From 92d42892132d7d8eb76b9519a339b803a59847e6 Mon Sep 17 00:00:00 2001 From: Humenius Date: Sat, 30 May 2020 20:05:51 +0200 Subject: [PATCH 1/5] #5: Fix unintended container exit if certificate for a domain does not exist --- run.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/run.sh b/run.sh index 43a4dc6..fe7d5ba 100755 --- a/run.sh +++ b/run.sh @@ -1,5 +1,4 @@ #!/bin/bash -set -e workdir=/tmp/work outputdir=/output @@ -37,7 +36,11 @@ dump() { local dir=${outputdir}/${i} [ -a "$dir" ] || \ mkdir -p $dir && \ - mv ${workdir}/${i}/*.pem $dir + mv ${workdir}/${i}/*.pem ${dir}/ + + if [ ! $? -eq 0 ]; then + err "Could not move certificates for domain '${i}' to output folder. Certificates probably may not exist." + fi fi done else @@ -50,6 +53,11 @@ dump() { else log "Certificate or key for '${DOMAIN}' differ, updating" mv ${workdir}/${DOMAIN}/*.pem ${outputdir}/ + + if [ ! $? -eq 0 ]; then + err "Could not move certificates for domain '${DOMAIN}' to output folder. Certificates probably may not exist." + return 1 + fi fi fi From 78b92efd40d2563080cfcb412e01e7f19eb3c210 Mon Sep 17 00:00:00 2001 From: humenius Date: Wed, 3 Jun 2020 08:40:49 +0200 Subject: [PATCH 2/5] #5: Split if check on file existence and file diff --- run.sh | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/run.sh b/run.sh index fe7d5ba..0814723 100755 --- a/run.sh +++ b/run.sh @@ -26,38 +26,38 @@ dump() { if [ "${#DOMAINS[@]}" -gt 1 ]; then for i in "${DOMAINS[@]}" ; do if - [[ -f ${workdir}/${i}/cert.pem && -f ${workdir}/${i}/key.pem && -f ${outputdir}/${i}/cert.pem && -f ${outputdir}/${i}/key.pem ]] && \ - diff -q ${workdir}/${i}/cert.pem ${outputdir}/{$i}/cert.pem >/dev/null && \ - diff -q ${workdir}/${i}/key.pem ${outputdir}/{$i}/key.pem >/dev/null + # 1. Check existence of file + [[ -f ${workdir}/${i}/cert.pem && -f ${workdir}/${i}/key.pem && \ + -f ${outputdir}/${i}/cert.pem && -f ${outputdir}/${i}/key.pem ]] then - log "Certificate and key for '${i}' still up to date, doing nothing" - else - log "Certificate or key for '${i}' differ, updating" - local dir=${outputdir}/${i} - [ -a "$dir" ] || \ - mkdir -p $dir && \ - mv ${workdir}/${i}/*.pem ${dir}/ - - if [ ! $? -eq 0 ]; then - err "Could not move certificates for domain '${i}' to output folder. Certificates probably may not exist." + # 2. Check file diff + if diff -q ${workdir}/${i}/cert.pem ${outputdir}/{$i}/cert.pem >/dev/null && \ + diff -q ${workdir}/${i}/key.pem ${outputdir}/{$i}/key.pem >/dev/null + then + log "Certificate and key for '${i}' still up to date, doing nothing" + else + log "Certificate or key for '${i}' differ, updating" + mv ${workdir}/${i}/*.pem ${dir}/ fi + else + err "Certificates for domain '${i}' don't exist. Omitting..." fi done else if - [[ -f ${workdir}/${DOMAIN}/cert.pem && -f ${workdir}/${DOMAIN}/key.pem && -f ${outputdir}/cert.pem && -f ${outputdir}/key.pem ]] && \ - diff -q ${workdir}/${DOMAIN}/cert.pem ${outputdir}/cert.pem >/dev/null && \ - diff -q ${workdir}/${DOMAIN}/key.pem ${outputdir}/key.pem >/dev/null + [[ -f ${workdir}/${DOMAIN}/cert.pem && -f ${workdir}/${DOMAIN}/key.pem && \ + -f ${outputdir}/cert.pem && -f ${outputdir}/key.pem ]] then - log "Certificate and key for '${DOMAIN}' still up to date, doing nothing" - else - log "Certificate or key for '${DOMAIN}' differ, updating" - mv ${workdir}/${DOMAIN}/*.pem ${outputdir}/ - - if [ ! $? -eq 0 ]; then - err "Could not move certificates for domain '${DOMAIN}' to output folder. Certificates probably may not exist." - return 1 + if diff -q ${workdir}/${DOMAIN}/cert.pem ${outputdir}/cert.pem >/dev/null && \ + diff -q ${workdir}/${DOMAIN}/key.pem ${outputdir}/key.pem >/dev/null + then + log "Certificate and key for '${DOMAIN}' still up to date, doing nothing" + else + log "Certificate or key for '${DOMAIN}' differ, updating" + mv ${workdir}/${DOMAIN}/*.pem ${outputdir}/ fi + else + err "Certificates for domain '${i}' don't exist. Omitting..." fi fi From 01672be2353b4877d9ea24144ed8e4898a96de00 Mon Sep 17 00:00:00 2001 From: humenius Date: Wed, 3 Jun 2020 09:06:51 +0200 Subject: [PATCH 3/5] #5: Remove curly brackets for $i in diff -q while iterating through domains --- run.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/run.sh b/run.sh index 0814723..90ddfdf 100755 --- a/run.sh +++ b/run.sh @@ -26,13 +26,11 @@ dump() { if [ "${#DOMAINS[@]}" -gt 1 ]; then for i in "${DOMAINS[@]}" ; do if - # 1. Check existence of file [[ -f ${workdir}/${i}/cert.pem && -f ${workdir}/${i}/key.pem && \ -f ${outputdir}/${i}/cert.pem && -f ${outputdir}/${i}/key.pem ]] then - # 2. Check file diff - if diff -q ${workdir}/${i}/cert.pem ${outputdir}/{$i}/cert.pem >/dev/null && \ - diff -q ${workdir}/${i}/key.pem ${outputdir}/{$i}/key.pem >/dev/null + if diff -q ${workdir}/$i/cert.pem ${outputdir}/$i/cert.pem >/dev/null && \ + diff -q ${workdir}/$i/key.pem ${outputdir}/$i/key.pem >/dev/null then log "Certificate and key for '${i}' still up to date, doing nothing" else From 04b00e4fb0a3198c60cb04535ff32dcb08f525c1 Mon Sep 17 00:00:00 2001 From: humenius Date: Wed, 3 Jun 2020 09:18:31 +0200 Subject: [PATCH 4/5] #5: Fix proper handling when only one domain is specified --- run.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/run.sh b/run.sh index 90ddfdf..b63daed 100755 --- a/run.sh +++ b/run.sh @@ -43,19 +43,19 @@ dump() { done else if - [[ -f ${workdir}/${DOMAIN}/cert.pem && -f ${workdir}/${DOMAIN}/key.pem && \ + [[ -f ${workdir}/${DOMAINS[1]}/cert.pem && -f ${workdir}/${DOMAINS[1]}/key.pem && \ -f ${outputdir}/cert.pem && -f ${outputdir}/key.pem ]] then - if diff -q ${workdir}/${DOMAIN}/cert.pem ${outputdir}/cert.pem >/dev/null && \ - diff -q ${workdir}/${DOMAIN}/key.pem ${outputdir}/key.pem >/dev/null + if diff -q ${workdir}/${DOMAINS[1]}/cert.pem ${outputdir}/cert.pem >/dev/null && \ + diff -q ${workdir}/${DOMAINS[1]}/key.pem ${outputdir}/key.pem >/dev/null then - log "Certificate and key for '${DOMAIN}' still up to date, doing nothing" + log "Certificate and key for '${DOMAINS[1]}' still up to date, doing nothing" else - log "Certificate or key for '${DOMAIN}' differ, updating" - mv ${workdir}/${DOMAIN}/*.pem ${outputdir}/ + log "Certificate or key for '${DOMAINS[1]}' differ, updating" + mv ${workdir}/${DOMAINS[1]}/*.pem ${outputdir}/ fi else - err "Certificates for domain '${i}' don't exist. Omitting..." + err "Certificates for domain '${DOMAINS[1]}' don't exist. Omitting..." fi fi From 66cfd08cb5f18e8fc2060af04d31c07f05b4edf0 Mon Sep 17 00:00:00 2001 From: humenius Date: Wed, 3 Jun 2020 09:36:00 +0200 Subject: [PATCH 5/5] #5: Move outputdir check for domains and create directory if it doesn't exist --- run.sh | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/run.sh b/run.sh index b63daed..c19457b 100755 --- a/run.sh +++ b/run.sh @@ -26,16 +26,17 @@ dump() { if [ "${#DOMAINS[@]}" -gt 1 ]; then for i in "${DOMAINS[@]}" ; do if - [[ -f ${workdir}/${i}/cert.pem && -f ${workdir}/${i}/key.pem && \ - -f ${outputdir}/${i}/cert.pem && -f ${outputdir}/${i}/key.pem ]] + [[ -f ${workdir}/${i}/cert.pem && -f ${workdir}/${i}/key.pem ]] then - if diff -q ${workdir}/$i/cert.pem ${outputdir}/$i/cert.pem >/dev/null && \ + if [[ -f ${outputdir}/${i}/cert.pem && -f ${outputdir}/${i}/key.pem ]] && \ + diff -q ${workdir}/$i/cert.pem ${outputdir}/$i/cert.pem >/dev/null && \ diff -q ${workdir}/$i/key.pem ${outputdir}/$i/key.pem >/dev/null then log "Certificate and key for '${i}' still up to date, doing nothing" else log "Certificate or key for '${i}' differ, updating" - mv ${workdir}/${i}/*.pem ${dir}/ + local dir=${outputdir}/${i} + mkdir -p ${dir} && mv ${workdir}/${i}/*.pem ${dir} fi else err "Certificates for domain '${i}' don't exist. Omitting..." @@ -43,19 +44,19 @@ dump() { done else if - [[ -f ${workdir}/${DOMAINS[1]}/cert.pem && -f ${workdir}/${DOMAINS[1]}/key.pem && \ - -f ${outputdir}/cert.pem && -f ${outputdir}/key.pem ]] + [[ -f ${workdir}/${DOMAINS[0]}/cert.pem && -f ${workdir}/${DOMAINS[0]}/key.pem ]] then - if diff -q ${workdir}/${DOMAINS[1]}/cert.pem ${outputdir}/cert.pem >/dev/null && \ - diff -q ${workdir}/${DOMAINS[1]}/key.pem ${outputdir}/key.pem >/dev/null + if [[ -f ${outputdir}/cert.pem && -f ${outputdir}/key.pem ]] && \ + diff -q ${workdir}/${DOMAINS[0]}/cert.pem ${outputdir}/cert.pem >/dev/null && \ + diff -q ${workdir}/${DOMAINS[0]}/key.pem ${outputdir}/key.pem >/dev/null then - log "Certificate and key for '${DOMAINS[1]}' still up to date, doing nothing" + log "Certificate and key for '${DOMAINS[0]}' still up to date, doing nothing" else - log "Certificate or key for '${DOMAINS[1]}' differ, updating" - mv ${workdir}/${DOMAINS[1]}/*.pem ${outputdir}/ + log "Certificate or key for '${DOMAINS[0]}' differ, updating" + mv ${workdir}/${DOMAINS[0]}/*.pem ${outputdir}/ fi else - err "Certificates for domain '${DOMAINS[1]}' don't exist. Omitting..." + err "Certificates for domain '${DOMAINS[0]}' don't exist. Omitting..." fi fi