diff --git a/board/common/busybox.config b/board/common/busybox.config index f70c01fc58..5e4ecca396 100644 --- a/board/common/busybox.config +++ b/board/common/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Busybox version: 1.29.2 -# Fri Feb 1 22:19:53 2019 +# Busybox version: 1.29.3 +# Thu Oct 31 23:22:38 2019 # CONFIG_HAVE_DOT_CONFIG=y @@ -266,7 +266,7 @@ CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y CONFIG_MKDIR=y CONFIG_MKFIFO=y CONFIG_MKNOD=y -# CONFIG_MKTEMP is not set +CONFIG_MKTEMP=y CONFIG_MV=y CONFIG_NICE=y CONFIG_NL=y @@ -500,7 +500,7 @@ CONFIG_FEATURE_SHADOWPASSWDS=y # CONFIG_USE_BB_PWD_GRP is not set # CONFIG_USE_BB_SHADOW is not set CONFIG_USE_BB_CRYPT=y -# CONFIG_USE_BB_CRYPT_SHA is not set +CONFIG_USE_BB_CRYPT_SHA=y # CONFIG_ADDGROUP is not set # CONFIG_FEATURE_ADDUSER_TO_GROUP is not set # CONFIG_ADD_SHELL is not set diff --git a/board/common/overlay/etc/crontabs/root b/board/common/overlay/etc/crontabs/root index b106e1c3a3..9572f6559f 100644 --- a/board/common/overlay/etc/crontabs/root +++ b/board/common/overlay/etc/crontabs/root @@ -1,2 +1,3 @@ 14 3 * * * /usr/sbin/logrotate /etc/logrotate.conf - +0 2 * * 0 /usr/sbin/dehydrated-wrapper +*/15 * * * * /usr/sbin/dyndns-update diff --git a/board/common/overlay/etc/dehydrated/config b/board/common/overlay/etc/dehydrated/config new file mode 100644 index 0000000000..fa322f8dd2 --- /dev/null +++ b/board/common/overlay/etc/dehydrated/config @@ -0,0 +1,6 @@ +BASEDIR="/var/lib/dehydrated" +DOMAINS_TXT="/data/etc/ssl/domain" +WELLKNOWN="/tmp/dehydrated" +HOOK="/usr/libexec/dehydrated-hook" +CONTACT_EMAIL="$(/dev/null + test $? == 0 && msg_done || msg_fail + ;; + + stop) + true + ;; + + *) + echo "Usage: $0 {start}" + exit 1 +esac + +exit $? diff --git a/board/common/overlay/usr/libexec/dehydrated-dumb-httpd b/board/common/overlay/usr/libexec/dehydrated-dumb-httpd new file mode 100755 index 0000000000..9130f7a7a4 --- /dev/null +++ b/board/common/overlay/usr/libexec/dehydrated-dumb-httpd @@ -0,0 +1,27 @@ +#!/bin/bash + +CHALLENGE="$1" +PORT=80 +LIFETIME=10 + +if [[ -z "${CHALLENGE}" ]]; then + echo "Usage $0 " + exit 1 +fi + +function make_response() { + echo -en "HTTP/1.1 200 OK\r\n" + echo -en "Content-Length: ${#CHALLENGE}\r\n" + echo -en "Content-Type: text/plain\r\n" + echo -en "Connection: close\r\n\r\n${CHALLENGE}" +} + +start_time=$(date +%s) +echo "Dumb httpd started" +while true; do + make_response | nc -l -w "${LIFETIME}" -p ${PORT} >/dev/null + if (( $(date +%s) - ${start_time} > ${LIFETIME} )); then + break + fi +done +echo "Dumb httpd exit" diff --git a/board/common/overlay/usr/libexec/dehydrated-hook b/board/common/overlay/usr/libexec/dehydrated-hook new file mode 100755 index 0000000000..020150f294 --- /dev/null +++ b/board/common/overlay/usr/libexec/dehydrated-hook @@ -0,0 +1,15 @@ +#!/bin/bash + +SSL_DIR="/data/etc/ssl" +CERT_FILE="${SSL_DIR}/cert.pem" +KEY_FILE="${SSL_DIR}/privkey.pem" + +if [[ "$1" == "deploy_challenge" ]]; then + /usr/libexec/dehydrated-dumb-httpd "$4" & +elif [[ "$1" == "deploy_cert" ]]; then + logger -t dehydrated "deploying certificate & rebooting" + mkdir -p "${SSL_DIR}" + cp "$3" "${KEY_FILE}" + cp "$4" "${CERT_FILE}" + reboot +fi diff --git a/board/common/overlay/usr/sbin/dehydrated-wrapper b/board/common/overlay/usr/sbin/dehydrated-wrapper new file mode 100755 index 0000000000..2d31c273af --- /dev/null +++ b/board/common/overlay/usr/sbin/dehydrated-wrapper @@ -0,0 +1,16 @@ +#!/bin/bash + +PROG="/usr/bin/dehydrated" +BASE_DIR="/var/lib/dehydrated" +TMP_DIR="/tmp/dehydrated" +SSL_DIR="/data/etc/ssl" + +if ! [[ -x "${PROG}" && -r "${SSL_DIR}/domain" && -r "${SSL_DIR}/email" ]]; then + exit 0 # not installed or not configured +fi + +mkdir -p "${BASE_DIR}" +mkdir -p "${TMP_DIR}" + +logger -t dehydrated "checking for certificate renewal" +dehydrated -c diff --git a/board/common/overlay/usr/sbin/dyndns-update b/board/common/overlay/usr/sbin/dyndns-update new file mode 100644 index 0000000000..dde7a7e8b7 --- /dev/null +++ b/board/common/overlay/usr/sbin/dyndns-update @@ -0,0 +1,11 @@ +#!/bin/bash + +SCRIPT="/data/etc/dyndns-update.sh" + +if ! [[ -f "${SCRIPT}" ]]; then + exit 0 +fi + +logger -t dyndns "updating dynamic DNS" +bash "${SCRIPT}" 2>&1 | logger -t dyndns +exit ${PIPESTATUS[0]} diff --git a/package/dehydrated/dehydrated.hash b/package/dehydrated/dehydrated.hash index 1d194e5a7d..388dd24749 100644 --- a/package/dehydrated/dehydrated.hash +++ b/package/dehydrated/dehydrated.hash @@ -1,6 +1,6 @@ # Locally computed after verifying -# https://github.com/lukas2511/dehydrated/releases/download/v0.6.2/dehydrated-0.6.2.tar.gz.asc +# https://github.com/lukas2511/dehydrated/releases/download/v0.6.5/dehydrated-0.6.5.tar.gz.asc # with key 3C2F2605E078A1E18F4793909C4DBE6CF438F333 from https://keybase.io/lukas2511 -sha256 163384479199f06f59382ceb6291a299567a2f4f0b963b9b61f2db65a407e80e dehydrated-0.6.2.tar.gz +sha256 10aabd0027450bc70a18e49acaca7a9697e0cfb92368d3e508b7a4d6d69bfa35 dehydrated-0.6.5.tar.gz # License, locally computed sha256 b4583b7dd07e3e2a08906de38e7e329d41f921ed9dcb6310b3886e013a6b8723 LICENSE diff --git a/package/dehydrated/dehydrated.mk b/package/dehydrated/dehydrated.mk index b7de27a407..17c67b8478 100644 --- a/package/dehydrated/dehydrated.mk +++ b/package/dehydrated/dehydrated.mk @@ -4,7 +4,7 @@ # ################################################################################ -DEHYDRATED_VERSION = 0.6.2 +DEHYDRATED_VERSION = 0.6.5 DEHYDRATED_SITE = https://github.com/lukas2511/dehydrated/releases/download/v$(DEHYDRATED_VERSION) DEHYDRATED_LICENSE = MIT