diff options
| author | Lexi Winter <ivy@FreeBSD.org> | 2025-06-04 10:42:19 +0100 |
|---|---|---|
| committer | Lexi Winter <ivy@FreeBSD.org> | 2025-06-04 10:56:04 +0100 |
| commit | 15010d062ae276a92065cd6ea7dc94b749e20756 (patch) | |
| tree | 8745f89f933826afbb329b4fc447186a1200610d | |
| parent | 09aa3870070960d37d7bdbb724f4ac7b68395fdf (diff) | |
| download | lfacme-15010d062ae276a92065cd6ea7dc94b749e20756.tar.gz lfacme-15010d062ae276a92065cd6ea7dc94b749e20756.tar.bz2 | |
allow PREFIX to be customised
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | 900.lfacme.sh.in (renamed from 900.lfacme.sh) | 6 | ||||
| -rw-r--r-- | Makefile | 106 | ||||
| -rw-r--r-- | README | 3 | ||||
| -rw-r--r-- | acme.conf.5.in (renamed from acme.conf.5) | 4 | ||||
| -rw-r--r-- | acme.conf.sample.in (renamed from acme.conf.sample) | 2 | ||||
| -rw-r--r-- | dns.sh.in (renamed from dns.sh) | 4 | ||||
| -rw-r--r-- | dnsutils.sh.in (renamed from dnsutils.sh) | 0 | ||||
| -rw-r--r-- | domains.conf.5.in (renamed from domains.conf.5) | 8 | ||||
| -rw-r--r-- | domains.conf.sample.in (renamed from domains.conf.sample) | 0 | ||||
| -rw-r--r-- | example-hook.sh.in (renamed from example-hook.sh) | 4 | ||||
| -rw-r--r-- | http.sh.in (renamed from http.sh) | 2 | ||||
| -rw-r--r-- | init.sh.in (renamed from init.sh) | 4 | ||||
| -rw-r--r-- | kerberos.sh.in (renamed from kerberos.sh) | 4 | ||||
| -rw-r--r-- | lfacme-dns.7.in (renamed from lfacme-dns.7) | 0 | ||||
| -rw-r--r-- | lfacme-http.7.in (renamed from lfacme-http.7) | 0 | ||||
| -rw-r--r-- | lfacme-kerberos.7.in (renamed from lfacme-kerberos.7) | 0 | ||||
| -rw-r--r-- | lfacme-renew.8.in (renamed from lfacme-renew.8) | 2 | ||||
| -rw-r--r-- | lfacme-renew.sh.in (renamed from lfacme-renew.sh) | 2 | ||||
| -rw-r--r-- | lfacme-setup.8.in (renamed from lfacme-setup.8) | 2 | ||||
| -rw-r--r-- | lfacme-setup.sh.in (renamed from lfacme-setup.sh) | 2 | ||||
| -rw-r--r-- | lfacme.7.in (renamed from lfacme.7) | 6 |
22 files changed, 94 insertions, 70 deletions
@@ -1,2 +1,5 @@ .*.sw? /dist +*.[12345678] +*.sh +*.sample diff --git a/900.lfacme.sh b/900.lfacme.sh.in index dabb890..f1fae33 100644 --- a/900.lfacme.sh +++ b/900.lfacme.sh.in @@ -8,12 +8,12 @@ if [ -r /etc/defaults/periodic.conf ]; then source_periodic_confs fi -PATH=$PATH:/usr/local/bin:/usr/local/sbin +PATH=$PATH:__PREFIX__/bin:__PREFIX__/sbin export PATH # Exit if lfacme isn't installed but the periodic script was left over # for some reason. -if ! [ -x /usr/local/sbin/lfacme-renew ]; then +if ! [ -x __BINDIR__/lfacme-renew ]; then exit 0 fi @@ -21,7 +21,7 @@ case "$daily_lfacme_enable" in [Yy][Ee][Ss]) printf 'Renewing ACME certificates with lfacme:\n' - /usr/local/sbin/lfacme-renew + __BINDIR__/lfacme-renew ;; *) @@ -3,10 +3,11 @@ PREFIX?= /usr/local DESTDIR?= -LIBDIR?= ${DESTDIR}${PREFIX}/share/lfacme -BINDIR?= ${DESTDIR}${PREFIX}/sbin -CONFDIR?= ${DESTDIR}${PREFIX}/etc -MANDIR?= ${DESTDIR}${PREFIX}/share/man +LIBDIR?= ${PREFIX}/share/lfacme +BINDIR?= ${PREFIX}/sbin +CONFDIR?= ${PREFIX}/etc +MANDIR?= ${PREFIX}/share/man +PERIODICDIR= ${PREFIX}/etc/periodic/daily MAN5DIR?= ${MANDIR}/man5 MAN7DIR?= ${MANDIR}/man7 MAN8DIR?= ${MANDIR}/man8 @@ -41,80 +42,103 @@ MAN7= lfacme.7 \ MAN8= lfacme-renew.8 \ lfacme-setup.8 -PERIODICDIR= /usr/local/etc/periodic/daily PERIODICMODE?= 0755 PERIODIC= 900.lfacme.sh +SED?= sed +REPLACE= sed -e 's,__PREFIX__,${PREFIX},g' \ + -e 's,__CONFDIR__,${CONFDIR},g' \ + -e 's,__LIBDIR__,${LIBDIR},g' \ + -e 's,__BINDIR__,${BINDIR},g' + default: all -all: - @echo "Nothing to do." +all: ${MAN5} ${MAN7} ${MAN8} ${LIB} ${BIN} ${CHALLENGE} ${HOOK} ${PERIODIC} ${CONF} + +clean: + rm -f ${MAN5} ${MAN7} ${MAN8} ${LIB} ${BIN} + rm -f ${HOOK} ${CHALLENGE} ${PERIODIC} ${CONF} + +%.sh: %.sh.in + ${REPLACE} <$< >$@ + +%.sample: %.sample.in + ${REPLACE} <$< >$@ + +%.5: %.5.in + ${REPLACE} <$< >$@ + +%.7: %.7.in + ${REPLACE} <$< >$@ + +%.8: %.8.in + ${REPLACE} <$< >$@ install: install-lib install-bin install-conf install-hook install-man install-periodic -install-lib: - @echo 'create ${LIBDIR}'; install -d ${LIBDIR} +install-lib: all + @echo 'create ${DESTDIR}${LIBDIR}'; install -d ${DESTDIR}${LIBDIR} @for lib in ${LIB}; do \ - echo "install ${LIBDIR}/$$lib"; \ - install -C -m ${LIBMODE} "$$lib" "${LIBDIR}/$$lib"; \ + echo "install ${DESTDIR}${LIBDIR}/$$lib"; \ + install -C -m ${LIBMODE} "$$lib" "${DESTDIR}${LIBDIR}/$$lib"; \ done - @echo 'create ${LIBDIR}/challenge'; install -d ${LIBDIR}/challenge; + @echo 'create ${DESTDIR}${LIBDIR}/challenge'; install -d ${DESTDIR}${LIBDIR}/challenge; @for challenge in ${CHALLENGE}; do \ basename=$${challenge%*.sh}; \ - echo "install ${LIBDIR}/challenge/$$basename"; \ + echo "install ${DESTDIR}${LIBDIR}/challenge/$$basename"; \ install -C -m ${CHALLENGEMODE} "$$challenge" \ - "${LIBDIR}/challenge/$$basename"; \ + "${DESTDIR}${LIBDIR}/challenge/$$basename"; \ done -install-bin: - @echo 'create ${BINDIR}'; install -d ${BINDIR} +install-bin: all + @echo 'create ${DESTDIR}${BINDIR}'; install -d ${DESTDIR}${BINDIR} @for bin in ${BIN}; do \ basename=$${bin%*.sh}; \ - echo "install ${BINDIR}/$$basename"; \ - install -C -m ${BINMODE} "$$bin" "${BINDIR}/$$basename"; \ + echo "install ${DESTDIR}${BINDIR}/$$basename"; \ + install -C -m ${BINMODE} "$$bin" "${DESTDIR}${BINDIR}/$$basename"; \ done -install-conf: - @echo 'create ${CONFDIR}'; install -d ${CONFDIR}; +install-conf: all + @echo 'create ${DESTDIR}${CONFDIR}'; install -d ${DESTDIR}${CONFDIR}; @for conf in ${CONF}; do \ - echo "install ${CONFDIR}/$$conf"; \ - install -C -m ${CONFMODE} "$$conf" "${CONFDIR}/$$conf"; \ + echo "install ${DESTDIR}${CONFDIR}/$$conf"; \ + install -C -m ${CONFMODE} "$$conf" "${DESTDIR}${CONFDIR}/$$conf"; \ done -install-hook: - @echo 'create ${HOOKDIR}'; install -d ${HOOKDIR}; +install-hook: all + @echo 'create ${DESTDIR}${HOOKDIR}'; install -d ${DESTDIR}${HOOKDIR}; @for hook in ${HOOK}; do \ basename=$${hook%*.sh}; \ - echo "install ${HOOKDIR}/$$basename"; \ - install -C -m ${HOOKMODE} "$$hook" "${HOOKDIR}/$$basename"; \ + echo "install ${DESTDIR}${HOOKDIR}/$$basename"; \ + install -C -m ${HOOKMODE} "$$hook" "${DESTDIR}${HOOKDIR}/$$basename"; \ done -install-man: - @echo 'create ${MANDIR}'; install -d ${MANDIR} - @echo 'create ${MAN5DIR}'; install -d ${MAN5DIR} +install-man: all + @echo 'create ${DESTDIR}${MANDIR}'; install -d ${DESTDIR}${MANDIR} + @echo 'create ${DESTDIR}${MAN5DIR}'; install -d ${DESTDIR}${MAN5DIR} @for man in ${MAN5}; do \ - echo "install ${MAN5DIR}/$$man"; \ - install -C -m ${MANMODE} "$$man" "${MAN5DIR}/$$man"; \ + echo "install ${DESTDIR}${MAN5DIR}/$$man"; \ + install -C -m ${MANMODE} "$$man" "${DESTDIR}${MAN5DIR}/$$man"; \ done - @echo 'create ${MAN7DIR}'; install -d ${MAN7DIR} + @echo 'create ${DESTDIR}${MAN7DIR}'; install -d ${DESTDIR}${MAN7DIR} @for man in ${MAN7}; do \ - echo "install ${MAN7DIR}/$$man"; \ - install -C -m ${MANMODE} "$$man" "${MAN7DIR}/$$man"; \ + echo "install ${DESTDIR}${MAN7DIR}/$$man"; \ + install -C -m ${MANMODE} "$$man" "${DESTDIR}${MAN7DIR}/$$man"; \ done - @echo 'create ${MAN8DIR}'; install -d ${MAN8DIR} + @echo 'create ${DESTDIR}${MAN8DIR}'; install -d ${DESTDIR}${MAN8DIR} @for man in ${MAN8}; do \ - echo "install ${MAN8DIR}/$$man"; \ - install -C -m ${MANMODE} "$$man" "${MAN8DIR}/$$man"; \ + echo "install ${DESTDIR}${MAN8DIR}/$$man"; \ + install -C -m ${MANMODE} "$$man" "${DESTDIR}${MAN8DIR}/$$man"; \ done -install-periodic: +install-periodic: all @if [ $$(uname) = "FreeBSD" ]; then \ - echo 'create ${PERIODICDIR}'; install -d ${PERIODICDIR}; \ + echo 'create ${DESTDIR}${PERIODICDIR}'; install -d ${DESTDIR}${PERIODICDIR}; \ for periodic in ${PERIODIC}; do \ basename=$${periodic%*.sh}; \ - echo "install ${PERIODICDIR}/$$basename"; \ + echo "install ${DESTDIR}${PERIODICDIR}/$$basename"; \ install -C -m ${PERIODICMODE} "$$periodic" \ - "${PERIODICDIR}/$$basename"; \ + "${DESTDIR}${PERIODICDIR}/$$basename"; \ done; \ fi @@ -60,9 +60,6 @@ usage known issues ------------ -+ lfacme assumes it's installed in /usr/local. if you want to change this, - you'll need to edit the scripts. - + we disable ARI in uacme (uacme --no-ari) because it's broken on non-glibc platforms. this is a uacme bug: https://github.com/ndilieto/uacme/issues/91. the only impact of this is that certificates will be renewed 30 days before diff --git a/acme.conf.5 b/acme.conf.5.in index f1f2638..2210cad 100644 --- a/acme.conf.5 +++ b/acme.conf.5.in @@ -6,7 +6,7 @@ .Nm acme.conf .Nd lfacme global configuration file .Sh SYNOPSIS -.Pa /usr/local/etc/lfacme/acme.conf +.Pa __CONFDIR__/acme.conf .Sh DESCRIPTION The .Nm @@ -39,7 +39,7 @@ The path to a directory containing hooks to invoke when issuing certificates (see .Xr domains.conf 5 ) . The default value is -.Pa /usr/local/etc/lfacme/hooks . +.Pa __CONFDIR__/hooks . .El .Pp Additional configuration variables may be used by the ACME validation hooks; diff --git a/acme.conf.sample b/acme.conf.sample.in index f1d0906..d6cea21 100644 --- a/acme.conf.sample +++ b/acme.conf.sample.in @@ -30,7 +30,7 @@ ### ACME_HOOKDIR # The path to the directory containing certificate hooks. -# The default is "/usr/local/etc/lfacme/hooks". +# The default is "__CONFDIR__/hooks". # There is usually no need to change this. #ACME_HOOKDIR="/some/directory" @@ -1,8 +1,8 @@ #! /bin/sh # This source code is released into the public domain. -. /usr/local/share/lfacme/init.sh -. /usr/local/share/lfacme/dnsutils.sh +. __LIBDIR__/init.sh +. __LIBDIR__/dnsutils.sh # begin, done or failed ACTION=$1 diff --git a/dnsutils.sh b/dnsutils.sh.in index a1523ff..a1523ff 100644 --- a/dnsutils.sh +++ b/dnsutils.sh.in diff --git a/domains.conf.5 b/domains.conf.5.in index fd071e4..4ac27db 100644 --- a/domains.conf.5 +++ b/domains.conf.5.in @@ -6,7 +6,7 @@ .Nm domains.conf .Nd lfacme domains configuration file .Sh SYNOPSIS -.Pa /usr/local/etc/lfacme/domains.conf +.Pa __CONFDIR__/domains.conf .Sh DESCRIPTION The .Nm @@ -55,9 +55,9 @@ begins with a .Sq / character, then it is assumed to be an absolute path, otherwise it will be searched for in -.Pa /usr/local/share/lfacme/challenge +.Pa __LIBDIR__/challenge and -.Pa /usr/local/etc/lfacme/challenge . +.Pa __CONFDIR__/challenge . .Pp The challenge script is passed to .Xr uacme 1 ; @@ -111,7 +111,7 @@ The following environment variables will be set when running the hook script: The .Nm lfacme configuration directory, e.g. -.Pa /usr/local/etc/lfacme . +.Pa __CONFDIR__ . .It Sy LFACME_CERT The identifier of the certificate, i.e. the first field in .Nm . diff --git a/domains.conf.sample b/domains.conf.sample.in index 59ce539..59ce539 100644 --- a/domains.conf.sample +++ b/domains.conf.sample.in diff --git a/example-hook.sh b/example-hook.sh.in index 48eb07b..64e0252 100644 --- a/example-hook.sh +++ b/example-hook.sh.in @@ -16,8 +16,8 @@ set -e case "$action" in newcert) # The certificate was issued or renewed. - cp "$LFACME_CERTFILE" /usr/local/etc/nginx/tls/cert.pem - cp "$LFACME_KEYFILE" /usr/local/etc/nginx/tls/key.pem + cp "$LFACME_CERTFILE" __PREFIX__/etc/nginx/tls/cert.pem + cp "$LFACME_KEYFILE" __PREFIX__/etc/nginx/tls/key.pem nginx -s reload ;; @@ -1,7 +1,7 @@ #! /bin/sh # This source code is released into the public domain. -. /usr/local/share/lfacme/init.sh +. __LIBDIR__/init.sh # begin, done or failed ACTION=$1 @@ -38,7 +38,7 @@ _verbose() { } # The prefix we're installed in. -_BASEDIR="/usr/local" +_BASEDIR="__PREFIX__" # Where the internal scripts are. _SHARE="${_BASEDIR}/share/lfacme" _CHALLENGE="${_SHARE}/challenge" @@ -89,7 +89,7 @@ _DOMAINS="${_CONFDIR}/domains.conf" _UACME_DIR="${ACME_DATADIR}/certs" # The uacme executable. -_UACME=/usr/local/bin/uacme +_UACME=uacme _LFACME_UACME_FLAGS="" if ! [ -z "$LFACME_VERBOSE" ]; then diff --git a/kerberos.sh b/kerberos.sh.in index 543abc6..41d99c2 100644 --- a/kerberos.sh +++ b/kerberos.sh.in @@ -1,8 +1,8 @@ #! /bin/sh # This source code is released into the public domain. -. /usr/local/share/lfacme/init.sh -. /usr/local/share/lfacme/dnsutils.sh +. __LIBDIR__/init.sh +. __LIBDIR__/dnsutils.sh # begin, done or failed ACTION=$1 diff --git a/lfacme-dns.7 b/lfacme-dns.7.in index 5e46215..5e46215 100644 --- a/lfacme-dns.7 +++ b/lfacme-dns.7.in diff --git a/lfacme-http.7 b/lfacme-http.7.in index 25b7aac..25b7aac 100644 --- a/lfacme-http.7 +++ b/lfacme-http.7.in diff --git a/lfacme-kerberos.7 b/lfacme-kerberos.7.in index b3afd0c..b3afd0c 100644 --- a/lfacme-kerberos.7 +++ b/lfacme-kerberos.7.in diff --git a/lfacme-renew.8 b/lfacme-renew.8.in index 5d54e17..66d9f3d 100644 --- a/lfacme-renew.8 +++ b/lfacme-renew.8.in @@ -30,7 +30,7 @@ The follow options are accepted: Use .Ar confdir as the configuration directory instead of the default -.Pa /usr/local/etc/lfacme . +.Pa __CONFDIR__ . .It Fl v Produce more output when running. This also passes the diff --git a/lfacme-renew.sh b/lfacme-renew.sh.in index 0dc0392..5b471c7 100644 --- a/lfacme-renew.sh +++ b/lfacme-renew.sh.in @@ -25,7 +25,7 @@ while :; do done # Initialise. -. /usr/local/share/lfacme/init.sh +. __LIBDIR__/init.sh if ! [ -f "$_UACME_DIR/private/key.pem" ]; then _fatal "run lfacme-setup first" diff --git a/lfacme-setup.8 b/lfacme-setup.8.in index f34e518..893c0b2 100644 --- a/lfacme-setup.8 +++ b/lfacme-setup.8.in @@ -25,7 +25,7 @@ The follow options are accepted: Use .Ar confdir as the configuration directory instead of the default -.Pa /usr/local/etc/lfacme . +.Pa __CONFDIR__ . .It Fl v Produce more output when running. This also passes the diff --git a/lfacme-setup.sh b/lfacme-setup.sh.in index f690cba..4b60263 100644 --- a/lfacme-setup.sh +++ b/lfacme-setup.sh.in @@ -27,7 +27,7 @@ while :; do done # Initialise. -. /usr/local/share/lfacme/init.sh +. __LIBDIR__/init.sh # Run uacme. mkdir -p "$_UACME_DIR" @@ -20,11 +20,11 @@ software using those certificates to be automatically (re)configured. Prior to using .Nm , two configuration files must be created: -.Pa /usr/local/etc/lfacme/acme.conf +.Pa __CONFDIR__/acme.conf and -.Pa /usr/local/etc/lfacme/domains.conf . +.Pa __CONFDIR__/domains.conf . Samples of both files are provided in -.Pa /usr/local/etc/lfacme . +.Pa __CONFDIR__lfacme . Refer to .Xr acme.conf 5 and |