diff --git a/src/freedombone b/src/freedombone
index 89f200c5ac4d436542f930b9e21acb8d14d59422..b78ab31bd514226733fc6d9356c43b2a3ac724a6 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -37,6 +37,11 @@ export TEXTDOMAINDIR="/usr/share/locale"
DEFAULT_LANGUAGE=$(echo $LANG)
+source /usr/local/bin/${PROJECT_NAME}-utils-git
+if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then
+ source /usr/bin/${PROJECT_NAME}-utils-git
+fi
+
# username created by default within a debian image
GENERIC_IMAGE_USERNAME='fbone'
@@ -618,61 +623,6 @@ function show_help {
exit 0
}
-function git_clone {
- repo_url="$1"
- destination_dir="$2"
- if [[ "$repo_url" == "ssh:"* ]]; then
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- echo "sshpass -p \"$FRIENDS_MIRRORS_PASSWORD\" git clone $repo_url $destination_dir"
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
- return
- fi
- fi
- fi
- fi
- fi
- echo "git clone $repo_url $destination_dir"
- git clone "$repo_url" "$destination_dir"
-}
-
-function git_pull {
- if [ ! $1 ]; then
- echo $'git_pull no repo specified'
- fi
-
- git stash
- git remote set-url origin $1
- git checkout master
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull
- if [ $2 ]; then
- git checkout $2 -b $2
- fi
- return
- fi
- fi
- fi
- fi
- git pull
-
- if [ $2 ]; then
- # delete any existing branch
- git branch -D $2
- # check out the new branch
- git checkout $2 -b $2
- if [ ! "$?" = "0" ]; then
- echo $"Unable to checkout $1 $2"
- exit 72357
- fi
- fi
-}
-
function remove_database {
app_name="$1"
if [ ! -d $INSTALL_DIR ]; then
diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index 58e335e31f8ad6761853aa1434c3ad3b2f8b19b5..c66fb6ac6d893ab9c3c4aec4bcb26bd445651b8f 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -36,6 +36,11 @@ export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+source /usr/local/bin/${PROJECT_NAME}-utils-git
+if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then
+ source /usr/bin/${PROJECT_NAME}-utils-git
+fi
+
HOSTNAME=
LETSENCRYPT_HOSTNAME=
COUNTRY_CODE="US"
@@ -56,112 +61,66 @@ FRIENDS_MIRRORS_SSH_PORT=
MY_MIRRORS_PASSWORD=
function read_repo_servers {
- if [ -f $CONFIGURATION_FILE ]; then
- if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
- MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- fi
-
- if [ ! $FRIENDS_MIRRORS_SERVER ]; then
- return
- fi
- if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
- return
- fi
-
- MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
- if [ ! -f $MAIN_COMMAND ]; then
- MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
- fi
-
- REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
-
- for line in "${REPOS[@]}"
- do
- repo_name=$(echo "$line" | awk -F '=' '{print $1}')
- mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
- friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
- ${repo_name}="${friends_repo_url}"
- done
-}
-
-function git_clone {
- repo_url="$1"
- destination_dir="$2"
- if [[ "$repo_url" == "ssh:"* ]]; then
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
- return
- fi
- fi
- fi
- fi
- fi
- git clone "$repo_url" "$destination_dir"
-}
-
-function git_pull {
- if [ ! $1 ]; then
- echo $'git_pull no repo specified'
- fi
-
- git stash
- git remote set-url origin $1
- git checkout master
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull
- if [ $2 ]; then
- git checkout $2 -b $2
- fi
- return
- fi
- fi
- fi
- fi
- git pull
-
- if [ $2 ]; then
- git checkout $2 -b $2
- fi
+ if [ -f $CONFIGURATION_FILE ]; then
+ if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+ MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ fi
+
+ if [ ! $FRIENDS_MIRRORS_SERVER ]; then
+ return
+ fi
+ if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
+ return
+ fi
+
+ MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
+ if [ ! -f $MAIN_COMMAND ]; then
+ MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
+ fi
+
+ REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
+
+ for line in "${REPOS[@]}"
+ do
+ repo_name=$(echo "$line" | awk -F '=' '{print $1}')
+ mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
+ friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
+ ${repo_name}="${friends_repo_url}"
+ done
}
function show_help {
- echo ''
- echo $"${PROJECT_NAME}-addcert -h [hostname] -c [country code] -a [area] -l [location]"
- echo $' -o [organisation] -u [unit] --ca "" --nodh ""'
- echo ''
- echo $'Creates a self-signed certificate for the given hostname'
- echo ''
- echo $' --help Show help'
- echo $' -h --hostname [name] Hostname'
- echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
- echo $' -s --server [url] Lets Encrypt server URL'
- echo $' -c --country [code] Optional country code (eg. US, GB, etc)'
- echo $' -a --area [description] Optional area description'
- echo $' -l --location [locn] Optional location name'
- echo $' -o --organisation [name] Optional organisation name'
- echo $' -u --unit [name] Optional unit name'
- echo $' --email [address] Email address for letsencrypt'
- echo $' --dhkey [bits] DH key length in bits'
- echo $' --nodh "" Do not calculate DH params'
- echo $' --ca "" Certificate authority cert'
- echo ''
- exit 0
+ echo ''
+ echo $"${PROJECT_NAME}-addcert -h [hostname] -c [country code] -a [area] -l [location]"
+ echo $' -o [organisation] -u [unit] --ca "" --nodh ""'
+ echo ''
+ echo $'Creates a self-signed certificate for the given hostname'
+ echo ''
+ echo $' --help Show help'
+ echo $' -h --hostname [name] Hostname'
+ echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
+ echo $' -s --server [url] Lets Encrypt server URL'
+ echo $' -c --country [code] Optional country code (eg. US, GB, etc)'
+ echo $' -a --area [description] Optional area description'
+ echo $' -l --location [locn] Optional location name'
+ echo $' -o --organisation [name] Optional organisation name'
+ echo $' -u --unit [name] Optional unit name'
+ echo $' --email [address] Email address for letsencrypt'
+ echo $' --dhkey [bits] DH key length in bits'
+ echo $' --nodh "" Do not calculate DH params'
+ echo $' --ca "" Certificate authority cert'
+ echo ''
+ exit 0
}
while [[ $# > 1 ]]
@@ -169,217 +128,217 @@ do
key="$1"
case $key in
- --help)
- show_help
- ;;
- -h|--hostname)
- shift
- HOSTNAME="$1"
- ;;
- -e|--letsencrypt)
- shift
- LETSENCRYPT_HOSTNAME="$1"
- ;;
- --email)
- shift
- MY_EMAIL_ADDRESS="$1"
- ;;
- -s|--server)
- shift
- LETSENCRYPT_SERVER="$1"
- ;;
- -c|--country)
- shift
- COUNTRY_CODE="$1"
- ;;
- -a|--area)
- shift
- AREA="$1"
- ;;
- -l|--location)
- shift
- LOCATION="$1"
- ;;
- -o|--organisation)
- shift
- ORGANISATION="$1"
- ;;
- -u|--unit)
- shift
- UNIT="$1"
- ;;
- --ca)
- shift
- EXTENSIONS="-extensions v3_ca"
- ORGANISATION="Freedombone-CA"
- ;;
- --nodh)
- shift
- NODH="true"
- ;;
- --dhkey)
- shift
- DH_KEYLENGTH=${1}
- ;;
- *)
- # unknown option
- ;;
+ --help)
+ show_help
+ ;;
+ -h|--hostname)
+ shift
+ HOSTNAME="$1"
+ ;;
+ -e|--letsencrypt)
+ shift
+ LETSENCRYPT_HOSTNAME="$1"
+ ;;
+ --email)
+ shift
+ MY_EMAIL_ADDRESS="$1"
+ ;;
+ -s|--server)
+ shift
+ LETSENCRYPT_SERVER="$1"
+ ;;
+ -c|--country)
+ shift
+ COUNTRY_CODE="$1"
+ ;;
+ -a|--area)
+ shift
+ AREA="$1"
+ ;;
+ -l|--location)
+ shift
+ LOCATION="$1"
+ ;;
+ -o|--organisation)
+ shift
+ ORGANISATION="$1"
+ ;;
+ -u|--unit)
+ shift
+ UNIT="$1"
+ ;;
+ --ca)
+ shift
+ EXTENSIONS="-extensions v3_ca"
+ ORGANISATION="Freedombone-CA"
+ ;;
+ --nodh)
+ shift
+ NODH="true"
+ ;;
+ --dhkey)
+ shift
+ DH_KEYLENGTH=${1}
+ ;;
+ *)
+ # unknown option
+ ;;
esac
shift
done
if [ ! $HOSTNAME ]; then
- if [ ! $LETSENCRYPT_HOSTNAME ]; then
- echo $'No hostname specified'
- exit 5748
- fi
+ if [ ! $LETSENCRYPT_HOSTNAME ]; then
+ echo $'No hostname specified'
+ exit 5748
+ fi
fi
if ! which openssl > /dev/null ;then
- echo $"$0: openssl is not installed, exiting" 1>&2
- exit 5689
+ echo $"$0: openssl is not installed, exiting" 1>&2
+ exit 5689
fi
if [ ! -d /etc/ssl/mycerts ]; then
- mkdir /etc/ssl/mycerts
+ mkdir /etc/ssl/mycerts
fi
CERTFILE=$HOSTNAME
function add_cert_letsencrypt {
- CERTFILE=$LETSENCRYPT_HOSTNAME
-
- # obtain the email address for the admin user
- if [ ! $MY_EMAIL_ADDRESS ]; then
- if [ -f $CONFIGURATION_FILE ]; then
- if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
- MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
- fi
- fi
- fi
- if [ ! $MY_EMAIL_ADDRESS ]; then
- if [ -f $COMPLETION_FILE ]; then
- if grep -q "Admin user:" $COMPLETION_FILE; then
- ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
- MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
- fi
- fi
- fi
-
- if [ ! -d $INSTALL_DIR ]; then
- mkdir -p $INSTALL_DIR
- fi
- cd $INSTALL_DIR
-
- # obtain the repo
- if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
- git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
- if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
- exit 76283
- fi
- else
- cd ${INSTALL_DIR}/letsencrypt
- git_pull $LETSENCRYPT_REPO
- fi
-
- # stop the web server
- systemctl stop nginx
-
- cd ${INSTALL_DIR}/letsencrypt
- ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
- if [ ! "$?" = "0" ]; then
- echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
- systemctl start nginx
- exit 63216
- fi
-
- # replace some legacy filenames
- if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
- mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
- fi
- if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
- mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
- fi
- sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
- sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
-
- # link the private key
- if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
- if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
- mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
- else
- rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
- fi
- fi
- ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
-
- # link the public key
- if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
- if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
- mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
- else
- rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
- fi
- fi
- ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
-
- cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
-
- systemctl start nginx
-
- ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
- if [ ! "$?" = "0" ]; then
- echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
- exit 62878
- fi
+ CERTFILE=$LETSENCRYPT_HOSTNAME
+
+ # obtain the email address for the admin user
+ if [ ! $MY_EMAIL_ADDRESS ]; then
+ if [ -f $CONFIGURATION_FILE ]; then
+ if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
+ MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
+ fi
+ fi
+ fi
+ if [ ! $MY_EMAIL_ADDRESS ]; then
+ if [ -f $COMPLETION_FILE ]; then
+ if grep -q "Admin user:" $COMPLETION_FILE; then
+ ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+ MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
+ fi
+ fi
+ fi
+
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir -p $INSTALL_DIR
+ fi
+ cd $INSTALL_DIR
+
+ # obtain the repo
+ if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
+ git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
+ if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
+ exit 76283
+ fi
+ else
+ cd ${INSTALL_DIR}/letsencrypt
+ git_pull $LETSENCRYPT_REPO
+ fi
+
+ # stop the web server
+ systemctl stop nginx
+
+ cd ${INSTALL_DIR}/letsencrypt
+ ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
+ if [ ! "$?" = "0" ]; then
+ echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
+ systemctl start nginx
+ exit 63216
+ fi
+
+ # replace some legacy filenames
+ if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
+ mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+ fi
+ if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
+ mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+ fi
+ sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
+ sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
+
+ # link the private key
+ if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
+ if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
+ mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
+ else
+ rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+ fi
+ fi
+ ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+
+ # link the public key
+ if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
+ if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
+ mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
+ else
+ rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+ fi
+ fi
+ ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+
+ cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
+
+ systemctl start nginx
+
+ ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
+ if [ ! "$?" = "0" ]; then
+ echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
+ exit 62878
+ fi
}
function add_cert_selfsigned {
- if [[ $ORGANISATION == "Freedombone-CA" ]]; then
- CERTFILE="ca-$HOSTNAME"
- fi
-
- openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
- -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
- -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
- -out /etc/ssl/certs/${CERTFILE}.crt
- chmod 400 /etc/ssl/private/${CERTFILE}.key
- chmod 640 /etc/ssl/certs/${CERTFILE}.crt
- cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
-
- ${PROJECT_NAME}-pin-cert $CERTFILE
- if [ ! "$?" = "0" ]; then
- echo $"Certificate for $CERTFILE could not be pinned"
- exit 62879
- fi
+ if [[ $ORGANISATION == "Freedombone-CA" ]]; then
+ CERTFILE="ca-$HOSTNAME"
+ fi
+
+ openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
+ -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
+ -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
+ -out /etc/ssl/certs/${CERTFILE}.crt
+ chmod 400 /etc/ssl/private/${CERTFILE}.key
+ chmod 640 /etc/ssl/certs/${CERTFILE}.crt
+ cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
+
+ ${PROJECT_NAME}-pin-cert $CERTFILE
+ if [ ! "$?" = "0" ]; then
+ echo $"Certificate for $CERTFILE could not be pinned"
+ exit 62879
+ fi
}
function generate_dh_params {
- if [ ! $NODH ]; then
- if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
- ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
- fi
- fi
+ if [ ! $NODH ]; then
+ if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
+ ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+ fi
+ fi
}
function restart_web_server {
- if [ -f /etc/init.d/nginx ]; then
- /etc/init.d/nginx reload
- fi
+ if [ -f /etc/init.d/nginx ]; then
+ /etc/init.d/nginx reload
+ fi
}
function make_cert_bundle {
- # Create a bundle of your certificates
- cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
- tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
+ # Create a bundle of your certificates
+ cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
+ tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
}
function create_cert {
- if [ $LETSENCRYPT_HOSTNAME ]; then
- add_cert_letsencrypt
- else
- add_cert_selfsigned
- fi
+ if [ $LETSENCRYPT_HOSTNAME ]; then
+ add_cert_letsencrypt
+ else
+ add_cert_selfsigned
+ fi
}
read_repo_servers
diff --git a/src/freedombone-mesh-install b/src/freedombone-mesh-install
index 8eaaabe99b2c029894048ed4a1b0d5df7e87079e..de30e8e6b34a4528d45a511b5740c8a18da97f14 100755
--- a/src/freedombone-mesh-install
+++ b/src/freedombone-mesh-install
@@ -77,6 +77,11 @@ INSTALL_DIR=$HOME/build
MESH_INSTALL_DIR=/var/lib
+source /usr/local/bin/${PROJECT_NAME}-utils-git
+if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then
+ source /usr/bin/${PROJECT_NAME}-utils-git
+fi
+
function show_help {
echo ''
echo $"${PROJECT_NAME}-mesh-install -f [function] -r [rootdir]"
@@ -91,23 +96,6 @@ function show_help {
exit 0
}
-function git_clone {
- repo_url="$1"
- destination_dir="$2"
- if [[ "$repo_url" == "ssh:"* ]]; then
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
- return
- fi
- fi
- fi
- fi
- fi
- git clone "$repo_url" "$destination_dir"
-}
function mesh_babel {
$CHROOT_PREFIX apt-get -y install babeld
diff --git a/src/freedombone-upgrade b/src/freedombone-upgrade
index 67ea61f71dd89b042517d198aeee2f89c3987d88..daf1702bcc69fd6d16600c621b6d174ed939fabb 100755
--- a/src/freedombone-upgrade
+++ b/src/freedombone-upgrade
@@ -42,6 +42,11 @@ FRIENDS_MIRRORS_SSH_PORT=2222
FRIENDS_MIRRORS_PASSWORD=
MY_MIRRORS_PASSWORD=
+source /usr/local/bin/${PROJECT_NAME}-utils-git
+if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then
+ source /usr/bin/${PROJECT_NAME}-utils-git
+fi
+
function read_repo_servers {
if [ -f $CONFIGURATION_FILE ]; then
if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
@@ -81,52 +86,6 @@ function read_repo_servers {
done
}
-function git_clone {
- repo_url="$1"
- destination_dir="$2"
- if [[ "$repo_url" == "ssh:"* ]]; then
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
- return
- fi
- fi
- fi
- fi
- fi
- git clone "$repo_url" "$destination_dir"
-}
-
-function git_pull {
- if [ ! $1 ]; then
- echo $'git_pull no repo specified'
- fi
-
- git stash
- git remote set-url origin $1
- git checkout master
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull
- if [ $2 ]; then
- git checkout $2 -b $2
- fi
- return
- fi
- fi
- fi
- fi
- git pull
-
- if [ $2 ]; then
- git checkout $2 -b $2
- fi
-}
-
if [ -f $CONFIGURATION_FILE ]; then
# read the location of the main project repo
if grep -q "PROJECT_REPO" $CONFIGURATION_FILE; then