From d8bf2fa14936912071b6069705daf0d02066aabc Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Sun, 19 Apr 2020 14:13:29 +0100 Subject: [PATCH 1/2] Remove dependency on seq, ensure clean_up doesn't try to delete /tmp --- getssl | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/getssl b/getssl index bcaa37f..0fd4431 100755 --- a/getssl +++ b/getssl @@ -222,11 +222,12 @@ # 2020-03-30 Fix problems if domain name isn't in lowercase (2.22) # 2020-04-16 Add alternative working dirs '/etc/getssl/' '${PROGDIR}/conf' '${PROGDIR}/.getssl' # 2020-04-16 Add -i|--install command line option (2.23) +# 2020-04-19 Remove dependency on seq, ensure clean_up doesn't try to delete /tmp (2.24) # ---------------------------------------------------------------------------------------- PROGNAME=${0##*/} PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)" -VERSION="2.23" +VERSION="2.24" # defaults ACCOUNT_KEY_LENGTH=4096 @@ -633,7 +634,11 @@ clean_up() { # Perform pre-exit housekeeping shopt -u nullglob fi if [[ -n "$DOMAIN_DIR" ]]; then - rm -rf "${TEMP_DIR:?}" + if [ "${TEMP_DIR}" -ef "/tmp" ]; then + info "Not going to delete TEMP_DIR ${TEMP_DIR} as it appears to be /tmp" + else + rm -rf "${TEMP_DIR:?}" + fi fi if [[ -n "$TEMP_UPGRADE_FILE" ]] && [[ -f "$TEMP_UPGRADE_FILE" ]]; then rm -f "$TEMP_UPGRADE_FILE" @@ -2299,10 +2304,8 @@ fi # Test working directory candidates if unset. Last candidate defaults (~/getssl/) if [[ -z "${WORKING_DIR}" ]] then - for WDCC in $(seq 0 $((${#WORKING_DIR_CANDIDATES[@]}-1)) ) + for WORKING_DIR in "${WORKING_DIR_CANDIDATES[@]}" do - WORKING_DIR="$(eval echo "${WORKING_DIR_CANDIDATES[$WDCC]}")" - debug "Testing working dir location '${WORKING_DIR}'" if [[ -s "$WORKING_DIR/getssl.cfg" ]] then From 462573c8ba17d82730ac69de9b201b377eb7f96d Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Sun, 19 Apr 2020 14:13:55 +0100 Subject: [PATCH 2/2] Test if DOMAIN_STORAGE is "/" clean_up doesn't delete /tmp --- test/11-test-no-domain-storage.bats | 19 ++++++++++++ .../getssl-http01-no-domain-storage.cfg | 31 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 test/11-test-no-domain-storage.bats create mode 100644 test/test-config/getssl-http01-no-domain-storage.cfg diff --git a/test/11-test-no-domain-storage.bats b/test/11-test-no-domain-storage.bats new file mode 100644 index 0000000..cefac3f --- /dev/null +++ b/test/11-test-no-domain-storage.bats @@ -0,0 +1,19 @@ +#! /usr/bin/env bats + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +load '/getssl/test/test_helper.bash' + + +@test "Check that if domain storage isn't set getssl doesn't try to delete /tmp" { + if [ -n "$STAGING" ]; then + skip "Using staging server, skipping internal test" + fi + CONFIG_FILE="getssl-http01-no-domain-storage.cfg" + setup_environment + mkdir ${INSTALL_DIR}/.getssl + cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" + run ${CODE_DIR}/getssl -a + assert_success + assert_line 'Not going to delete TEMP_DIR ///tmp as it appears to be /tmp' +} diff --git a/test/test-config/getssl-http01-no-domain-storage.cfg b/test/test-config/getssl-http01-no-domain-storage.cfg new file mode 100644 index 0000000..efa5318 --- /dev/null +++ b/test/test-config/getssl-http01-no-domain-storage.cfg @@ -0,0 +1,31 @@ +# Uncomment and modify any variables you need +# see https://github.com/srvrco/getssl/wiki/Config-variables for details +# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs +# +CA="https://pebble:14000/dir" + +# Additional domains - this could be multiple domains / subdomains in a comma separated list +SANS="" + +# Acme Challenge Location. +ACL=('/var/www/html/.well-known/acme-challenge') + +#Set USE_SINGLE_ACL="true" to use a single ACL for all checks +USE_SINGLE_ACL="false" + +# Location for all your certs, these can either be on the server (full path name) +# or using ssh /sftp as for the ACL +DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt" +DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key" +CA_CERT_LOCATION="/etc/nginx/pki/chain.crt" +DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert +DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert + +# The command needed to reload apache / nginx or whatever you use +RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" + +# Define the server type and confirm correct certificate is installed +SERVER_TYPE="https" +CHECK_REMOTE="true" + +DOMAIN_STORAGE="/"