From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 21 Dec 2015 02:45:28 +0000 (+0000)
Subject: Early commit for testing elsewhere.
X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-letsencrypt/commitdiff_plain/55799f78d34a59c5ce7f7613b1351b130b5c5ad1

Early commit for testing elsewhere.
---

55799f78d34a59c5ce7f7613b1351b130b5c5ad1
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2978b42
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,11 @@
+.cache
+.ccache
+.config
+.lesshst
+.local
+cert/
+etc/
+log/
+req/
+tmp/
+webroot/
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..e087ce7
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "letsencrypt"]
+	path = letsencrypt
+	url = https://github.com/letsencrypt/letsencrypt/
diff --git a/bin/le b/bin/le
new file mode 100755
index 0000000..11963b5
--- /dev/null
+++ b/bin/le
@@ -0,0 +1,10 @@
+#! /bin/sh
+set -e
+. "${0%/*}/../config.sh"
+. $home/lib/lib.sh
+
+run_as_user "$@"
+prepare_tmp le-user
+make_le_conf
+
+exec $home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" "$@"
diff --git a/bin/make-cert b/bin/make-cert
new file mode 100755
index 0000000..8c5605b
--- /dev/null
+++ b/bin/make-cert
@@ -0,0 +1,30 @@
+#! /bin/sh
+set -e
+. "${0%/*}/../config.sh"
+. "$home/lib/lib.sh"
+
+run_as_user "$@"
+
+## Pick out the certificate tag.
+case $# in 0) fail_usage ;; esac
+tag=$1; shift
+case $# in 0) ;; *) fail_usage ;; esac
+
+prepare_tmp $tag
+
+## Get started.
+cd $home/cert/$tag
+openssl req -in req -out $tmp/req.der -outform der
+sans=$(openssl req -in req -text -noout |
+	sed -n '
+	  x
+	  /^ *X509v3 Subject Alternative Name: $/ {
+	    x
+	    s/ *DNS://g
+	    s/,/ /g
+	    p
+	    x
+	  }')
+make_le_conf $sans
+
+cat "$tmp/le.conf"
diff --git a/bin/setup b/bin/setup
new file mode 100755
index 0000000..13c9bb3
--- /dev/null
+++ b/bin/setup
@@ -0,0 +1,24 @@
+#! /bin/sh
+set -ex
+
+user=letsencrypt
+home=$(getent passwd $user | cut -d: -f6)
+cd $home
+
+while read d m u g; do
+  mkdir -p $d
+  chmod $m $d
+  chown $u:$g $d
+done <<EOF
+.					 755	root	root
+.cache					2775	root	$user
+.config					2775	root	$user
+.local					2775	root	$user
+cert					2775	root	$user
+etc					2770	root	$user
+log					2775	root	$user
+tmp					2770	root	$user
+webroot					 755	root	root
+webroot/.well-known			 755	root	root
+webroot/.well-known/acme-challenge	2775	root	$user
+EOF
diff --git a/bin/sudo b/bin/sudo
new file mode 100755
index 0000000..ee70818
--- /dev/null
+++ b/bin/sudo
@@ -0,0 +1,2 @@
+#! /bin/sh
+exec "$@"
diff --git a/config.sh b/config.sh
new file mode 100644
index 0000000..ab184af
--- /dev/null
+++ b/config.sh
@@ -0,0 +1,3 @@
+### -*-sh-*-
+user=letsencrypt
+home=$(getent passwd $user | cut -d: -f6)
diff --git a/le.conf.skel b/le.conf.skel
new file mode 100644
index 0000000..d3c61bf
--- /dev/null
+++ b/le.conf.skel
@@ -0,0 +1,8 @@
+### -*-conf-*-
+
+email = mdw@distorted.org.uk
+text = true
+authenticator = webroot
+
+config-dir = /var/lib/letsencrypt/etc
+logs-dir = /var/lib/letsencrypt/log
diff --git a/letsencrypt b/letsencrypt
new file mode 160000
index 0000000..ce14851
--- /dev/null
+++ b/letsencrypt
@@ -0,0 +1 @@
+Subproject commit ce14851232c39aa1151ecd9c7b77ef910059d46c
diff --git a/lib/lib.sh b/lib/lib.sh
new file mode 100644
index 0000000..7b4aab1
--- /dev/null
+++ b/lib/lib.sh
@@ -0,0 +1,43 @@
+### -*-sh-*-
+
+prog=${0##*/}
+
+usage () { echo "usage: $prog $usage"; }
+fail () { echo >&2 "$prog: $*"; exit 1; }
+fail_usage () { usage >&2; exit 1; }
+
+run_as_user () {
+  case $(id -un) in
+    $user) ;;
+    *) exec sudo -u$user "$0" "$@" ;;
+  esac
+  HOME=$home; export HOME
+  PATH=$home/bin:/usr/local/bin:/bin:/usr/bin; export PATH
+}
+
+prepare_tmp () {
+  tag=$1
+
+  tmp=$home/tmp/$tag.$$
+  rm -rf $tmp
+  mkdir $tmp
+  trap 'cd $home; rm -rf $tmp' EXIT INT TERM
+}
+
+make_le_conf () {
+  { cat $home/le.conf.skel
+    echo "work-dir = $tmp"
+    echo
+    case $# in
+      0) ;;
+      *)
+	map="webroot-map = {" sep=" "
+	for san in "$@"; do
+	  map="$map$sep\"$san\": \"$home/webroot\"" sep=", "
+	done
+	map="$map }"
+	echo "$map"
+	;;
+    esac
+  } >$tmp/le.conf
+}
\ No newline at end of file