1 diff -ur dehydrated-0.6.5.orig/dehydrated dehydrated-0.6.5/dehydrated
2 --- dehydrated-0.6.5.orig/dehydrated 2019-06-26 12:33:35.000000000 +0200
3 +++ dehydrated-0.6.5/dehydrated 2020-08-16 15:17:01.872293508 +0200
8 # dehydrated by lukas2511
9 # Source: https://dehydrated.io
11 [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
12 [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
14 -umask 077 # paranoid umask, we're creating private keys
15 +umask 027 # allow root and dehydrated group only to protect private keys
17 # Close weird external file descriptors
21 SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
23 -BASEDIR="${SCRIPTDIR}"
24 +BASEDIR="/var/lib/dehydrated"
27 # Create (identifiable) temporary files
36 PRIVATE_KEY_RENEW="yes"
43 + DEHYDRATED_USER="root"
44 + DEHYDRATED_GROUP="dehydrated"
47 if [[ -z "${CONFIG:-}" ]]; then
49 [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
50 [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs"
51 [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
52 - [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
53 - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
54 + [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="/etc/dehydrated/domains.txt"
55 + [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="${BASEDIR}/acme-challenges"
56 [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
57 [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
58 [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
59 diff -ur dehydrated-0.6.5.orig/docs/examples/config dehydrated-0.6.5/docs/examples/config
60 --- dehydrated-0.6.5.orig/docs/examples/config 2019-06-26 12:33:35.000000000 +0200
61 +++ dehydrated-0.6.5/docs/examples/config 2020-08-16 15:17:01.872293508 +0200
66 -# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
68 +# Base directory for account key, generated certificates and list of domains (default: /var/lib/dehydrated)
69 +#BASEDIR="/var/lib/dehydrated"
71 # File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
72 -#DOMAINS_TXT="${BASEDIR}/domains.txt"
73 +#DOMAINS_TXT="/etc/dehydrated/domains.txt"
75 # Output directory for generated certificates
76 #CERTDIR="${BASEDIR}/certs"
78 #ACCOUNTDIR="${BASEDIR}/accounts"
80 # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
81 -#WELLKNOWN="/var/www/dehydrated"
82 +#WELLKNOWN="${BASEDIR}/acme-challenges"
84 # Default keysize for private keys (default: 4096)
88 # BASEDIR and WELLKNOWN variables are exported and can be used in an external program
91 +#HOOK="/etc/dehydrated/hooks/hook.sh"
93 # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
96 -# Minimum days before expiration to automatically renew certificate (default: 30)
98 +# Minimum days before expiration to automatically renew certificate (default: 10)
101 # Regenerate private keys instead of just signing new certificates on renewal (default: yes)
102 #PRIVATE_KEY_RENEW="yes"