-#!/bin/sh
+#!/bin/bash
-# concat file atomic way
+# This file contains base functions for dehydrated system hook scripts.
+# Please do not edit this file! It will be overwritten by package updates!
+# If you need to implement your own functions, take a look at
+# custom_functions file.
+
+# This function checks for per certificate hook scripts in hooks.d directory.
+# If not found, it executes global hook script instead.
+deploy_cert() {
+ local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
+ if [[ -n "${HOOKS_D}" ]]; then
+ if [[ ! -d "${HOOKS_D}" ]]; then
+ echo " + System hook: ${HANDLER}: The path ${HOOKS_D} specified for HOOKS_D does not point to a directory."
+ else
+ if [[ -f "${HOOKS_D}/${DOMAIN}" ]]; then
+ if [[ -r "${HOOKS_D}/${DOMAIN}" ]]; then
+ echo " + System hook: ${HANDLER}: Executing hook script for certificate ${DOMAIN}."
+ . "${HOOKS_D}/${DOMAIN}"
+ else
+ echo " + System hook: ${HANDLER}: Cannot execute hook script for certificate ${DOMAIN}."
+ fi
+ else
+ if [[ -f "${HOOKS_D}/global" ]] && [[ -r "${HOOKS_D}/global" ]]; then
+ echo " + System hook: ${HANDLER}: Executing global hook script"
+ . "${HOOKS_D}/global"
+ else
+ echo " + System hook: ${HANDLER}: Cannot execute global hook script."
+ fi
+ fi
+ fi
+ fi
+}
+
+clean_challenge() {
+ local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+ echo " + System hook: ${HANDLER}: Nothing to do..."
+}
+
+deploy_challenge() {
+ local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+ echo " + System hook: ${HANDLER}: Nothing to do..."
+}
+
+invalid_challenge() {
+ local DOMAIN="${1}" RESPONSE="${2}"
+ echo " + System hook: ${HANDLER}: Nothing to do..."
+}
+
+request_failure() {
+ local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"
+ echo " + System hook: ${HANDLER}: Nothing to do..."
+}
+
+unchanged_cert() {
+ local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
+ echo " + System hook: ${HANDLER}: Nothing to do..."
+}
+
+startup_hook() {
+ echo " + System hook: ${HANDLER}: Nothing to do..."
+}
+
+exit_hook() {
+ echo " + System hook: ${HANDLER}: Nothing to do..."
+}
+
+# Function to concat files atomic way to avoid MITM problems
atomic_concat() {
- local file=$1; shift
- > $file.new
- chmod 600 $file.new
- cat "$@" > $file.new
- cp -f $file $file.dehydrated~
- mv -f $file.new $file
+ local file=$1; shift
+ > $file.new
+ chmod 600 $file.new
+ cat "$@" > $file.new
+ cp -f $file $file.dehydrated~
+ mv -f $file.new $file
}
lighttpd_reload() {
- if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
- return
- fi
-
- echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
- atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
- /sbin/service lighttpd reload
+ if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
+ return
+ fi
+ echo " + System hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
+ atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
+ /sbin/service lighttpd reload
}
haproxy_reload() {
- if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
- return
- fi
-
- echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
- atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
- /sbin/service haproxy reload
+ if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
+ return
+ fi
+ echo " + System hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
+ atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
+ /sbin/service haproxy reload
}
nginx_reload() {
- if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
- return
- fi
+ if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
+ return
+ fi
+ echo " + System hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
+ atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
+ atomic_concat /etc/nginx/server.key "$PRIVKEY"
+ /sbin/service nginx reload
+}
- echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
- atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
- atomic_concat /etc/nginx/server.key "$PRIVKEY"
- /sbin/service nginx reload
+apache_reload() {
+ if [ ! -x /etc/rc.d/init.d/httpd ]; then
+ return
+ fi
+ echo " + System hook: Reloading Apache..."
+ /sbin/service httpd graceful
}
-httpd_reload() {
- if [ ! -x /etc/rc.d/init.d/httpd ]; then
- return
- fi
+postfix_reload() {
+ if [ ! -x /etc/rc.d/init.d/postfix ]; then
+ return
+ fi
+ echo " + System hook: Reloading Postfix..."
+ /sbin/service postfix reload
+}
- echo " + Hook: Reloading Apache..."
- /sbin/service httpd graceful
+dovecot_reload() {
+ if [ ! -x /etc/rc.d/init.d/dovecot ]; then
+ return
+ fi
+ echo " + System hook: Reloading Dovecot..."
+ /sbin/service dovecot reload
}