YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[fix] Handle SSL generation better

Browse source
This commit is contained in:
kload 2015-10-02 15:56:46 +02:00
parent 6b293e9075
commit 33b749a9f8
1 changed files with 12 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
data/hooks/conf_regen/02-ssl
View file

@ -25,21 +25,21 @@ sudo mkdir -p $ssl_dir/{ca,certs,crl,newcerts}
safe_copy openssl.cnf $ssl_dir/openssl.cnf safe_copy openssl.cnf $ssl_dir/openssl.cnf
if [ ! -f /etc/yunohost/installed ]; then [ -f $ssl_dir/serial ] \
sudo rm -f $ssl_dir/index.txt || (echo "01" | sudo tee $ssl_dir/serial)
sudo touch $ssl_dir/index.txt
sudo rm -f $ssl_dir/serial
sudo rm -f /etc/yunohost/certs/yunohost.org/*
fi
if [ ! -f $ssl_dir/serial ]; then [ -f $ssl_dir/index.txt ] \
echo "01" | sudo tee $ssl_dir/serial || sudo touch $ssl_dir/index.txt
fi
if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then
sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \ sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
-days 3650 -out $ssl_dir/ca/cacert.pem \ -days 3650 -out $ssl_dir/ca/cacert.pem \
-keyout $ssl_dir/ca/cakey.pem -nodes -batch -keyout $ssl_dir/ca/cakey.pem -nodes -batch
sudo cp $ssl_dir/ca/cacert.pem \
/etc/yunohost/certs/yunohost.org/ca.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
/etc/ssl/certs/ca-yunohost_crt.pem
sudo update-ca-certificates
fi fi
if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then
@ -50,20 +50,16 @@ if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then
-days 730 -in $ssl_dir/certs/yunohost_csr.pem \ -days 730 -in $ssl_dir/certs/yunohost_csr.pem \
-out $ssl_dir/certs/yunohost_crt.pem -batch -out $ssl_dir/certs/yunohost_crt.pem -batch
last_cert=$(ls *.pem | sort -V | tail -n 1)
sudo chmod 640 $ssl_dir/certs/yunohost_key.pem sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
sudo chmod 640 $ssl_dir/newcerts/01.pem sudo chmod 640 $ssl_dir/newcerts/$last_cert
sudo cp $ssl_dir/ca/cacert.pem \
/etc/yunohost/certs/yunohost.org/ca.pem
sudo cp $ssl_dir/certs/yunohost_key.pem \ sudo cp $ssl_dir/certs/yunohost_key.pem \
/etc/yunohost/certs/yunohost.org/key.pem /etc/yunohost/certs/yunohost.org/key.pem
sudo cp $ssl_dir/newcerts/01.pem \ sudo cp $ssl_dir/newcerts/$last_cert \
/etc/yunohost/certs/yunohost.org/crt.pem /etc/yunohost/certs/yunohost.org/crt.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \ sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
/etc/ssl/certs/yunohost_crt.pem /etc/ssl/certs/yunohost_crt.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \ sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
/etc/ssl/private/yunohost_key.pem /etc/ssl/private/yunohost_key.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
/etc/ssl/certs/ca-yunohost_crt.pem
sudo update-ca-certificates
fi fi