Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Adds --key-chown and --key-chmod option 

Both options have only an effect when used in combination with --key-file.
Their purpose is to change owner/group and permission of copied key file.
The arguments to the options have to follow the chown/chmod argument syntax.
pull/5248/head
Robert Velter 1 year ago
parent
fc7964dd65
commit
aeb65883cc
1 changed files with 40 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 50
      acme.sh

50
acme.sh
View File

@ -4391,6 +4391,8 @@ issue() {
_preferred_chain="${15}"
_valid_from="${16}"
_valid_to="${17}"
_real_key_chown="${18}"
_real_key_chmod="${19}"
if [ -z "$_ACME_IS_RENEW" ]; then
_initpath "$_main_domain" "$_key_length"
@ -5352,13 +5354,15 @@ $_authorizations_map"
fi
export CERT_PFX_PATH
if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then
if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain$_real_key_chown$_real_key_chmod" ]; then
_savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_RealKeyChown" "$_real_key_chown"
_savedomainconf "Le_RealKeyChmod" "$_real_key_chmod"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then
if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd" "$_real_key_chown" "$_real_key_chmod"; then
return 1
fi
fi
@ -5470,7 +5474,7 @@ renew() {
if [ -z "$Le_Keylength" ]; then
Le_Keylength=2048
fi
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To" "$Le_RealKeyChown" "$Le_RealKeyChmod"
res="$?"
if [ "$res" != "0" ]; then
return "$res"
@ -5637,6 +5641,8 @@ signcsr() {
_local_addr="${11}"
_challenge_alias="${12}"
_preferred_chain="${13}"
_real_key_chown="${14}"
_real_key_chmod="${15}"
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
if [ "$?" != "0" ]; then
@ -5680,7 +5686,7 @@ signcsr() {
_info "Copying CSR to: $CSR_PATH"
cp "$_csrfile" "$CSR_PATH"
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain"
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain" "$_real_key_chown" "$_real_key_chmod"
}
@ -5830,7 +5836,7 @@ deploy() {
installcert() {
_main_domain="$1"
if [ -z "$_main_domain" ]; then
_usage "Usage: $PROJECT_ENTRY --install-cert --domain <domain.tld> [--ecc] [--cert-file <file>] [--key-file <file>] [--ca-file <file>] [ --reloadcmd <command>] [--fullchain-file <file>]"
_usage "Usage: $PROJECT_ENTRY --install-cert --domain <domain.tld> [--ecc] [--cert-file <file>] [--key-file <file>] [--key-chown <owner[:group]>] [--key-chmod <perm>] [--ca-file <file>] [ --reloadcmd <command>] [--fullchain-file <file>]"
return 1
fi
@ -5840,6 +5846,8 @@ installcert() {
_reload_cmd="$5"
_real_fullchain="$6"
_isEcc="$7"
_real_key_chown="$8"
_real_key_chmod="$9"
_initpath "$_main_domain" "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ]; then
@ -5851,11 +5859,13 @@ installcert() {
_savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_RealKeyChown" "$_real_key_chown"
_savedomainconf "Le_RealKeyChmod" "$_real_key_chmod"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
export Le_ForceNewDomainKey="$(_readdomainconf Le_ForceNewDomainKey)"
export Le_Next_Domain_Key
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd" "$_real_key_chown" "$_real_key_chmod"
}
#domain cert key ca fullchain reloadcmd backup-prefix
@ -5866,6 +5876,8 @@ _installcert() {
_real_ca="$4"
_real_fullchain="$5"
_reload_cmd="$6"
_real_key_chown="$7"
_real_key_chmod="$8"
if [ "$_real_cert" = "$NO_VALUE" ]; then
_real_cert=""
@ -5921,9 +5933,15 @@ _installcert() {
cat "$CERT_KEY_PATH" >"$_real_key" || return 1
else
touch "$_real_key" || return 1
chmod 600 "$_real_key"
# chmod 600 "$_real_key"
cat "$CERT_KEY_PATH" >"$_real_key" || return 1
fi
if [ "$_real_key_chown" ]; then
chown "$_real_key_chown" "$_real_key" || return 1
fi
if [ "$_real_key_chmod" ]; then
chmod "$_real_key_chmod" "$_real_key" || return 1
fi
fi
fi
@ -6976,6 +6994,8 @@ Parameters:
--cert-file <file> Path to copy the cert file to after issue/renew.
--key-file <file> Path to copy the key file to after issue/renew.
--key-chown <owner:[group]> Change owner/group of copied key file after issue/renew.
--key-chmod <perm> Change permission of copied key file after issue/renew. Defaults to \"600\".
--ca-file <file> Path to copy the intermediate cert file to after issue/renew.
--fullchain-file <file> Path to copy the fullchain cert file to after issue/renew.
--reloadcmd <command> Command to execute after issue/renew to reload the server.
@ -7269,6 +7289,8 @@ _process() {
_accountkeylength="$DEFAULT_ACCOUNT_KEY_LENGTH"
_cert_file=""
_key_file=""
_key_chown=""
_key_chmod="600"
_ca_file=""
_fullchain_file=""
_reloadcmd=""
@ -7571,6 +7593,14 @@ _process() {
_key_file="$2"
shift
;;
--key-chown | --keychown)
_key_chown="$2"
shift
;;
--key-chmod | --keychmod)
_key_chmod="$2"
shift
;;
--ca-file | --capath)
_ca_file="$2"
shift
@ -7909,19 +7939,19 @@ _process() {
uninstall) uninstall "$_nocron" ;;
upgrade) upgrade ;;
issue)
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to"
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to" "$_key_chown" "$_key_chmod"
;;
deploy)
deploy "$_domain" "$_deploy_hook" "$_ecc"
;;
signcsr)
signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain"
signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_key_chown" "$_key_chmod"
;;
showcsr)
showcsr "$_csr" "$_domain"
;;
installcert)
installcert "$_domain" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_ecc"
installcert "$_domain" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_ecc" "$_key_chown" "$_key_chmod"
;;
renew)
renew "$_domain" "$_ecc" "$_server"

Write Preview
Loading…
Cancel
Save