From 70dcab41f492b515a73241cfe5628d73e3ae3c18 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 3 Dec 2020 14:29:11 +0100
Subject: [SSPS] slx-cert: Include hashed links with config.tgz

---
 satellit_installer/static_files/slx-cert | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/satellit_installer/static_files/slx-cert b/satellit_installer/static_files/slx-cert
index 2d83b3b..51dde1b 100755
--- a/satellit_installer/static_files/slx-cert
+++ b/satellit_installer/static_files/slx-cert
@@ -128,10 +128,18 @@ fi
 if [ -n "$mknew" ]; then
 	# Rebuild config module for clients
 	echo "Updating client config module..."
-	tar -c -k -f "/opt/openslx/configs/modules/self-signed-ca.tar" \
-		--transform 's#^.*/ca-#/opt/openslx/ssl/sat-ca-#' "${CERT}/"ca-*.crt
-	sudo -u www-data -n php /srv/openslx/www/slx-admin/api.php sysconfig --action rebuild
-	echo "."
+	(
+		tmpdir="$( mktemp -d '/tmp/bwlp-XXXXXXX' )"
+		cp -a "${CERT}/"ca-*.crt "$tmpdir/"
+		cd "$tmpdir/" || exit 6
+		openssl rehash .
+		tar -c -k -f "/opt/openslx/configs/modules/self-signed-ca.tar" \
+			--transform 's#^[./][./]*#/opt/openslx/ssl/#' .
+		cd /tmp
+		rm -rf -- "$tmpdir"
+		sudo -u www-data -n php /srv/openslx/www/slx-admin/api.php sysconfig --action rebuild
+		echo "."
+	)
 fi
 
 # Now check the server certificate
-- 
cgit v1.2.3-55-g7522