#!/bin/bash set -e ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA" do_pre_regen() { pending_dir=$1 cd /usr/share/yunohost/templates/ssl install -D openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf" } do_post_regen() { regen_conf_files=$1 sudo mkdir -p "/etc/yunohost/certs/yunohost.org" sudo mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts} [[ -f "${ssl_dir}/serial" ]] \ || (echo "00" | sudo tee "${ssl_dir}/serial") [[ -f "${ssl_dir}/index.txt" ]] \ || sudo touch "${ssl_dir}/index.txt" if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \ -days 3650 -out $ssl_dir/ca/cacert.pem \ -keyout $ssl_dir/ca/cakey.pem -nodes -batch 2>&1 sudo cp $ssl_dir/ca/cacert.pem \ /etc/yunohost/certs/yunohost.org/ca.pem sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \ /etc/ssl/certs/ca-yunohost_crt.pem sudo update-ca-certificates fi if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then sudo openssl req -new -config $ssl_dir/openssl.cnf \ -days 730 -out $ssl_dir/certs/yunohost_csr.pem \ -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 2>&1 sudo openssl ca -config $ssl_dir/openssl.cnf \ -days 730 -in $ssl_dir/certs/yunohost_csr.pem \ -out $ssl_dir/certs/yunohost_crt.pem -batch 2>&1 last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1) sudo chmod 640 $ssl_dir/certs/yunohost_key.pem sudo chmod 640 $last_cert sudo cp $ssl_dir/certs/yunohost_key.pem \ /etc/yunohost/certs/yunohost.org/key.pem sudo cp $last_cert \ /etc/yunohost/certs/yunohost.org/crt.pem sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \ /etc/ssl/certs/yunohost_crt.pem sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \ /etc/ssl/private/yunohost_key.pem fi } FORCE=$2 case "$1" in pre) do_pre_regen $3 ;; post) do_post_regen $3 ;; *) echo "hook called with unknown argument \`$1'" >&2 exit 1 ;; esac exit 0