[SSPS] slx-cert: Fix handling missing/outdated packed certificate

4 files changed, 9 insertions, 7 deletions

diff --git a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
index 109a6c1..e25e3d7 100755
--- a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
+++ b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
@@ -86,6 +86,7 @@ create_conf () {
 	MYCA
 }
 
+latest_ca_file=
 ca_last=
 for i in "${PRIV}"/ca-??????????.key; do
 	[ -s "$i" ] || continue
@@ -99,6 +100,7 @@ for i in "${PRIV}"/ca-??????????.key; do
 		continue
 	fi
 	ca_last="$ts"
+	latest_ca_file="${CERT}/ca-${ts}.crt"
 done
 
 mknew=
@@ -128,7 +130,9 @@ if [ -z "$ca_last" ] || (( NOW + ca_min_remain_s > ca_last )); then
 	rm -rf -- "$ca_dir" "$csr"
 fi
 
-if [ -n "$mknew" ]; then
+
+if [ -n "$mknew" ] || ! [ -s "/opt/openslx/configs/modules/self-signed-ca.tar" ] \
+		|| [ "/opt/openslx/configs/modules/self-signed-ca.tar" -ot "$latest_ca_file" ]; then
 	# Rebuild config module for clients
 	echo "Updating client config module..."
 	(
@@ -138,7 +142,7 @@ if [ -n "$mknew" ]; then
 		openssl rehash .
 		tar -c -k -f "/opt/openslx/configs/modules/self-signed-ca.tar" \
 			--transform 's#^[./][./]*#/opt/openslx/ssl/#' .
-		cd /tmp
+		cd /tmp || exit 7
 		rm -rf -- "$tmpdir"
 		sudo -u www-data -n php /srv/openslx/www/slx-admin/api.php sysconfig --action rebuild
 		echo "."
diff --git a/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php b/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php
index a239fef..c585f1b 100644
--- a/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php
+++ b/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php
@@ -7,11 +7,9 @@ define('CONFIG_SESSION_DIR', '/tmp/openslx');
 define('CONFIG_SESSION_TIMEOUT', 86400 * 3);
 
 // Put your mysql credentials here
-define('CONFIG_SQL_DSN', 'mysql:dbname=openslx;host=localhost');
+define('CONFIG_SQL_DSN', 'mysql:dbname=openslx;host=localhost;charset=utf8mb4');
 define('CONFIG_SQL_USER', 'openslx');
 define('CONFIG_SQL_PASS', '%MYSQL_OPENSLX_PASS%');
-// Set this to true if you mysql server doesn't default to UTF-8 on new connections
-define('CONFIG_SQL_FORCE_UTF8', false);
 
 define('CONFIG_TM_PASSWORD', '%TM_OPENSLX_PASS%');
 
diff --git a/satellit_upgrader/pack-update.sh b/satellit_upgrader/pack-update.sh
index b23aaa7..ac60a89 100755
--- a/satellit_upgrader/pack-update.sh
+++ b/satellit_upgrader/pack-update.sh
@@ -122,7 +122,7 @@ while true; do
 done
 
 [ -z "$VERSION" ] && perror "No --version given"
-[[ "$VERSION" =~ ^v[0-9]\.[0-9][a-z]?$ ]] || echo "${RED}Warn${RESET}: Version format is not vX.X(y)"
+[[ "$VERSION" =~ ^v[0-9]\.[0-9]+[a-z]?$ ]] || echo "${RED}Warn${RESET}: Version format is not vX.X(y)"
 
 # Prepare source directory
 declare -rg SRCDIR=$1
diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh
index 11a2213..77090de 100644
--- a/satellit_upgrader/updater.template.sh
+++ b/satellit_upgrader/updater.template.sh
@@ -83,7 +83,7 @@ extractfield () {
 
 # ** Wrap mysql command line client so we're always using the deb-sys-maint credentials
 mysql () {
-	"$(which mysql)" --defaults-extra-file=/etc/mysql/debian.cnf --default-character-set=utf8 "$@"
+	"$(which mysql)" --defaults-extra-file=/etc/mysql/debian.cnf --default-character-set=utf8mb4 "$@"
 }
 
 generate_password() {