From be6735f4d9fd2138bb78110779bbff13ab9f6fa3 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 28 Aug 2021 11:22:15 +0200
Subject: Merging upstream version 20210828.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 dehydrated/share/hooks/deploy_cert.fullchain-privkey |  9 +++++++++
 dehydrated/share/hooks/deploy_ocsp.fullchain-privkey |  8 ++++++++
 dehydrated/share/hooks/exit_hook.fix-permissions     | 18 ++++++++++++++++++
 dehydrated/share/hooks/exit_hook.service-reload      | 17 +++++++++++++++++
 4 files changed, 52 insertions(+)
 create mode 100755 dehydrated/share/hooks/deploy_cert.fullchain-privkey
 create mode 100755 dehydrated/share/hooks/deploy_ocsp.fullchain-privkey
 create mode 100755 dehydrated/share/hooks/exit_hook.fix-permissions
 create mode 100755 dehydrated/share/hooks/exit_hook.service-reload

(limited to 'dehydrated/share/hooks')

diff --git a/dehydrated/share/hooks/deploy_cert.fullchain-privkey b/dehydrated/share/hooks/deploy_cert.fullchain-privkey
new file mode 100755
index 0000000..5457036
--- /dev/null
+++ b/dehydrated/share/hooks/deploy_cert.fullchain-privkey
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+DIRECTORY="$(dirname "${FULLCHAINFILE}")"
+FILE="cert.fullchain-privkey-${TIMESTAMP}.pem"
+
+cat "${FULLCHAINFILE}" "${KEYFILE}" > "${DIRECTORY}/${FILE}"
+ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem"
diff --git a/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey
new file mode 100755
index 0000000..e68716b
--- /dev/null
+++ b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+FILE="$(readlink "${OCSPFILE}")"
+DIRECTORY="$(dirname "${OCSPFILE}")"
+
+ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem.ocsp"
diff --git a/dehydrated/share/hooks/exit_hook.fix-permissions b/dehydrated/share/hooks/exit_hook.fix-permissions
new file mode 100755
index 0000000..c5bb646
--- /dev/null
+++ b/dehydrated/share/hooks/exit_hook.fix-permissions
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+echo " + Fixing permissions..."
+
+if getent group ssl-cert > /dev/null 2>&1
+then
+	echo -n "   + /var/lib/dehydrated/certs:"
+
+	find /var/lib/dehydrated/certs -type d -exec chmod 0750 {} \;
+	find /var/lib/dehydrated/certs -type f -exec chmod 0640 {} \;
+
+	# https://bugs.debian.org/854431
+	chown -R root:ssl-cert /var/lib/dehydrated/certs
+
+	echo " done."
+fi
diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload
new file mode 100755
index 0000000..2da8c1b
--- /dev/null
+++ b/dehydrated/share/hooks/exit_hook.service-reload
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+echo " + Reloading services..."
+
+for SERVICE in apache2 haproxy postgresql redis-server
+do
+	if service ${SERVICE} status > /dev/null 2>&1
+	then
+		echo -n "   + ${SERVICE}:"
+
+		service ${SERVICE} reload || service ${SERVICE} restart
+
+		echo " done."
+	fi
+done
-- 
cgit v1.2.3