X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-cert-cron;h=01fb68904dcd13d44b0cbbe84f4d45835174997e;hb=a44c96f8de0dfbb302923b48961abc912b41803e;hp=cee75684887c76bd2413cc1abb3bd45003cf5746;hpb=b18dade73dedfe69aa741f8417947d83c4208f2d;p=distro-setup

diff --git a/mail-cert-cron b/mail-cert-cron
index cee7568..01fb689 100755
--- a/mail-cert-cron
+++ b/mail-cert-cron
@@ -1,11 +1,32 @@
 #!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
 case $1 in
-  # for first run, accept host key
+  # For first run, accept host key. Note, known_hosts is saved in /p.
   -1)
     opt=(-e 'ssh -oStrictHostKeyChecking=no')
     ;;
@@ -13,14 +34,14 @@ esac
 
 f=/a/bin/bash_unpublished/source-state
 if [[ -e $f ]]; then
+  # shellcheck source=/a/bin/bash_unpublished/source-state
   source $f
 fi
 
 case $HOSTNAME in
   $MAIL_HOST|bk)
-    local_mx=mail.iankelling.org
     # ||: is to allow for temporary connection issues.
-    rsync ${opt[@]} -ogtL --chown=root:Debian-exim --chmod=640 \
+    rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
           root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||:
     if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
       echo "$0: error!: cert rsync failed and it will expire in less than 3 days"