Context Navigation

← Previous Changeset
Next Changeset →

Changeset 32424

Timestamp:

2018-09-03T18:34:55+12:00 (6 years ago)

Author:

ak19

Message:

Cosmetic. Now that the https cert automation targets are all more or less in place for both linux and windows, I've shifted about these targets for better code legibility

File:

: 1 edited

main/trunk/greenstone3/build.xml (modified) (7 diffs)

Legend:

: Unmodified
: Added
: Removed

main/trunk/greenstone3/build.xml

-              r32423
+              r32424
   <!-- ============ Targets concerned with https certification ================ -->
-  <!-- Renewing existing https certificate
-       https://certbot.eff.org/docs/using.html#renewing-certificates
-       ./path/to/GS3/bin/linux/certbot-auto renew ==quiet ==no-self-upgrade
-  -->
-  <target name="renew-existing-https-cert">
-    <echo>
-      NOTE: To run this target,
-      * ensure nothing is running on port 80.
-      * if you're on Linux, you need to have sudo permissions. Enter the sudo password if prompted.
-      If you want your cronjob to renew a certificate, you can add pre and post hooks
-      refer to https://certbot.eff.org/docs/using.html#renewing-certificates
-      For more information run:
-         ./path/to/GS3/bin/linux/certbot-auto --help renew
-    </echo>
-    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">
-     <arg value="renew"/>
-     <arg value="--quiet"/>
-     <arg value="--no-self-upgrade"/>
-    </exec>
-    <!-- For rewewal on Windows, need to re-run the original (issuance) command and append "min-min-renew XX" to it,
-        where if it's within XX days of expiry, the certificate will get renewed.
-        See https://zerossl.com/usage.html#Certificate_renewal -->
-    <if><bool><istrue value="${current.os.iswindows}"/></bool>
-        <input addproperty="https.other.domains">Enter a comma separated list of additional domains besides tomcat.server=${tomcat.server} that you registered on issuance, if any</input>
-        <condition property="https.cert.domains" value="${tomcat.server},${https.other.domains}" else="${tomcat.server}">
-            <and>
-              <isset property="https.other.domains" />
-              <not><matches string="${https.other.domains}" pattern="^\s*$"/></not>
-            </and>
-        </condition>
-        <antcall target="setup-https-cert-windows">
-            <param name="https.cert.renewal" value="--renew 10"/>
-        </antcall>
-    </if>
-  </target>
-  <!-- Revoke the certificate and remove it, including folders.
-       See https://certbot.eff.org/docs/using.html#revoking-certificates
-       which also states "if a certificate is a test certificate obtained via the
-       ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand."
-  -->
-  <target name="remove-https-cert" depends="check-os-for-https-cert-support">
-    <echo>
-      NOTE: If you're on Linux, you need to have sudo permissions to execute this target.
-      Enter the sudo password if prompted.
-    </echo>
-    <!--
-    On linux, we use certbot-auto.
-    It says at https://github.com/certbot/certbot/issues/1741
-    "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser,
-    because the program will invoke sudo when it needs to automatically."
-    We need to send Y(es) as inputstring to confirm that the
-    /etc/letsencrypt/live/${tomcat.server} folder can be deleted.
-    Note osfamily="unix" is separate from osfamily="mac", which comes out handy here as we haven't set up certbot-auto for mac (yet).
-    -->
-    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y">
-     <arg value="revoke"/>
-     <arg line="${https.testing}"/>
-     <arg value="--cert-path"/><arg value="/etc/letsencrypt/live/${tomcat.server}/cert.pem"/>
-    </exec>
-    <!-- The above command already deletes the folder when Y(es) was passed in. Explicitly deleting:
-    <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">
-    <arg value="delete"/>
-    <arg value="==cert-name"/><arg value="${tomcat.server}"/>
-    </exec>
-    -->
-    <!-- On Windows, we use zeroSSl. For the revoke command, see https://zerossl.com/usage.html#Certificate_revocation -->
-    <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false">
-      <arg value="/c" />
-      <arg value="le${os.bitness}" />
-      <arg value="--key" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" />
-      <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt"/>
-      <arg value="--revoke"/>
-      <arg line="${https.testing}"/>
-    </exec>
-    <!-- And remove the https_cert folder -->
-    <delete dir="${packages.home}/tomcat/conf/https_cert"/>
-  </target>
   <target name="check-os-for-https-cert-support">
 …
     </if>
   </target>
   <target name="setup-https-cert-info">
 …
     </echo>
   </target>
   <target name="https-conditions-set">
 …
     <fail if="quit.https.setup">https certification step aborted by user. Please edit build.properties to set server.protocol=http and comment out tomcat.port.https.</fail>
   </target>
   <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set">
 …
   </target>
   <target name="setup-https-cert-windows">
 …
   </target>
   <target name="setup-https-cert-linux">
       <!-- Running as
 …
       </exec>
+  </target>
+  <!-- Revoke the certificate and remove it, including folders.
+       See https://certbot.eff.org/docs/using.html#revoking-certificates
+       which also states "if a certificate is a test certificate obtained via the
+       ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand."
+  -->
+  <target name="remove-https-cert" depends="check-os-for-https-cert-support">
+    <echo>
+      NOTE: If you're on Linux, you need to have sudo permissions to execute this target.
+      Enter the sudo password if prompted.
+    </echo>
+    <!--
+    On linux, we use certbot-auto.
+    It says at https://github.com/certbot/certbot/issues/1741
+    "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser,
+    because the program will invoke sudo when it needs to automatically."
+    We need to send Y(es) as inputstring to confirm that the
+    /etc/letsencrypt/live/${tomcat.server} folder can be deleted.
+    Note osfamily="unix" is separate from osfamily="mac", which comes out handy here as we haven't set up certbot-auto for mac (yet).
+    -->
+    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y">
+     <arg value="revoke"/>
+     <arg line="${https.testing}"/>
+     <arg value="--cert-path"/><arg value="/etc/letsencrypt/live/${tomcat.server}/cert.pem"/>
+    </exec>
+    <!-- The above command already deletes the folder when Y(es) was passed in. Explicitly deleting:
+    <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">
+    <arg value="delete"/>
+    <arg value="==cert-name"/><arg value="${tomcat.server}"/>
+    </exec>
+    -->
+    <!-- On Windows, we use zeroSSl. For the revoke command, see https://zerossl.com/usage.html#Certificate_revocation -->
+    <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false">
+      <arg value="/c" />
+      <arg value="le${os.bitness}" />
+      <arg value="--key" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" />
+      <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt"/>
+      <arg value="--revoke"/>
+      <arg line="${https.testing}"/>
+    </exec>
+    <!-- And remove the https_cert folder -->
+    <delete dir="${packages.home}/tomcat/conf/https_cert"/>
+  </target>
+    <!-- Renewing existing https certificate
+       Linux:
+       https://certbot.eff.org/docs/using.html#renewing-certificates
+       ./path/to/GS3/bin/linux/certbot-auto renew ==quiet ==no-self-upgrade
+       Windows: reuse Windows issuance target
+       see https://zerossl.com/usage.html#Certificate_renewal
+    -->
+  <target name="renew-existing-https-cert">
+    <echo>
+      NOTE: To run this target,
+      * ensure nothing is running on port 80.
+      * if you're on Linux, you need to have sudo permissions. Enter the sudo password if prompted.
+      If you want your cronjob to renew a certificate, you can add pre and post hooks
+      refer to https://certbot.eff.org/docs/using.html#renewing-certificates
+      For more information run:
+         ./path/to/GS3/bin/linux/certbot-auto --help renew
+    </echo>
+    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">
+     <arg value="renew"/>
+     <arg value="--quiet"/>
+     <arg value="--no-self-upgrade"/>
+    </exec>
+    <!-- For rewewal on Windows, need to re-run the original (issuance) command and append "min-min-renew XX" to it,
+        where if it's within XX days of expiry, the certificate will get renewed.
+        See https://zerossl.com/usage.html#Certificate_renewal -->
+    <if><bool><istrue value="${current.os.iswindows}"/></bool>
+        <input addproperty="https.other.domains">Enter a comma separated list of additional domains besides tomcat.server=${tomcat.server} that you registered on issuance, if any</input>
+        <condition property="https.cert.domains" value="${tomcat.server},${https.other.domains}" else="${tomcat.server}">
+            <and>
+              <isset property="https.other.domains" />
+              <not><matches string="${https.other.domains}" pattern="^\s*$"/></not>
+            </and>
+        </condition>
+        <antcall target="setup-https-cert-windows">
+            <param name="https.cert.renewal" value="--renew 10"/>
+        </antcall>
+    </if>
   </target>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 32424

Legend:

main/trunk/greenstone3/build.xml

Download in other formats: