Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[8091] branches/1.0
|
From: <abe...@us...> - 2017-01-13 20:02:38
|
Revision: 8091
http://sourceforge.net/p/astlinux/code/8091
Author: abelbeck
Date: 2017-01-13 20:02:36 +0000 (Fri, 13 Jan 2017)
Log Message:
-----------
acme, new package, disabled, a work in progress. Thanks to David Kerr
Modified Paths:
--------------
branches/1.0/astlinux-ast11.config
branches/1.0/astlinux-ast13.config
branches/1.0/package/Config.in
branches/1.0/x86_64-configs/astlinux-ast11.config
branches/1.0/x86_64-configs/astlinux-ast13.config
Added Paths:
-----------
branches/1.0/package/acme/
branches/1.0/package/acme/Config.in
branches/1.0/package/acme/acme-client.sh
branches/1.0/package/acme/acme.mk
branches/1.0/package/acme/astlinux.sh
Modified: branches/1.0/astlinux-ast11.config
===================================================================
--- branches/1.0/astlinux-ast11.config 2017-01-11 18:14:34 UTC (rev 8090)
+++ branches/1.0/astlinux-ast11.config 2017-01-13 20:02:36 UTC (rev 8091)
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Buildroot astlinux-1.x-svn8061-dirty Configuration
-# Mon Jan 2 10:45:16 2017
+# Buildroot astlinux-1.x-svn8090-dirty Configuration
+# Fri Jan 13 13:49:22 2017
#
BR2_HAVE_DOT_CONFIG=y
# BR2_arm is not set
@@ -517,6 +517,7 @@
#
# Crypto
#
+# BR2_PACKAGE_ACME is not set
# BR2_PACKAGE_BEECRYPT is not set
BR2_PACKAGE_CA_CERTIFICATES=y
# BR2_PACKAGE_GNUTLS is not set
Modified: branches/1.0/astlinux-ast13.config
===================================================================
--- branches/1.0/astlinux-ast13.config 2017-01-11 18:14:34 UTC (rev 8090)
+++ branches/1.0/astlinux-ast13.config 2017-01-13 20:02:36 UTC (rev 8091)
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Buildroot astlinux-1.x-svn8061-dirty Configuration
-# Mon Jan 2 10:45:16 2017
+# Buildroot astlinux-1.x-svn8090-dirty Configuration
+# Fri Jan 13 13:49:24 2017
#
BR2_HAVE_DOT_CONFIG=y
# BR2_arm is not set
@@ -517,6 +517,7 @@
#
# Crypto
#
+# BR2_PACKAGE_ACME is not set
# BR2_PACKAGE_BEECRYPT is not set
BR2_PACKAGE_CA_CERTIFICATES=y
# BR2_PACKAGE_GNUTLS is not set
Modified: branches/1.0/package/Config.in
===================================================================
--- branches/1.0/package/Config.in 2017-01-11 18:14:34 UTC (rev 8090)
+++ branches/1.0/package/Config.in 2017-01-13 20:02:36 UTC (rev 8091)
@@ -286,6 +286,7 @@
endmenu
menu "Crypto"
+source "package/acme/Config.in"
source "package/beecrypt/Config.in"
source "package/ca-certificates/Config.in"
source "package/gnutls/Config.in"
Added: branches/1.0/package/acme/Config.in
===================================================================
--- branches/1.0/package/acme/Config.in (rev 0)
+++ branches/1.0/package/acme/Config.in 2017-01-13 20:02:36 UTC (rev 8091)
@@ -0,0 +1,7 @@
+config BR2_PACKAGE_ACME
+ bool "acme"
+ depends on BR2_PACKAGE_OPENSSL
+ help
+ An ACME (Automated Certificate Management Environment) protocol client
+
+ https://github.com/Neilpang/acme.sh
Added: branches/1.0/package/acme/acme-client.sh
===================================================================
--- branches/1.0/package/acme/acme-client.sh (rev 0)
+++ branches/1.0/package/acme/acme-client.sh 2017-01-13 20:02:36 UTC (rev 8091)
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+. /etc/rc.conf
+
+ACME_REPO="/stat/etc/acme"
+
+ACME_PROG="$ACME_REPO/acme.sh"
+
+ACME_WORKING_DIR="/mnt/kd/acme"
+
+export LE_WORKING_DIR="$ACME_WORKING_DIR"
+
+LOCKFILE="/var/lock/acme-client.lock"
+
+if [ ! -x "$ACME_PROG" ]; then
+ echo "acme-client: executable file \"$ACME_PROG\" not found." >&2
+ exit 1
+fi
+
+if [ ! -d "$ACME_WORKING_DIR" ]; then
+ mkdir "$ACME_WORKING_DIR"
+fi
+
+if ! cd "$ACME_WORKING_DIR"; then
+ exit 1
+fi
+
+# Robust 'bash' method of creating/testing for a lockfile
+if ! ( set -o noclobber; echo "$$" > "$LOCKFILE" ) 2>/dev/null; then
+ echo "acme-client: already running, lockfile \"$LOCKFILE\" exists, process id: $(cat "$LOCKFILE")." >&2
+ exit 9
+fi
+
+gen_account_conf()
+{
+ if [ -f "$ACME_WORKING_DIR/account.static" ]; then
+ echo "# Autogenerated. Edit $ACME_WORKING_DIR/account.static file.
+"
+ cat "$ACME_WORKING_DIR/account.static"
+ return
+ fi
+
+ echo "# Autogenerated. Do not edit.
+# A manually generated acme.sh config will use $ACME_WORKING_DIR/account.static if it exists.
+"
+ echo "USER_AGENT=\"AstLinux\""
+}
+
+trap 'rm -f "$LOCKFILE"; exit $?' INT TERM EXIT
+
+gen_account_conf > "$ACME_WORKING_DIR/account.conf"
+
+$ACME_PROG "$@"
+rtn=$?
+
+rm -f "$LOCKFILE"
+trap - INT TERM EXIT
+
+exit $rtn
Property changes on: branches/1.0/package/acme/acme-client.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: branches/1.0/package/acme/acme.mk
===================================================================
--- branches/1.0/package/acme/acme.mk (rev 0)
+++ branches/1.0/package/acme/acme.mk 2017-01-13 20:02:36 UTC (rev 8091)
@@ -0,0 +1,32 @@
+################################################################################
+#
+# acme
+#
+################################################################################
+
+ACME_VERSION = 2.6.5-2017-01-13
+ACME_SOURCE = acme.sh-$(ACME_VERSION).tar.gz
+ACME_SITE = http://files.astlinux-project.org
+
+##
+## curl -L -o dl/acme.sh-2.6.5-2017-01-13.tar.gz https://github.com/Neilpang/acme.sh/archive/master.tar.gz
+## ./scripts/upload-dl-pair dl/acme.sh-2.6.5-2017-01-13.tar.gz
+##
+
+define ACME_INSTALL_TARGET_CMDS
+ $(INSTALL) -D -m 0755 package/acme/acme-client.sh $(TARGET_DIR)/usr/sbin/acme-client
+ $(INSTALL) -D -m 0755 package/acme/astlinux.sh $(TARGET_DIR)/stat/etc/acme/deploy/astlinux.sh
+ $(INSTALL) -D -m 0755 $(@D)/acme.sh $(TARGET_DIR)/stat/etc/acme/acme.sh
+ cp -a $(@D)/dnsapi $(TARGET_DIR)/stat/etc/acme/
+ find $(TARGET_DIR)/stat/etc/acme/dnsapi/ -name '*.sh' -print0 | xargs -0 chmod 755
+ # We don't enable BIND, so no nsupdate, and remove sample
+ rm -f $(TARGET_DIR)/stat/etc/acme/dnsapi/dns_nsupdate.sh
+ rm -f $(TARGET_DIR)/stat/etc/acme/dnsapi/dns_myapi.sh
+endef
+
+define ACME_UNINSTALL_TARGET_CMDS
+ rm -f $(TARGET_DIR)/usr/sbin/acme-client
+ rm -rf $(TARGET_DIR)/stat/etc/acme
+endef
+
+$(eval $(call GENTARGETS,package,acme))
Added: branches/1.0/package/acme/astlinux.sh
===================================================================
--- branches/1.0/package/acme/astlinux.sh (rev 0)
+++ branches/1.0/package/acme/astlinux.sh 2017-01-13 20:02:36 UTC (rev 8091)
@@ -0,0 +1,57 @@
+#!/usr/bin/env sh
+
+# acme.sh deploy script for AstLinux
+# This file name is "astlinux.sh"
+# So, here must be a method astlinux_deploy()
+# Which will be called by acme.sh to deploy the cert
+# returns 0 means success, otherwise error.
+
+. /etc/rc.conf
+
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+astlinux_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ if [ -n "$HTTPSCERT" -a "$HTTPS_ACME" = "yes" ]; then
+ service lighttpd stop
+ cat "$_ckey" "$_ccert" > "$HTTPSCERT"
+ chmod 600 "$HTTPSCERT"
+ if [ -n "$HTTPSCHAIN" ]; then
+ if [ -f "$_cfullchain" ]; then
+ cat "$_cfullchain" > "$HTTPSCHAIN"
+ else
+ rm -f "$HTTPSCHAIN"
+ fi
+ fi
+ sleep 1
+ service lighttpd init
+ fi
+
+ if [ "$SIPTLSCERT_ACME" = "yes" ]; then
+# TODO. Not sure what the right files to use are. Need to test.
+# See..
+# https://web.johncook.uk/articles/computing/lets-encrypt-launch
+# https://www.jedwarddurrett.com/20160604162607.php
+
+ mkdir -p /mnt/kd/ssl/sip-tls/keys
+ cat "$_cfullchain" > /mnt/kd/ssl/sip-tls/keys/server.crt
+ cat "$_ckey" > /mnt/kd/ssl/sip-tls/keys/server.key
+ chmod 600 /mnt/kd/ssl/sip-tls/keys/server.key
+# How to tell Asterisk to reload certificate?
+# Hopefully just a reload (of just SIP or PJSIP?) and not a restart
+ fi
+
+ return 0
+}
Property changes on: branches/1.0/package/acme/astlinux.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Modified: branches/1.0/x86_64-configs/astlinux-ast11.config
===================================================================
--- branches/1.0/x86_64-configs/astlinux-ast11.config 2017-01-11 18:14:34 UTC (rev 8090)
+++ branches/1.0/x86_64-configs/astlinux-ast11.config 2017-01-13 20:02:36 UTC (rev 8091)
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Buildroot astlinux-1.x-svn8061-dirty Configuration
-# Mon Jan 2 10:45:17 2017
+# Buildroot astlinux-1.x-svn8090-dirty Configuration
+# Fri Jan 13 13:49:27 2017
#
BR2_HAVE_DOT_CONFIG=y
BR2_ARCH_IS_64=y
@@ -498,6 +498,7 @@
#
# Crypto
#
+# BR2_PACKAGE_ACME is not set
# BR2_PACKAGE_BEECRYPT is not set
BR2_PACKAGE_CA_CERTIFICATES=y
# BR2_PACKAGE_GNUTLS is not set
Modified: branches/1.0/x86_64-configs/astlinux-ast13.config
===================================================================
--- branches/1.0/x86_64-configs/astlinux-ast13.config 2017-01-11 18:14:34 UTC (rev 8090)
+++ branches/1.0/x86_64-configs/astlinux-ast13.config 2017-01-13 20:02:36 UTC (rev 8091)
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Buildroot astlinux-1.x-svn8061-dirty Configuration
-# Mon Jan 2 10:45:17 2017
+# Buildroot astlinux-1.x-svn8090-dirty Configuration
+# Fri Jan 13 13:49:29 2017
#
BR2_HAVE_DOT_CONFIG=y
BR2_ARCH_IS_64=y
@@ -498,6 +498,7 @@
#
# Crypto
#
+# BR2_PACKAGE_ACME is not set
# BR2_PACKAGE_BEECRYPT is not set
BR2_PACKAGE_CA_CERTIFICATES=y
# BR2_PACKAGE_GNUTLS is not set
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
