Merge 7efdc89bbfb2938bfe79ef85b69c7c5bb8c08ec0 into b15cfc2c5a5f8f7a80ae01d270b91652721e288a

2025-05-05 13:32:49 +00:00 · 2016-10-11 14:49:30 +00:00 · 2016-10-11 14:49:30 +00:00 · aa9d2d1473
commit aa9d2d1473
parent b15cfc2c5a 7efdc89bbf
10 changed files with 205 additions and 20 deletions
--- a/acme.sh
+++ b/acme.sh
@ -1750,6 +1750,57 @@ _clearupwebbroot() {
 }
 _clearupdnsrr() {
  [ "$1" -eq "1" ] || return 0
  [ -n "$2"  ] || return 0
  txtdomain="_acme-challenge.$2"
  d_api=""
  if [ -f "$LE_WORKING_DIR/$d/$_currentRoot" ] ; then
    d_api="$LE_WORKING_DIR/$d/$_currentRoot"
  elif [ -f "$LE_WORKING_DIR/$d/$_currentRoot.sh" ] ; then
    d_api="$LE_WORKING_DIR/$d/$_currentRoot.sh"
  elif [ -f "$LE_WORKING_DIR/$_currentRoot" ] ; then
    d_api="$LE_WORKING_DIR/$_currentRoot"
  elif [ -f "$LE_WORKING_DIR/$_currentRoot.sh" ] ; then
    d_api="$LE_WORKING_DIR/$_currentRoot.sh"
  elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot" ] ; then
    d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot"
  elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot.sh" ] ; then
    d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot.sh"
  fi
  _debug d_api "$d_api"
  if [ "$d_api" ] ; then
    _info "Found domain api file: $d_api"
  else
    _err "Remove the following TXT record:"
    _err "Domain: '$(__green $txtdomain)'"
    _err "Please be aware that you prepend _acme-challenge. before your domain"
    _err "so the resulting subdomain will be: $txtdomain"
    return 0
  fi
  if ! . $d_api ; then
    _err "Load file $d_api error. Please check your api file and try again."
    return 1
  fi
  delcommand="${_currentRoot}_del"
  if ! _exists $delcommand ; then
    _err "It seems that your api file is not correct, it must have a function named: $delcommand"
    return 1
  fi
  if ! $delcommand $txtdomain ; then
    _err "Error del txt for domain:$txtdomain"
    return 1
  fi
  return 0
 }
 _on_before_issue() {
  _debug _on_before_issue
  if _hasfield "$Le_Webroot" "$NO_VALUE" ; then
@ -2385,6 +2436,7 @@ issue() {
    if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}" ; then
      _err "$d:Can not get challenge: $response"
      _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
      _clearupdnsrr $dnsadded $d
      _clearup
      _on_issue_err
      return 1
@ -2393,6 +2445,7 @@ issue() {
    if [ ! -z "$code" ] && [ ! "$code" = '202' ] ; then
      _err "$d:Challenge error: $response"
      _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
      _clearupdnsrr $dnsadded $d
      _clearup
      _on_issue_err
      return 1
@ -2408,6 +2461,7 @@ issue() {
      if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ] ; then
        _err "$d:Timeout"
        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
        _clearupdnsrr $dnsadded $d
        _clearup
        _on_issue_err
        return 1
@ -2420,6 +2474,7 @@ issue() {
      if [ "$?" != "0" ] ; then
        _err "$d:Verify error:$response"
        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
        _clearupdnsrr $dnsadded $d
        _clearup
        _on_issue_err
        return 1
@ -2435,6 +2490,7 @@ issue() {
        _stopserver $serverproc
        serverproc=""
        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
        _clearupdnsrr $dnsadded $d
        break;
      fi
@ -2455,6 +2511,7 @@ issue() {
           fi
         fi
        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
        _clearupdnsrr $dnsadded $d
        _clearup
        _on_issue_err
        return 1;
@ -2465,6 +2522,7 @@ issue() {
      else
        _err "$d:Verify error:$response" 
        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
        _clearupdnsrr $dnsadded $d
        _clearup
        _on_issue_err
        return 1
@ -2843,7 +2901,7 @@ _installcert() {
    if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ] ; then
      cp "$Le_RealCertPath" "$Le_RealCertPath".bak
    fi
-    cat "$CERT_PATH" > "$Le_RealCertPath"
+    install -D -m0640 "$CERT_PATH" "$Le_RealCertPath"
  fi
  if [ "$Le_RealCACertPath" ] ; then
@ -2856,7 +2914,7 @@ _installcert() {
      if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ] ; then
        cp "$Le_RealCACertPath" "$Le_RealCACertPath".bak
      fi
-      cat "$CA_CERT_PATH" > "$Le_RealCACertPath"
+      install -D -m0640 "$CA_CERT_PATH" "$Le_RealCACertPath"
    fi
  fi
@ -2867,7 +2925,7 @@ _installcert() {
    if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ] ; then
      cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak
    fi
-    cat "$CERT_KEY_PATH" > "$Le_RealKeyPath"
+    install -D -m0640 "$CERT_KEY_PATH" "$Le_RealKeyPath"
  fi
  if [ "$Le_RealFullChainPath" ] ; then
@ -2876,7 +2934,7 @@ _installcert() {
    if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ] ; then
      cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak
    fi
-    cat "$CERT_FULLCHAIN_PATH" > "$Le_RealFullChainPath"
+    install -D -m0640 "$CERT_FULLCHAIN_PATH" "$Le_RealFullChainPath"
  fi  
  if [ "$Le_ReloadCmd" ] ; then
@ -3177,6 +3235,11 @@ _initconf() {
 #
 #GD_Secret=\"sADDsdasdfsdfdssdgdsf\"
 #######################
 #nsupdate:
 #NSUPDATE_KEY=\"/path/to/update.key\"
 #NSUPDATE_SERVER=\"192.168.0.1\"
 #######################
 #PowerDNS:
 #PDNS_Url=\"http://ns.example.com:8081\"
@ -3243,9 +3306,7 @@ _installalias() {
  _envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env"
  if [ "$_upgrading" ] && [ "$_upgrading" = "1" ] ; then
-    echo "$(cat $_envfile)" | sed "s|^LE_WORKING_DIR.*$||" > "$_envfile"
+    sed -i '/^LE_WORKING_DIR/d;/^alias le/d' "$_envfile"
    echo "$(cat $_envfile)" | sed "s|^alias le.*$||" > "$_envfile"
    echo "$(cat $_envfile)" | sed "s|^alias le.sh.*$||" > "$_envfile"
  fi
  _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\""
@ -3281,7 +3342,7 @@ _installalias() {
 }
 # nocron
-install() {
+_install() {
  if [ -z "$LE_WORKING_DIR" ] ; then
    LE_WORKING_DIR="$DEFAULT_INSTALL_HOME"
@ -3381,7 +3442,7 @@ install() {
 }
 # nocron
-uninstall() {
+_uninstall() {
  _nocron="$1"
  if [ -z "$_nocron" ] ; then
    uninstallcronjob
@ -3390,20 +3451,17 @@ uninstall() {
  _profile="$(_detect_profile)"
  if [ "$_profile" ] ; then
-    text="$(cat $_profile)"
+    sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.env/d" "$_profile"
    echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.env\"$||" > "$_profile"
  fi
  _csh_profile="$HOME/.cshrc"
  if [ -f "$_csh_profile" ] ; then
-    text="$(cat $_csh_profile)"
+    sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_csh_profile"
    echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_csh_profile"
  fi
  _tcsh_profile="$HOME/.tcshrc"
  if [ -f "$_tcsh_profile" ] ; then
-    text="$(cat $_tcsh_profile)"
+    sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_tcsh_profile"
    echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_tcsh_profile"
  fi
  rm -f $LE_WORKING_DIR/$PROJECT_ENTRY
@ -3556,7 +3614,7 @@ _installOnline() {
  )
 }
-upgrade() {
+_upgrade() {
  if (
    _initpath
    export LE_WORKING_DIR
@ -3986,9 +4044,9 @@ _process() {
  fi
  case "${_CMD}" in
-    install) install "$_nocron" ;;
+    install) _install "$_nocron" ;;
-    uninstall) uninstall "$_nocron" ;;
+    uninstall) _uninstall "$_nocron" ;;
-    upgrade) upgrade ;;
+    upgrade) _upgrade ;;
    issue)
      issue  "$_webroot"  "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address"
      ;;
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@ -11,6 +11,11 @@ CF_Api="https://api.cloudflare.com/client/v4"
 ########  Public functions #####################
 dns_cf_del(){
  _err "Not implemented!"
  return 1
 }
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_cf_add(){
  fulldomain=$1
--- a/dnsapi/dns_cx.sh
+++ b/dnsapi/dns_cx.sh
@ -13,6 +13,11 @@ CX_Api="https://www.cloudxns.net/api2"
 #REST_API
 ########  Public functions #####################
 dns_cx_del(){
  _err "Not implemented!"
  return 1
 }
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_cx_add() {
  fulldomain=$1
--- a/dnsapi/dns_dp.sh
+++ b/dnsapi/dns_dp.sh
@ -13,6 +13,11 @@ DP_Api="https://dnsapi.cn"
 #REST_API
 ########  Public functions #####################
 dns_dp_del(){
  _err "Not implemented!"
  return 1
 }
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_dp_add() {
  fulldomain=$1
--- a/dnsapi/dns_gd.sh
+++ b/dnsapi/dns_gd.sh
@ -11,6 +11,11 @@ GD_Api="https://api.godaddy.com/v1"
 ########  Public functions #####################
 dns_gd_del(){
  _err "Not implemented!"
  return 1
 }
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_gd_add(){
  fulldomain=$1
--- a/dnsapi/dns_lexicon.sh
+++ b/dnsapi/dns_lexicon.sh
@ -9,6 +9,11 @@ wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api"
 ########  Public functions #####################
 dns_lexicon_del(){
  _err "Not implemented!"
  return 1
 }
 #Usage: add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_lexicon_add() {
  fulldomain=$1
--- a/dnsapi/dns_myapi.sh
+++ b/dnsapi/dns_myapi.sh
@ -18,6 +18,11 @@ dns_myapi_add() {
  return 1;
 }
 #Usage: dns_myapi_del   _acme-challenge.www.domain.com
 dns_myapi_del(){
  _err "Not implemented!"
  return 1
 }
--- a/dnsapi/dns_nsupdate.sh
+++ b/dnsapi/dns_nsupdate.sh
@ -0,0 +1,91 @@
 #!/usr/bin/env bash
 ########  Public functions #####################
 #Usage: dns_nsupdate_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_nsupdate_add() {
  fulldomain=$1
  txtvalue=$2
  _checkKeyFile || return 1
  NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost}
  tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX)
  cat > ${tmp} <<EOF
 server ${NSUPDATE_SERVER}
 update add ${fulldomain}. 60 in txt "${txtvalue}"
 send
 EOF
  _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
  nsupdate -k ${NSUPDATE_KEY} ${tmp}
  if [ $? -ne 0 ]; then
    _err "error updating domain, see ${tmp} for details"
    return 1
  fi
  rm -f ${tmp}
  return 0
 }
 #Usage: dns_nsupdate_del   _acme-challenge.www.domain.com
 dns_nsupdate_del() {
  fulldomain=$1
  _checkKeyFile || return 1
  NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost}
  tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX)
  cat > ${tmp} <<EOF
 server ${NSUPDATE_SERVER}
 update delete ${fulldomain}. txt
 send
 EOF
  _info "removing ${fulldomain}. txt"
  nsupdate -k ${NSUPDATE_KEY} ${tmp}
  if [ $? -ne 0 ]; then
    _err "error updating domain, see ${tmp} for details"
    return 1
  fi
  rm -f ${tmp}
  return 0
 }
 ####################  Private functions bellow ##################################
 _checkKeyFile() {
  if [ -z "${NSUPDATE_KEY}" ]; then
    _err "you must specify a path to the nsupdate key file"
    return 1
  fi
  if [ ! -r "${NSUPDATE_KEY}" ]; then
    _err "key ${NSUPDATE_KEY} is unreadable"
    return 1
  fi
 }
 _info() {
  if [ -z "$2" ] ; then
    echo "[$(date)] $1"
  else
    echo "[$(date)] $1='$2'"
  fi
 }
 _err() {
  _info "$@" >&2
  return 1
 }
 _debug() {
  if [ -z "$DEBUG" ] ; then
    return
  fi
  _err "$@"
  return 0
 }
 _debug2() {
  if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then
    _debug "$@"
  fi
  return
 }
--- a/dnsapi/dns_ovh.sh
+++ b/dnsapi/dns_ovh.sh
@ -86,6 +86,11 @@ _ovh_get_api() {
 ########  Public functions #####################
 dns_ovh_del(){
  _err "Not implemented!"
  return 1
 }
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_ovh_add(){
  fulldomain=$1
--- a/1
+++ b/1
@ -0,0 +1 @@
 test