#!/bin/bash set -e force=$1 function safe_copy () { if [ ! -f /etc/yunohost/installed ]; then sudo cp $1 $2 else if [ $force ]; then sudo yunohost service safecopy \ -s ssl $1 $2 --force else sudo yunohost service safecopy \ -s ssl $1 $2 fi fi } cd /usr/share/yunohost/templates/ssl ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA sudo mkdir -p /etc/yunohost/certs/yunohost.org sudo mkdir -p $ssl_dir/{ca,certs,crl,newcerts} safe_copy openssl.cnf $ssl_dir/openssl.cnf if [ ! -f /etc/yunohost/installed ]; then sudo rm -f $ssl_dir/index.txt sudo touch $ssl_dir/index.txt sudo rm -f $ssl_dir/serial sudo rm -f /etc/yunohost/certs/yunohost.org/* fi if [ ! -f $ssl_dir/serial ]; then echo "01" | sudo tee $ssl_dir/serial fi if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \ -days 3650 -out $ssl_dir/ca/cacert.pem \ -keyout $ssl_dir/ca/cakey.pem -nodes -batch fi if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then sudo openssl req -new -config $ssl_dir/openssl.cnf \ -days 730 -out $ssl_dir/certs/yunohost_csr.pem \ -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch sudo openssl ca -config $ssl_dir/openssl.cnf \ -days 730 -in $ssl_dir/certs/yunohost_csr.pem \ -out $ssl_dir/certs/yunohost_crt.pem -batch sudo chmod 640 $ssl_dir/certs/yunohost_key.pem sudo chmod 640 $ssl_dir/newcerts/01.pem sudo cp $ssl_dir/ca/cacert.pem \ /etc/yunohost/certs/yunohost.org/ca.pem sudo cp $ssl_dir/certs/yunohost_key.pem \ /etc/yunohost/certs/yunohost.org/key.pem sudo cp $ssl_dir/newcerts/01.pem \ /etc/yunohost/certs/yunohost.org/crt.pem sudo ln -s /etc/yunohost/certs/yunohost.org/crt.pem \ /etc/ssl/certs/yunohost_crt.pem sudo ln -s /etc/yunohost/certs/yunohost.org/key.pem \ /etc/ssl/private/yunohost_key.pem sudo ln -s /etc/yunohost/certs/yunohost.org/ca.pem \ /etc/ssl/certs/ca-yunohost_crt.pem sudo update-ca-certificates fi