From 27dbe77fad0e59ad9bce55df8d165ca512be0c65 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 16 Jan 2017 22:31:24 +0800 Subject: [PATCH 1/5] add "--config-home" --- acme.sh | 110 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 74 insertions(+), 36 deletions(-) diff --git a/acme.sh b/acme.sh index 6eace3f..0cbae7b 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.6.5 +VER=2.6.6 PROJECT_NAME="acme.sh" @@ -1634,7 +1634,11 @@ __initHome() { fi export LE_WORKING_DIR - _DEFAULT_ACCOUNT_CONF_PATH="$LE_WORKING_DIR/account.conf" + if [ -z "$CONFIG_HOME" ]; then + CONFIG_HOME="$LE_WORKING_DIR" + fi + + _DEFAULT_ACCOUNT_CONF_PATH="$CONFIG_HOME/account.conf" if [ -z "$ACCOUNT_CONF_PATH" ]; then if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then @@ -1646,12 +1650,12 @@ __initHome() { ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH" fi - DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log" + DEFAULT_LOG_FILE="$CONFIG_HOME/$PROJECT_NAME.log" - DEFAULT_CA_HOME="$LE_WORKING_DIR/ca" + DEFAULT_CA_HOME="$CONFIG_HOME/ca" if [ -z "$LE_TEMP_DIR" ]; then - LE_TEMP_DIR="$LE_WORKING_DIR/tmp" + LE_TEMP_DIR="$CONFIG_HOME/tmp" fi } @@ -1703,7 +1707,7 @@ _initpath() { fi if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then - APACHE_CONF_BACKUP_DIR="$LE_WORKING_DIR" + APACHE_CONF_BACKUP_DIR="$CONFIG_HOME" fi if [ -z "$USER_AGENT" ]; then @@ -1711,7 +1715,7 @@ _initpath() { fi if [ -z "$HTTP_HEADER" ]; then - HTTP_HEADER="$LE_WORKING_DIR/http.header" + HTTP_HEADER="$CONFIG_HOME/http.header" fi _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key" @@ -1727,7 +1731,7 @@ _initpath() { ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" fi - _DEFAULT_CERT_HOME="$LE_WORKING_DIR" + _DEFAULT_CERT_HOME="$CONFIG_HOME" if [ -z "$CERT_HOME" ]; then CERT_HOME="$_DEFAULT_CERT_HOME" fi @@ -3350,7 +3354,9 @@ _installcert() { } +#confighome installcronjob() { + _c_home="$1" _initpath if ! _exists "crontab"; then _err "crontab doesn't exist, so, we can not install cron jobs." @@ -3367,15 +3373,20 @@ installcronjob() { _err "Can not install cronjob, $PROJECT_ENTRY not found." return 1 fi + + if [ "$_c_home" ]; then + _c_entry="--config-home \"$_c_home\"" + fi + if _exists uname && uname -a | grep SunOS >/dev/null; then crontab -l | { cat - echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry > /dev/null" } | crontab -- else crontab -l | { cat - echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry > /dev/null" } | crontab - fi fi @@ -3401,6 +3412,10 @@ uninstallcronjob() { fi LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')" _info LE_WORKING_DIR "$LE_WORKING_DIR" + if _contains "$cr" "--config-home"; then + CONFIG_HOME="$(echo "$cr" | cut -d ' ' -f 11 | tr -d '"')" + _debug CONFIG_HOME "$CONFIG_HOME" + fi fi _initpath @@ -3664,7 +3679,9 @@ _setShebang() { rm -f "$_file.tmp" } +#confighome _installalias() { + _c_home="$1" _initpath _envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env" @@ -3674,8 +3691,12 @@ _installalias() { echo "$(cat "$_envfile")" | sed "s|^alias le.sh.*$||" >"$_envfile" fi + if [ "$_c_home" ]; then + _c_entry="--config-home '$_c_home'" + fi + _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\"" - _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" + _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\"" _profile="$(_detect_profile)" if [ "$_profile" ]; then @@ -3693,7 +3714,7 @@ _installalias() { if [ -f "$_csh_profile" ]; then _info "Installing alias to '$_csh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" - _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" + _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\"" _setopt "$_csh_profile" "source \"$_cshfile\"" fi @@ -3702,13 +3723,13 @@ _installalias() { if [ -f "$_tcsh_profile" ]; then _info "Installing alias to '$_tcsh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" - _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" + _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\"" _setopt "$_tcsh_profile" "source \"$_cshfile\"" fi } -# nocron +# nocron confighome install() { if [ -z "$LE_WORKING_DIR" ]; then @@ -3716,6 +3737,7 @@ install() { fi _nocron="$1" + _c_home="$2" if ! _initpath; then _err "Install failed." return 1 @@ -3754,6 +3776,13 @@ install() { chmod 700 "$LE_WORKING_DIR" + if ! mkdir -p "$CONFIG_HOME"; then + _err "Can not create config dir: $CONFIG_HOME" + return 1 + fi + + chmod 700 "$CONFIG_HOME" + cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" if [ "$?" != "0" ]; then @@ -3763,7 +3792,7 @@ install() { _info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY" - _installalias + _installalias "$_c_home" for subf in $_SUB_FOLDERS; do if [ -d "$subf" ]; then @@ -3789,7 +3818,7 @@ install() { fi if [ -z "$_nocron" ]; then - installcronjob + installcronjob "$_c_home" fi if [ -z "$NO_DETECT_SH" ]; then @@ -3822,7 +3851,7 @@ uninstall() { _uninstallalias rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY" - _info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself." + _info "The keys and certs are in \"$(__green "$CONFIG_HOME")\", you can remove them by yourself." } @@ -3895,18 +3924,18 @@ Commands: --issue Issue a cert. --signcsr Issue a cert from an existing csr. --deploy Deploy the cert to your server. - --installcert Install the issued cert to apache/nginx or any other server. + --install-cert Install the issued cert to apache/nginx or any other server. --renew, -r Renew a cert. - --renewAll Renew all the certs. + --renew-all Renew all the certs. --revoke Revoke a cert. --list List all the certs. --showcsr Show the content of a csr. - --installcronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. - --uninstallcronjob Uninstall the cron job. The 'uninstall' command can do this automatically. + --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. + --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically. --cron Run cron job to renew all the certs. --toPkcs Export the certificate and key to a pfx file. - --updateaccount Update account info. - --registeraccount Register account key. + --update-account Update account info. + --register-account Register account key. --createAccountKey, -cak Create an account private key, professional use. --createDomainKey, -cdk Create an domain private key, professional use. --createCSR, -ccsr Create CSR , professional use. @@ -3941,7 +3970,8 @@ Parameters: --accountconf Specifies a customized account config file. --home Specifies the home dir for $PROJECT_NAME . - --certhome Specifies the home dir to save all the certs, only valid for '--install' command. + --cert-home Specifies the home dir to save all the certs, only valid for '--install' command. + --config-home Specifies the home dir to save all the configurations. --useragent Specifies the user agent string. it will be saved for future use too. --accountemail Specifies the account email for registering, Only valid for the '--install' command. --accountkey Specifies the account key path, Only valid for the '--install' command. @@ -3950,11 +3980,11 @@ Parameters: --tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer. --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses. --listraw Only used for '--list' command, list the certs in raw format. - --stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal. + --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. - --ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR' + --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --csr Specifies the input csr. --pre-hook Command to be run before obtaining any certificates. --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed. @@ -4063,6 +4093,7 @@ _process() { _accountemail="" _accountkey="" _certhome="" + _confighome="" _httpport="" _tlsport="" _dnssleep="" @@ -4117,13 +4148,13 @@ _process() { --showcsr) _CMD="showcsr" ;; - --installcert | -i) + --installcert | -i|--install-cert) _CMD="installcert" ;; --renew | -r) _CMD="renew" ;; - --renewAll | --renewall) + --renewAll | --renewall|--renew-all) _CMD="renewAll" ;; --revoke) @@ -4132,10 +4163,10 @@ _process() { --list) _CMD="list" ;; - --installcronjob) + --installcronjob|--install-cronjob) _CMD="installcronjob" ;; - --uninstallcronjob) + --uninstallcronjob|--install-cronjob) _CMD="uninstallcronjob" ;; --cron) @@ -4156,10 +4187,10 @@ _process() { --deactivate) _CMD="deactivate" ;; - --updateaccount) + --updateaccount|--update-account) _CMD="updateaccount" ;; - --registeraccount) + --registeraccount|--register-account) _CMD="registeraccount" ;; --domain | -d) @@ -4301,11 +4332,16 @@ _process() { LE_WORKING_DIR="$2" shift ;; - --certhome) + --certhome|--cert-home) _certhome="$2" CERT_HOME="$_certhome" shift ;; + --config-home) + _confighome="$2" + CONFIG_HOME="$_confighome" + shift + ;; --useragent) _useragent="$2" USER_AGENT="$_useragent" @@ -4456,7 +4492,7 @@ _process() { fi case "${_CMD}" in - install) install "$_nocron" ;; + install) install "$_nocron" "$_confighome" ;; uninstall) uninstall "$_nocron" ;; upgrade) upgrade ;; issue) @@ -4495,7 +4531,7 @@ _process() { list) list "$_listraw" ;; - installcronjob) installcronjob ;; + installcronjob) installcronjob "$_confighome" ;; uninstallcronjob) uninstallcronjob ;; cron) cron ;; toPkcs) @@ -4512,7 +4548,9 @@ _process() { ;; *) - _err "Invalid command: $_CMD" + if [ "$_CMD" ]; then + _err "Invalid command: $_CMD" + fi showhelp return 1 ;; From 80941f84137c45014da23d7e3db17e3d267305c9 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 16 Jan 2017 22:36:13 +0800 Subject: [PATCH 2/5] minor --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 0cbae7b..07500ee 100755 --- a/acme.sh +++ b/acme.sh @@ -3375,18 +3375,18 @@ installcronjob() { fi if [ "$_c_home" ]; then - _c_entry="--config-home \"$_c_home\"" + _c_entry="--config-home \"$_c_home\" " fi if _exists uname && uname -a | grep SunOS >/dev/null; then crontab -l | { cat - echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry > /dev/null" + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" } | crontab -- else crontab -l | { cat - echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry > /dev/null" + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" } | crontab - fi fi From ee20015d4460b2b9bd5647f9e3d4e5f9bd1dbc6d Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 17 Jan 2017 13:04:02 +0800 Subject: [PATCH 3/5] fix format --- acme.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index 07500ee..b58a3f4 100755 --- a/acme.sh +++ b/acme.sh @@ -4148,7 +4148,7 @@ _process() { --showcsr) _CMD="showcsr" ;; - --installcert | -i|--install-cert) + --installcert | -i| --install-cert) _CMD="installcert" ;; --renew | -r) @@ -4163,10 +4163,10 @@ _process() { --list) _CMD="list" ;; - --installcronjob|--install-cronjob) + --installcronjob | --install-cronjob) _CMD="installcronjob" ;; - --uninstallcronjob|--install-cronjob) + --uninstallcronjob|--uninstall-cronjob) _CMD="uninstallcronjob" ;; --cron) @@ -4187,10 +4187,10 @@ _process() { --deactivate) _CMD="deactivate" ;; - --updateaccount|--update-account) + --updateaccount | --update-account) _CMD="updateaccount" ;; - --registeraccount|--register-account) + --registeraccount | --register-account) _CMD="registeraccount" ;; --domain | -d) @@ -4332,7 +4332,7 @@ _process() { LE_WORKING_DIR="$2" shift ;; - --certhome|--cert-home) + --certhome | --cert-home) _certhome="$2" CERT_HOME="$_certhome" shift From db7e4bf9405c55e2361a8f2140c60b092c6c1d3c Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 17 Jan 2017 13:06:44 +0800 Subject: [PATCH 4/5] fix format --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index b58a3f4..c24b019 100755 --- a/acme.sh +++ b/acme.sh @@ -4148,13 +4148,13 @@ _process() { --showcsr) _CMD="showcsr" ;; - --installcert | -i| --install-cert) + --installcert | -i | --install-cert) _CMD="installcert" ;; --renew | -r) _CMD="renew" ;; - --renewAll | --renewall|--renew-all) + --renewAll | --renewall | --renew-all) _CMD="renewAll" ;; --revoke) @@ -4166,7 +4166,7 @@ _process() { --installcronjob | --install-cronjob) _CMD="installcronjob" ;; - --uninstallcronjob|--uninstall-cronjob) + --uninstallcronjob | --uninstall-cronjob) _CMD="uninstallcronjob" ;; --cron) From f5b546b3c8c437b2e43406ac15df575e34210a9b Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 21 Jan 2017 11:28:10 +0800 Subject: [PATCH 5/5] rename to LE_CONFIG_HOME --- acme.sh | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/acme.sh b/acme.sh index b9da2f4..33fd620 100755 --- a/acme.sh +++ b/acme.sh @@ -1634,11 +1634,13 @@ __initHome() { fi export LE_WORKING_DIR - if [ -z "$CONFIG_HOME" ]; then - CONFIG_HOME="$LE_WORKING_DIR" + if [ -z "$LE_CONFIG_HOME" ]; then + LE_CONFIG_HOME="$LE_WORKING_DIR" fi + _debug "Using config home:$LE_CONFIG_HOME" + export LE_CONFIG_HOME - _DEFAULT_ACCOUNT_CONF_PATH="$CONFIG_HOME/account.conf" + _DEFAULT_ACCOUNT_CONF_PATH="$LE_CONFIG_HOME/account.conf" if [ -z "$ACCOUNT_CONF_PATH" ]; then if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then @@ -1650,12 +1652,12 @@ __initHome() { ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH" fi - DEFAULT_LOG_FILE="$CONFIG_HOME/$PROJECT_NAME.log" + DEFAULT_LOG_FILE="$LE_CONFIG_HOME/$PROJECT_NAME.log" - DEFAULT_CA_HOME="$CONFIG_HOME/ca" + DEFAULT_CA_HOME="$LE_CONFIG_HOME/ca" if [ -z "$LE_TEMP_DIR" ]; then - LE_TEMP_DIR="$CONFIG_HOME/tmp" + LE_TEMP_DIR="$LE_CONFIG_HOME/tmp" fi } @@ -1707,7 +1709,7 @@ _initpath() { fi if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then - APACHE_CONF_BACKUP_DIR="$CONFIG_HOME" + APACHE_CONF_BACKUP_DIR="$LE_CONFIG_HOME" fi if [ -z "$USER_AGENT" ]; then @@ -1715,7 +1717,7 @@ _initpath() { fi if [ -z "$HTTP_HEADER" ]; then - HTTP_HEADER="$CONFIG_HOME/http.header" + HTTP_HEADER="$LE_CONFIG_HOME/http.header" fi _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key" @@ -1731,7 +1733,7 @@ _initpath() { ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" fi - _DEFAULT_CERT_HOME="$CONFIG_HOME" + _DEFAULT_CERT_HOME="$LE_CONFIG_HOME" if [ -z "$CERT_HOME" ]; then CERT_HOME="$_DEFAULT_CERT_HOME" fi @@ -3418,8 +3420,8 @@ uninstallcronjob() { LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')" _info LE_WORKING_DIR "$LE_WORKING_DIR" if _contains "$cr" "--config-home"; then - CONFIG_HOME="$(echo "$cr" | cut -d ' ' -f 11 | tr -d '"')" - _debug CONFIG_HOME "$CONFIG_HOME" + LE_CONFIG_HOME="$(echo "$cr" | cut -d ' ' -f 11 | tr -d '"')" + _debug LE_CONFIG_HOME "$LE_CONFIG_HOME" fi fi _initpath @@ -3701,6 +3703,9 @@ _installalias() { fi _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\"" + if [ "$_c_home" ]; then + _setopt "$_envfile" "export LE_CONFIG_HOME" "=" "\"$LE_CONFIG_HOME\"" + fi _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\"" _profile="$(_detect_profile)" @@ -3719,6 +3724,9 @@ _installalias() { if [ -f "$_csh_profile" ]; then _info "Installing alias to '$_csh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" + if [ "$_c_home" ]; then + _setopt "$_cshfile" "setenv LE_CONFIG_HOME" " " "\"$LE_CONFIG_HOME\"" + fi _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\"" _setopt "$_csh_profile" "source \"$_cshfile\"" fi @@ -3728,6 +3736,9 @@ _installalias() { if [ -f "$_tcsh_profile" ]; then _info "Installing alias to '$_tcsh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" + if [ "$_c_home" ]; then + _setopt "$_cshfile" "setenv LE_CONFIG_HOME" " " "\"$LE_CONFIG_HOME\"" + fi _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\"" _setopt "$_tcsh_profile" "source \"$_cshfile\"" fi @@ -3781,12 +3792,12 @@ install() { chmod 700 "$LE_WORKING_DIR" - if ! mkdir -p "$CONFIG_HOME"; then - _err "Can not create config dir: $CONFIG_HOME" + if ! mkdir -p "$LE_CONFIG_HOME"; then + _err "Can not create config dir: $LE_CONFIG_HOME" return 1 fi - chmod 700 "$CONFIG_HOME" + chmod 700 "$LE_CONFIG_HOME" cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" @@ -3856,7 +3867,7 @@ uninstall() { _uninstallalias rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY" - _info "The keys and certs are in \"$(__green "$CONFIG_HOME")\", you can remove them by yourself." + _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\", you can remove them by yourself." } @@ -4344,7 +4355,7 @@ _process() { ;; --config-home) _confighome="$2" - CONFIG_HOME="$_confighome" + LE_CONFIG_HOME="$_confighome" shift ;; --useragent)