Merge branch 'stretch' of https://github.com/bashrc/freedombone

2018-03-04 12:03:42 +00:00 · 2018-03-04 12:03:42 +00:00 · b65b72bd2c
parent 895678b6b8 4ca29d02e5
commit b65b72bd2c
7 changed files with 21 additions and 16 deletions
--- a/man/freedombone-tests.1.gz
+++ b/man/freedombone-tests.1.gz
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@ -170,10 +170,6 @@ if ! which openssl > /dev/null ;then
    exit 5689
 fi

-if [ ! -d /etc/ssl/mycerts ]; then
-    mkdir /etc/ssl/mycerts
-fi
-
 CERTFILE=$HOSTNAME

 function remove_cert_letsencrypt {
@ -310,13 +306,13 @@ function add_cert_selfsigned {
        CERTFILE="ca-$HOSTNAME"
    fi

-    openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
+    # shellcheck disable=SC2086
+    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
            -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
            -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
            -out "/etc/ssl/certs/${CERTFILE}.crt"
    chmod 400 "/etc/ssl/private/${CERTFILE}.key"
    chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
-    cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"

    if [ "$PIN_CERTS" ]; then
        if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
@ -340,12 +336,6 @@ function restart_web_server {
    fi
 }

-function make_cert_bundle {
-    # Create a bundle of your certificates
-    cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
-    tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
-}
-
 function create_cert {
    if [ "$remove_cert" ]; then
        remove_cert_letsencrypt
@ -362,6 +352,5 @@ function create_cert {
 create_cert
 generate_dh_params
 restart_web_server
-make_cert_bundle

 exit 0
--- a/src/freedombone-app-irc
+++ b/src/freedombone-app-irc
@ -523,6 +523,7 @@ function install_irc_server {
    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
        "${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
        function_check check_certificates
+        CHECK_HOSTNAME=ngircd
        check_certificates ngircd
    fi

--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@ -973,6 +973,7 @@ function install_xmpp {
    if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
        if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
            "${PROJECT_NAME}-addcert" -h xmpp --dhkey "${DH_KEYLENGTH}"
+            CHECK_HOSTNAME=xmpp
            check_certificates xmpp
            if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
                echo $'Failed to create xmpp certificate'
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@ -1068,6 +1068,7 @@ function configure_imap {

    if [[ "$(cert_exists dovecot)" == "0" ]]; then
        "${PROJECT_NAME}-addcert" -h dovecot --dhkey "$DH_KEYLENGTH"
+        CHECK_HOSTNAME=dovecot
        check_certificates dovecot
    fi

--- a/src/freedombone-utils-passwords
+++ b/src/freedombone-utils-passwords
@ -46,7 +46,7 @@ function enforce_good_passwords {
    fi
    apt-get -yq install libpam-cracklib

-    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
+    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-1 ucredit=-1 ocredit=0 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
    mark_completed "${FUNCNAME[0]}"
 }

--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@ -184,13 +184,14 @@ function test_domain_name {
 # Checks whether certificates were generated for the given hostname
 function check_certificates {
    if [ ! "$1" ]; then
-        return
+        echo $'No certificate name provided'
+        exit 3568736585683
    fi
    USE_LETSENCRYPT='no'
    if [ "$2" ]; then
        USE_LETSENCRYPT="$2"
    fi
-    if [[ $USE_LETSENCRYPT == 'no' ]]; then
+    if [[ $USE_LETSENCRYPT == 'no' || "$ONION_ONLY" != 'no' ]]; then
        if [ ! -f "/etc/ssl/private/${1}.key" ]; then
            echo $"Private certificate for ${CHECK_HOSTNAME} was not created"
            exit 63959
@ -239,17 +240,27 @@ function cert_exists {
 }

 function create_self_signed_cert {
+    if [ ! "${SITE_DOMAIN_NAME}" ]; then
+        echo $'No site domain specified for self signed cert'
+        exit 4638565385
+    fi
    "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
    function_check check_certificates
    check_certificates "${SITE_DOMAIN_NAME}"
 }

 function create_letsencrypt_cert {
+    if [ ! "${SITE_DOMAIN_NAME}" ]; then
+        echo $'No site domain specified for letsencrypt cert'
+        exit 246824624
+    fi
+
    if ! "${PROJECT_NAME}-addcert" -e "${SITE_DOMAIN_NAME}" -s "${LETSENCRYPT_SERVER}" --dhkey "${DH_KEYLENGTH}" --email "${MY_EMAIL_ADDRESS}"; then
        if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
            echo $"Lets Encrypt failed for ${SITE_DOMAIN_NAME}, so try making a self-signed cert"
            "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
            function_check check_certificates
+            CHECK_HOSTNAME="${SITE_DOMAIN_NAME}"
            check_certificates "${SITE_DOMAIN_NAME}"
        else
            echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
@ -263,6 +274,7 @@ function create_letsencrypt_cert {
    fi

    function_check check_certificates
+    CHECK_HOSTNAME="${SITE_DOMAIN_NAME}"
    check_certificates "${SITE_DOMAIN_NAME}" 'yes'
 }

@ -1004,6 +1016,7 @@ function email_install_tls {
    fi
    if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
        "${PROJECT_NAME}-addcert" -h exim --dhkey "$DH_KEYLENGTH"
+        CHECK_HOSTNAME=exim
        check_certificates exim
        cp /etc/ssl/certs/exim.dhparam /etc/exim4
        chown root:Debian-exim /etc/exim4/exim.dhparam