Changeset 32350 for main

Show
Ignore:
Timestamp:
21.08.2018 18:59:28 (11 months ago)
Author:
ak19
Message:

Some tidying up and using the recommended way to run ant exec tasks since we no longer need to echo values to the stdin of an exec task

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/build.xml

    r32349 r32350  
    5252 
    5353  --> 
     54  <property name="https.test.mode" value="false"/> 
    5455 
    5556  <property name="os.linux" value="Linux"/>  
     
    247248  </condition> 
    248249 
     250  <condition property="https.testing" value="" else="--staging"> 
     251    <isfalse property="https.test.mode"/> 
     252  </condition> 
     253 
    249254  <!-- now we've read in properties, apply defaults --> 
    250255  <property name="disable.collection.building" value="false"/> 
     
    15791584 
    15801585  <!-- ============ Targets concerned with https certification ================ --> 
     1586  <!-- Revoke the certificate and remove it, including folders. 
     1587       See https://certbot.eff.org/docs/using.html#revoking-certificates 
     1588       which also states "if a certificate is a test certificate obtained via the 
     1589       ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand." 
     1590  --> 
    15811591  <target name="remove-cert-https"> 
    15821592    <echo> 
     
    15841594      Enter the sudo password if prompted. 
    15851595    </echo> 
    1586     <!-- sudo /path/to/GS3/bin/linux/certbot-auto revoke ==cert-path /etc/letsencrypt/live/DOMAIN/cert.pem --> 
    1587     <!--  sudo echo &quot;Y\n&quot; | /path/to/GS3/bin/linux/certbot-auto revoke ==cert-path /etc/letsencrypt/live/DOMAIN/cert.pem  
    1588      See http://ant.1045680.n5.nabble.com/Running-lt-exec-gt-task-with-an-quot-interactive-quot-executable-td1349146.html 
    1589      But shouldn't run certbot-auto by first sudoing. Run certbot-auto directly, it will ask to elevate to sudo permissions 
     1596    <!-- 
     1597    It says at https://github.com/certbot/certbot/issues/1741 
     1598    "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser, 
     1599    because the program will invoke sudo when it needs to automatically."    
     1600    We need to send Y(es) as inputstring to confirm that the 
     1601    /etc/letsencrypt/live/${tomcat.server} folder can be deleted 
    15901602    --> 
    15911603    <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y"> 
    1592       <arg line="revoke --staging --cert-path /etc/letsencrypt/live/${tomcat.server}/cert.pem"/> 
    1593     </exec> 
    1594  
    1595     <!--<exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 
    1596       <arg line="delete ==cert-name ${tomcat.server}"/> 
    1597     </exec>--> 
    1598     <!-- and remove the https_cert folder --> 
     1604     <arg value="revoke"/> 
     1605     <arg value="${https.testing}"/> 
     1606     <arg value="--cert-path"/><arg value="/etc/letsencrypt/live/${tomcat.server}/cert.pem"/> 
     1607    </exec> 
     1608    <!-- The above command already deletes the folder when Y(es) was passed in. Explicitly deleting: 
     1609    <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 
     1610    <arg value="delete"/> 
     1611    <arg value="==cert-name"/><arg value="${tomcat.server}"/> 
     1612    </exec> 
     1613    --> 
     1614    <!-- And remove the https_cert folder --> 
    15991615    <delete dir="${packages.home}/tomcat/conf/https_cert"/> 
    16001616  </target> 
     
    16621678    <else> 
    16631679      <echo>Proceeding...</echo> 
    1664       <echo>### Phase 1: generating the certificate</echo> 
    1665       <!-- ./certbot-auto certonly ==standalone ==preferred-challenges http ==email EMAIL -d DOMAINS  
    1666       need to accept (A) ToS and say Yes (Y) to sharing email --> 
     1680      <!-- Running as 
     1681       ./certbot-auto certonly ==standalone ==preferred-challenges http ==email EMAIL -d DOMAINS  
     1682       expects input from stdin to accept (A) ToS and say Yes (Y) to sharing email. 
     1683       We can run in non-interactive mode as the user has at this stage already agreed 
     1684       to LetsEncrypt's Terms of Service and provided an email address. 
     1685      --> 
    16671686      <exec executable="/bin/bash" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 
    16681687    <arg value="./certbot-auto"/> 
    16691688    <arg value="certonly"/> 
    1670     <arg value="--staging"/> 
     1689    <arg value="${https.testing}"/> 
    16711690    <arg value="--standalone"/> 
    16721691    <arg value="--non-interactive"/> 
     
    16771696      </exec> 
    16781697 
    1679       <echo>### Phase 2: pem to pkcs12</echo> 
    1680       <!-- 
    1681       <echo> 
    1682     ******************** 
    1683     You will next be asked to enter the Export Password 3 times. Each time, 
    1684     type the value of your keystore.pass exactly as it is in build.properties. 
    1685     ******************** 
    1686       </echo>--> 
    1687  
    16881698      <!-- sudo openssl pkcs12 -export -out /tmp/DOMAIN_fullchain_and_key.p12 \ 
    16891699        -in /etc/letsencrypt/live/DOMAIN/fullchain.pem \ 
    16901700        -inkey /etc/letsencrypt/live/DOMAIN/privkey.pem \ 
    16911701        -name tomcat 
     1702        Must run as sudo because only admin has access to the pem files that admin 
     1703        generated in /etc/letsencrypt 
    16921704        See https://computingforgeeks.com/tomcat-7-with-letsencrypt-ssl-certificate/ 
    16931705        but also https://community.letsencrypt.org/t/using-lets-encrypt-with-tomcat/41082 
     
    16971709 
    16981710      <exec executable="sudo" dir="/tmp" failonerror="true"> 
    1699     <arg line="${basedir}/bin/${os.bin.dir}/openssl/bin/openssl pkcs12 -export -out /tmp/${tomcat.server}_fullchain_and_key.p12 -in /etc/letsencrypt/live/${tomcat.server}/fullchain.pem -inkey /etc/letsencrypt/live/${tomcat.server}/privkey.pem -name tomcat -password pass:${keystore.pass}" /> 
     1711    <arg value="${basedir}/bin/${os.bin.dir}/openssl/bin/openssl"/> 
     1712    <arg value="pkcs12"/> 
     1713    <arg value="-export"/> 
     1714    <arg value="-out"/><arg value="/tmp/${tomcat.server}_fullchain_and_key.p12"/> 
     1715    <arg value="-in"/><arg value="/etc/letsencrypt/live/${tomcat.server}/fullchain.pem"/> 
     1716    <arg value="-inkey"/><arg value="/etc/letsencrypt/live/${tomcat.server}/privkey.pem"/> 
     1717    <arg value="-name"/><arg value="tomcat"/> 
     1718    <arg value="-password"/><arg value="pass:${keystore.pass}"/> 
    17001719      </exec> 
    17011720