[enh] Update yunohost, ssl and ssh conf_regen hooks

data/hooks/conf_regen-old/01-yunohost

@@ -1,25 +0,0 @@
-set -e 
-
-force=$1
-
-cd /usr/share/yunohost/templates/yunohost
-
-sudo mkdir -p /etc/yunohost
-
-if [ ! -f /etc/yunohost/current_host ]; then
-    echo "yunohost.org" | sudo tee /etc/yunohost/current_host
-fi
-
-if [ ! -f /etc/yunohost/firewall.yml ]; then
-    sudo cp firewall.yml /etc/yunohost/firewall.yml
-fi
-
-if [ ! -f /etc/yunohost/services.yml ]; then
-    sudo cp services.yml /etc/yunohost/services.yml
-fi
-
-# Allow users to access /media directory
-if [ ! -d /etc/skel/media ]; then
-    mkdir -p /media
-    ln -s /media /etc/skel/
-fi

data/hooks/conf_regen-old/02-ssl

@@ -1,64 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [ ! -f /etc/yunohost/installed ]; then
-        sudo cp $1 $2
-    else
-        if [ $force ]; then
-            sudo yunohost service safecopy \
-              -s ssl $1 $2 --force
-        else
-            sudo yunohost service safecopy \
-              -s ssl $1 $2
-        fi
-    fi
-}
-
-cd /usr/share/yunohost/templates/ssl
-ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
-
-sudo mkdir -p /etc/yunohost/certs/yunohost.org
-sudo mkdir -p $ssl_dir/{ca,certs,crl,newcerts}
-
-safe_copy openssl.cnf $ssl_dir/openssl.cnf
-
-[ -f $ssl_dir/serial ] \
-  || (echo "00" | sudo tee $ssl_dir/serial)
-
-[ -f $ssl_dir/index.txt ] \
-  || sudo touch $ssl_dir/index.txt
-
-if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then
-    sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
-      -days 3650 -out $ssl_dir/ca/cacert.pem \
-      -keyout $ssl_dir/ca/cakey.pem -nodes -batch
-    sudo cp $ssl_dir/ca/cacert.pem \
-      /etc/yunohost/certs/yunohost.org/ca.pem
-    sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
-      /etc/ssl/certs/ca-yunohost_crt.pem
-    sudo update-ca-certificates
-fi
-
-if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then
-    sudo openssl req -new -config $ssl_dir/openssl.cnf \
-      -days 730 -out $ssl_dir/certs/yunohost_csr.pem \
-      -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 
-    sudo openssl ca -config $ssl_dir/openssl.cnf \
-      -days 730 -in $ssl_dir/certs/yunohost_csr.pem \
-      -out $ssl_dir/certs/yunohost_crt.pem -batch
-
-    last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
-    sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
-    sudo chmod 640 $last_cert
-
-    sudo cp $ssl_dir/certs/yunohost_key.pem \
-      /etc/yunohost/certs/yunohost.org/key.pem
-    sudo cp $last_cert \
-      /etc/yunohost/certs/yunohost.org/crt.pem
-    sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
-      /etc/ssl/certs/yunohost_crt.pem
-    sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
-      /etc/ssl/private/yunohost_key.pem
-fi

data/hooks/conf_regen-old/03-ssh

@@ -1,30 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [ $force ]; then
-        sudo yunohost service safecopy \
-          -s ssh \
-          $1 $2 \
-          --force
-    else
-        sudo yunohost service safecopy \
-          -s ssh \
-          $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/ssh
-
-# Only overwrite SSH configuration on an ISO installation
-if [ ! -f /etc/yunohost/from_script ]; then
-
-    # Do not listen to IPv6 if unavailable
-    if [ ! -f /proc/net/if_inet6 ]; then
-        sudo sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
-    fi
-    safe_copy sshd_config /etc/ssh/sshd_config
-    
-    sudo service ssh restart
-fi

data/hooks/conf_regen/01-yunohost

@@ -0,0 +1,40 @@
+set -e 
+
+do_pre_regen() {
+  pending_dir=$1
+
+  cd /usr/share/yunohost/templates/yunohost
+
+  [[ -d /etc/yunohost ]] || mkdir -p /etc/yunohost
+
+  # set default current_host
+  [[ -f /etc/yunohost/current_host ]] \
+    || echo "yunohost.org" | sudo tee /etc/yunohost/current_host
+
+  # copy default firewall and services
+  # TODO: update them as needed with upgrades
+  [[ -f /etc/yunohost/firewall.yml ]] \
+    || sudo cp firewall.yml /etc/yunohost/firewall.yml
+  [[ -f /etc/yunohost/services.yml ]] \
+    || sudo cp services.yml /etc/yunohost/services.yml
+
+  # allow users to access /media directory
+  [[ -d /etc/skel/media ]] \
+    || (mkdir -p /media && ln -s /media /etc/skel/media)
+}
+
+FORCE=$2
+
+case "$1" in
+  pre)
+    do_pre_regen $3
+    ;;
+  post)
+    ;;
+  *)
+    echo "hook called with unknown argument \`$status'" >&2
+    exit 1
+    ;;
+esac
+
+exit 0

data/hooks/conf_regen/02-ssl

@@ -0,0 +1,71 @@
+set -e 
+
+ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
+
+do_pre_regen() {
+  pending_dir=$1
+
+  cd /usr/share/yunohost/templates/ssl
+
+  install -D openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf"
+}
+
+do_post_regen() {
+  sudo mkdir -p "/etc/yunohost/certs/yunohost.org"
+  sudo mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
+
+  [[ -f "${ssl_dir}/serial" ]] \
+    || (echo "00" | sudo tee "${ssl_dir}/serial")
+  [[ -f "${ssl_dir}/index.txt" ]] \
+    || sudo touch "${ssl_dir}/index.txt"
+
+  if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then
+      sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
+        -days 3650 -out $ssl_dir/ca/cacert.pem \
+        -keyout $ssl_dir/ca/cakey.pem -nodes -batch 2>&1
+      sudo cp $ssl_dir/ca/cacert.pem \
+        /etc/yunohost/certs/yunohost.org/ca.pem
+      sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
+        /etc/ssl/certs/ca-yunohost_crt.pem
+      sudo update-ca-certificates
+  fi
+
+  if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then
+      sudo openssl req -new -config $ssl_dir/openssl.cnf \
+        -days 730 -out $ssl_dir/certs/yunohost_csr.pem \
+        -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 2>&1
+      sudo openssl ca -config $ssl_dir/openssl.cnf \
+        -days 730 -in $ssl_dir/certs/yunohost_csr.pem \
+        -out $ssl_dir/certs/yunohost_crt.pem -batch 2>&1
+
+      last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
+      sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
+      sudo chmod 640 $last_cert
+
+      sudo cp $ssl_dir/certs/yunohost_key.pem \
+        /etc/yunohost/certs/yunohost.org/key.pem
+      sudo cp $last_cert \
+        /etc/yunohost/certs/yunohost.org/crt.pem
+      sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
+        /etc/ssl/certs/yunohost_crt.pem
+      sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
+        /etc/ssl/private/yunohost_key.pem
+  fi
+}
+
+FORCE=$2
+
+case "$1" in
+  pre)
+    do_pre_regen $3
+    ;;
+  post)
+    do_post_regen
+    ;;
+  *)
+    echo "hook called with unknown argument \`$status'" >&2
+    exit 1
+    ;;
+esac
+
+exit 0

data/hooks/conf_regen/03-ssh

@@ -0,0 +1,38 @@
+set -e 
+
+do_pre_regen() {
+  pending_dir=$1
+
+  cd /usr/share/yunohost/templates/ssh
+
+  # only overwrite SSH configuration on an ISO installation
+  if [[ ! -f /etc/yunohost/from_script ]]; then
+      # do not listen to IPv6 if unavailable
+      [[ -f /proc/net/if_inet6 ]] \
+        || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
+
+      install -D sshd_config "${pending_conf}/etc/ssh/sshd_config"
+  fi
+}
+
+do_post_regen() {
+  [[ -f /etc/yunohost/from_script ]] \
+    || sudo service ssh restart
+}
+
+FORCE=$2
+
+case "$1" in
+  pre)
+    do_pre_regen $3
+    ;;
+  post)
+    do_post_regen
+    ;;
+  *)
+    echo "hook called with unknown argument \`$status'" >&2
+    exit 1
+    ;;
+esac
+
+exit 0