yunohost/data/hooks/conf_regen/02-ssl
2015-10-01 18:37:36 -04:00

69 lines
2.1 KiB
Bash

#!/bin/bash
set -e
force=$1
function safe_copy () {
if [ ! -f /etc/yunohost/installed ]; then
sudo cp $1 $2
else
if [ $force ]; then
sudo yunohost service safecopy \
-s ssl $1 $2 --force
else
sudo yunohost service safecopy \
-s ssl $1 $2
fi
fi
}
cd /usr/share/yunohost/templates/ssl
ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
sudo mkdir -p /etc/yunohost/certs/yunohost.org
sudo mkdir -p $ssl_dir/{ca,certs,crl,newcerts}
safe_copy openssl.cnf $ssl_dir/openssl.cnf
if [ ! -f /etc/yunohost/installed ]; then
sudo rm -f $ssl_dir/index.txt
sudo touch $ssl_dir/index.txt
sudo rm -f $ssl_dir/serial
sudo rm -f /etc/yunohost/certs/yunohost.org/*
fi
if [ ! -f $ssl_dir/serial ]; then
echo "01" | sudo tee $ssl_dir/serial
fi
if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then
sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
-days 3650 -out $ssl_dir/ca/cacert.pem \
-keyout $ssl_dir/ca/cakey.pem -nodes -batch
fi
if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then
sudo openssl req -new -config $ssl_dir/openssl.cnf \
-days 730 -out $ssl_dir/certs/yunohost_csr.pem \
-keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch
sudo openssl ca -config $ssl_dir/openssl.cnf \
-days 730 -in $ssl_dir/certs/yunohost_csr.pem \
-out $ssl_dir/certs/yunohost_crt.pem -batch
sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
sudo chmod 640 $ssl_dir/newcerts/01.pem
sudo cp $ssl_dir/ca/cacert.pem \
/etc/yunohost/certs/yunohost.org/ca.pem
sudo cp $ssl_dir/certs/yunohost_key.pem \
/etc/yunohost/certs/yunohost.org/key.pem
sudo cp $ssl_dir/newcerts/01.pem \
/etc/yunohost/certs/yunohost.org/crt.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
/etc/ssl/certs/yunohost_crt.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
/etc/ssl/private/yunohost_key.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
/etc/ssl/certs/ca-yunohost_crt.pem
sudo update-ca-certificates
fi