X-Git-Url: https://git.tld-linux.org/?p=packages%2Fdehydrated.git;a=blobdiff_plain;f=tld.patch;h=9c8e779c6196943954f3e07be4053c8dce122100;hp=2c6448e3d3b04a2b9de899684fa740bab8c77d5e;hb=b5d5d321a92ef9a1ee59bc6ffebc3bb2d2f93454;hpb=c64e35229801d5d23037b9d6e2b1d52bddd0c219

diff --git a/tld.patch b/tld.patch
index 2c6448e..9c8e779 100644
--- a/tld.patch
+++ b/tld.patch
@@ -1,22 +1,31 @@
-diff -ur dehydrated-0.4.0.orig/dehydrated dehydrated-0.4.0/dehydrated
---- dehydrated-0.4.0.orig/dehydrated	2017-02-05 14:33:17.000000000 +0000
-+++ dehydrated-0.4.0/dehydrated	2017-10-24 00:24:53.662801025 +0000
+diff -ur dehydrated-0.6.5.orig/dehydrated dehydrated-0.6.5/dehydrated
+--- dehydrated-0.6.5.orig/dehydrated	2019-06-26 12:33:35.000000000 +0200
++++ dehydrated-0.6.5/dehydrated	2020-08-16 15:17:01.872293508 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env bash
 +#!/bin/bash
  
  # dehydrated by lukas2511
- # Source: https://github.com/lukas2511/dehydrated
-@@ -94,7 +94,7 @@
- load_config() {
-   # Check for config in various locations
-   if [[ -z "${CONFIG:-}" ]]; then
--    for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
-+    for check_config in "/etc/dehydrated" "/etc/webapps/dehydrated" "/usr/local/etc/dehydrated" "/etc/webapps/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
-       if [[ -f "${check_config}/config" ]]; then
-         BASEDIR="${check_config}"
-         CONFIG="${check_config}/config"
-@@ -115,7 +115,7 @@
+ # Source: https://dehydrated.io
+@@ -11,7 +11,7 @@
+ [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
+ [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
+ 
+-umask 077 # paranoid umask, we're creating private keys
++umask 027 # allow root and dehydrated group only to protect private keys
+ 
+ # Close weird external file descriptors
+ exec 3>&-
+@@ -28,7 +28,7 @@
+ done
+ SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+ 
+-BASEDIR="${SCRIPTDIR}"
++BASEDIR="/var/lib/dehydrated"
+ ORIGARGS="$@"
+ 
+ # Create (identifiable) temporary files
+@@ -135,7 +135,7 @@
    DOMAINS_TXT=
    HOOK=
    HOOK_CHAIN="no"
@@ -25,66 +34,61 @@ diff -ur dehydrated-0.4.0.orig/dehydrated dehydrated-0.4.0/dehydrated
    KEYSIZE="4096"
    WELLKNOWN=
    PRIVATE_KEY_RENEW="yes"
-@@ -166,7 +166,7 @@
-   [[ -d "${BASEDIR}" ]] || _exiterr "BASEDIR does not exist: ${BASEDIR}"
+@@ -151,8 +151,8 @@
+   IP_VERSION=
+   CHAINCACHE=
+   AUTO_CLEANUP="no"
+-  DEHYDRATED_USER=
+-  DEHYDRATED_GROUP=
++  DEHYDRATED_USER="root"
++  DEHYDRATED_GROUP="dehydrated"
+   API="auto"
  
-   CAHASH="$(echo "${CA}" | urlbase64)"
--  [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts"
-+  [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated/accounts"
-   mkdir -p "${ACCOUNTDIR}/${CAHASH}"
-   [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
-   ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
-@@ -181,9 +181,9 @@
-     mv "${BASEDIR}/private_key.json" "${ACCOUNT_KEY_JSON}"
-   fi
- 
--  [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
+   if [[ -z "${CONFIG:-}" ]]; then
+@@ -260,8 +260,8 @@
+   [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
+   [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs"
+   [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
 -  [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
 -  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
-+  [[ -z "${CERTDIR}" ]] && CERTDIR="/var/lib/dehydrated/certs"
-+  [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="/etc/webapps/dehydrated/domains.txt"
-+  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenges"
++  [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="/etc/dehydrated/domains.txt"
++  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="${BASEDIR}/acme-challenges"
    [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
+   [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
    [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
-   [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
-diff -ur dehydrated-0.4.0.orig/docs/examples/config dehydrated-0.4.0/docs/examples/config
---- dehydrated-0.4.0.orig/docs/examples/config	2017-02-05 14:33:17.000000000 +0000
-+++ dehydrated-0.4.0/docs/examples/config	2017-10-24 00:23:06.163807433 +0000
-@@ -21,6 +21,7 @@
- # Path to certificate authority license terms redirect (default: https://acme-v01.api.letsencrypt.org/terms)
- #CA_TERMS="https://acme-v01.api.letsencrypt.org/terms"
- 
-+
- # Path to license agreement (default: <unset>)
- #LICENSE=""
+diff -ur dehydrated-0.6.5.orig/docs/examples/config dehydrated-0.6.5/docs/examples/config
+--- dehydrated-0.6.5.orig/docs/examples/config	2019-06-26 12:33:35.000000000 +0200
++++ dehydrated-0.6.5/docs/examples/config	2020-08-16 15:17:01.872293508 +0200
+@@ -45,11 +45,11 @@
+ # default: <unset>
+ #DOMAINS_D=
  
-@@ -37,16 +38,16 @@
- #BASEDIR=$SCRIPTDIR
+-# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
+-#BASEDIR=$SCRIPTDIR
++# Base directory for account key, generated certificates and list of domains (default: /var/lib/dehydrated)
++#BASEDIR="/var/lib/dehydrated"
  
  # File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
 -#DOMAINS_TXT="${BASEDIR}/domains.txt"
-+#DOMAINS_TXT="/etc/webapps/dehydrated/domains.txt"
++#DOMAINS_TXT="/etc/dehydrated/domains.txt"
  
  # Output directory for generated certificates
--#CERTDIR="${BASEDIR}/certs"
-+#CERTDIR="/var/lib/dehydrated/certs"
- 
- # Directory for account keys and registration information
--#ACCOUNTDIR="${BASEDIR}/accounts"
-+#ACCOUNTDIR="/var/lib/dehydrated/accounts"
+ #CERTDIR="${BASEDIR}/certs"
+@@ -61,7 +61,7 @@
+ #ACCOUNTDIR="${BASEDIR}/accounts"
  
  # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
 -#WELLKNOWN="/var/www/dehydrated"
-+#WELLKNOWN="/var/lib/dehydrated/acme-challenges"
++#WELLKNOWN="${BASEDIR}/acme-challenges"
  
  # Default keysize for private keys (default: 4096)
  #KEYSIZE="4096"
-@@ -64,13 +65,13 @@
+@@ -85,13 +85,13 @@
  #
  # BASEDIR and WELLKNOWN variables are exported and can be used in an external program
  # default: <unset>
 -#HOOK=
-+#HOOK=/etc/webapps/dehydrated/hook.sh
++#HOOK="/etc/dehydrated/hooks/hook.sh"
  
  # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
  #HOOK_CHAIN="no"