LETSENCRYPT_REPO - fi + # obtain the repo + if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then + git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt + if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then + exit 76283 + fi + else + cd ${INSTALL_DIR}/letsencrypt + git_pull $LETSENCRYPT_REPO + fi - # stop the web server - systemctl stop nginx + # stop the web server + systemctl stop nginx - cd ${INSTALL_DIR}/letsencrypt - ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS - if [ ! "$?" = "0" ]; then - echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" - systemctl start nginx - exit 63216 - fi + cd ${INSTALL_DIR}/letsencrypt + ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS + if [ ! "$?" = "0" ]; then + echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" + systemctl start nginx + exit 63216 + fi - # replace some legacy filenames - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem - fi - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem - fi - sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME - sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME + # replace some legacy filenames + if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then + mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + fi + if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then + mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + fi + sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME + sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME - # link the private key - if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then - if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then - mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old - else - rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key - fi - fi - ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + # link the private key + if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then + if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then + mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old + else + rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + fi + fi + ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key - # link the public key - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then - if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old - else - rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem - fi - fi - ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + # link the public key + if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then + if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then + mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old + else + rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + fi + fi + ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem - cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem + cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem - systemctl start nginx + systemctl start nginx - ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME - if [ ! "$?" = "0" ]; then - echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned" - exit 62878 - fi + ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME + if [ ! "$?" = "0" ]; then + echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned" + exit 62878 + fi } function add_cert_selfsigned { - if [[ $ORGANISATION == "Freedombone-CA" ]]; then - CERTFILE="ca-$HOSTNAME" - fi + if [[ $ORGANISATION == "Freedombone-CA" ]]; then + CERTFILE="ca-$HOSTNAME" + fi - openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \ - -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \ - -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \ - -out /etc/ssl/certs/${CERTFILE}.crt - chmod 400 /etc/ssl/private/${CERTFILE}.key - chmod 640 /etc/ssl/certs/${CERTFILE}.crt - cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts + openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \ + -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \ + -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \ + -out /etc/ssl/certs/${CERTFILE}.crt + chmod 400 /etc/ssl/private/${CERTFILE}.key + chmod 640 /etc/ssl/certs/${CERTFILE}.crt + cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts - ${PROJECT_NAME}-pin-cert $CERTFILE - if [ ! "$?" = "0" ]; then - echo $"Certificate for $CERTFILE could not be pinned" - exit 62879 - fi + ${PROJECT_NAME}-pin-cert $CERTFILE + if [ ! "$?" = "0" ]; then + echo $"Certificate for $CERTFILE could not be pinned" + exit 62879 + fi } function generate_dh_params { - if [ ! $NODH ]; then - if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then - ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes - fi - fi + if [ ! $NODH ]; then + if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then + ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes + fi + fi } function restart_web_server { - if [ -f /etc/init.d/nginx ]; then - /etc/init.d/nginx reload - fi + if [ -f /etc/init.d/nginx ]; then + /etc/init.d/nginx reload + fi } function make_cert_bundle { - # Create a bundle of your certificates - cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt - tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem + # Create a bundle of your certificates + cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt + tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem } function create_cert { - if [ $LETSENCRYPT_HOSTNAME ]; then - add_cert_letsencrypt - else - add_cert_selfsigned - fi + if [ $LETSENCRYPT_HOSTNAME ]; then + add_cert_letsencrypt + else + add_cert_selfsigned + fi } read_repo_servers diff --git a/src/freedombone-mesh-install b/src/freedombone-mesh-install index 8eaaabe9..de30e8e6 100755 --- a/src/freedombone-mesh-install +++ b/src/freedombone-mesh-install @@ -77,6 +77,11 @@ INSTALL_DIR=$HOME/build MESH_INSTALL_DIR=/var/lib +source /usr/local/bin/${PROJECT_NAME}-utils-git +if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then + source /usr/bin/${PROJECT_NAME}-utils-git +fi + function show_help { echo '' echo $"${PROJECT_NAME}-mesh-install -f [function] -r [rootdir]" @@ -91,23 +96,6 @@ function show_help { exit 0 } -function git_clone { - repo_url="$1" - destination_dir="$2" - if [[ "$repo_url" == "ssh:"* ]]; then - if [ "${FRIENDS_MIRRORS_SERVER}" ]; then - if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then - if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then - if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then - sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir" - return - fi - fi - fi - fi - fi - git clone "$repo_url" "$destination_dir" -} function mesh_babel { $CHROOT_PREFIX apt-get -y install babeld diff --git a/src/freedombone-upgrade b/src/freedombone-upgrade index 67ea61f7..daf1702b 100755 --- a/src/freedombone-upgrade +++ b/src/freedombone-upgrade @@ -42,6 +42,11 @@ FRIENDS_MIRRORS_SSH_PORT=2222 FRIENDS_MIRRORS_PASSWORD= MY_MIRRORS_PASSWORD= +source /usr/local/bin/${PROJECT_NAME}-utils-git +if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then + source /usr/bin/${PROJECT_NAME}-utils-git +fi + function read_repo_servers { if [ -f $CONFIGURATION_FILE ]; then if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then @@ -81,52 +86,6 @@ function read_repo_servers { done } -function git_clone { - repo_url="$1" - destination_dir="$2" - if [[ "$repo_url" == "ssh:"* ]]; then - if [ "${FRIENDS_MIRRORS_SERVER}" ]; then - if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then - if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then - if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then - sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir" - return - fi - fi - fi - fi - fi - git clone "$repo_url" "$destination_dir" -} - -function git_pull { - if [ ! $1 ]; then - echo $'git_pull no repo specified' - fi - - git stash - git remote set-url origin $1 - git checkout master - if [ "${FRIENDS_MIRRORS_SERVER}" ]; then - if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then - if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then - if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then - sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull - if [ $2 ]; then - git checkout $2 -b $2 - fi - return - fi - fi - fi - fi - git pull - - if [ $2 ]; then - git checkout $2 -b $2 - fi -} - if [ -f $CONFIGURATION_FILE ]; then # read the location of the main project repo if grep -q "PROJECT_REPO" $CONFIGURATION_FILE; then