From 89f8c948d7b39314d7fc997643874adc6be92462 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 22 Aug 2019 00:30:11 +0200 Subject: Use /run for the listening socket of the webserver component. --- lacme | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lacme') diff --git a/lacme b/lacme index d5e8933..5ad28a8 100755 --- a/lacme +++ b/lacme @@ -98,7 +98,7 @@ do { map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/ }, webserver => { - listen => '/var/run/lacme-www.socket', + listen => '/run/lacme-www.socket', 'challenge-directory' => undef, user => 'www-data', group => 'www-data', -- cgit v1.2.3 From 294bc39102e9263a268b58fe29e03c9983ccfeca Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 22:29:37 +0200 Subject: Change default libexec dir from /usr/lib/lacme to /usr/libexec/lacme. --- lacme | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lacme') diff --git a/lacme b/lacme index 5ad28a8..73180f0 100755 --- a/lacme +++ b/lacme @@ -93,7 +93,7 @@ do { socket => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef), user => 'nobody', group => 'nogroup', - command => '/usr/lib/lacme/client', + command => '/usr/libexec/lacme/client', # the rest is for the ACME client map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/ }, @@ -102,7 +102,7 @@ do { 'challenge-directory' => undef, user => 'www-data', group => 'www-data', - command => '/usr/lib/lacme/webserver', + command => '/usr/libexec/lacme/webserver', iptables => 'No' }, -- cgit v1.2.3 From da8b727f156d23553eecb90e8731d39c6027cb02 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 4 Aug 2020 00:00:58 +0200 Subject: Makefile: Use variables for target directories etc. --- lacme | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'lacme') diff --git a/lacme b/lacme index 73180f0..566545b 100755 --- a/lacme +++ b/lacme @@ -75,7 +75,7 @@ sub set_FD_CLOEXEC($$); my $CONFFILENAME = $OPTS{config} // first { -f $_ } ( "./$NAME.conf" , ($ENV{XDG_CONFIG_HOME} // "$ENV{HOME}/.config")."/lacme/$NAME.conf" - , "/etc/lacme/$NAME.conf" + , "@@sysconfdir@@/lacme/$NAME.conf" ); do { die "Error: Can't find configuration file\n" unless defined $CONFFILENAME; @@ -93,24 +93,24 @@ do { socket => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef), user => 'nobody', group => 'nogroup', - command => '/usr/libexec/lacme/client', + command => '@@libexecdir@@/lacme/client', # the rest is for the ACME client map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/ }, webserver => { - listen => '/run/lacme-www.socket', + listen => '@@runstatedir@@/lacme-www.socket', 'challenge-directory' => undef, user => 'www-data', group => 'www-data', - command => '/usr/libexec/lacme/webserver', + command => '@@libexecdir@@/lacme/webserver', iptables => 'No' }, accountd => { user => '', group => '', - command => '/usr/bin/lacme-accountd', - config => '/etc/lacme/lacme-accountd.conf', + command => '@@bindir@@/lacme-accountd', + config => '@@sysconfdir@@/lacme/lacme-accountd.conf', privkey => undef, quiet => 'Yes', } @@ -743,7 +743,7 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { }; # verify certificate validity against the CA - $conf->{CAfile} //= '/usr/share/lacme/lets-encrypt-x3-cross-signed.pem'; + $conf->{CAfile} //= '@@datadir@@/lacme/lets-encrypt-x3-cross-signed.pem'; if ($conf->{CAfile} ne '' and spawn({in => $x509}, 'openssl', 'verify', '-CAfile', $conf->{CAfile}, qw/-purpose sslserver -x509_strict/)) { print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; -- cgit v1.2.3 From e419eb68718085fa2e2505eb4b4aa08145f7dc1c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 22:57:32 +0200 Subject: Ignore [accountd] section from lacme.conf when the --socket option is defined. This allows remotely-controlled lacme processes being controlled without modifying an config files. See https://bugs.debian.org/955767 . --- lacme | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lacme') diff --git a/lacme b/lacme index 566545b..8701047 100755 --- a/lacme +++ b/lacme @@ -87,7 +87,7 @@ do { my $h = Config::Tiny::->read_string($conf) or die Config::Tiny::->errstr()."\n"; my $defaults = delete $h->{_} // {}; - my $accountd = exists $h->{accountd} ? 1 : 0; + my $accountd = defined $OPTS{socket} ? 0 : exists $h->{accountd} ? 1 : 0; my %valid = ( client => { socket => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef), -- cgit v1.2.3 From 89c94e697545c3333277194dfa862daede14a5e8 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 4 Aug 2020 01:27:09 +0200 Subject: Upgrade links to secure HTTP. --- lacme | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lacme') diff --git a/lacme b/lacme index 8701047..1ca4a38 100755 --- a/lacme +++ b/lacme @@ -15,7 +15,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . #---------------------------------------------------------------------- use v5.14.2; -- cgit v1.2.3