summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2021-05-27 17:15:36 +0200
committerSimon Rettberg2021-05-27 17:15:36 +0200
commitb326c47857f51aba9b3660d81e82940589040212 (patch)
tree5bd89eadb414802b9a4aa6b2ab66f1fc7d7905b2
parent[SSPS] Turn lists into sorted one-per-line lists (diff)
downloadsetup-scripts-b326c47857f51aba9b3660d81e82940589040212.tar.gz
setup-scripts-b326c47857f51aba9b3660d81e82940589040212.tar.xz
setup-scripts-b326c47857f51aba9b3660d81e82940589040212.zip
[SSPS] slx-cert: Don't mess everything up if process gets interruptedv3.10
Diffstat
-rwxr-xr-xsatellit_installer/static_files/lighttpd/opt/openslx/slx-cert17
1 files changed, 10 insertions, 7 deletions
diff --git a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
index 3f5cc3e..109a6c1 100755
--- a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
+++ b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
@@ -88,11 +88,14 @@ create_conf () {
ca_last=
for i in "${PRIV}"/ca-??????????.key; do
- [ -f "$i" ] || continue
+ [ -s "$i" ] || continue
get_ts "$i"
- if ! [ -f "${CERT}/ca-${ts}.crt" ] || (( ts < NOW )); then
+ if ! [ -s "${CERT}/ca-${ts}.crt" ] \
+ || ! [ -s "${CERT}/intermediate-${ts}.crt" ] \
+ || ! [ -s "${PRIV}/intermediate.key" ] \
+ || (( ts < NOW )); then
# Missing cert, or expired -> delete
- rm -f -- "${CERT}/ca-${ts}.crt" "${PRIV}/ca-${ts}.key"
+ rm -f -- "${CERT}/ca-${ts}.crt" "${PRIV}/ca-${ts}.key" "${CERT}/intermediate-${ts}.crt"
continue
fi
ca_last="$ts"
@@ -111,7 +114,7 @@ if [ -z "$ca_last" ] || (( NOW + ca_min_remain_s > ca_last )); then
csr="$( mktemp /tmp/bwlp-XXXXXXX.csr )"
# Create request, CA:TRUE
echo "Generate intermediate key+CSR..."
- [ -f "${PRIV}/intermediate.key" ] || openssl genrsa -out "${PRIV}/intermediate.key" 4096
+ [ -s "${PRIV}/intermediate.key" ] || openssl genrsa -out "${PRIV}/intermediate.key" 4096
openssl req -new -key "${PRIV}/intermediate.key" \
-nodes -subj "/C=DE/ST=PewPew/L=HeyHey/O=bwLehrpool/CN=intermediate.bwlehrpool" \
-out "$csr" || exit 2
@@ -147,9 +150,9 @@ fi
declare -a srv_list
srv_list=()
for i in "${PRIV}"/srv-??????????.key; do
- [ -f "$i" ] || continue
+ [ -s "$i" ] || continue
get_ts "$i"
- if (( ts < NOW )) || ! [ -f "${CERT}/srv-${ts}.crt" ]; then
+ if (( ts < NOW )) || ! [ -s "${CERT}/srv-${ts}.crt" ]; then
rm -f -- "$i" "${CERT}/srv-${ts}.crt"
continue
fi
@@ -168,7 +171,7 @@ if [ -n "$mknew" ] || [ "${#srv_list[@]}" = 0 ] \
declare -a in_list
in_list=()
for i in "${CERT}"/intermediate-??????????.crt; do
- [ -f "$i" ] || continue
+ [ -s "$i" ] || continue
get_ts "$i"
if (( ts < NOW )); then
echo "Expired intermediate $i"
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-04 22:14:20 +0200