Merge branch 'stretch' of https://github.com/bashrc/freedombone

src/freedombone-addcert

@@ -170,10 +170,6 @@ if ! which openssl > /dev/null ;then
     exit 5689
 fi
 
-if [ ! -d /etc/ssl/mycerts ]; then
-    mkdir /etc/ssl/mycerts
-fi
-
 CERTFILE=$HOSTNAME
 
 function remove_cert_letsencrypt {
@@ -310,13 +306,13 @@ function add_cert_selfsigned {
         CERTFILE="ca-$HOSTNAME"
     fi
 
-    openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
+    # shellcheck disable=SC2086
+    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
             -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
             -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
             -out "/etc/ssl/certs/${CERTFILE}.crt"
     chmod 400 "/etc/ssl/private/${CERTFILE}.key"
     chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
-    cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
 
     if [ "$PIN_CERTS" ]; then
         if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
@@ -340,12 +336,6 @@ function restart_web_server {
     fi
 }
 
-function make_cert_bundle {
-    # Create a bundle of your certificates
-    cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
-    tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
-}
-
 function create_cert {
     if [ "$remove_cert" ]; then
         remove_cert_letsencrypt
@@ -362,6 +352,5 @@ function create_cert {
 create_cert
 generate_dh_params
 restart_web_server
-make_cert_bundle
 
 exit 0

src/freedombone-app-irc

@@ -523,6 +523,7 @@ function install_irc_server {
     if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
         "${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
         function_check check_certificates
+        CHECK_HOSTNAME=ngircd
         check_certificates ngircd
     fi
 

src/freedombone-app-xmpp

@@ -973,6 +973,7 @@ function install_xmpp {
     if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
             "${PROJECT_NAME}-addcert" -h xmpp --dhkey "${DH_KEYLENGTH}"
+            CHECK_HOSTNAME=xmpp
             check_certificates xmpp
             if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
                 echo $'Failed to create xmpp certificate'

src/freedombone-base-email

@@ -1068,6 +1068,7 @@ function configure_imap {
 
     if [[ "$(cert_exists dovecot)" == "0" ]]; then
         "${PROJECT_NAME}-addcert" -h dovecot --dhkey "$DH_KEYLENGTH"
+        CHECK_HOSTNAME=dovecot
         check_certificates dovecot
     fi
 

src/freedombone-utils-passwords

@@ -46,7 +46,7 @@ function enforce_good_passwords {
     fi
     apt-get -yq install libpam-cracklib
 
-    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
+    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-1 ucredit=-1 ocredit=0 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
     mark_completed "${FUNCNAME[0]}"
 }
 

src/freedombone-utils-web

@@ -184,13 +184,14 @@ function test_domain_name {
 # Checks whether certificates were generated for the given hostname
 function check_certificates {
     if [ ! "$1" ]; then
-        return
+        echo $'No certificate name provided'
+        exit 3568736585683
     fi
     USE_LETSENCRYPT='no'
     if [ "$2" ]; then
         USE_LETSENCRYPT="$2"
     fi
-    if [[ $USE_LETSENCRYPT == 'no' ]]; then
+    if [[ $USE_LETSENCRYPT == 'no' || "$ONION_ONLY" != 'no' ]]; then
         if [ ! -f "/etc/ssl/private/${1}.key" ]; then
             echo $"Private certificate for ${CHECK_HOSTNAME} was not created"
             exit 63959
@@ -239,17 +240,27 @@ function cert_exists {
 }
 
 function create_self_signed_cert {
+    if [ ! "${SITE_DOMAIN_NAME}" ]; then
+        echo $'No site domain specified for self signed cert'
+        exit 4638565385
+    fi
     "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
     function_check check_certificates
     check_certificates "${SITE_DOMAIN_NAME}"
 }
 
 function create_letsencrypt_cert {
+    if [ ! "${SITE_DOMAIN_NAME}" ]; then
+        echo $'No site domain specified for letsencrypt cert'
+        exit 246824624
+    fi
+
     if ! "${PROJECT_NAME}-addcert" -e "${SITE_DOMAIN_NAME}" -s "${LETSENCRYPT_SERVER}" --dhkey "${DH_KEYLENGTH}" --email "${MY_EMAIL_ADDRESS}"; then
         if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
             echo $"Lets Encrypt failed for ${SITE_DOMAIN_NAME}, so try making a self-signed cert"
             "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
             function_check check_certificates
+            CHECK_HOSTNAME="${SITE_DOMAIN_NAME}"
             check_certificates "${SITE_DOMAIN_NAME}"
         else
             echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
@@ -263,6 +274,7 @@ function create_letsencrypt_cert {
     fi
 
     function_check check_certificates
+    CHECK_HOSTNAME="${SITE_DOMAIN_NAME}"
     check_certificates "${SITE_DOMAIN_NAME}" 'yes'
 }
 
@@ -1004,6 +1016,7 @@ function email_install_tls {
     fi
     if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
         "${PROJECT_NAME}-addcert" -h exim --dhkey "$DH_KEYLENGTH"
+        CHECK_HOSTNAME=exim
         check_certificates exim
         cp /etc/ssl/certs/exim.dhparam /etc/exim4
         chown root:Debian-exim /etc/exim4/exim.dhparam