From 34b7e667a774376a888f57867b20c2ee84ad596c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Nov 2021 23:25:25 +0100 Subject: [PATCH] Aaaaand try again to fix certificate generation --- hooks/conf_regen/02-ssl | 3 +++ src/certificate.py | 12 +++--------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/hooks/conf_regen/02-ssl b/hooks/conf_regen/02-ssl index a50e51187..e98c70c6e 100755 --- a/hooks/conf_regen/02-ssl +++ b/hooks/conf_regen/02-ssl @@ -110,6 +110,9 @@ do_post_regen() { then mv /usr/share/yunohost/yunohost-config/ssl/yunoCA/* ${ssl_dir} rm -rf /usr/share/yunohost/yunohost-config + # Overwrite openssl.cnf because it may still contain references to the old yunoCA dir + rm -f ${ssl_dir}/openssl.ca.cnf + install -D -m 644 ${template_dir}/openssl.cnf "${ssl_dir}/openssl.cnf" fi mkdir -p ${ssl_dir}/{ca,certs,crl,newcerts} diff --git a/src/certificate.py b/src/certificate.py index 724d9b62e..86a63a996 100644 --- a/src/certificate.py +++ b/src/certificate.py @@ -143,11 +143,7 @@ def _certificate_install_selfsigned(domain_list, force=False): # Paths of files and folder we'll need date_tag = datetime.utcnow().strftime("%Y%m%d.%H%M%S") - new_cert_folder = "%s/%s-history/%s-selfsigned" % ( - CERT_FOLDER, - domain, - date_tag, - ) + new_cert_folder = f"{CERT_FOLDER}/{domain}-history/{date_tag}-selfsigned" conf_template = os.path.join(SSL_DIR, "openssl.cnf") @@ -181,10 +177,8 @@ def _certificate_install_selfsigned(domain_list, force=False): # Use OpenSSL command line to create a certificate signing request, # and self-sign the cert commands = [ - "openssl req -new -config %s -out %s -keyout %s -nodes -batch" - % (conf_file, csr_file, key_file), - "openssl ca -config %s -days 3650 -in %s -out %s -batch" - % (conf_file, csr_file, crt_file), + f"openssl req -new -config {conf_file} -out {csr_file} -keyout {key_file} -nodes -batch", + f"openssl ca -config {conf_file} -days 3650 -in {csr_file} -out {crt_file} -batch", ] for command in commands: