Changeset 32423 for main/trunk/greenstone3/build.xml

Timestamp:

2018-09-03T18:30:29+12:00 (6 years ago)

Author:

ak19

Message:

Introduced the Windows https cert renewal part of the renewal target. It reuses the Win issuance target.

File:

• main/trunk/greenstone3/build.xml (modified) (9 diffs)

main/trunk/greenstone3/build.xml

@@ -1638 +1638 @@
     <echo>
       NOTE: To run this target,
-      * you need to have sudo permissions. Enter the sudo password if prompted.
-      * ensure nothing is running on port 80.
+      * ensure nothing is running on port 80.
+      * if you're on Linux, you need to have sudo permissions. Enter the sudo password if prompted.      
 
       If you want your cronjob to renew a certificate, you can add pre and post hooks
@@ -1646 +1646 @@
          ./path/to/GS3/bin/linux/certbot-auto --help renew
     </echo>
-    <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">
+    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">
      <arg value="renew"/>
      <arg value="--quiet"/>
      <arg value="--no-self-upgrade"/>
     </exec>
+    
+    <!-- For rewewal on Windows, need to re-run the original (issuance) command and append "min-min-renew XX" to it,
+        where if it's within XX days of expiry, the certificate will get renewed.
+        See https://zerossl.com/usage.html#Certificate_renewal -->
+    <if><bool><istrue value="${current.os.iswindows}"/></bool>
+            
+        <input addproperty="https.other.domains">Enter a comma separated list of additional domains besides tomcat.server=${tomcat.server} that you registered on issuance, if any</input>
+        <condition property="https.cert.domains" value="${tomcat.server},${https.other.domains}" else="${tomcat.server}">
+            <and>
+              <isset property="https.other.domains" />
+              <not><matches string="${https.other.domains}" pattern="^\s*$"/></not>
+            </and>
+        </condition>
+        <antcall target="setup-https-cert-windows">
+            <param name="https.cert.renewal" value="--renew 10"/>           
+        </antcall>
+    </if>
   </target>
 
@@ -1660 +1677 @@
   <target name="remove-https-cert" depends="check-os-for-https-cert-support">
     <echo>
-      NOTE: You need to have sudo permissions to execute this target.
+      NOTE: If you're on Linux, you need to have sudo permissions to execute this target.
       Enter the sudo password if prompted.
     </echo>
@@ -1746 +1763 @@
   <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set">
     <input addproperty="https.cert.email">Enter an email that Let's Encrypt, the certification authority, can send any important notifications to</input>
-    <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, you may enter a comma separated list of additional domains to support if any</input>
+    <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, enter a comma separated list of additional domains to support, if any</input>
     <input addproperty="https.cert.agree" validargs="y,n">You've read the Let's Encrypt Subscriber Agreement at https://letsencrypt.org/repository/ and agree</input>
     <if>
@@ -1771 +1788 @@
         <echo>Proceeding...</echo>    
         <if><bool><istrue value="${current.os.iswindows}"/></bool>
-            <antcall target="setup-https-cert-windows"/>
+            <antcall target="setup-https-cert-windows">
+                <param name="https.cert.renewal" value=""/><!-- for cert issuance, there are none of the additional parameters specific to cert renewal -->
+            </antcall>
         </if>
         <if><bool><istrue value="${current.os.isunixnotmac}"/></bool>
@@ -1782 +1801 @@
   
   <target name="setup-https-cert-windows">
+    
     <echo>********** The included tomcat will be stopped, then restarted on port 80 and stopped again</echo>
     
@@ -1820 +1840 @@
       <arg value="--csr" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.csr" />
       <arg value="--csr-key" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.key" />
-      <!--<arg value="==crt" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.crt" />-->    
+      <!--<arg value="==crt" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.crt" />-->
       <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt" />
       <arg value="--domains" /><arg value="${https.cert.domains}" />
@@ -1828 +1848 @@
       <arg line="${https.testing}" /><!-- minus-minus-live if not testing, empty if testing. https://stackoverflow.com/questions/11840284/pass-arguments-to-apache-ant-exec-task-based-on-the-variables-value -->
       <arg value="--export-pfx" /><arg value="${keystore.pass}" />
+      <arg line="${https.cert.renewal}" /><!-- rewew command on windows appends min-min-renew XX, where if the day the renewal is run is XX days within expiry, the certificate will get renewed. -->
     </exec>
     
@@ -1839 +1860 @@
         <param name="https.comment.out.end" value="${comment.end}"/>
     </antcall>
-    
     
   </target>