-diff -ur dehydrated-0.4.0.orig/dehydrated dehydrated-0.4.0/dehydrated
---- dehydrated-0.4.0.orig/dehydrated 2017-02-05 15:33:17.000000000 +0100
-+++ dehydrated-0.4.0/dehydrated 2017-10-24 16:58:33.761256185 +0200
+diff -ur dehydrated-0.6.2.orig/dehydrated dehydrated-0.6.2/dehydrated
+--- dehydrated-0.6.2.orig/dehydrated 2018-04-25 21:22:40.000000000 +0000
++++ dehydrated-0.6.2/dehydrated 2018-12-19 22:00:23.842403000 +0000
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
# dehydrated by lukas2511
- # Source: https://github.com/lukas2511/dehydrated
-@@ -20,7 +20,7 @@
+ # Source: https://dehydrated.io
+@@ -11,7 +11,7 @@
+ [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
+ [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
+
+-umask 077 # paranoid umask, we're creating private keys
++umask 027 # allow root and dehydrated group only to protect private keys
+
+ # Close weird external file descriptors
+ exec 3>&-
+@@ -28,7 +28,7 @@
done
SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-BASEDIR="${SCRIPTDIR}"
+BASEDIR="/var/lib/dehydrated"
+ ORIGARGS="$@"
# Create (identifiable) temporary files
- _mktemp() {
-@@ -115,7 +115,7 @@
+@@ -133,7 +133,7 @@
DOMAINS_TXT=
HOOK=
HOOK_CHAIN="no"
KEYSIZE="4096"
WELLKNOWN=
PRIVATE_KEY_RENEW="yes"
-@@ -182,8 +182,8 @@
- fi
+@@ -148,8 +148,8 @@
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP="no"
+- DEHYDRATED_USER=
+- DEHYDRATED_GROUP=
++ DEHYDRATED_USER="root"
++ DEHYDRATED_GROUP="dehydrated"
+ API="auto"
+
+ if [[ -z "${CONFIG:-}" ]]; then
+@@ -255,8 +255,8 @@
[[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
+ [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
- [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
- [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
+ [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="/etc/dehydrated/domains.txt"
+ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="${BASEDIR}/acme-challenges"
[[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
+ [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
[[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
- [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
-diff -ur dehydrated-0.4.0.orig/docs/examples/config dehydrated-0.4.0/docs/examples/config
---- dehydrated-0.4.0.orig/docs/examples/config 2017-02-05 15:33:17.000000000 +0100
-+++ dehydrated-0.4.0/docs/examples/config 2017-10-24 16:58:47.821256753 +0200
-@@ -33,11 +33,11 @@
+diff -ur dehydrated-0.6.2.orig/docs/examples/config dehydrated-0.6.2/docs/examples/config
+--- dehydrated-0.6.2.orig/docs/examples/config 2018-04-25 21:22:40.000000000 +0000
++++ dehydrated-0.6.2/docs/examples/config 2018-12-19 21:54:12.003403000 +0000
+@@ -40,11 +40,11 @@
# default: <unset>
#CONFIG_D=
# Output directory for generated certificates
#CERTDIR="${BASEDIR}/certs"
-@@ -46,7 +46,7 @@
+@@ -53,7 +53,7 @@
#ACCOUNTDIR="${BASEDIR}/accounts"
# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
# Default keysize for private keys (default: 4096)
#KEYSIZE="4096"
-@@ -64,13 +64,13 @@
+@@ -77,13 +77,13 @@
#
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
# default: <unset>
TLD / packages / dehydrated.git / blobdiff