diff --git a/data/hooks/conf_regen-old/01-yunohost b/data/hooks/conf_regen-old/01-yunohost deleted file mode 100644 index d4a823f2e..000000000 --- a/data/hooks/conf_regen-old/01-yunohost +++ /dev/null @@ -1,25 +0,0 @@ -set -e - -force=$1 - -cd /usr/share/yunohost/templates/yunohost - -sudo mkdir -p /etc/yunohost - -if [ ! -f /etc/yunohost/current_host ]; then - echo "yunohost.org" | sudo tee /etc/yunohost/current_host -fi - -if [ ! -f /etc/yunohost/firewall.yml ]; then - sudo cp firewall.yml /etc/yunohost/firewall.yml -fi - -if [ ! -f /etc/yunohost/services.yml ]; then - sudo cp services.yml /etc/yunohost/services.yml -fi - -# Allow users to access /media directory -if [ ! -d /etc/skel/media ]; then - mkdir -p /media - ln -s /media /etc/skel/ -fi diff --git a/data/hooks/conf_regen-old/02-ssl b/data/hooks/conf_regen-old/02-ssl deleted file mode 100644 index baa7f13b7..000000000 --- a/data/hooks/conf_regen-old/02-ssl +++ /dev/null @@ -1,64 +0,0 @@ -set -e - -force=$1 - -function safe_copy () { - if [ ! -f /etc/yunohost/installed ]; then - sudo cp $1 $2 - else - if [ $force ]; then - sudo yunohost service safecopy \ - -s ssl $1 $2 --force - else - sudo yunohost service safecopy \ - -s ssl $1 $2 - fi - fi -} - -cd /usr/share/yunohost/templates/ssl -ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA - -sudo mkdir -p /etc/yunohost/certs/yunohost.org -sudo mkdir -p $ssl_dir/{ca,certs,crl,newcerts} - -safe_copy openssl.cnf $ssl_dir/openssl.cnf - -[ -f $ssl_dir/serial ] \ - || (echo "00" | sudo tee $ssl_dir/serial) - -[ -f $ssl_dir/index.txt ] \ - || sudo touch $ssl_dir/index.txt - -if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then - sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \ - -days 3650 -out $ssl_dir/ca/cacert.pem \ - -keyout $ssl_dir/ca/cakey.pem -nodes -batch - sudo cp $ssl_dir/ca/cacert.pem \ - /etc/yunohost/certs/yunohost.org/ca.pem - sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \ - /etc/ssl/certs/ca-yunohost_crt.pem - sudo update-ca-certificates -fi - -if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then - sudo openssl req -new -config $ssl_dir/openssl.cnf \ - -days 730 -out $ssl_dir/certs/yunohost_csr.pem \ - -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch - sudo openssl ca -config $ssl_dir/openssl.cnf \ - -days 730 -in $ssl_dir/certs/yunohost_csr.pem \ - -out $ssl_dir/certs/yunohost_crt.pem -batch - - last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1) - sudo chmod 640 $ssl_dir/certs/yunohost_key.pem - sudo chmod 640 $last_cert - - sudo cp $ssl_dir/certs/yunohost_key.pem \ - /etc/yunohost/certs/yunohost.org/key.pem - sudo cp $last_cert \ - /etc/yunohost/certs/yunohost.org/crt.pem - sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \ - /etc/ssl/certs/yunohost_crt.pem - sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \ - /etc/ssl/private/yunohost_key.pem -fi diff --git a/data/hooks/conf_regen-old/03-ssh b/data/hooks/conf_regen-old/03-ssh deleted file mode 100644 index 1487ecdeb..000000000 --- a/data/hooks/conf_regen-old/03-ssh +++ /dev/null @@ -1,30 +0,0 @@ -set -e - -force=$1 - -function safe_copy () { - if [ $force ]; then - sudo yunohost service safecopy \ - -s ssh \ - $1 $2 \ - --force - else - sudo yunohost service safecopy \ - -s ssh \ - $1 $2 - fi -} - -cd /usr/share/yunohost/templates/ssh - -# Only overwrite SSH configuration on an ISO installation -if [ ! -f /etc/yunohost/from_script ]; then - - # Do not listen to IPv6 if unavailable - if [ ! -f /proc/net/if_inet6 ]; then - sudo sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config - fi - safe_copy sshd_config /etc/ssh/sshd_config - - sudo service ssh restart -fi diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost new file mode 100644 index 000000000..621cb6c40 --- /dev/null +++ b/data/hooks/conf_regen/01-yunohost @@ -0,0 +1,40 @@ +set -e + +do_pre_regen() { + pending_dir=$1 + + cd /usr/share/yunohost/templates/yunohost + + [[ -d /etc/yunohost ]] || mkdir -p /etc/yunohost + + # set default current_host + [[ -f /etc/yunohost/current_host ]] \ + || echo "yunohost.org" | sudo tee /etc/yunohost/current_host + + # copy default firewall and services + # TODO: update them as needed with upgrades + [[ -f /etc/yunohost/firewall.yml ]] \ + || sudo cp firewall.yml /etc/yunohost/firewall.yml + [[ -f /etc/yunohost/services.yml ]] \ + || sudo cp services.yml /etc/yunohost/services.yml + + # allow users to access /media directory + [[ -d /etc/skel/media ]] \ + || (mkdir -p /media && ln -s /media /etc/skel/media) +} + +FORCE=$2 + +case "$1" in + pre) + do_pre_regen $3 + ;; + post) + ;; + *) + echo "hook called with unknown argument \`$status'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/data/hooks/conf_regen/02-ssl b/data/hooks/conf_regen/02-ssl new file mode 100644 index 000000000..95578ae90 --- /dev/null +++ b/data/hooks/conf_regen/02-ssl @@ -0,0 +1,71 @@ +set -e + +ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA" + +do_pre_regen() { + pending_dir=$1 + + cd /usr/share/yunohost/templates/ssl + + install -D openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf" +} + +do_post_regen() { + sudo mkdir -p "/etc/yunohost/certs/yunohost.org" + sudo mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts} + + [[ -f "${ssl_dir}/serial" ]] \ + || (echo "00" | sudo tee "${ssl_dir}/serial") + [[ -f "${ssl_dir}/index.txt" ]] \ + || sudo touch "${ssl_dir}/index.txt" + + if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then + sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \ + -days 3650 -out $ssl_dir/ca/cacert.pem \ + -keyout $ssl_dir/ca/cakey.pem -nodes -batch 2>&1 + sudo cp $ssl_dir/ca/cacert.pem \ + /etc/yunohost/certs/yunohost.org/ca.pem + sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \ + /etc/ssl/certs/ca-yunohost_crt.pem + sudo update-ca-certificates + fi + + if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then + sudo openssl req -new -config $ssl_dir/openssl.cnf \ + -days 730 -out $ssl_dir/certs/yunohost_csr.pem \ + -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 2>&1 + sudo openssl ca -config $ssl_dir/openssl.cnf \ + -days 730 -in $ssl_dir/certs/yunohost_csr.pem \ + -out $ssl_dir/certs/yunohost_crt.pem -batch 2>&1 + + last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1) + sudo chmod 640 $ssl_dir/certs/yunohost_key.pem + sudo chmod 640 $last_cert + + sudo cp $ssl_dir/certs/yunohost_key.pem \ + /etc/yunohost/certs/yunohost.org/key.pem + sudo cp $last_cert \ + /etc/yunohost/certs/yunohost.org/crt.pem + sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \ + /etc/ssl/certs/yunohost_crt.pem + sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \ + /etc/ssl/private/yunohost_key.pem + fi +} + +FORCE=$2 + +case "$1" in + pre) + do_pre_regen $3 + ;; + post) + do_post_regen + ;; + *) + echo "hook called with unknown argument \`$status'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/data/hooks/conf_regen/03-ssh b/data/hooks/conf_regen/03-ssh new file mode 100644 index 000000000..deff76ad5 --- /dev/null +++ b/data/hooks/conf_regen/03-ssh @@ -0,0 +1,38 @@ +set -e + +do_pre_regen() { + pending_dir=$1 + + cd /usr/share/yunohost/templates/ssh + + # only overwrite SSH configuration on an ISO installation + if [[ ! -f /etc/yunohost/from_script ]]; then + # do not listen to IPv6 if unavailable + [[ -f /proc/net/if_inet6 ]] \ + || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config + + install -D sshd_config "${pending_conf}/etc/ssh/sshd_config" + fi +} + +do_post_regen() { + [[ -f /etc/yunohost/from_script ]] \ + || sudo service ssh restart +} + +FORCE=$2 + +case "$1" in + pre) + do_pre_regen $3 + ;; + post) + do_post_regen + ;; + *) + echo "hook called with unknown argument \`$status'" >&2 + exit 1 + ;; +esac + +exit 0