def deploy_exim_cert(source_domain, target_domain, log=logger.Log(False)):
"""
Run deploy_file() on the key and certificate paths for the given domains.
This needs to be run for each domain listed in a certificate as the target
domain.
Args:
source_domain - The main domain of the certificate
target_domain - A list of domains covered by the certificate
log - An open log file
"""
deployed_cert = False
deployed_key = False
# Public Certificate
source = source_cert_dir + '/' + source_domain + '/fullchain.pem'
target = target_cert_dir + '/' + target_domain + '.pem'
if not os.path.exists(source):
log.log('Warning: no certificate found at ' + source)
else:
deployed_cert = deploy_file(source, target)
# Private Key
source = source_key_dir + '/' + source_domain + '/privkey.pem'
target = target_key_dir + '/' + target_domain + '.pem'
if not os.path.exists(source):
log.log('Warning: no private key found at ' + source)
else:
deployed_key = deploy_file(source, target)
return deployed_cert or deployed_key
def restart_service(version, log=logger.Log(False)):
"""
Restart a given PHP service.
Args:
version - The PHP subversion to start (such as 7.3)
log (optional) - An open log file to log to
"""
service.restart('php-' + version + '-fpm', log)
def reload_init(log=logger.Log(False)):
"""
Reload services in systemd.
Args:
log - An open logger
"""
if use_systemctl:
log.run(['systemctl', 'daemon-reload'])
else:
pass
def reload(service_name, log=logger.Log(False)):
"""
Reload a system service.
Args:
service_name - The name of the service to enable
log - An open logger
"""
if use_systemctl:
log.run(['systemctl', 'reload', service_name + '.service'])
else:
log.run(['service', service_name, 'reload'])
def stop(service_name, log=logger.Log(False)):
"""
Stop a system service.
Args:
service_name - The name of the service to enable
log - An open logger
"""
if use_systemctl:
log.run(['systemctl', 'stop', service_name + '.service'])
else:
log.run(['service', service_name, 'stop'])
def _install_prebuilt(slug, more):
if not slug:
print('Please specify slug being installed')
if not more:
print('Please specify version being installed')
from libsw import build_index, logger
if not slug:
slug = build_index.select_slug("Select a package to (re)install it")
slug = slug.lower()
builder = build_index.get_builder(slug)
builder.source_version = more[0]
with open(builder.log_name(), 'w+') as log_output:
log = logger.Log(log_output)
builder.install(log)
def deploy_all_exim_domains(log=logger.Log(False)):
"""
Check each certificate in Let's Encrypt against the corresponding exim. If
the one in LE is newer or if the one in exim does not yet exist, the
certificate and private key are copied once for each mail subdomain into
exim's certificate and key folders.
Args:
log - An open log file
"""
count = 0
for dom in email.get_mail_domains():
if deploy_exim_domain(dom, log):
count += 1
return count
def deploy_exim_domain(domain, log=logger.Log(False)):
"""
Copies the certificate from Let's Encrypt to exim for each subdomain in the
mail subdomain list.
Args:
domain - The main domain of the certificate
log - An open log file
"""
deployed = False
#TODO - read covered domains instead of using a set list
for sub in get_mail_domain_list(domain):
if deploy_exim_cert(domain, sub, log):
deployed = True
return deployed
def check():
"""
Check for updates to certificates with Let's Encrypt and then push any
updated files to exim as well as any users that require locally stored
certificates.
"""
with open(settings.install_path + 'var/log/letsencrypt', 'w+') as log_file:
log = logger.Log(log_file)
log.run(['letsencrypt', 'renew'])
local_count = deploy_locals()
count = deploy_all_exim_domains(log)
if count > 0:
update_dovecot_ssl()
nginx.reload()
log.log('Deployed ' + str(count) + ' certificates')
def build(self):
"""
Download or update the source code, compile it and then install it.
"""
logfile = self.log_name()
success = False
old_pwd = os.getcwd()
logdir = os.path.dirname(logfile)
if not os.path.exists(logdir):
os.makedirs(logdir)
with open(logfile, 'w+') as open_log:
log = logger.Log(open_log)
log.log("Build started for " + self.slug + " at " +
str(datetime.datetime.now()))
source_url = self.get_source_url()
if not is_frozen(self.slug):
log.log('Fetching ' + source_url)
self.fetch_source(source_url, log)
os.chdir(self.source_dir())
log.log("Running pre-config")
self.run_pre_config(log)
log.log("Getting config arguments")
command = self.populate_config_args(log)
if len(command) > 0:
log.log("Running configuration")
if debug:
log.log('CONFIG: ' + ' '.join(command))
log.run(command)
log.log("Running make")
make_ret_val = self.make(log)
if make_ret_val != 0: # if not success
log.log(self.slug + ' make command failed. Exiting.')
else:
log.log("Installing")
self.install(log)
log.log("Build completed for " + self.slug + " at " +
str(datetime.datetime.now()))
success = self.check_build()
self.cleanup_old_versions(log)
os.chdir(old_pwd)
if not success:
email.send_admin_logfile('Build failed for ' + self.slug, logfile)
elif settings.get_bool('email_admin_on_build_success'):
email.send_admin_log_clip('Build succeeded for ' + self.slug,
logfile)
return success, logfile
def _daemon():
from libsw import clamav, logger
log = logger.Log()
clamav.use_daemon_update(log)
def _offline():
from libsw import clamav, logger
log = logger.Log()
clamav.use_offline_update(log)
