From 9c28c07af4b342d6db6a53818353bf19e0325ad1 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Mon, 22 Nov 2021 08:10:14 +0100
Subject: [PATCH] Fix overly complex location for ssl workdir

---
 conf/ssl/openssl.cnf         | 4 ++--
 hooks/conf_regen/01-yunohost | 2 ++
 hooks/conf_regen/02-ssl      | 2 +-
 src/certificate.py           | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/conf/ssl/openssl.cnf b/conf/ssl/openssl.cnf
index 3ef7d80c3..a19a9c3df 100644
--- a/conf/ssl/openssl.cnf
+++ b/conf/ssl/openssl.cnf
@@ -5,7 +5,7 @@
 
 # This definition stops the following lines choking if HOME isn't
 # defined.
-HOME			= /usr/share/yunohost/yunohost-config/ssl
+HOME			= /usr/share/yunohost/ssl
 RANDFILE		= $ENV::HOME/.rnd
 
 # Extra OBJECT IDENTIFIER info:
@@ -34,7 +34,7 @@ default_ca	= Yunohost		# The default ca section
 ####################################################################
 [ Yunohost ]
 
-dir		= /usr/share/yunohost/yunohost-config/ssl/yunoCA		# Where everything is kept
+dir		= /usr/share/yunohost/ssl		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
diff --git a/hooks/conf_regen/01-yunohost b/hooks/conf_regen/01-yunohost
index 027be8020..7716f04c3 100755
--- a/hooks/conf_regen/01-yunohost
+++ b/hooks/conf_regen/01-yunohost
@@ -181,6 +181,8 @@ do_post_regen() {
     find /etc/cron.d/yunohost-* -type f -exec chmod 644 {} \;
     find /etc/cron.*/yunohost-* -type f -exec chown root:root {} \;
 
+    chmod 750 /usr/share/yunohost/ssl
+
     chown root:root /var/cache/yunohost
     chmod 700 /var/cache/yunohost
     chown root:root /var/cache/moulinette
diff --git a/hooks/conf_regen/02-ssl b/hooks/conf_regen/02-ssl
index f27a23cf8..a824c91f8 100755
--- a/hooks/conf_regen/02-ssl
+++ b/hooks/conf_regen/02-ssl
@@ -2,7 +2,7 @@
 
 set -e
 
-ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
+ssl_dir="/usr/share/yunohost/ssl"
 ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem"
 ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem"
 ynh_key="/etc/yunohost/certs/yunohost.org/key.pem"
diff --git a/src/certificate.py b/src/certificate.py
index c697a487b..46aa9c818 100644
--- a/src/certificate.py
+++ b/src/certificate.py
@@ -54,7 +54,7 @@ WEBROOT_FOLDER = "/tmp/acme-challenge-public/"
 SELF_CA_FILE = "/etc/ssl/certs/ca-yunohost_crt.pem"
 ACCOUNT_KEY_FILE = "/etc/yunohost/letsencrypt_account.pem"
 
-SSL_DIR = "/usr/share/yunohost/yunohost-config/ssl/yunoCA"
+SSL_DIR = "/usr/share/yunohost/ssl"
 
 KEY_SIZE = 3072