From dfa4ce532007fc1ba1e253d8ec5a5924381ed563 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= Date: Sun, 16 Jan 2022 00:52:26 +0100 Subject: [PATCH] v.1.1.4 --- md-message | 45 +++++++++++++++++++++++++++++++++++++++---- md-renewed | 17 +++++++++++----- md-renewed-httpd.conf | 2 ++ md-renewed.conf | 4 +++- md-renewed.path | 4 +++- md-renewed.service | 1 + md-renewed.spec | 26 ++++++++++++++----------- 7 files changed, 77 insertions(+), 22 deletions(-) create mode 100644 md-renewed-httpd.conf diff --git a/md-message b/md-message index 262fabd..76d89e9 100755 --- a/md-message +++ b/md-message @@ -1,10 +1,47 @@ #!/bin/bash +MOD_MD_DIR=/var/lib/httpd/md +MD_RENEWED_DIR=/var/lib/httpd/md-renewed + +if [[ -f /etc/md-renewed/md-renewed.conf ]]; then + . /etc/md-renewed/md-renewed.conf +fi + MSG="$1" DOMAIN="$2" -if [[ $MSG == renewed ]]; then - touch /run/md-renewed/$DOMAIN -fi +mkdir -p $MD_RENEWED_DIR +mkdir -p $MD_RENEWED_DIR/{ready,renewing,renewed,installed,expiring,errored,ocsp-renewed,oscp-errored} -exit 0 \ No newline at end of file +case $1 in + renewing) + if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then + exit 1 + fi + hostname > $MD_RENEWED_DIR/renewing/$DOMAIN + ;; + renewed) + rm -f $MD_RENEWED_DIR/renewing/$DOMAIN + hostname > $MD_RENEWED_DIR/renewed/$DOMAIN + hostname > $MD_RENEWED_DIR/ready/$DOMAIN + ;; + installed) + rm -f $MD_RENEWED_DIR/renewing/$DOMAIN + hostname > $MD_RENEWED_DIR/installed/$DOMAIN + ;; + expiring) + hostname > $MD_RENEWED_DIR/expiring/$DOMAIN + ;; + errored) + rm -f $MD_RENEWED_DIR/renewing/$DOMAIN + hostname > $MD_RENEWED_DIR/errored/$DOMAIN + ;; + ocsp-renewed) + hostname > $MD_RENEWED_DIR/ocsp-renewed/$DOMAIN + ;; + ocsp-errored) + hostname > $MD_RENEWED_DIR/ocsp-errored/$DOMAIN + ;; +esac + +exit 0 diff --git a/md-renewed b/md-renewed index e7bb549..d940c5d 100755 --- a/md-renewed +++ b/md-renewed @@ -1,5 +1,12 @@ #!/bin/bash +MOD_MD_DIR=/var/lib/httpd/md +MD_RENEWED_DIR=/var/lib/httpd/md-renewed + +if [[ -f /etc/md-renewed/md-renewed.conf ]]; then + . /etc/md-renewed/md-renewed.conf +fi + function set_permissions { local FILE="$1" @@ -48,13 +55,13 @@ function run_copy KEY_FILE="$CERT_FILE" fi - cat /var/lib/httpd/md/domains/$DOMAIN/pubcert.pem > $CERT_FILE + cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $CERT_FILE set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE" if [[ $CERT_FILE != $KEY_FILE ]]; then - cat /var/lib/httpd/md/domains/$DOMAIN/pubcert.pem > $KEY_FILE + cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $KEY_FILE else - cat /var/lib/httpd/md/domains/$DOMAIN/pubcert.pem >> $KEY_FILE + cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem >> $KEY_FILE fi set_permissions "$CERT_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE" } @@ -93,7 +100,7 @@ function domain_renew HTTP_RELOAD=n -for f in /run/md-renewed/*; do +for f in ${MD_RENEWED_DIR}/renewed/*; do if [[ ! -f $f ]]; then continue fi @@ -101,7 +108,7 @@ for f in /run/md-renewed/*; do HTTPD_RELOAD=y DOMAIN=$(basename $f) - rm -f $f + #rm -f $f if [[ ! -d /etc/md-renewed/$f ]]; then continue diff --git a/md-renewed-httpd.conf b/md-renewed-httpd.conf new file mode 100644 index 0000000..4f746f0 --- /dev/null +++ b/md-renewed-httpd.conf @@ -0,0 +1,2 @@ +MDMessageCmd /usr/libexec/md-renewed/md-message + diff --git a/md-renewed.conf b/md-renewed.conf index 4f746f0..033300f 100644 --- a/md-renewed.conf +++ b/md-renewed.conf @@ -1,2 +1,4 @@ -MDMessageCmd /usr/libexec/md-renewed/md-message +MOD_MD_DIR=/var/lib/httpd/md +MD_RENEWED_DIR=/var/lib/httpd/md-renewed + diff --git a/md-renewed.path b/md-renewed.path index 533695c..8574d6d 100644 --- a/md-renewed.path +++ b/md-renewed.path @@ -1,5 +1,7 @@ [Path] -PathExistsGlob=/run/md-renewed/* +#PathExistsGlob=/var/lib/httpd/md-renewed/renewed/* +PathModified=/var/lib/httpd/md-renewed/renewed +Unit=md-renewed.service [Install] WantedBy=multi-user.target diff --git a/md-renewed.service b/md-renewed.service index 9b77008..080674e 100644 --- a/md-renewed.service +++ b/md-renewed.service @@ -4,6 +4,7 @@ After=network.target [Service] Type=oneshot +EnvironmentFile=/etc/md-renewed/md-renewed.conf ExecStart=/usr/libexec/md-renewed/md-renewed [Install] diff --git a/md-renewed.spec b/md-renewed.spec index 3d385e7..da65c58 100644 --- a/md-renewed.spec +++ b/md-renewed.spec @@ -1,5 +1,5 @@ Name: md-renewed -Version: 1.0.1 +Version: 1.1.4 Release: 1%{?dist} Summary: Restart service on Apache module mod_md certificate renewal License: MIT @@ -12,10 +12,11 @@ Source1: md-message Source2: md-renewed.path Source3: md-renewed.service Source4: md-renewed-tmpfiles.conf -Source5: md-renewed.conf -Source6: example.service -Source7: example.cert -Source8: example.sh +Source5: md-renewed-httpd.conf +Source6: md-renewed.conf +Source7: example.service +Source8: example.cert +Source9: example.sh Requires: httpd Requires: mod_md @@ -40,26 +41,29 @@ install -d -m 0755 %{buildroot}%{_tmpfilesdir} install -m 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/md-renewed.conf install -d -m 0755 %{buildroot}%{_sysconfdir}/httpd/conf.d -install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/httpd/conf.d/ - +install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/httpd/conf.d/md-renewed.conf install -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed +install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/md-renewed/ + install -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed/example.com -install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ -install -m 0755 %{SOURCE8} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ +install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ +install -m 0755 %{SOURCE9} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ %post %systemd_post md-renewed.service +%systemd_post md-renewed.path %tmpfiles_create %{_tmpfilesdir}/md-renewed.conf %preun %systemd_preun md-renewed.service - +%systemd_preun md-renewed.path %postun %systemd_postun md-renewed.service +%systemd_postun md-renewed.path %clean %{__rm} -rf %{buildroot} @@ -68,7 +72,7 @@ install -m 0755 %{SOURCE8} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ %defattr(-,root,root,-) %dir %{_sysconfdir}/md-renewed -%config %{_sysconfdir}/md-renewed/* +%config(noreplace) %{_sysconfdir}/md-renewed/* %config %{_sysconfdir}/httpd/conf.d/md-renewed.conf %{_libexecdir}/md-renewed/md-renewed