#!/usr/bin/env bash # ---------- # - # - Script checks, Whether certificate/chain/key for ColaboraOnline service loolwsd # - is up to date. If newer versions than the installed ones found, script changes # - the installed keys/certs to the latest version. # - # ---------- script_name="$(basename $(realpath $0))" working_dir="$(dirname $(realpath $0))" conf_file="${working_dir}/conf/${script_name%%.*}.conf" LOCK_DIR="/tmp/$(basename $0).$$.LOCK" log_file="${LOCK_DIR}/${script_name%%.*}.log" # ------------- # --- Some functions # ------------- clean_up() { # Perform program exit housekeeping rm -rf "$LOCK_DIR" exit $1 } echononl(){ if $terminal ; then echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n "$*\\c" 1>&2 else echo -e -n "$*" 1>&2 fi rm /tmp/shprompt$$ fi } fatal(){ echo "" if $terminal ; then echo -e " [ \033[31m\033[1mFatal\033[m ]: $*" echo "" echo -e " \033[31m\033[1mScript was interupted\033[m!" else echo " [ Fatal ]: $*" echo "" echo " Script was terminated...." fi echo "" clean_up 1 } error() { echo "" if $terminal ; then echo -e " [ \033[31m\033[1mError\033[m ]: $*" else echo " [ Error ]: $*" fi echo "" } warn() { echo "" if $terminal ; then echo -e " [ \033[33m\033[1mWarning\033[m ]: $*" else echo " [ Warning ]: $*" fi echo "" } info() { if $terminal ; then echo "" echo -e " [ \033[32m\033[1mInfo\033[m ]: $*" echo "" fi } echo_failed(){ if $terminal ; then echo -e "\033[75G[ \033[1;31mfailed\033[m ]" fi } echo_done() { if $terminal ; then echo -e "\033[75G[ \033[32mok\033[m ]" fi } # ---------- # - Jobhandling # ---------- # - If job already runs, stop execution.. # - if mkdir "$LOCK_DIR" 2> /dev/null ; then # - Remove lockdir when the script finishes, or when it receives a signal # - trap clean_up SIGHUP SIGINT SIGTERM else msg="A previos instance of script \"`basename $0`\" seems already be running." echo "" if $terminal ; then echo -e "[ \033[31m\033[1mFatal\033[m ]: $msg" echo "" echo -e " \033[31m\033[1mScript was interupted\033[m!" else echo " [ Fatal ]: $msg" echo "" echo " Script was interupted!" fi echo exit 1 fi # ------------- # --- Some checks # ------------- # - Running in a terminal? # - if [[ -t 1 ]] ; then terminal=true else terminal=false fi # - Systemd supported ? # - systemd_supported=false systemd=$(which systemd) systemctl=$(which systemctl) if [[ -n "$systemd" ]] && [[ -n "$systemctl" ]] ; then systemd_supported=true fi # ========== # - Begin Main Script # ========== # ---------- # - Headline # ---------- if $terminal ; then echo "" echo -e "\033[1m----------\033[m" echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" echo -e "\033[1m----------\033[m" fi # ---------- # Read Configurations from $conf_file # ---------- # - Give your default values here # - DEFAULT_SERVICE_NAME="loolwsd" DEFAULT_SERVICE_USER="lool" DEFAULT_SERVICE_GROUP="lool" DEFAULT_SERVICE_CERT_DIR="/etc/loolwsd" DEFAULT_LE_BASE_CERT_DIR="/var/lib/dehydrated/certs" DEFAULT_HAS_SERVICE_CHAIN=true if [[ -f "$conf_file" ]]; then source "$conf_file" else warn "No configuration file '$conf_file' present.\n Loading default values.." fi if [[ -z "$HOSTNAME_CO" ]]; then fatal "Hostname of webservice ColaboraOnline not given (parameter 'HOSTNAME_CO')!" fi [[ -z "$SERVICE_NAME" ]] && SERVICE_NAME="$DEFAULT_SERVICE_NAME" [[ -z "$SERVICE_USER" ]] && SERVICE_USER="$DEFAULT_SERVICE_USER" [[ -z "$SERVICE_GROUP" ]] && SERVICE_GROUP="$DEFAULT_SERVICE_GROUP" [[ -z "$SERVICE_CERT_DIR" ]] && SERVICE_CERT_DIR="$DEFAULT_SERVICE_CERT_DIR" [[ -z "$LE_BASE_CERT_DIR" ]] && LE_BASE_CERT_DIR="$DEFAULT_LE_BASE_CERT_DIR" [[ -z "$HAS_SERVICE_CHAIN" ]] && HAS_SERVICE_CHAIN="$DEFAULT_HAS_SERVICE_CHAIN" # - Let's encrypt cert directory # - LE_CERT_DIR_SERVICE="${LE_BASE_CERT_DIR}/$HOSTNAME_CO" # - Latest cert/chain/key # - cert_newest="${LE_CERT_DIR_SERVICE}/cert.pem" chain_newest="${LE_CERT_DIR_SERVICE}/chain.pem" key_newest="${LE_CERT_DIR_SERVICE}/privkey.pem" # - Installed cert/chain/key # - cert_installed="${SERVICE_CERT_DIR}/cert.pem" chain_installed="${SERVICE_CERT_DIR}/ca-chain.cert.pem" key_installed="${SERVICE_CERT_DIR}/key.pem" # ------------- # - Don't run script, if any given path for cert/key does not exists # ------------- if [[ ! -f "$cert_newest" ]] ; then fatal "Newest Certificate '$cert_newest' not found!" elif [[ ! -f "$key_newest" ]] ; then fatal "Newest Key '$key_newest' not found!" elif $HAS_SERVICE_CHAIN && [[ ! -f "$chain_newest" ]]; then fatal "Newest chain file '$chain_newest' not found!" fi if [[ ! -f "$cert_installed" ]] ; then touch "$cert_installed" fi if [[ ! -f "$key_installed" ]]; then touch "$key_installed" fi if $HAS_SERVICE_CHAIN && [[ ! -f "$chain_installed" ]]; then touch "$chain_installed" fi # ------------- # - Check if keys/certs are up to date, change them if needed. # ------------- if $terminal ; then echo "" echo "" echo -e "\033[37m\033[1m Check if keys/certs are up to date, change them if needed..\033[m" echo "" fi restart_service=false #check_string_ps="[[:digit:]]\ lua[[:digit:]].[[:digit:]] /usr/bin/loolwsd" if ! diff "$(realpath "$cert_installed")" "$(realpath "$cert_newest")" > /dev/null 2>&1 ; then _failed=false warn "Certificate for service $SERVICE_NAME at '$HOSTNAME_CO' is outdated! Try to update certificate and key.." echononl " Update certificat for $SERVICE_NAME at '$HOSTNAME_CO'" > $log_file if [[ -f "$cert_installed" ]] ; then rm "$cert_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi fi cp -a "$(realpath "$cert_newest")" "$(dirname "$cert_installed")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi chown ${SERVICE_USER}:$SERVICE_GROUP "$(dirname "$cert_installed")/$(basename "$(realpath "$cert_newest")")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi ln -s "$(basename "$(realpath "$cert_newest")")" "$cert_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "$(cat "$log_file")" else echo_done fi if ! $_failed ; then _failed=false echononl " Update key for $SERVICE_NAME at '$HOSTNAME_CO'" if [[ -f "$key_installed" ]]; then rm "$key_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi fi cp -a "$(realpath "$key_newest")" "$(dirname "$key_installed")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi chown ${SERVICE_USER}:$SERVICE_GROUP "$(dirname "$key_installed")/$(basename "$(realpath "$key_newest")")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi ln -s "$(basename "$(realpath "$key_newest")")" "$key_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "$(cat "$log_file")" else echo_done fi fi if ! $_failed && $HAS_SERVICE_CHAIN; then _failed=false echononl " Update chain for $SERVICE_NAME at '$HOSTNAME_CO'" if [[ -f "$chain_installed" ]]; then rm "$chain_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi fi cp -a "$(realpath "$chain_newest")" "$(dirname "$chain_installed")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi chown ${SERVICE_USER}:$SERVICE_GROUP "$(dirname "$chain_installed")/$(basename "$(realpath "$chain_newest")")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi ln -s "$(basename "$(realpath "$chain_newest")")" "$chain_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "$(cat "$log_file")" else echo_done restart_service=true fi fi if ! $_failed ; then # - Restart 'loolwsd' service # - echo "" echononl " Restart Service '$SERVICE_NAME'.." if $systemd_supported ; then systemctl restart loolwsd > $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_done else echo_failed error "For more informations see log output at '$log_file'." fi else /etc/init.d/loolwsd restart > $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_done else echo_failed error "For more informations see log output at '$log_file'." fi fi if $terminal ; then info "Certificate/Chain/Key for service $SERVICE_NAME at '$HOSTNAME_CO' is now up to date" else echo "" echo " [ Info ]: Certificate/Chain/Key for $SERVICE_NAME at '$HOSTNAME_CO' is now up to date" echo "" fi else error "Updating Certificate/Chain/Key for service $SERVICE_NAME at '$HOSTNAME_CO' failed!" fi else info "Certificate/Chain/Key for service $SERVICE_NAME at '$HOSTNAME_CO' is up to date!" fi clean_up 0