- updated to 0.7.0

[packages/dehydrated.git] / tld.patch

diff -ur dehydrated-0.7.0.orig/dehydrated dehydrated-0.7.0/dehydrated
--- dehydrated-0.7.0.orig/dehydrated    2020-12-10 16:54:26.000000000 +0100
+++ dehydrated-0.7.0/dehydrated 2021-01-01 18:41:50.608417166 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 
 # dehydrated by lukas2511
 # Source: https://dehydrated.io
@@ -11,7 +11,7 @@
 [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
 [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
 
-umask 077 # paranoid umask, we're creating private keys
+umask 027 # allow root and dehydrated group only to protect private keys
 
 # Close weird external file descriptors
 exec 3>&-
@@ -28,7 +28,7 @@
 done
 SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
 
-BASEDIR="${SCRIPTDIR}"
+BASEDIR="/var/lib/dehydrated"
 ORIGARGS=("${@}")
 
 # Generate json.sh path matching string
@@ -340,7 +340,7 @@
   HOOK=
   PREFERRED_CHAIN=
   HOOK_CHAIN="no"
-  RENEW_DAYS="30"
+  RENEW_DAYS="10"
   KEYSIZE="4096"
   WELLKNOWN=
   PRIVATE_KEY_RENEW="yes"
@@ -356,8 +356,8 @@
   IP_VERSION=
   CHAINCACHE=
   AUTO_CLEANUP="no"
-  DEHYDRATED_USER=
-  DEHYDRATED_GROUP=
+  DEHYDRATED_USER="root"
+  DEHYDRATED_GROUP="dehydrated"
   API="auto"
 
   if [[ -z "${CONFIG:-}" ]]; then
@@ -495,8 +495,8 @@
   [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
   [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs"
   [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
-  [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
-  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
+  [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="/etc/dehydrated/domains.txt"
+  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="${BASEDIR}/acme-challenges"
   [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
   [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
   [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
diff -ur dehydrated-0.7.0.orig/docs/examples/config dehydrated-0.7.0/docs/examples/config
--- dehydrated-0.7.0.orig/docs/examples/config  2020-12-10 16:54:26.000000000 +0100
+++ dehydrated-0.7.0/docs/examples/config       2021-01-01 18:41:13.934417166 +0100
@@ -47,11 +47,11 @@
 # default: <unset>
 #DOMAINS_D=
 
-# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
-#BASEDIR=$SCRIPTDIR
+# Base directory for account key, generated certificates and list of domains (default: /var/lib/dehydrated)
+#BASEDIR="/var/lib/dehydrated"
 
 # File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
-#DOMAINS_TXT="${BASEDIR}/domains.txt"
+#DOMAINS_TXT="/etc/dehydrated/domains.txt"
 
 # Output directory for generated certificates
 #CERTDIR="${BASEDIR}/certs"
@@ -63,7 +63,7 @@
 #ACCOUNTDIR="${BASEDIR}/accounts"
 
 # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
-#WELLKNOWN="/var/www/dehydrated"
+#WELLKNOWN="${BASEDIR}/acme-challenges"
 
 # Default keysize for private keys (default: 4096)
 #KEYSIZE="4096"
@@ -87,13 +87,13 @@
 #
 # BASEDIR and WELLKNOWN variables are exported and can be used in an external program
 # default: <unset>
-#HOOK=
+#HOOK="/etc/dehydrated/hooks/hook.sh"
 
 # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
 #HOOK_CHAIN="no"
 
-# Minimum days before expiration to automatically renew certificate (default: 30)
-#RENEW_DAYS="30"
+# Minimum days before expiration to automatically renew certificate (default: 10)
+#RENEW_DAYS="10"
 
 # Regenerate private keys instead of just signing new certificates on renewal (default: yes)
 #PRIVATE_KEY_RENEW="yes"