Changeset 32483 for main

Timestamp:

2018-09-24T20:41:50+12:00 (6 years ago)

Author:

ak19

Message:

1. Avoiding subtle bug if you forget to include https in server.protocols.property: you can still get an https certificate, but when you start up tomcat and visit ​https://hostname:https_port, the server won't run because you forgot to allow https in build.properties. So now setup-https-cert will exit with a fail message if you forgot to turn on https support in this way. 2. Tidied up after previous commits by adding comments, removing deprecated temporary target.

File:

• main/trunk/greenstone3/build.xml (modified) (5 diffs)

main/trunk/greenstone3/build.xml

@@ -1631 +1631 @@
   <!-- ============ Targets concerned with https certification ================ -->
 
-  <target name="check-os-for-https-cert-support">
-    <if><bool><isset property="current.os.ismac"/></bool>
-        <echo>
-            Features that automate generating, removing and renewing HTTPS certificates
-            are currently still being implemented on Macs.
-        </echo>
-    </if>   
-  </target>
-  
-  
   <target name="setup-https-cert-info">
     <echo>
@@ -1680 +1670 @@
   
 
-  <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set">
+  <target name="setup-https-cert" depends="setup-https-cert-info,https-conditions-set">
+    <if><bool><not><matches string="${server.protocols}" pattern="https"/></not></bool>
+      <fail>To setup https certification, the server.protocols property in file build.properties must contain 'https'</fail>
+    </if>
+
     <input addproperty="https.cert.email">Enter an email that Let's Encrypt, the certification authority, can send any important notifications to</input>
     <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, enter a comma separated list of additional domains to support, if any</input>
@@ -1832 +1826 @@
     
   </target>
-  
+
+
+  <!-- On Mac as on Linux, we need sudo permissions to setup https certification.
+    But unlike on Linux, on Mac we only need to sudo when running tomcat on port 80
+    and when stopping tomcat running on port 80. But we don't need to sudo on a Mac when calling le.pl.
+    This also means all the files in https_cert have the correct (user, not root) permissions.
+  -->
   <target name="setup-https-cert-mac">
     
@@ -1901 +1901 @@
     </exec>
 
-    <!-- need regular user permissions on both the Certificate Signing Request file and the certicate,
-     so as user, we copy the files from /tmp where they were generated as root to user location -->
-    <!--<copy file="/tmp/${tomcat.server}.csr" tofile="${packages.home}/tomcat/conf/https_cert/${tomcat.server}.csr"/>
-    <copy file="/tmp/fullchain_and_prvtkey.crt" tofile="${packages.home}/tomcat/conf/https_cert/fullchain_and_prvtkey.crt"/>-->
-
     <!-- stop the tomcat running on port 80 -->
     <antcall target="stop">
@@ -2005 +2000 @@
        ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand."
   -->
-  <target name="remove-https-cert" depends="check-os-for-https-cert-support">
+  <target name="remove-https-cert">
     <echo>
       NOTE: If you're on Linux, you need to have sudo permissions to execute this target.