YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity
yunohost/data/hooks/conf_regen/02-ssl

75 lines
2.1 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
set -e
ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
do_pre_regen() {
pending_dir=$1
cd /usr/share/yunohost/templates/ssl
install -D openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf"
}
do_post_regen() {
regen_conf_files=$1
sudo mkdir -p "/etc/yunohost/certs/yunohost.org"
sudo mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
[[ -f "${ssl_dir}/serial" ]] \
|| (echo "00" | sudo tee "${ssl_dir}/serial")
[[ -f "${ssl_dir}/index.txt" ]] \
|| sudo touch "${ssl_dir}/index.txt"
if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then
sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
-days 3650 -out $ssl_dir/ca/cacert.pem \
-keyout $ssl_dir/ca/cakey.pem -nodes -batch 2>&1
sudo cp $ssl_dir/ca/cacert.pem \
/etc/yunohost/certs/yunohost.org/ca.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
/etc/ssl/certs/ca-yunohost_crt.pem
sudo update-ca-certificates
fi
if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then
sudo openssl req -new -config $ssl_dir/openssl.cnf \
-days 730 -out $ssl_dir/certs/yunohost_csr.pem \
-keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 2>&1
sudo openssl ca -config $ssl_dir/openssl.cnf \
-days 730 -in $ssl_dir/certs/yunohost_csr.pem \
-out $ssl_dir/certs/yunohost_crt.pem -batch 2>&1
last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
sudo chmod 640 $last_cert
sudo cp $ssl_dir/certs/yunohost_key.pem \
/etc/yunohost/certs/yunohost.org/key.pem
sudo cp $last_cert \
/etc/yunohost/certs/yunohost.org/crt.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
/etc/ssl/certs/yunohost_crt.pem
sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
/etc/ssl/private/yunohost_key.pem
fi
}
FORCE=$2
case "$1" in
pre)
do_pre_regen $3
;;
post)
do_post_regen $3
;;
*)
echo "hook called with unknown argument \`$1'" >&2
exit 1
;;
esac
exit 0
Reference in a new issue View git blame Copy permalink