v1.4.3

md-renewed-install

@@ -40,34 +40,65 @@ function run_copy
   local DOMAIN="$1"
   local CONFIG="$2"
 
-  CERT_OWNER=""
-  CERT_GROUP=""
-  CERT_MODE=""
+  CERT_OWNER="root"
+  CERT_GROUP="root"
+  CERT_MODE="0700"
   CERT_FILE=""
-  KEY_OWNER=""
-  KEY_GROUP=""
-  KEY_MODE=""
+  KEY_OWNER="root"
+  KEY_GROUP="root"
+  KEY_MODE="0700"
   KEY_FILE=""
+  SERVICE=""
+  ACRION="restart"
 
   . $CONFIG
 
   [[ -z $CERT_FILE ]] && exit 0;
 
-  if [[ -z $KEY_FILE ]]; then
-    KEY_FILE="$CERT_FILE"
+  TEMP_CERT_FILE=$(mktemp)
+
+  if [[ ! -z $KEY_FILE ]]; then
+    TEMP_KEY_FILE=$(mktemp)
   fi
 
-  cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $CERT_FILE
+  OLD_UMASK=$(umask)
+  umask 0077
+  DO_ACTION=n
 
-  set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
+  if [[ ! -z $KEY_FILE && $KEY_FILE != $CERT_FILE ]]; then
+    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
+    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $TEMP_KEY_FILE
 
-  if [[ $CERT_FILE != $KEY_FILE ]]; then
-    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $KEY_FILE
+    if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
+      cp -f $TEMP_CERT_FILE $CERT_FILE
+      set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
+      DO_ACTION=y
+    fi
+    rm -f $TEMP_CERT_FILE
+
+    if [[ $(md5sum $TEMP_KEY_FILE) != $(md5sum $KEY_FILE) ]]; then
+      cp -f $TEMP_KEY_FILE $KEY_FILE
+      set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
+      DO_ACTION=y
+    fi
+    rm -f $TEMP_KEY_FILE
   else
-    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $KEY_FILE
-  fi
+    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
+    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $TEMP_CERT_FILE
 
-  set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
+    if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
+      cp -f $TEMP_CERT_FILE $CERT_FILE
+      set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
+      DO_ACTION=y
+    fi
+    rm -f $TEMP_CERT_FILE
+  fi
+  umask $OLD_UMASK
+
+  if [[ $DO_ACTION == y && ! -z $SERVICE ]]; then
+    ACTION=${ACTION:-restart}
+    /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
+  fi
 }
 
 function run_service
@@ -81,9 +112,7 @@ function run_service
 
   [[ -z $SERVICE ]] && exit 0;
 
-  if [[ -z $ACTION ]]; then
-    ACTION="restart"
-  fi
+  ACTION=${ACTION:-restart}
 
   /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
 }
@@ -102,8 +131,6 @@ function domain_renew
   done
 }
 
-HTTP_RELOAD=n
-
 if [ -z $MD_RENEWED_HOST_DIR ]; then
   MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
   MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
@@ -114,12 +141,12 @@ fi
 
 if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
   mkdir -p $MD_RENEWED_INSTALLING_TARGET
-  chown apache.apache $MD_RENEWED_INSTALLING_TARGET
+  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
 fi
 
 if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
   mkdir -p $MD_RENEWED_INSTALLED_TARGET
-  chown apache.apache $MD_RENEWED_INSTALLED_TARGET
+  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
 fi
 
 echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}"
@@ -132,52 +159,33 @@ for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do
   rm -f $f
   echo "md-renewed-install.service Checking domain $DOMAIN"
 
-  if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
-    echo "md-renewed-install.service Installing domain $DOMAIN"
-    touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
+  echo "md-renewed-install.service Installing domain $DOMAIN"
+  touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
+
+  if [[ -d /etc/md-renewed/$DOMAIN ]]; then
+    domain_renew "$DOMAIN"
+  fi
+done
+
+if [[ $1 == "force" ]]; then
+  echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
+  for f in ${MOD_MD_DIR}/domains/*; do
+    if [[ ! -d $f ]]; then
+      continue
+    fi
+
+    DOMAIN=$(basename $f)
+
+    echo "md-renewed-install.service Checking already installed domain $DOMAIN"
+
+    if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
+      touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
+    fi
 
     if [[ -d /etc/md-renewed/$DOMAIN ]]; then
       domain_renew "$DOMAIN"
     fi
-
-    for i in ${MYDOMAINS[@]}; do
-      if [[ $DOMAIN == $i ]]; then
-        echo "md-renewed-install.service $DOMAIN is our."
-        HTTPD_RELOAD=y
-      fi
-    done
-  fi
-done
-
-echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
-for f in ${MOD_MD_DIR}/domains/*; do
-  if [[ ! -d $f ]]; then
-    continue
-  fi
-
-  DOMAIN=$(basename $f)
-  echo "md-renewed-install.service Checking already installed domain $DOMAIN"
-
-  if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
-    touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
-
-    if [[ -d /etc/md-renewed/$DOMAIN ]]; then
-      domain_renew "$DOMAIN"
-    fi
-
-    for i in ${MYDOMAINS[@]}; do
-      if [[ $DOMAIN == $i ]]; then
-        echo "md-renewed-install.service Already installed $DOMAIN is our."
-        HTTPD_RELOAD=y
-      fi
-    done
-  fi
-done
-
-if [[ $HTTPD_RELOAD == y ]]; then
-  echo "md-renewed-install.service Restarting apache."
-  sleep $[ ( $RANDOM % 60 )  + 1 ]s
-  /usr/bin/systemctl reload httpd
+  done
 fi
 
 exit 0