diff options
| author | Lexi Winter <ivy@FreeBSD.org> | 2025-06-03 09:53:49 +0100 |
|---|---|---|
| committer | Lexi Winter <ivy@FreeBSD.org> | 2025-06-03 09:53:49 +0100 |
| commit | 6e4bfc59487dbb9d5c80d2debe98f769fe244577 (patch) | |
| tree | 24f9386619f6068925e037b4254859acc0ecc0e0 | |
| parent | 65401ae5872e76f5ceab0c0e808d1e4823c6c0dc (diff) | |
| download | lfacme-6e4bfc59487dbb9d5c80d2debe98f769fe244577.tar.gz lfacme-6e4bfc59487dbb9d5c80d2debe98f769fe244577.tar.bz2 | |
improve path handling
- allow a different configuration directory to be specified with '-c'
- since acme.conf allows the uacme directory to be changed, this allows
the user to change both.
- use /var/db/lfacme as the default datadir instead of putting data
in /etc.
| -rw-r--r-- | init.sh | 47 | ||||
| -rw-r--r-- | lfacme-renew.8 | 16 | ||||
| -rw-r--r-- | lfacme-renew.sh | 29 | ||||
| -rw-r--r-- | lfacme-setup.8 | 19 | ||||
| -rw-r--r-- | lfacme-setup.sh | 27 |
5 files changed, 109 insertions, 29 deletions
@@ -1,19 +1,7 @@ # This source code is released into the public domain. -_BASEDIR="/usr/local" -_SHARE="${_BASEDIR}/share/lfacme" -_CONFDIR="${_BASEDIR}/etc/lfacme" -_CONFIG="${_CONFDIR}/acme.conf" -_DOMAINS="${_CONFDIR}/domains.conf" -_UACME=/usr/local/bin/uacme -_UACME_DIR="${_CONFDIR}/certs" - _PROGNAME="$0" -_uacme() { - "$_UACME" -a "$ACME_URL" -c "$_UACME_DIR" "$@" -} - _fatal() { local _fmt=$1; shift local _msg="$(printf "$_fmt" "$@")" @@ -33,6 +21,22 @@ _warn() { printf >&2 '%s: WARNING: %s\n' "$_PROGNAME" "$_msg" } +# The prefix we're installed in. +_BASEDIR="/usr/local" +# Where the internal scripts are. +_SHARE="${_BASEDIR}/share/lfacme" + +# Our configuration directory. This might be overridden by command-line +# arguments. +if [ -z "$_CONFDIR" ]; then + _CONFDIR="${_BASEDIR}/etc/lfacme" +fi + +# Our configuration file. +_CONFIG="${_CONFDIR}/acme.conf" + +# Read and validate the configuration file. + if ! [ -f "$_CONFIG" ]; then _fatal "missing %s" "$_CONFIG" fi @@ -43,8 +47,8 @@ if [ -z "$ACME_URL" ]; then _fatal "ACME_URL must be set in %s" "$_CONFIG" fi -if [ -z "$ACME_DIR" ]; then - _fatal "ACME_DIR must be set in %s" "$_CONFIG" +if [ -z "$ACME_DATADIR" ]; then + ACME_DATADIR="/var/db/lfacme" fi if [ -z "$ACME_KERBEROS_PRINCIPAL" ]; then @@ -52,5 +56,18 @@ if [ -z "$ACME_KERBEROS_PRINCIPAL" ]; then fi if [ -z "$ACME_HOOKDIR" ]; then - ACME_HOOKDIR="${_CONFDIR}/hooks" + ACME_HOOKDIR="${ACME_CONFDIR}/hooks" fi + +# The domains.conf file. +_DOMAINS="${_CONFDIR}/domains.conf" + +# uacme's base directory; this is where it puts certificates. +_UACME_DIR="${ACME_DATADIR}/certs" + +# The uacme executable. +_UACME=/usr/local/bin/uacme + +_uacme() { + "$_UACME" -a "$ACME_URL" -c "$_UACME_DIR" "$@" +} diff --git a/lfacme-renew.8 b/lfacme-renew.8 index e198dc2..1ed3aba 100644 --- a/lfacme-renew.8 +++ b/lfacme-renew.8 @@ -7,6 +7,8 @@ .Nd issue or renew ACME certificates .Sh SYNOPSIS .Nm +.Op Fl v +.Op Fl c Ar confdir .Sh DESCRIPTION The .Nm @@ -21,6 +23,20 @@ An ACME account must be created using .Xr lfacme-setup 8 before running .Nm . +.Pp +The follow options are accepted: +.Bl -tag -width indent +.It Fl c Ar confdir +Use +.Ar confdir +as the configuration directory instead of the default +.Pa /usr/local/etc/lfacme . +.It Fl v +Produce more output when running. +This also passes the +.Fl v +option to uacme. +.El .Sh SEE ALSO .Xr domains.conf 5 , .Xr lfacme-setup 8 diff --git a/lfacme-renew.sh b/lfacme-renew.sh index e29788c..ce7c7f2 100644 --- a/lfacme-renew.sh +++ b/lfacme-renew.sh @@ -1,17 +1,8 @@ #! /bin/sh # This source code is released into the public domain. -. /usr/local/share/lfacme/init.sh - -if ! [ -d "$_UACME_DIR" ]; then - _fatal "run lfacme-setup first" -fi - -if ! [ -f "$_DOMAINS" ]; then - _fatal "missing $_DOMAINS" -fi - -args=$(getopt v $*) +# Parse command-line arguments. +args=$(getopt c:v $*) if [ $? -ne 0 ]; then exit 1 fi @@ -22,14 +13,28 @@ _uacme_flags="--no-ari" while :; do case "$1" in + -c) + _CONFDIR="$2" + shift; shift;; -v) - _uacme_flags="$_uacme_flags -v" + _uacme_flags="$_uacme_flags $1" shift;; --) shift; break;; esac done +# Initialise. +. /usr/local/share/lfacme/init.sh + +if ! [ -f "$_UACME_DIR/private/key.pem" ]; then + _fatal "run lfacme-setup first" +fi + +if ! [ -f "$_DOMAINS" ]; then + _fatal "missing $_DOMAINS" +fi + # Create a key if it doesn't already exist. It would be better to always # create a new key here, but currently uacme doesn't have a way to tell us # that we need to do that. diff --git a/lfacme-setup.8 b/lfacme-setup.8 index f6c51ca..3cb1a3b 100644 --- a/lfacme-setup.8 +++ b/lfacme-setup.8 @@ -7,6 +7,8 @@ .Nd create a new ACME account .Sh SYNOPSIS .Nm +.Op Fl vy +.Op Fl c Ar confdir .Sh DESCRIPTION The .Nm @@ -16,5 +18,22 @@ If the provider requires accepting terms of service to create an account, the ToS URL will be printed and .Nm will prompt the user to accept them. +.Pp +The follow options are accepted: +.Bl -tag -width indent +.It Fl c Ar confdir +Use +.Ar confdir +as the configuration directory instead of the default +.Pa /usr/local/etc/lfacme . +.It Fl v +Produce more output when running. +This also passes the +.Fl v +option to uacme. +.It Fl y +If the ACME provider requires accepting terms of service, +accept the provided terms automatically. +.El .Sh SEE ALSO .Xr acme.conf 5 diff --git a/lfacme-setup.sh b/lfacme-setup.sh index c2a0798..90c1160 100644 --- a/lfacme-setup.sh +++ b/lfacme-setup.sh @@ -1,8 +1,31 @@ #! /bin/sh # This source code is released into the public domain. +# Parse command-line arguments. +args=$(getopt c:vy $*) +if [ $? -ne 0 ]; then + exit 1 +fi +set -- $args + +_uacme_flags="" + +while :; do + case "$1" in + -c) + _CONFDIR="$2" + shift; shift;; + -v|-y) + _uacme_flags="$_uacme_flags $1" + shift;; + --) + shift; break;; + esac +done + +# Initialise. . /usr/local/share/lfacme/init.sh +# Run uacme. mkdir -p "$_UACME_DIR" - -_uacme new +_uacme $_uacme_flags new |