From: Simon Ruderich Date: Sat, 5 Dec 2015 13:08:41 +0000 (+0100) Subject: replace echo (-n) with printf X-Git-Tag: v0.1.0~221^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4aa48d33d5d514b7571aa3d75eda38f6ffb553e8;p=thirdparty%2Fdehydrated.git replace echo (-n) with printf printf is more portable and never interprets any escape characters. --- diff --git a/letsencrypt.sh b/letsencrypt.sh index e941e31..04c150d 100755 --- a/letsencrypt.sh +++ b/letsencrypt.sh @@ -12,16 +12,16 @@ hex2bin() { } signed_request() { - payload64="$(echo -n "${2}" | urlbase64)" + payload64="$(printf '%s' "${2}" | urlbase64)" nonce="$(curl -s -I "${CA}"/directory | grep Replay-Nonce | awk -F ': ' '{print $2}' | tr -d '\n\r')" header='{"alg": "RS256", "jwk": {"e": "'"${pubExponent64}"'", "kty": "RSA", "n": "'"${pubMod64}"'"}}' protected='{"alg": "RS256", "jwk": {"e": "'"${pubExponent64}"'", "kty": "RSA", "n": "'"${pubMod64}"'"}, "nonce": "'"${nonce}"'"}' - protected64="$(echo -n "${protected}" | urlbase64)" + protected64="$(printf '%s' "${protected}" | urlbase64)" - signed64="$(echo -n "${protected64}.${payload64}" | openssl dgst -sha256 -sign private_key.pem | urlbase64)" + signed64="$(printf '%s' "${protected64}.${payload64}" | openssl dgst -sha256 -sign private_key.pem | urlbase64)" data='{"header": '"${header}"', "protected": "'"${protected64}"'", "payload": "'"${payload64}"'", "signature": "'"${signed64}"'"}' @@ -37,7 +37,7 @@ sign_domain() { for altname in $altnames; do SAN+="DNS:${altname}, " done - SAN="$(echo -n "${SAN}" | sed 's/,\s*$//g')" + SAN="$(printf '%s' "${SAN}" | sed 's/,\s*$//g')" mkdir "certs/${domain}" @@ -51,8 +51,8 @@ sign_domain() { echo " + Requesting challenge for ${altname}..." response="$(signed_request "${CA}/acme/new-authz" '{"resource": "new-authz", "identifier": {"type": "dns", "value": "'"${altname}"'"}}')" - challenge_token="$(echo "${response}" | grep -Eo '"challenges":[^\[]*\[[^]]*]' | sed 's/{/\n{/g' | grep 'http-01' | grep -Eo '"token":\s*"[^"]*"' | cut -d'"' -f4 | sed 's/[^A-Za-z0-9_\-]/_/g')" - challenge_uri="$(echo "${response}" | grep -Eo '"challenges":[^\[]*\[[^]]*]' | sed 's/{/\n{/g' | grep 'http-01' | grep -Eo '"uri":\s*"[^"]*"' | cut -d'"' -f4)" + challenge_token="$(printf '%s\n' "${response}" | grep -Eo '"challenges":[^\[]*\[[^]]*]' | sed 's/{/\n{/g' | grep 'http-01' | grep -Eo '"token":\s*"[^"]*"' | cut -d'"' -f4 | sed 's/[^A-Za-z0-9_\-]/_/g')" + challenge_uri="$(printf '%s\n' "${response}" | grep -Eo '"challenges":[^\[]*\[[^]]*]' | sed 's/{/\n{/g' | grep 'http-01' | grep -Eo '"uri":\s*"[^"]*"' | cut -d'"' -f4)" if [ "${challenge_token}" = "" ] || [ "${challenge_uri}" = "" ]; then echo " + Error: Can't retrieve challenges (${response})" @@ -61,12 +61,12 @@ sign_domain() { keyauth="${challenge_token}.${thumbprint}" - echo -n "${keyauth}" > "${WELLKNOWN}/${challenge_token}" + printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}" echo " + Responding to challenge for ${altname}..." result="$(signed_request "${challenge_uri}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')" - status="$(echo "${result}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)" + status="$(printf '%s\n' "${result}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)" if [ ! "${status}" = "pending" ] && [ ! "${status}" = "valid" ]; then echo " + Challenge is invalid! (${result})" @@ -83,7 +83,7 @@ sign_domain() { echo " + Requesting certificate..." csr64="$(openssl req -in "certs/${domain}/cert.csr" -outform DER | urlbase64)" crt64="$(signed_request "${CA}/acme/new-cert" '{"resource": "new-cert", "csr": "'"${csr64}"'"}' | base64 -w 64)" - echo -e "-----BEGIN CERTIFICATE-----\n${crt64}\n-----END CERTIFICATE-----\n" > "certs/${domain}/cert.pem" + printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "certs/${domain}/cert.pem" echo " + Done!" } @@ -95,9 +95,9 @@ if [ ! -e "private_key.pem" ]; then fi pubExponent64="$(printf "%06x" "$(openssl rsa -in private_key.pem -noout -text | grep publicExponent | head -1 | cut -d' ' -f2)" | hex2bin | urlbase64)" -pubMod64="$(echo -n "$(openssl rsa -in private_key.pem -noout -modulus | cut -d'=' -f2)" | hex2bin | urlbase64)" +pubMod64="$(printf '%s' "$(openssl rsa -in private_key.pem -noout -modulus | cut -d'=' -f2)" | hex2bin | urlbase64)" -thumbprint="$(echo -n "$(echo -n '{"e":"'"${pubExponent64}"'","kty":"RSA","n":"'"${pubMod64}"'"}' | sha256sum | awk '{print $1}')" | hex2bin | urlbase64)" +thumbprint="$(printf '%s' "$(printf '%s' '{"e":"'"${pubExponent64}"'","kty":"RSA","n":"'"${pubMod64}"'"}' | sha256sum | awk '{print $1}')" | hex2bin | urlbase64)" if [ "${register}" = "1" ]; then echo "+ Registering account key with letsencrypt..."