aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2019-08-21 09:48:09 +0300
committerSergey Poznyakoff <gray@gnu.org.ua>2019-08-21 10:58:13 +0300
commit3610ab59b2085c5eda3933690a973bad1760d3d4 (patch)
tree4e6d004a352f51adfeb907bf58e7ba77aa662685
parent63a36d15df9eebf3389637f58414766498722788 (diff)
downloadacmeman-3610ab59b2085c5eda3933690a973bad1760d3d4.tar.gz
acmeman-3610ab59b2085c5eda3933690a973bad1760d3d4.tar.bz2
Use Config::Parser::Ini for configuration
-rwxr-xr-xacmeman181
-rw-r--r--lib/App/Acmeman/Config.pm446
-rw-r--r--lib/App/Acmeman/Source/File.pm14
3 files changed, 130 insertions, 511 deletions
diff --git a/acmeman b/acmeman
index 7d8a8ac..ddd4703 100755
--- a/acmeman
+++ b/acmeman
@@ -2,7 +2,7 @@
2#! -*-perl-*- 2#! -*-perl-*-
3eval 'exec perl -x -wS $0 ${1+"$@"}' 3eval 'exec perl -x -wS $0 ${1+"$@"}'
4 if 0; 4 if 0;
5# Copyright (C) 2017, 2018 Sergey Poznyakoff <gray@gnu.org> 5# Copyright (C) 2017-2019 Sergey Poznyakoff <gray@gnu.org>
6# 6#
7# This program is free software; you can redistribute it and/or modify 7# This program is free software; you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by 8# it under the terms of the GNU General Public License as published by
@@ -906,13 +906,6 @@ sub get_root_cert {
906 906
907sub initial_setup { 907sub initial_setup {
908 get_root_cert('/etc/ssl/acme/lets-encrypt-x3-cross-signed.pem'); 908 get_root_cert('/etc/ssl/acme/lets-encrypt-x3-cross-signed.pem');
909 unless ($config->isset(qw(core source))) {
910 require App::Acmeman::Source::Apache;
911 my $src = new App::Acmeman::Source::Apache;
912 $src->configure($config);
913 $config->set(qw(core source), $src) unless $config->success;
914 $config->clrerr;
915 }
916 909
917 foreach my $src ($config->get(qw(core source))) { 910 foreach my $src ($config->get(qw(core source))) {
918 unless ($src->setup(dry_run => $dry_run, force => $force)) { 911 unless ($src->setup(dry_run => $dry_run, force => $force)) {
@@ -956,7 +949,7 @@ sub myip {
956 $ips = {}; 949 $ips = {};
957 my $addhost; 950 my $addhost;
958 951
959 if ($config->isset(qw(core my-ip))) { 952 if ($config->is_set(qw(core my-ip))) {
960 $addhost = 0; 953 $addhost = 0;
961 foreach my $ip ($config->get(qw(core my-ip))) { 954 foreach my $ip ($config->get(qw(core my-ip))) {
962 if ($ip eq '$hostip') { 955 if ($ip eq '$hostip') {
@@ -988,7 +981,7 @@ sub host_ns_ok {
988 981
989sub collect { 982sub collect {
990 my $aref = shift; 983 my $aref = shift;
991 return unless $config->isset('domain'); 984 return unless $config->is_set('domain');
992 my $err; 985 my $err;
993 while (my ($k, $v) = each %{$config->get('domain')}) { 986 while (my ($k, $v) = each %{$config->get('domain')}) {
994 my $dom; 987 my $dom;
@@ -1056,171 +1049,21 @@ GetOptions("h" => sub {
1056 1049
1057++$debug if $dry_run; 1050++$debug if $dry_run;
1058 1051
1059sub cb_parse_bool {
1060 my ($k, $vref) = @_;
1061 my %bt = (
1062 0 => 0,
1063 off => 0,
1064 false => 0,
1065 no => 0,
1066 1 => 1,
1067 on => 1,
1068 true => 1,
1069 yes => 1
1070 );
1071 my $res = $bt{lc($$vref)};
1072 if (defined($res)) {
1073 $$vref = $res;
1074 return undef;
1075 }
1076 return "not a boolean: $$vref";
1077}
1078
1079my %syntax = (
1080 core => {
1081 section => {
1082 postrenew => { array => 1 },
1083 rootdir => { default => '/var/www/acme' },
1084 files => 1,
1085 'time-delta' => { default => 86400 },
1086 source => { default => [ 'apache' ], array => 1 },
1087 'check-alt-names' => { default => 0, parser => \&cb_parse_bool },
1088 'check-dns' => { default => 1, parser => \&cb_parse_bool },
1089 'my-ip' => { array => 1 },
1090 'key-size' => { re => '^\d+$', default => 4096 }
1091 }
1092 },
1093 files => {
1094 section => {
1095 '*' => {
1096 section => {
1097 type => { re => 'single|split', default => 'split' },
1098 'certificate-file' => { mandatory => 1 },
1099 'key-file' => 1,
1100 'ca-file' => 1,
1101 argument => 1,
1102 }
1103 }
1104 }
1105 },
1106 domain => {
1107 section => {
1108 '*' => {
1109 section => {
1110 alt => { array => 1 },
1111 files => 1,
1112 'key-size' => { re => '^\d+$' },
1113 postrenew => 0
1114 }
1115 }
1116 }
1117 }
1118);
1119
1120sub file_type_fixup {
1121 my $err;
1122
1123 $config->set(qw(core files default))
1124 unless $config->isset(qw(core files));
1125
1126 unless ($config->isset(qw(files))) {
1127 if ($config->get(qw(core files)) ne 'default') {
1128 error("section files." . $config->get(qw(core files))." not defined");
1129 ++$err;
1130 }
1131 }
1132
1133 unless ($config->isset(qw(files default))) {
1134 $config->set(qw(files default type), 'split');
1135 $config->set(qw(files default key-file),
1136 '/etc/ssl/acme/$domain/privkey.pem');
1137 $config->set(qw(files default certificate-file),
1138 '/etc/ssl/acme/$domain/cert.pem');
1139 $config->set(qw(files default ca-file),
1140 '/etc/ssl/acme/$domain/ca.pem');
1141 }
1142
1143 if ($config->isset(qw(files))) {
1144 while (my ($k, $v) = each %{$config->get(qw(files))}) {
1145 if ($v->{type} eq 'single') {
1146 unless (exists($v->{'certificate-file'})) {
1147 error("files.$k.certificate-file not defined");
1148 ++$err;
1149 } else {
1150 if (exists($v->{'key-file'})) {
1151 error("files.$k.key-file ignored");
1152 }
1153 if (exists($v->{'ca-file'})) {
1154 error("files.$k.ca-file ignored");
1155 }
1156 }
1157 } else {
1158 unless (exists($v->{'key-file'})) {
1159 error("files.$k.key-file not defined");
1160 ++$err;
1161 }
1162 unless (exists($v->{'certificate-file'})) {
1163 error("files.$k.ca-file not defined");
1164 ++$err;
1165 }
1166 }
1167 }
1168 }
1169
1170 if (my $files = $config->get(qw(core files))) {
1171 unless ($config->isset('files', $files)) {
1172 error("files.$files is referenced from [core], but never declared");
1173 ++$err;
1174 }
1175 }
1176
1177 exit(1) if $err;
1178}
1179
1180my @domlist; 1052my @domlist;
1181 1053
1182@select{map { lc } @ARGV} = (1) x @ARGV; 1054@select{map { lc } @ARGV} = (1) x @ARGV;
1183 1055
1184$config = new App::Acmeman::Config($config_file, 1056$config = new App::Acmeman::Config($config_file);
1185 syntax => \%syntax,
1186 defaults => {
1187 'core.source' => 'apache',
1188 'core.key-size' => 4096
1189 });
1190
1191if ($config->success) {
1192 if (my @source = $config->get(qw(core source))) {
1193 $config->unset(qw(core source));
1194 foreach my $s (@source) {
1195 my ($name, @args) = quotewords('\s+', 0, $s);
1196 my $pack = 'App::Acmeman::Source::' . ucfirst($name);
1197 my $obj = eval "use $pack; new $pack(\@args);";
1198 if ($@) {
1199 abend(EX_CONFIG, $@);
1200 }
1201 $obj->configure($config);
1202 $config->set(qw(core source), $obj);
1203 }
1204 }
1205 if ($time_delta) {
1206 $config->set(qw(core time-delta), $time_delta);
1207 }
1208 if ($check_alt_names) {
1209 $config->set(qw(core check-alt-names), $check_alt_names);
1210 }
1211 $config->finalize;
1212}
1213 1057
1214unless ($config->success) { 1058if ($time_delta) {
1215 foreach my $err ($config->errors) { 1059 $config->set(qw(core time-delta), $time_delta);
1216 error($err); 1060}
1217 } 1061if ($check_alt_names) {
1218 exit(1); 1062 $config->set(qw(core check-alt-names), $check_alt_names);
1219} 1063}
1220 1064
1221initial_setup if $setup; 1065initial_setup if $setup;
1222 1066
1223file_type_fixup;
1224#print Dumper([$config]);exit; 1067#print Dumper([$config]);exit;
1225collect \@domlist; 1068collect \@domlist;
1226 1069
@@ -1230,10 +1073,6 @@ coalesce \@domlist;
1230# Check challenge root directory 1073# Check challenge root directory
1231prep_dir($config->get(qw(core rootdir)).'/file'); 1074prep_dir($config->get(qw(core rootdir)).'/file');
1232 1075
1233# # FIXME Check filename patterns