Bladeren bron

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 7 jaren geleden
bovenliggende
commit
b65b72bd2c

BIN
man/freedombone-tests.1.gz Bestand weergeven


+ 2
- 13
src/freedombone-addcert Bestand weergeven

@@ -170,10 +170,6 @@ if ! which openssl > /dev/null ;then
170 170
     exit 5689
171 171
 fi
172 172
 
173
-if [ ! -d /etc/ssl/mycerts ]; then
174
-    mkdir /etc/ssl/mycerts
175
-fi
176
-
177 173
 CERTFILE=$HOSTNAME
178 174
 
179 175
 function remove_cert_letsencrypt {
@@ -310,13 +306,13 @@ function add_cert_selfsigned {
310 306
         CERTFILE="ca-$HOSTNAME"
311 307
     fi
312 308
 
313
-    openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
309
+    # shellcheck disable=SC2086
310
+    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
314 311
             -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
315 312
             -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
316 313
             -out "/etc/ssl/certs/${CERTFILE}.crt"
317 314
     chmod 400 "/etc/ssl/private/${CERTFILE}.key"
318 315
     chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
319
-    cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
320 316
 
321 317
     if [ "$PIN_CERTS" ]; then
322 318
         if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
@@ -340,12 +336,6 @@ function restart_web_server {
340 336
     fi
341 337
 }
342 338
 
343
-function make_cert_bundle {
344
-    # Create a bundle of your certificates
345
-    cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
346
-    tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
347
-}
348
-
349 339
 function create_cert {
350 340
     if [ "$remove_cert" ]; then
351 341
         remove_cert_letsencrypt
@@ -362,6 +352,5 @@ function create_cert {
362 352
 create_cert
363 353
 generate_dh_params
364 354
 restart_web_server
365
-make_cert_bundle
366 355
 
367 356
 exit 0

+ 1
- 0
src/freedombone-app-irc Bestand weergeven

@@ -523,6 +523,7 @@ function install_irc_server {
523 523
     if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
524 524
         "${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
525 525
         function_check check_certificates
526
+        CHECK_HOSTNAME=ngircd
526 527
         check_certificates ngircd
527 528
     fi
528 529
 

+ 1
- 0
src/freedombone-app-xmpp Bestand weergeven

@@ -973,6 +973,7 @@ function install_xmpp {
973 973
     if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
974 974
         if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
975 975
             "${PROJECT_NAME}-addcert" -h xmpp --dhkey "${DH_KEYLENGTH}"
976
+            CHECK_HOSTNAME=xmpp
976 977
             check_certificates xmpp
977 978
             if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
978 979
                 echo $'Failed to create xmpp certificate'

+ 1
- 0
src/freedombone-base-email Bestand weergeven

@@ -1068,6 +1068,7 @@ function configure_imap {
1068 1068
 
1069 1069
     if [[ "$(cert_exists dovecot)" == "0" ]]; then
1070 1070
         "${PROJECT_NAME}-addcert" -h dovecot --dhkey "$DH_KEYLENGTH"
1071
+        CHECK_HOSTNAME=dovecot
1071 1072
         check_certificates dovecot
1072 1073
     fi
1073 1074
 

+ 1
- 1
src/freedombone-utils-passwords Bestand weergeven

@@ -46,7 +46,7 @@ function enforce_good_passwords {
46 46
     fi
47 47
     apt-get -yq install libpam-cracklib
48 48
 
49
-    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
49
+    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-1 ucredit=-1 ocredit=0 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
50 50
     mark_completed "${FUNCNAME[0]}"
51 51
 }
52 52
 

+ 15
- 2
src/freedombone-utils-web Bestand weergeven

@@ -184,13 +184,14 @@ function test_domain_name {
184 184
 # Checks whether certificates were generated for the given hostname
185 185
 function check_certificates {
186 186
     if [ ! "$1" ]; then
187
-        return
187
+        echo $'No certificate name provided'
188
+        exit 3568736585683
188 189
     fi
189 190
     USE_LETSENCRYPT='no'
190 191
     if [ "$2" ]; then
191 192
         USE_LETSENCRYPT="$2"
192 193
     fi
193
-    if [[ $USE_LETSENCRYPT == 'no' ]]; then
194
+    if [[ $USE_LETSENCRYPT == 'no' || "$ONION_ONLY" != 'no' ]]; then
194 195
         if [ ! -f "/etc/ssl/private/${1}.key" ]; then
195 196
             echo $"Private certificate for ${CHECK_HOSTNAME} was not created"
196 197
             exit 63959
@@ -239,17 +240,27 @@ function cert_exists {
239 240
 }
240 241
 
241 242
 function create_self_signed_cert {
243
+    if [ ! "${SITE_DOMAIN_NAME}" ]; then
244
+        echo $'No site domain specified for self signed cert'
245
+        exit 4638565385
246
+    fi
242 247
     "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
243 248
     function_check check_certificates
244 249
     check_certificates "${SITE_DOMAIN_NAME}"
245 250
 }
246 251
 
247 252
 function create_letsencrypt_cert {
253
+    if [ ! "${SITE_DOMAIN_NAME}" ]; then
254
+        echo $'No site domain specified for letsencrypt cert'
255
+        exit 246824624
256
+    fi
257
+
248 258
     if ! "${PROJECT_NAME}-addcert" -e "${SITE_DOMAIN_NAME}" -s "${LETSENCRYPT_SERVER}" --dhkey "${DH_KEYLENGTH}" --email "${MY_EMAIL_ADDRESS}"; then
249 259
         if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
250 260
             echo $"Lets Encrypt failed for ${SITE_DOMAIN_NAME}, so try making a self-signed cert"
251 261
             "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
252 262
             function_check check_certificates
263
+            CHECK_HOSTNAME="${SITE_DOMAIN_NAME}"
253 264
             check_certificates "${SITE_DOMAIN_NAME}"
254 265
         else
255 266
             echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
@@ -263,6 +274,7 @@ function create_letsencrypt_cert {
263 274
     fi
264 275
 
265 276
     function_check check_certificates
277
+    CHECK_HOSTNAME="${SITE_DOMAIN_NAME}"
266 278
     check_certificates "${SITE_DOMAIN_NAME}" 'yes'
267 279
 }
268 280
 
@@ -1004,6 +1016,7 @@ function email_install_tls {
1004 1016
     fi
1005 1017
     if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
1006 1018
         "${PROJECT_NAME}-addcert" -h exim --dhkey "$DH_KEYLENGTH"
1019
+        CHECK_HOSTNAME=exim
1007 1020
         check_certificates exim
1008 1021
         cp /etc/ssl/certs/exim.dhparam /etc/exim4
1009 1022
         chown root:Debian-exim /etc/exim4/exim.dhparam