Early commit for testing elsewhere.

author Mark Wooding <mdw@distorted.org.uk>

Mon, 21 Dec 2015 02:45:28 +0000 (02:45 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Mon, 21 Dec 2015 02:45:28 +0000 (02:45 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Mon, 21 Dec 2015 02:45:28 +0000 (02:45 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Mon, 21 Dec 2015 02:45:28 +0000 (02:45 +0000)
diff --git a/.gitignore b/.gitignore

new file mode 100644 (file)

index 0000000..2978b42
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,11 @@
+.cache
+.ccache
+.config
+.lesshst
+.local
+cert/
+etc/
+log/
+req/
+tmp/
+webroot/
diff --git a/.gitmodules b/.gitmodules

new file mode 100644 (file)

index 0000000..e087ce7
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "letsencrypt"]
+       path = letsencrypt
+       url = https://github.com/letsencrypt/letsencrypt/
diff --git a/bin/le b/bin/le

new file mode 100755 (executable)

index 0000000..11963b5
--- /dev/null
+++ b/bin/le
@@ -0,0 +1,10 @@
+#! /bin/sh
+set -e
+. "${0%/*}/../config.sh"
+. $home/lib/lib.sh
+
+run_as_user "$@"
+prepare_tmp le-user
+make_le_conf
+
+exec $home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" "$@"
diff --git a/bin/make-cert b/bin/make-cert

new file mode 100755 (executable)

index 0000000..8c5605b
--- /dev/null
+++ b/bin/make-cert
@@ -0,0 +1,30 @@
+#! /bin/sh
+set -e
+. "${0%/*}/../config.sh"
+. "$home/lib/lib.sh"
+
+run_as_user "$@"
+
+## Pick out the certificate tag.
+case $# in 0) fail_usage ;; esac
+tag=$1; shift
+case $# in 0) ;; *) fail_usage ;; esac
+
+prepare_tmp $tag
+
+## Get started.
+cd $home/cert/$tag
+openssl req -in req -out $tmp/req.der -outform der
+sans=$(openssl req -in req -text -noout |
+       sed -n '
+         x
+         /^ *X509v3 Subject Alternative Name: $/ {
+           x
+           s/ *DNS://g
+           s/,/ /g
+           p
+           x
+         }')
+make_le_conf $sans
+
+cat "$tmp/le.conf"
diff --git a/bin/setup b/bin/setup

new file mode 100755 (executable)

index 0000000..13c9bb3
--- /dev/null
+++ b/bin/setup
@@ -0,0 +1,24 @@
+#! /bin/sh
+set -ex
+
+user=letsencrypt
+home=$(getent passwd $user | cut -d: -f6)
+cd $home
+
+while read d m u g; do
+  mkdir -p $d
+  chmod $m $d
+  chown $u:$g $d
+done <<EOF
+.                                       755    root    root
+.cache                                 2775    root    $user
+.config                                        2775    root    $user
+.local                                 2775    root    $user
+cert                                   2775    root    $user
+etc                                    2770    root    $user
+log                                    2775    root    $user
+tmp                                    2770    root    $user
+webroot                                         755    root    root
+webroot/.well-known                     755    root    root
+webroot/.well-known/acme-challenge     2775    root    $user
+EOF
diff --git a/bin/sudo b/bin/sudo

new file mode 100755 (executable)

index 0000000..ee70818
--- /dev/null
+++ b/bin/sudo
@@ -0,0 +1,2 @@
+#! /bin/sh
+exec "$@"
diff --git a/config.sh b/config.sh

new file mode 100644 (file)

index 0000000..ab184af
--- /dev/null
+++ b/config.sh
@@ -0,0 +1,3 @@
+### -*-sh-*-
+user=letsencrypt
+home=$(getent passwd $user | cut -d: -f6)
diff --git a/le.conf.skel b/le.conf.skel

new file mode 100644 (file)

index 0000000..d3c61bf
--- /dev/null
+++ b/le.conf.skel
@@ -0,0 +1,8 @@
+### -*-conf-*-
+
+email = mdw@distorted.org.uk
+text = true
+authenticator = webroot
+
+config-dir = /var/lib/letsencrypt/etc
+logs-dir = /var/lib/letsencrypt/log
diff --git a/letsencrypt b/letsencrypt

new file mode 160000 (submodule)

index 0000000..ce14851
--- /dev/null
+++ b/letsencrypt
@@ -0,0 +1 @@
+Subproject commit ce14851232c39aa1151ecd9c7b77ef910059d46c
diff --git a/lib/lib.sh b/lib/lib.sh

new file mode 100644 (file)

index 0000000..7b4aab1
--- /dev/null
+++ b/lib/lib.sh
@@ -0,0 +1,43 @@
+### -*-sh-*-
+
+prog=${0##*/}
+
+usage () { echo "usage: $prog $usage"; }
+fail () { echo >&2 "$prog: $*"; exit 1; }
+fail_usage () { usage >&2; exit 1; }
+
+run_as_user () {
+  case $(id -un) in
+    $user) ;;
+    *) exec sudo -u$user "$0" "$@" ;;
+  esac
+  HOME=$home; export HOME
+  PATH=$home/bin:/usr/local/bin:/bin:/usr/bin; export PATH
+}
+
+prepare_tmp () {
+  tag=$1
+
+  tmp=$home/tmp/$tag.$$
+  rm -rf $tmp
+  mkdir $tmp
+  trap 'cd $home; rm -rf $tmp' EXIT INT TERM
+}
+
+make_le_conf () {
+  { cat $home/le.conf.skel
+    echo "work-dir = $tmp"
+    echo
+    case $# in
+      0) ;;
+      *)
+       map="webroot-map = {" sep=" "
+       for san in "$@"; do
+         map="$map$sep\"$san\": \"$home/webroot\"" sep=", "
+       done
+       map="$map }"
+       echo "$map"
+       ;;
+    esac
+  } >$tmp/le.conf
+}
+\ No newline at end of file
author	Mark Wooding <mdw@distorted.org.uk>
	Mon, 21 Dec 2015 02:45:28 +0000 (02:45 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Mon, 21 Dec 2015 02:45:28 +0000 (02:45 +0000)
.gitignore	[new file with mode: 0644]	patch \| blob
.gitmodules	[new file with mode: 0644]	patch \| blob
bin/le	[new file with mode: 0755]	patch \| blob
bin/make-cert	[new file with mode: 0755]	patch \| blob
bin/setup	[new file with mode: 0755]	patch \| blob
bin/sudo	[new file with mode: 0755]	patch \| blob
config.sh	[new file with mode: 0644]	patch \| blob
le.conf.skel	[new file with mode: 0644]	patch \| blob
letsencrypt	[new submodule]	patch \| blob
lib/lib.sh	[new file with mode: 0644]	patch \| blob