-diff -ur dehydrated-0.4.0.orig/dehydrated dehydrated-0.4.0/dehydrated
---- dehydrated-0.4.0.orig/dehydrated 2017-02-05 15:33:17.000000000 +0100
-+++ dehydrated-0.4.0/dehydrated 2017-10-24 16:58:33.761256185 +0200
+diff -ur dehydrated-0.7.1.orig/dehydrated dehydrated-0.7.1/dehydrated
+--- dehydrated-0.7.1.orig/dehydrated 2022-10-31 15:12:38.000000000 +0100
++++ dehydrated-0.7.1/dehydrated 2023-05-15 16:41:50.839664597 +0200
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
# dehydrated by lukas2511
- # Source: https://github.com/lukas2511/dehydrated
-@@ -20,7 +20,7 @@
+ # Source: https://dehydrated.io
+@@ -11,7 +11,7 @@
+ [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
+ [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
+
+-umask 077 # paranoid umask, we're creating private keys
++umask 027 # allow root and dehydrated group only to protect private keys
+
+ # Close weird external file descriptors
+ exec 3>&-
+@@ -28,7 +28,7 @@
done
SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-BASEDIR="${SCRIPTDIR}"
+BASEDIR="/var/lib/dehydrated"
+ ORIGARGS=("${@}")
- # Create (identifiable) temporary files
- _mktemp() {
-@@ -115,7 +115,7 @@
- DOMAINS_TXT=
+ noglob_set() {
+@@ -372,7 +372,7 @@
HOOK=
+ PREFERRED_CHAIN=
HOOK_CHAIN="no"
- RENEW_DAYS="30"
+ RENEW_DAYS="10"
KEYSIZE="4096"
WELLKNOWN=
PRIVATE_KEY_RENEW="yes"
-@@ -182,8 +182,8 @@
- fi
+@@ -388,8 +388,8 @@
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP="no"
+- DEHYDRATED_USER=
+- DEHYDRATED_GROUP=
++ DEHYDRATED_USER="root"
++ DEHYDRATED_GROUP="dehydrated"
+ API="auto"
+ if [[ -z "${CONFIG:-}" ]]; then
+@@ -528,8 +528,8 @@
[[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
+ [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs"
+ [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
- [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
- [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
+ [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="/etc/dehydrated/domains.txt"
+ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="${BASEDIR}/acme-challenges"
[[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
+ [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
[[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
- [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
-diff -ur dehydrated-0.4.0.orig/docs/examples/config dehydrated-0.4.0/docs/examples/config
---- dehydrated-0.4.0.orig/docs/examples/config 2017-02-05 15:33:17.000000000 +0100
-+++ dehydrated-0.4.0/docs/examples/config 2017-10-24 16:58:47.821256753 +0200
-@@ -33,11 +33,11 @@
+diff -ur dehydrated-0.7.1.orig/docs/examples/config dehydrated-0.7.1/docs/examples/config
+--- dehydrated-0.7.1.orig/docs/examples/config 2022-10-31 15:12:38.000000000 +0100
++++ dehydrated-0.7.1/docs/examples/config 2023-05-15 16:41:50.839664597 +0200
+@@ -47,11 +47,11 @@
# default: <unset>
- #CONFIG_D=
+ #DOMAINS_D=
-# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
-#BASEDIR=$SCRIPTDIR
# Output directory for generated certificates
#CERTDIR="${BASEDIR}/certs"
-@@ -46,7 +46,7 @@
+@@ -63,7 +63,7 @@
#ACCOUNTDIR="${BASEDIR}/accounts"
# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
# Default keysize for private keys (default: 4096)
#KEYSIZE="4096"
-@@ -64,13 +64,13 @@
+@@ -87,13 +87,13 @@
#
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
# default: <unset>
-#HOOK=
-+#HOOK="/etc/dehydrated/hook.sh"
++#HOOK="/etc/dehydrated/hooks/hook.sh"
# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
#HOOK_CHAIN="no"