diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2019-08-21 09:48:09 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2019-08-21 10:58:13 +0300 |
commit | 3610ab59b2085c5eda3933690a973bad1760d3d4 (patch) | |
tree | 4e6d004a352f51adfeb907bf58e7ba77aa662685 | |
parent | 63a36d15df9eebf3389637f58414766498722788 (diff) | |
download | acmeman-3610ab59b2085c5eda3933690a973bad1760d3d4.tar.gz acmeman-3610ab59b2085c5eda3933690a973bad1760d3d4.tar.bz2 |
Use Config::Parser::Ini for configuration
-rwxr-xr-x | acmeman | 181 | ||||
-rw-r--r-- | lib/App/Acmeman/Config.pm | 446 | ||||
-rw-r--r-- | lib/App/Acmeman/Source/File.pm | 14 |
3 files changed, 130 insertions, 511 deletions
@@ -2,7 +2,7 @@ | |||
2 | #! -*-perl-*- | 2 | #! -*-perl-*- |
3 | eval 'exec perl -x -wS $0 ${1+"$@"}' | 3 | eval 'exec perl -x -wS $0 ${1+"$@"}' |
4 | if 0; | 4 | if 0; |
5 | # Copyright (C) 2017, 2018 Sergey Poznyakoff <gray@gnu.org> | 5 | # Copyright (C) 2017-2019 Sergey Poznyakoff <gray@gnu.org> |
6 | # | 6 | # |
7 | # This program is free software; you can redistribute it and/or modify | 7 | # This program is free software; you can redistribute it and/or modify |
8 | # it under the terms of the GNU General Public License as published by | 8 | # it under the terms of the GNU General Public License as published by |
@@ -906,13 +906,6 @@ sub get_root_cert { | |||
906 | 906 | ||
907 | sub initial_setup { | 907 | sub initial_setup { |
908 | get_root_cert('/etc/ssl/acme/lets-encrypt-x3-cross-signed.pem'); | 908 | get_root_cert('/etc/ssl/acme/lets-encrypt-x3-cross-signed.pem'); |
909 | unless ($config->isset(qw(core source))) { | ||
910 | require App::Acmeman::Source::Apache; | ||
911 | my $src = new App::Acmeman::Source::Apache; | ||
912 | $src->configure($config); | ||
913 | $config->set(qw(core source), $src) unless $config->success; | ||
914 | $config->clrerr; | ||
915 | } | ||
916 | 909 | ||
917 | foreach my $src ($config->get(qw(core source))) { | 910 | foreach my $src ($config->get(qw(core source))) { |
918 | unless ($src->setup(dry_run => $dry_run, force => $force)) { | 911 | unless ($src->setup(dry_run => $dry_run, force => $force)) { |
@@ -956,7 +949,7 @@ sub myip { | |||
956 | $ips = {}; | 949 | $ips = {}; |
957 | my $addhost; | 950 | my $addhost; |
958 | 951 | ||
959 | if ($config->isset(qw(core my-ip))) { | 952 | if ($config->is_set(qw(core my-ip))) { |
960 | $addhost = 0; | 953 | $addhost = 0; |
961 | foreach my $ip ($config->get(qw(core my-ip))) { | 954 | foreach my $ip ($config->get(qw(core my-ip))) { |
962 | if ($ip eq '$hostip') { | 955 | if ($ip eq '$hostip') { |
@@ -988,7 +981,7 @@ sub host_ns_ok { | |||
988 | 981 | ||
989 | sub collect { | 982 | sub collect { |
990 | my $aref = shift; | 983 | my $aref = shift; |
991 | return unless $config->isset('domain'); | 984 | return unless $config->is_set('domain'); |
992 | my $err; | 985 | my $err; |
993 | while (my ($k, $v) = each %{$config->get('domain')}) { | 986 | while (my ($k, $v) = each %{$config->get('domain')}) { |
994 | my $dom; | 987 | my $dom; |
@@ -1056,171 +1049,21 @@ GetOptions("h" => sub { | |||
1056 | 1049 | ||
1057 | ++$debug if $dry_run; | 1050 | ++$debug if $dry_run; |
1058 | 1051 | ||
1059 | sub cb_parse_bool { | ||
1060 | my ($k, $vref) = @_; | ||
1061 | my %bt = ( | ||
1062 | 0 => 0, | ||
1063 | off => 0, | ||
1064 | false => 0, | ||
1065 | no => 0, | ||
1066 | 1 => 1, | ||
1067 | on => 1, | ||
1068 | true => 1, | ||
1069 | yes => 1 | ||
1070 | ); | ||
1071 | my $res = $bt{lc($$vref)}; | ||
1072 | if (defined($res)) { | ||
1073 | $$vref = $res; | ||
1074 | return undef; | ||
1075 | } | ||
1076 | return "not a boolean: $$vref"; | ||
1077 | } | ||
1078 | |||
1079 | my %syntax = ( | ||
1080 | core => { | ||
1081 | section => { | ||
1082 | postrenew => { array => 1 }, | ||
1083 | rootdir => { default => '/var/www/acme' }, | ||
1084 | files => 1, | ||
1085 | 'time-delta' => { default => 86400 }, | ||
1086 | source => { default => [ 'apache' ], array => 1 }, | ||
1087 | 'check-alt-names' => { default => 0, parser => \&cb_parse_bool }, | ||
1088 | 'check-dns' => { default => 1, parser => \&cb_parse_bool }, | ||
1089 | 'my-ip' => { array => 1 }, | ||
1090 | 'key-size' => { re => '^\d+$', default => 4096 } | ||
1091 | } | ||
1092 | }, | ||
1093 | files => { | ||
1094 | section => { | ||
1095 | '*' => { | ||
1096 | section => { | ||
1097 | type => { re => 'single|split', default => 'split' }, | ||
1098 | 'certificate-file' => { mandatory => 1 }, | ||
1099 | 'key-file' => 1, | ||
1100 | 'ca-file' => 1, | ||
1101 | argument => 1, | ||
1102 | } | ||
1103 | } | ||
1104 | } | ||
1105 | }, | ||
1106 | domain => { | ||
1107 | section => { | ||
1108 | '*' => { | ||
1109 | section => { | ||
1110 | alt => { array => 1 }, | ||
1111 | files => 1, | ||
1112 | 'key-size' => { re => '^\d+$' }, | ||
1113 | postrenew => 0 | ||
1114 | } | ||
1115 | } | ||
1116 | } | ||
1117 | } | ||
1118 | ); | ||
1119 | |||
1120 | sub file_type_fixup { | ||
1121 | my $err; | ||
1122 | |||
1123 | $config->set(qw(core files default)) | ||
1124 | unless $config->isset(qw(core files)); | ||
1125 | |||
1126 | unless ($config->isset(qw(files))) { | ||
1127 | if ($config->get(qw(core files)) ne 'default') { | ||
1128 | error("section files." . $config->get(qw(core files))." not defined"); | ||
1129 | ++$err; | ||
1130 | } | ||
1131 | } | ||
1132 | |||
1133 | unless ($config->isset(qw(files default))) { | ||
1134 | $config->set(qw(files default type), 'split'); | ||
1135 | $config->set(qw(files default key-file), | ||
1136 | '/etc/ssl/acme/$domain/privkey.pem'); | ||
1137 | $config->set(qw(files default certificate-file), | ||
1138 | '/etc/ssl/acme/$domain/cert.pem'); | ||
1139 | $config->set(qw(files default ca-file), | ||
1140 | '/etc/ssl/acme/$domain/ca.pem'); | ||
1141 | } | ||
1142 | |||
1143 | if ($config->isset(qw(files))) { | ||
1144 | while (my ($k, $v) = each %{$config->get(qw(files))}) { | ||
1145 | if ($v->{type} eq 'single') { | ||
1146 | unless (exists($v->{'certificate-file'})) { | ||
1147 | error("files.$k.certificate-file not defined"); | ||
1148 | ++$err; | ||
1149 | } else { | ||
1150 | if (exists($v->{'key-file'})) { | ||
1151 | error("files.$k.key-file ignored"); | ||
1152 | } | ||
1153 | if (exists($v->{'ca-file'})) { | ||
1154 | error("files.$k.ca-file ignored"); | ||
1155 | } | ||
1156 | } | ||
1157 | } else { | ||
1158 | unless (exists($v->{'key-file'})) { | ||
1159 | error("files.$k.key-file not defined"); | ||
1160 | ++$err; | ||
1161 | } | ||
1162 | unless (exists($v->{'certificate-file'})) { | ||
1163 | error("files.$k.ca-file not defined"); | ||
1164 | ++$err; | ||
1165 | } | ||
1166 | } | ||
1167 | } | ||
1168 | } | ||
1169 | |||
1170 | if (my $files = $config->get(qw(core files))) { | ||
1171 | unless ($config->isset('files', $files)) { | ||
1172 | error("files.$files is referenced from [core], but never declared"); | ||
1173 | ++$err; | ||
1174 | } | ||
1175 | } | ||
1176 | |||
1177 | exit(1) if $err; | ||
1178 | } | ||
1179 | |||
1180 | my @domlist; | 1052 | my @domlist; |
1181 | 1053 | ||
1182 | @select{map { lc } @ARGV} = (1) x @ARGV; | 1054 | @select{map { lc } @ARGV} = (1) x @ARGV; |
1183 | 1055 | ||
1184 | $config = new App::Acmeman::Config($config_file, | 1056 | $config = new App::Acmeman::Config($config_file); |
1185 | syntax => \%syntax, | ||
1186 | defaults => { | ||
1187 | 'core.source' => 'apache', | ||
1188 | 'core.key-size' => 4096 | ||
1189 | }); | ||
1190 | |||
1191 | if ($config->success) { | ||
1192 | if (my @source = $config->get(qw(core source))) { | ||
1193 | $config->unset(qw(core source)); | ||
1194 | foreach my $s (@source) { | ||
1195 | my ($name, @args) = quotewords('\s+', 0, $s); | ||
1196 | my $pack = 'App::Acmeman::Source::' . ucfirst($name); | ||
1197 | my $obj = eval "use $pack; new $pack(\@args);"; | ||
1198 | if ($@) { | ||
1199 | abend(EX_CONFIG, $@); | ||
1200 | } | ||
1201 | $obj->configure($config); | ||
1202 | $config->set(qw(core source), $obj); | ||
1203 | } | ||
1204 | } | ||
1205 | if ($time_delta) { | ||
1206 | $config->set(qw(core time-delta), $time_delta); | ||
1207 | } | ||
1208 | if ($check_alt_names) { | ||
1209 | $config->set(qw(core check-alt-names), $check_alt_names); | ||
1210 | } | ||
1211 | $config->finalize; | ||
1212 | } | ||
1213 | 1057 | ||
1214 | unless ($config->success) { | 1058 | if ($time_delta) { |
1215 | foreach my $err ($config->errors) { | 1059 | $config->set(qw(core time-delta), $time_delta); |
1216 | error($err); | 1060 | } |
1217 | } | 1061 | if ($check_alt_names) { |
1218 | exit(1); | 1062 | $config->set(qw(core check-alt-names), $check_alt_names); |
1219 | } | 1063 | } |
1220 | 1064 | ||
1221 | initial_setup if $setup; | 1065 | initial_setup if $setup; |
1222 | 1066 | ||
1223 | file_type_fixup; | ||
1224 | #print Dumper([$config]);exit; | 1067 | #print Dumper([$config]);exit; |
1225 | collect \@domlist; | 1068 | collect \@domlist; |
1226 | 1069 | ||
@@ -1230,10 +1073,6 @@ coalesce \@domlist; | |||
1230 | # Check challenge root directory | 1073 | # Check challenge root directory |
1231 | prep_dir($config->get(qw(core rootdir)).'/file'); | 1074 | prep_dir($config->get(qw(core rootdir)).'/file'); |
1232 | 1075 | ||
1233 | # # FIXME Check filename patterns | ||