Changeset 32422

Show
Ignore:
Timestamp:
03.09.2018 17:26:39 (11 months ago)
Author:
ak19
Message:

1. Adding in the command to revoke an https certificate (real or testing) on Windows too. 2. Some bug fixes

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/build.xml

    r32421 r32422  
    16581658       ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand." 
    16591659  --> 
    1660   <target name="remove-https-cert"> 
     1660  <target name="remove-https-cert" depends="check-os-for-https-cert-support"> 
    16611661    <echo> 
    16621662      NOTE: You need to have sudo permissions to execute this target. 
     
    16641664    </echo> 
    16651665    <!-- 
     1666    On linux, we use certbot-auto. 
    16661667    It says at https://github.com/certbot/certbot/issues/1741 
    16671668    "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser, 
    16681669    because the program will invoke sudo when it needs to automatically."    
    16691670    We need to send Y(es) as inputstring to confirm that the 
    1670     /etc/letsencrypt/live/${tomcat.server} folder can be deleted 
     1671    /etc/letsencrypt/live/${tomcat.server} folder can be deleted. 
     1672    Note osfamily="unix" is separate from osfamily="mac", which comes out handy here as we haven't set up certbot-auto for mac (yet). 
    16711673    --> 
    1672     <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y"> 
     1674    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y"> 
    16731675     <arg value="revoke"/> 
    16741676     <arg line="${https.testing}"/> 
     
    16811683    </exec> 
    16821684    --> 
     1685     
     1686    <!-- On Windows, we use zeroSSl. For the revoke command, see https://zerossl.com/usage.html#Certificate_revocation --> 
     1687    <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false"> 
     1688      <arg value="/c" /> 
     1689      <arg value="le${os.bitness}" />      
     1690      <arg value="--key" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" /> 
     1691      <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt"/> 
     1692      <arg value="--revoke"/> 
     1693      <arg line="${https.testing}"/> 
     1694    </exec> 
     1695     
    16831696    <!-- And remove the https_cert folder --> 
    16841697    <delete dir="${packages.home}/tomcat/conf/https_cert"/> 
    16851698  </target> 
    16861699 
     1700  <target name="check-os-for-https-cert-support"> 
     1701    <if><bool><isset property="current.os.ismac"/></bool> 
     1702        <fail> 
     1703            Features that automate generating, removing and renewing HTTPS certificates 
     1704            are currently not supported on Macs, only on other Unix systems and on Windows. 
     1705        </fail> 
     1706    </if>    
     1707  </target> 
     1708   
    16871709  <target name="setup-https-cert-info"> 
    16881710    <echo> 
     
    17031725    <input addproperty="https.conditions.ok" validargs="y,n">      
    17041726      To run this target, ensure you have: 
    1705       * On Linux: sudo permissions 
    1706       * On Windows: sufficient privileges to run the included tomcat on port 80 
     1727      * (if on unix) sudo permissions. Enter the sudo password if prompted. 
     1728      * (if on windows) sufficient privileges to run the included tomcat on port 80. 
    17071729      * nothing running on port 80 when you run this target 
    17081730      * edited the build.properties file with 
     
    17221744  </target> 
    17231745 
    1724   <target name="setup-https-cert" depends="setup-https-cert-info,https-conditions-set"> 
     1746  <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set"> 
    17251747    <input addproperty="https.cert.email">Enter an email that Let's Encrypt, the certification authority, can send any important notifications to</input> 
    17261748    <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, you may enter a comma separated list of additional domains to support if any</input> 
     
    17471769      <echo>Not proceeding with https certification for the Greenstone 3 web server</echo> 
    17481770    <else> 
    1749       <echo>Proceeding...</echo> 
     1771        <echo>Proceeding...</echo>     
     1772        <if><bool><istrue value="${current.os.iswindows}"/></bool> 
     1773            <antcall target="setup-https-cert-windows"/> 
     1774        </if> 
     1775        <if><bool><istrue value="${current.os.isunixnotmac}"/></bool> 
     1776            <antcall target="setup-https-cert-linux"/> 
     1777        </if> 
    17501778     </else> 
    17511779  </if> 
    17521780   
    1753     <if><bool><istrue value="${current.os.iswindows}"/></bool> 
    1754         <antcall target="setup-https-cert-windows"/> 
    1755     </if> 
    1756     <if><bool><istrue value="${current.os.isunixnotmac}"/></bool> 
    1757         <antcall target="setup-https-cert-linux"/> 
    1758     </if> 
    17591781  </target> 
    17601782   
     
    18061828      <arg line="${https.testing}" /><!-- minus-minus-live if not testing, empty if testing. https://stackoverflow.com/questions/11840284/pass-arguments-to-apache-ant-exec-task-based-on-the-variables-value --> 
    18071829      <arg value="--export-pfx" /><arg value="${keystore.pass}" /> 
    1808     </exec>   
    1809  
    1810     <echo>KEYSTORE FILE: ${keystore.file}</echo> 
     1830    </exec> 
    18111831     
    18121832    <!-- stop the tomcat running on port 80 -->