[SSPS] slx-cert: Fix handling missing/outdated packed certificate

1 files changed, 6 insertions, 2 deletions

diff --git a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
index 109a6c1..e25e3d7 100755
--- a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
+++ b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
@@ -86,6 +86,7 @@ create_conf () {
 	MYCA
 }
 
+latest_ca_file=
 ca_last=
 for i in "${PRIV}"/ca-??????????.key; do
 	[ -s "$i" ] || continue
@@ -99,6 +100,7 @@ for i in "${PRIV}"/ca-??????????.key; do
 		continue
 	fi
 	ca_last="$ts"
+	latest_ca_file="${CERT}/ca-${ts}.crt"
 done
 
 mknew=
@@ -128,7 +130,9 @@ if [ -z "$ca_last" ] || (( NOW + ca_min_remain_s > ca_last )); then
 	rm -rf -- "$ca_dir" "$csr"
 fi
 
-if [ -n "$mknew" ]; then
+
+if [ -n "$mknew" ] || ! [ -s "/opt/openslx/configs/modules/self-signed-ca.tar" ] \
+		|| [ "/opt/openslx/configs/modules/self-signed-ca.tar" -ot "$latest_ca_file" ]; then
 	# Rebuild config module for clients
 	echo "Updating client config module..."
 	(
@@ -138,7 +142,7 @@ if [ -n "$mknew" ]; then
 		openssl rehash .
 		tar -c -k -f "/opt/openslx/configs/modules/self-signed-ca.tar" \
 			--transform 's#^[./][./]*#/opt/openslx/ssl/#' .
-		cd /tmp
+		cd /tmp || exit 7
 		rm -rf -- "$tmpdir"
 		sudo -u www-data -n php /srv/openslx/www/slx-admin/api.php sysconfig --action rebuild
 		echo "."