From 347ec532272031c835780726559dd6f20473fd3f Mon Sep 17 00:00:00 2001 From: Benno-K Date: Sun, 7 Feb 2021 16:25:48 +0100 Subject: [PATCH 1/8] Implement #634 - allow -u without domain(s) --- README.md | 2 +- getssl | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 84d2835..cad2775 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,7 @@ Options: -q, --quiet Quiet mode (only outputs on error, success of new cert, or getssl was upgraded) -Q, --mute Like -q, but mutes notification about successful upgrade -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) - -u, --upgrade Upgrade getssl if a more recent version is available + -u, --upgrade Upgrade getssl if a more recent version is available - can be used with or without domain(s) -k, --keep "#" Maximum amount of old getssl versions to keep when upgrading -U, --nocheck Do not check if a more recent version is available -w working_dir "Working directory" diff --git a/getssl b/getssl index b14e465..cad52c3 100755 --- a/getssl +++ b/getssl @@ -253,6 +253,7 @@ # 2021-01-22 Add FTP_OPTIONS # 2021-01-27 Add the ability to set several reload commands (atisne) # 2021-01-29 Use dig -r (if supported) to ignore.digrc (#630) +# 2021-02-07 Allow -u --upgrade without any domain, so that one can only update the script # ---------------------------------------------------------------------------------------- case :$SHELLOPTS: in @@ -261,7 +262,7 @@ esac PROGNAME=${0##*/} PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)" -VERSION="2.33" +VERSION="2.34" # defaults ACCOUNT_KEY_LENGTH=4096 @@ -1669,7 +1670,7 @@ help_message() { # print out the help message -q, --quiet Quiet mode (only outputs on error, success of new cert, or getssl was upgraded) -Q, --mute Like -q, but also mute notification about successful upgrade -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) - -u, --upgrade Upgrade getssl if a more recent version is available + -u, --upgrade Upgrade getssl if a more recent version is available - can be used with or without domain(s) -k, --keep "#" Maximum number of old getssl versions to keep when upgrading -U, --nocheck Do not check if a more recent version is available -w working_dir "Working directory" @@ -2513,6 +2514,10 @@ requires mktemp # Check if upgrades are available (unless they have specified -U to ignore Upgrade checks) if [[ $_UPGRADE_CHECK -eq 1 ]]; then check_getssl_upgrade + # if nothing in command line, then exit after upgrade + if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]]; then + graceful_exit + fi fi # Revoke a certificate if requested From d616aa5d1a463923ac40ee4cbc2105cfc58978d6 Mon Sep 17 00:00:00 2001 From: Benno-K Date: Sun, 7 Feb 2021 21:27:52 +0100 Subject: [PATCH 2/8] Test revealed that revocation (-r) also should not exit after upgrade --- getssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/getssl b/getssl index cad52c3..c319eed 100755 --- a/getssl +++ b/getssl @@ -2514,8 +2514,8 @@ requires mktemp # Check if upgrades are available (unless they have specified -U to ignore Upgrade checks) if [[ $_UPGRADE_CHECK -eq 1 ]]; then check_getssl_upgrade - # if nothing in command line, then exit after upgrade - if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]]; then + # if nothing in command line and no revocation, then exit after upgrade + if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]]; then graceful_exit fi fi From baa87f6cdbd24b441c2ac3ed3e569e3d813dbb19 Mon Sep 17 00:00:00 2001 From: Benno-K Date: Mon, 8 Feb 2021 13:43:26 +0100 Subject: [PATCH 3/8] Trying to fix failing tests in 32-test-upgrade.bats --- getssl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/getssl b/getssl index c319eed..2b70249 100755 --- a/getssl +++ b/getssl @@ -2514,8 +2514,9 @@ requires mktemp # Check if upgrades are available (unless they have specified -U to ignore Upgrade checks) if [[ $_UPGRADE_CHECK -eq 1 ]]; then check_getssl_upgrade - # if nothing in command line and no revocation, then exit after upgrade - if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]]; then + # if nothing in command line and no revocation and not only config check, + # then exit after upgrade + if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]] && [ "${_ONLY_CHECK_CONFIG}" -eq 1 ]; then graceful_exit fi fi From 9946eb789fcbee975788b8ce9ef25eb5717dd0f7 Mon Sep 17 00:00:00 2001 From: Benno-K Date: Mon, 8 Feb 2021 14:05:06 +0100 Subject: [PATCH 4/8] Still trying to fix failing tests in 32-test-upgrade.bats --- getssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/getssl b/getssl index 2b70249..151cff0 100755 --- a/getssl +++ b/getssl @@ -2517,7 +2517,7 @@ if [[ $_UPGRADE_CHECK -eq 1 ]]; then # if nothing in command line and no revocation and not only config check, # then exit after upgrade if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]] && [ "${_ONLY_CHECK_CONFIG}" -eq 1 ]; then - graceful_exit + echo graceful_exit fi fi From 088e55131354f9e491862b4d004ce2a7bf1c57e7 Mon Sep 17 00:00:00 2001 From: Benno-K Date: Mon, 8 Feb 2021 14:15:33 +0100 Subject: [PATCH 5/8] after wild trying go back to what I think is it, even if I know that the upgrade tests fail with that --- getssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/getssl b/getssl index 151cff0..f0e40ab 100755 --- a/getssl +++ b/getssl @@ -2516,8 +2516,8 @@ if [[ $_UPGRADE_CHECK -eq 1 ]]; then check_getssl_upgrade # if nothing in command line and no revocation and not only config check, # then exit after upgrade - if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]] && [ "${_ONLY_CHECK_CONFIG}" -eq 1 ]; then - echo graceful_exit + if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]] && [ "${_ONLY_CHECK_CONFIG}" -ne 1 ]; then + graceful_exit fi fi From a342bf7f4c90b369b2b8cfbff1d64cb9e03ce488 Mon Sep 17 00:00:00 2001 From: Benno-K Date: Mon, 8 Feb 2021 17:27:15 +0100 Subject: [PATCH 6/8] Changed 32-test-upgrade.bats to actually check the update functionality of the newly developped version - also change the way of determining the versions --- test/32-test-upgrade.bats | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/test/32-test-upgrade.bats b/test/32-test-upgrade.bats index 1c8af6d..cb47c7e 100644 --- a/test/32-test-upgrade.bats +++ b/test/32-test-upgrade.bats @@ -8,9 +8,16 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt - CURRENT_VERSION=$(awk -F '"' '$1 == "VERSION=" {print $2}' ${CODE_DIR}/getssl) - PREVIOUS_VERSION=$(echo ${CURRENT_VERSION} | awk -F. '{ print $1 "." $2-1}') run git clone https://github.com/srvrco/getssl.git "$INSTALL_DIR/upgrade-getssl" + # Don't do version arithmetics any longer, look what there really is + cd "$INSTALL_DIR/upgrade-getssl" + CURRENT_VERSION=$(git tag -l|grep -e '^v'|tail -1|cut -b2-) + PREVIOUS_VERSION=$(git tag -l|grep -e '^v'|tail -2|head -1|cut -b2-) + # The version in the file, which we will overwrite + FILE_VERSION=$(awk -F'"' '/^VERSION=/{print $2}' "$CODE_DIR/getssl") +echo "============ FILE_VERSION ===========" +echo "${FILE_VERSION}" +echo "============ FILE_VERSION ===========" } @@ -31,6 +38,15 @@ teardown() { setup_environment init_getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" + # Overwrite checked out getssl-script with copy of new one, + # but write the previous version into the copy + # Note that this way we actually downgrade getssl, but we are testing + # the upgrading of the version in development + cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" + sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_VERSION}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" +echo "============ VERSION ===========" +egrep '^VERSION=' "$INSTALL_DIR/upgrade-getssl/getssl" +echo "============ VERSION ===========" run "$INSTALL_DIR/upgrade-getssl/getssl" --check-config ${GETSSL_CMD_HOST} assert_success #assert_line "Updated getssl from v${PREVIOUS_VERSION} to v${CURRENT_VERSION}" @@ -45,12 +61,18 @@ teardown() { fi cd "$INSTALL_DIR/upgrade-getssl" - git checkout tags/v${PREVIOUS_VERSION} + git checkout tags/v${CURRENT_VERSION} CONFIG_FILE="getssl-http01.cfg" setup_environment init_getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" + # Overwrite checked out getssl-script with copy of new one, + # but write the previous version into the copy + # Note that this way we actually downgrade getssl, but we are testing + # the upgrading of the version in development + cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" + sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_VERSION}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" run "$INSTALL_DIR/upgrade-getssl/getssl" --check-config --upgrade ${GETSSL_CMD_HOST} assert_success assert_line "Updated getssl from v${PREVIOUS_VERSION} to v${CURRENT_VERSION}" @@ -71,6 +93,12 @@ teardown() { setup_environment init_getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" + # Overwrite checked out getssl-script with copy of new one, + # but write the previous version into the copy + # Note that this way we actually downgrade getssl, but we are testing + # the upgrading of the version in development + cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" + sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_VERSION}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" run bash ./getssl --check-config --upgrade ${GETSSL_CMD_HOST} assert_success assert_line "Updated getssl from v${PREVIOUS_VERSION} to v${CURRENT_VERSION}" From 15a8f9f1eeb8784e3847d6f4cf785fc2dadc7d62 Mon Sep 17 00:00:00 2001 From: Benno-K Date: Mon, 8 Feb 2021 17:42:34 +0100 Subject: [PATCH 7/8] Removed echo-statements --- test/32-test-upgrade.bats | 6 ------ 1 file changed, 6 deletions(-) diff --git a/test/32-test-upgrade.bats b/test/32-test-upgrade.bats index cb47c7e..b8f98cd 100644 --- a/test/32-test-upgrade.bats +++ b/test/32-test-upgrade.bats @@ -15,9 +15,6 @@ setup() { PREVIOUS_VERSION=$(git tag -l|grep -e '^v'|tail -2|head -1|cut -b2-) # The version in the file, which we will overwrite FILE_VERSION=$(awk -F'"' '/^VERSION=/{print $2}' "$CODE_DIR/getssl") -echo "============ FILE_VERSION ===========" -echo "${FILE_VERSION}" -echo "============ FILE_VERSION ===========" } @@ -44,9 +41,6 @@ teardown() { # the upgrading of the version in development cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_VERSION}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" -echo "============ VERSION ===========" -egrep '^VERSION=' "$INSTALL_DIR/upgrade-getssl/getssl" -echo "============ VERSION ===========" run "$INSTALL_DIR/upgrade-getssl/getssl" --check-config ${GETSSL_CMD_HOST} assert_success #assert_line "Updated getssl from v${PREVIOUS_VERSION} to v${CURRENT_VERSION}" From 9853fd39d6f03bc3da0df1565755561ac687e835 Mon Sep 17 00:00:00 2001 From: Benno-K Date: Mon, 8 Feb 2021 19:18:11 +0100 Subject: [PATCH 8/8] More elegant way to get versions --- test/32-test-upgrade.bats | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/32-test-upgrade.bats b/test/32-test-upgrade.bats index b8f98cd..baa7b0f 100644 --- a/test/32-test-upgrade.bats +++ b/test/32-test-upgrade.bats @@ -10,9 +10,11 @@ setup() { export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt run git clone https://github.com/srvrco/getssl.git "$INSTALL_DIR/upgrade-getssl" # Don't do version arithmetics any longer, look what there really is + # by getting the last line (starting with v) and the one before of the + # list of tags. cd "$INSTALL_DIR/upgrade-getssl" - CURRENT_VERSION=$(git tag -l|grep -e '^v'|tail -1|cut -b2-) - PREVIOUS_VERSION=$(git tag -l|grep -e '^v'|tail -2|head -1|cut -b2-) + # This sets CURRENT_VERSION and PREVIOUS_VERSION bash variables + eval $(git tag -l | awk 'BEGIN {cur="?.??"};/^v/{prv=cur;cur=substr($1,2)};END{ printf("CURRENT_VERSION=\"%s\";PREVIOUS_VERSION=\"%s\"\n",cur,prv)}') # The version in the file, which we will overwrite FILE_VERSION=$(awk -F'"' '/^VERSION=/{print $2}' "$CODE_DIR/getssl") }