docker-mailserver/target/helper_functions.sh

#!/bin/bash

# expects mask prefix length and the digit
function _mask_ip_digit() {
  if [[ $1 -ge 8 ]]; then
    MASK=255
  else
    if [[ $1 -le 0 ]]; then
      MASK=0
    else
      VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255')
      MASK=${VALUES[$1]}
    fi
  fi
  echo $(($2 & $MASK))
}

# transforms a specific ip with CIDR suffix like 1.2.3.4/16
# to subnet with cidr suffix like 1.2.0.0/16
function _sanitize_ipv4_to_subnet_cidr() {
  IP=${1%%/*}
  PREFIX_LENGTH=${1#*/}

  # split IP by . into digits
  DIGITS=(${IP//./ })

  # mask digits according to prefix length
  MASKED_DIGITS=()
  DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH"
  for DIGIT in "${DIGITS[@]}"; do
    MASKED_DIGITS+=($(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT))
    DIGIT_PREFIX_LENGTH=$(($DIGIT_PREFIX_LENGTH - 8))
  done

  # output masked ip plus prefix length
  echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH
}

# extracts certificates from acme.json and returns 0 if found
function extractCertsFromAcmeJson() {
  WHAT=$1

  KEY=$(cat /etc/letsencrypt/acme.json | python -c "
import sys,json
acme = json.load(sys.stdin)
for key, value in acme.items():
    certs = value['Certificates']
    for cert in certs:
        if 'domain' in cert and 'key' in cert:
            if 'main' in cert['domain'] and cert['domain']['main'] == '$WHAT' or 'sans' in cert['domain'] and '$WHAT' in cert['domain']['sans']:
                print cert['key']
                break
")
  CERT=$(cat /etc/letsencrypt/acme.json | python -c "
import sys,json
acme = json.load(sys.stdin)
for key, value in acme.items():
    certs = value['Certificates']
    for cert in certs:
        if 'domain' in cert and 'certificate' in cert:
            if 'main' in cert['domain'] and cert['domain']['main'] == '$WHAT' or 'sans' in cert['domain'] and '$WHAT' in cert['domain']['sans']:
                print cert['certificate']
                break
")

  if [[ -n "${KEY}${CERT}" ]]; then
    mkdir -p /etc/letsencrypt/live/"$HOSTNAME"/
    echo $KEY | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/key.pem || exit 1
    echo $CERT | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem || exit 1
    echo "Cert found in /etc/letsencrypt/acme.json for $WHAT"
    return 0
  else
    return 1
  fi
}

# File storing the checksums of the monitored files.
CHKSUM_FILE=/tmp/docker-mailserver-config-chksum

# Compute checksums of monitored files.
function monitored_files_checksums() {
  (
    cd /tmp/docker-mailserver
    # (2>/dev/null to ignore warnings about files that don't exist)
    exec sha512sum 2>/dev/null -- \
           postfix-accounts.cf \
           postfix-virtual.cf \
           postfix-aliases.cf \
           dovecot-quotas.cf \
           /etc/letsencrypt/acme.json \
           "/etc/letsencrypt/live/$HOSTNAME/key.pem" \
           "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem"
  )
  return 0
}
WIP: actually test PERMIT_DOCKER=connected-networks also showcase timeouts and makefile integration 2019-08-07 02:24:56 +02:00			`#!/bin/bash`

			`# expects mask prefix length and the digit`
			`function _mask_ip_digit() {`
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json` 2020-06-30 22:43:22 +02:00			`if [[ $1 -ge 8 ]]; then`
			`MASK=255`
			`else`
			`if [[ $1 -le 0 ]]; then`
			`MASK=0`
			`else`
			`VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255')`
			`MASK=${VALUES[$1]}`
			`fi`
			`fi`
			`echo $(($2 & $MASK))`
WIP: actually test PERMIT_DOCKER=connected-networks also showcase timeouts and makefile integration 2019-08-07 02:24:56 +02:00			`}`

			`# transforms a specific ip with CIDR suffix like 1.2.3.4/16`
			`# to subnet with cidr suffix like 1.2.0.0/16`
			`function _sanitize_ipv4_to_subnet_cidr() {`
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json` 2020-06-30 22:43:22 +02:00			`IP=${1%%/*}`
			`PREFIX_LENGTH=${1#*/}`
WIP: actually test PERMIT_DOCKER=connected-networks also showcase timeouts and makefile integration 2019-08-07 02:24:56 +02:00
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json` 2020-06-30 22:43:22 +02:00			`# split IP by . into digits`
			`DIGITS=(${IP//./ })`
WIP: actually test PERMIT_DOCKER=connected-networks also showcase timeouts and makefile integration 2019-08-07 02:24:56 +02:00
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json` 2020-06-30 22:43:22 +02:00			`# mask digits according to prefix length`
			`MASKED_DIGITS=()`
			`DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH"`
			`for DIGIT in "${DIGITS[@]}"; do`
			`MASKED_DIGITS+=($(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT))`
			`DIGIT_PREFIX_LENGTH=$(($DIGIT_PREFIX_LENGTH - 8))`
			`done`
WIP: actually test PERMIT_DOCKER=connected-networks also showcase timeouts and makefile integration 2019-08-07 02:24:56 +02:00
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json` 2020-06-30 22:43:22 +02:00			`# output masked ip plus prefix length`
			`echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH`
			`}`

			`# extracts certificates from acme.json and returns 0 if found`
			`function extractCertsFromAcmeJson() {`
			`WHAT=$1`
fix: extractCertsFromAcmeJson fails if "sans" not in Certificates.domain.main 2020-07-19 23:57:16 +02:00
			`KEY=$(cat /etc/letsencrypt/acme.json \| python -c "`
			`import sys,json`
			`acme = json.load(sys.stdin)`
			`for key, value in acme.items():`
			`certs = value['Certificates']`
			`for cert in certs:`
			`if 'domain' in cert and 'key' in cert:`
			`if 'main' in cert['domain'] and cert['domain']['main'] == '$WHAT' or 'sans' in cert['domain'] and '$WHAT' in cert['domain']['sans']:`
			`print cert['key']`
add break; remove empty print 2020-07-20 11:28:23 +02:00			`break`
fix: extractCertsFromAcmeJson fails if "sans" not in Certificates.domain.main 2020-07-19 23:57:16 +02:00			`")`
			`CERT=$(cat /etc/letsencrypt/acme.json \| python -c "`
			`import sys,json`
			`acme = json.load(sys.stdin)`
			`for key, value in acme.items():`
			`certs = value['Certificates']`
			`for cert in certs:`
			`if 'domain' in cert and 'certificate' in cert:`
			`if 'main' in cert['domain'] and cert['domain']['main'] == '$WHAT' or 'sans' in cert['domain'] and '$WHAT' in cert['domain']['sans']:`
			`print cert['certificate']`
add break; remove empty print 2020-07-20 11:28:23 +02:00			`break`
fix: extractCertsFromAcmeJson fails if "sans" not in Certificates.domain.main 2020-07-19 23:57:16 +02:00			`")`
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json` 2020-06-30 22:43:22 +02:00
			`if [[ -n "${KEY}${CERT}" ]]; then`
			`mkdir -p /etc/letsencrypt/live/"$HOSTNAME"/`
			`echo $KEY \| base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/key.pem \|\| exit 1`
			`echo $CERT \| base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem \|\| exit 1`
			`echo "Cert found in /etc/letsencrypt/acme.json for $WHAT"`
			`return 0`
			`else`
			`return 1`
			`fi`
			`}`
Fix checksum race condition in check-for-changes.sh If a change to one of the tracked files happened soon after (<1 second?) a previously detected change, it could end up going undetected. In particular, this could cause integration tests to fail (see next commits). Fixed by computing the new checksum file _before_ checking for changes. 2020-08-24 20:46:50 +02:00
			`# File storing the checksums of the monitored files.`
			`CHKSUM_FILE=/tmp/docker-mailserver-config-chksum`

			`# Compute checksums of monitored files.`
			`function monitored_files_checksums() {`
			`(`
			`cd /tmp/docker-mailserver`
			`# (2>/dev/null to ignore warnings about files that don't exist)`
			`exec sha512sum 2>/dev/null -- \`
			`postfix-accounts.cf \`
			`postfix-virtual.cf \`
			`postfix-aliases.cf \`
			`dovecot-quotas.cf \`
			`/etc/letsencrypt/acme.json \`
			`"/etc/letsencrypt/live/$HOSTNAME/key.pem" \`
			`"/etc/letsencrypt/live/$HOSTNAME/fullchain.pem"`
			`)`
			`return 0`
			`}`