diff --git a/README.md b/README.md index 84d2835..cad2775 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,7 @@ Options: -q, --quiet Quiet mode (only outputs on error, success of new cert, or getssl was upgraded) -Q, --mute Like -q, but mutes notification about successful upgrade -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) - -u, --upgrade Upgrade getssl if a more recent version is available + -u, --upgrade Upgrade getssl if a more recent version is available - can be used with or without domain(s) -k, --keep "#" Maximum amount of old getssl versions to keep when upgrading -U, --nocheck Do not check if a more recent version is available -w working_dir "Working directory" diff --git a/getssl b/getssl index b14e465..f0e40ab 100755 --- a/getssl +++ b/getssl @@ -253,6 +253,7 @@ # 2021-01-22 Add FTP_OPTIONS # 2021-01-27 Add the ability to set several reload commands (atisne) # 2021-01-29 Use dig -r (if supported) to ignore.digrc (#630) +# 2021-02-07 Allow -u --upgrade without any domain, so that one can only update the script # ---------------------------------------------------------------------------------------- case :$SHELLOPTS: in @@ -261,7 +262,7 @@ esac PROGNAME=${0##*/} PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)" -VERSION="2.33" +VERSION="2.34" # defaults ACCOUNT_KEY_LENGTH=4096 @@ -1669,7 +1670,7 @@ help_message() { # print out the help message -q, --quiet Quiet mode (only outputs on error, success of new cert, or getssl was upgraded) -Q, --mute Like -q, but also mute notification about successful upgrade -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) - -u, --upgrade Upgrade getssl if a more recent version is available + -u, --upgrade Upgrade getssl if a more recent version is available - can be used with or without domain(s) -k, --keep "#" Maximum number of old getssl versions to keep when upgrading -U, --nocheck Do not check if a more recent version is available -w working_dir "Working directory" @@ -2513,6 +2514,11 @@ requires mktemp # Check if upgrades are available (unless they have specified -U to ignore Upgrade checks) if [[ $_UPGRADE_CHECK -eq 1 ]]; then check_getssl_upgrade + # if nothing in command line and no revocation and not only config check, + # then exit after upgrade + if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]] && [ "${_ONLY_CHECK_CONFIG}" -ne 1 ]; then + graceful_exit + fi fi # Revoke a certificate if requested diff --git a/test/32-test-upgrade.bats b/test/32-test-upgrade.bats index 1c8af6d..baa7b0f 100644 --- a/test/32-test-upgrade.bats +++ b/test/32-test-upgrade.bats @@ -8,9 +8,15 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt - CURRENT_VERSION=$(awk -F '"' '$1 == "VERSION=" {print $2}' ${CODE_DIR}/getssl) - PREVIOUS_VERSION=$(echo ${CURRENT_VERSION} | awk -F. '{ print $1 "." $2-1}') run git clone https://github.com/srvrco/getssl.git "$INSTALL_DIR/upgrade-getssl" + # Don't do version arithmetics any longer, look what there really is + # by getting the last line (starting with v) and the one before of the + # list of tags. + cd "$INSTALL_DIR/upgrade-getssl" + # This sets CURRENT_VERSION and PREVIOUS_VERSION bash variables + eval $(git tag -l | awk 'BEGIN {cur="?.??"};/^v/{prv=cur;cur=substr($1,2)};END{ printf("CURRENT_VERSION=\"%s\";PREVIOUS_VERSION=\"%s\"\n",cur,prv)}') + # The version in the file, which we will overwrite + FILE_VERSION=$(awk -F'"' '/^VERSION=/{print $2}' "$CODE_DIR/getssl") } @@ -31,6 +37,12 @@ teardown() { setup_environment init_getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" + # Overwrite checked out getssl-script with copy of new one, + # but write the previous version into the copy + # Note that this way we actually downgrade getssl, but we are testing + # the upgrading of the version in development + cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" + sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_VERSION}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" run "$INSTALL_DIR/upgrade-getssl/getssl" --check-config ${GETSSL_CMD_HOST} assert_success #assert_line "Updated getssl from v${PREVIOUS_VERSION} to v${CURRENT_VERSION}" @@ -45,12 +57,18 @@ teardown() { fi cd "$INSTALL_DIR/upgrade-getssl" - git checkout tags/v${PREVIOUS_VERSION} + git checkout tags/v${CURRENT_VERSION} CONFIG_FILE="getssl-http01.cfg" setup_environment init_getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" + # Overwrite checked out getssl-script with copy of new one, + # but write the previous version into the copy + # Note that this way we actually downgrade getssl, but we are testing + # the upgrading of the version in development + cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" + sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_VERSION}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" run "$INSTALL_DIR/upgrade-getssl/getssl" --check-config --upgrade ${GETSSL_CMD_HOST} assert_success assert_line "Updated getssl from v${PREVIOUS_VERSION} to v${CURRENT_VERSION}" @@ -71,6 +89,12 @@ teardown() { setup_environment init_getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" + # Overwrite checked out getssl-script with copy of new one, + # but write the previous version into the copy + # Note that this way we actually downgrade getssl, but we are testing + # the upgrading of the version in development + cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" + sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_VERSION}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" run bash ./getssl --check-config --upgrade ${GETSSL_CMD_HOST} assert_success assert_line "Updated getssl from v${PREVIOUS_VERSION} to v${CURRENT_VERSION}"