Changeset 32422

Timestamp:

2018-09-03T17:26:39+12:00 (6 years ago)

Author:

ak19

Message:

1. Adding in the command to revoke an https certificate (real or testing) on Windows too. 2. Some bug fixes

File:

• main/trunk/greenstone3/build.xml (modified) (7 diffs)

main/trunk/greenstone3/build.xml

@@ -1658 +1658 @@
        ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand."
   -->
-  <target name="remove-https-cert">
+  <target name="remove-https-cert" depends="check-os-for-https-cert-support">
     <echo>
       NOTE: You need to have sudo permissions to execute this target.
@@ -1664 +1664 @@
     </echo>
     <!--
+    On linux, we use certbot-auto.
     It says at https://github.com/certbot/certbot/issues/1741
     "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser,
     because the program will invoke sudo when it needs to automatically."   
     We need to send Y(es) as inputstring to confirm that the
-    /etc/letsencrypt/live/${tomcat.server} folder can be deleted
+    /etc/letsencrypt/live/${tomcat.server} folder can be deleted.
+    Note osfamily="unix" is separate from osfamily="mac", which comes out handy here as we haven't set up certbot-auto for mac (yet).
     -->
-    <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y">
+    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y">
      <arg value="revoke"/>
      <arg line="${https.testing}"/>
@@ -1681 +1683 @@
     </exec>
     -->
+    
+    <!-- On Windows, we use zeroSSl. For the revoke command, see https://zerossl.com/usage.html#Certificate_revocation -->
+    <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false">
+      <arg value="/c" />
+      <arg value="le${os.bitness}" />     
+      <arg value="--key" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" />
+      <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt"/>
+      <arg value="--revoke"/>
+      <arg line="${https.testing}"/>
+    </exec>
+    
     <!-- And remove the https_cert folder -->
     <delete dir="${packages.home}/tomcat/conf/https_cert"/>
   </target>
 
+  <target name="check-os-for-https-cert-support">
+    <if><bool><isset property="current.os.ismac"/></bool>
+        <fail>
+            Features that automate generating, removing and renewing HTTPS certificates
+            are currently not supported on Macs, only on other Unix systems and on Windows.
+        </fail>
+    </if>   
+  </target>
+  
   <target name="setup-https-cert-info">
     <echo>
@@ -1703 +1725 @@
     <input addproperty="https.conditions.ok" validargs="y,n">     
       To run this target, ensure you have:
-      * On Linux: sudo permissions
-      * On Windows: sufficient privileges to run the included tomcat on port 80
+      * (if on unix) sudo permissions. Enter the sudo password if prompted.
+      * (if on windows) sufficient privileges to run the included tomcat on port 80.
       * nothing running on port 80 when you run this target
       * edited the build.properties file with
@@ -1722 +1744 @@
   </target>
 
-  <target name="setup-https-cert" depends="setup-https-cert-info,https-conditions-set">
+  <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set">
     <input addproperty="https.cert.email">Enter an email that Let's Encrypt, the certification authority, can send any important notifications to</input>
     <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, you may enter a comma separated list of additional domains to support if any</input>
@@ -1747 +1769 @@
       <echo>Not proceeding with https certification for the Greenstone 3 web server</echo>
     <else>
-      <echo>Proceeding...</echo>
+        <echo>Proceeding...</echo>    
+        <if><bool><istrue value="${current.os.iswindows}"/></bool>
+            <antcall target="setup-https-cert-windows"/>
+        </if>
+        <if><bool><istrue value="${current.os.isunixnotmac}"/></bool>
+            <antcall target="setup-https-cert-linux"/>
+        </if>
      </else>
   </if>
   
-    <if><bool><istrue value="${current.os.iswindows}"/></bool>
-        <antcall target="setup-https-cert-windows"/>
-    </if>
-    <if><bool><istrue value="${current.os.isunixnotmac}"/></bool>
-        <antcall target="setup-https-cert-linux"/>
-    </if>
   </target>
   
@@ -1806 +1828 @@
       <arg line="${https.testing}" /><!-- minus-minus-live if not testing, empty if testing. https://stackoverflow.com/questions/11840284/pass-arguments-to-apache-ant-exec-task-based-on-the-variables-value -->
       <arg value="--export-pfx" /><arg value="${keystore.pass}" />
-    </exec>  
-
-    <echo>KEYSTORE FILE: ${keystore.file}</echo>
+    </exec>
     
     <!-- stop the tomcat running on port 80 -->