From: Andy Street <andy@street.me.uk>
Date: Mon, 21 Nov 2016 23:12:40 +0000 (+0000)
Subject: Allow domains to be sourced from DOMAINS_D without maintaining a separate DOMAINS_TXT... 
X-Git-Url: https://git.street.me.uk/andy/dehydrated.git/commitdiff_plain/4d3f3fff4ffff28365288c407b81c55a99af2481

Allow domains to be sourced from DOMAINS_D without maintaining a separate DOMAINS_TXT file

* If the DOMAIN_TXT file does not exist or is not specified on the command line use the
  filenames supplied in DOMAINS_D instead.

* Add a per-domain config value ALT_NAMES to specify certificate SAN values.
---

diff --git a/dehydrated b/dehydrated
index f740890..e491d89 100755
--- a/dehydrated
+++ b/dehydrated
@@ -73,6 +73,7 @@ reset_configvars() {
   OPENSSL_CNF="${__OPENSSL_CNF}"
   RENEW_DAYS="${__RENEW_DAYS}"
   IP_VERSION="${__IP_VERSION}"
+  ALT_NAMES=
 }
 
 # verify configuration values
@@ -675,11 +676,16 @@ command_sign_domains() {
 
   if [[ -n "${PARAM_DOMAIN:-}" ]]; then
     DOMAINS_TXT="$(_mktemp)"
+    tmp_domains="yes"
     printf -- "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
   elif [[ -e "${DOMAINS_TXT}" ]]; then
     if [[ ! -r "${DOMAINS_TXT}" ]]; then
       _exiterr "domains.txt found but not readable"
     fi
+  elif [[ -n "${DOMAINS_D}" ]]; then
+      DOMAINS_TXT="$(_mktemp)"
+      tmp_domains="yes"
+      find "${DOMAINS_D}" -maxdepth 1 -type f | grep -o '[^/]*$' > "${DOMAINS_TXT}"
   else
     _exiterr "domains.txt not found and --domain not given"
   fi
@@ -730,6 +736,9 @@ command_sign_domains() {
         config_var="$(echo "${cfgline:1}" | cut -d'=' -f1)"
         config_value="$(echo "${cfgline:1}" | cut -d'=' -f2-)"
         case "${config_var}" in
+          ALT_NAMES)
+            config_value="$(echo "${config_value}" | tr '[:upper:]' '[:lower:]' | _sed -e "s/^'[[:space:]]*//g" -e "s/[[:space:]]*'$//g" -e 's/[[:space:]]+/ /g')"
+            ;&
           KEY_ALGO|OCSP_MUST_STAPLE|PRIVATE_KEY_RENEW|PRIVATE_KEY_ROLLOVER|KEYSIZE|CHALLENGETYPE|HOOK|WELLKNOWN|HOOK_CHAIN|OPENSSL_CNF|RENEW_DAYS)
             echo "   + ${config_var} = ${config_value}"
             declare -- "${config_var}=${config_value}"
@@ -740,6 +749,16 @@ command_sign_domains() {
       done
       IFS="${ORIGIFS}"
     fi
+
+    if [[ -n "${ALT_NAMES}" ]]; then
+      if [[ -n "${morenames}" ]]; then
+        morenames="${morenames} ${ALT_NAMES}"
+      else
+        morenames="${ALT_NAMES}"
+      fi
+      line="${domain} ${morenames}";
+    fi
+
     verify_config
 
     if [[ -e "${cert}" ]]; then
@@ -790,7 +809,7 @@ command_sign_domains() {
   done
 
   # remove temporary domains.txt file if used
-  [[ -n "${PARAM_DOMAIN:-}" ]] && rm -f "${DOMAINS_TXT}"
+  [[ "${tmp_domains:-}" = "yes" ]] && rm -f "${DOMAINS_TXT}"
 
   exit 0
 }
diff --git a/docs/per-certificate-config.md b/docs/per-certificate-config.md
index 9e1b25a..c1c2f7c 100644
--- a/docs/per-certificate-config.md
+++ b/docs/per-certificate-config.md
@@ -16,3 +16,4 @@ Currently supported options:
 - WELLKNOWN
 - OPENSSL_CNF
 - RENEW_DAYS
+- ALT_NAMES