From 1169c84ac66f4c75c51e2525c5e55ce77bbe792d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 18 Jun 2021 14:32:04 +0200 Subject: [SSPS] slx-cert: Fix handling missing/outdated packed certificate --- satellit_installer/static_files/lighttpd/opt/openslx/slx-cert | 8 ++++++-- .../static_files/slxadmin/srv/openslx/www/slx-admin/config.php | 4 +--- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'satellit_installer') diff --git a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert index 109a6c1..e25e3d7 100755 --- a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert +++ b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert @@ -86,6 +86,7 @@ create_conf () { MYCA } +latest_ca_file= ca_last= for i in "${PRIV}"/ca-??????????.key; do [ -s "$i" ] || continue @@ -99,6 +100,7 @@ for i in "${PRIV}"/ca-??????????.key; do continue fi ca_last="$ts" + latest_ca_file="${CERT}/ca-${ts}.crt" done mknew= @@ -128,7 +130,9 @@ if [ -z "$ca_last" ] || (( NOW + ca_min_remain_s > ca_last )); then rm -rf -- "$ca_dir" "$csr" fi -if [ -n "$mknew" ]; then + +if [ -n "$mknew" ] || ! [ -s "/opt/openslx/configs/modules/self-signed-ca.tar" ] \ + || [ "/opt/openslx/configs/modules/self-signed-ca.tar" -ot "$latest_ca_file" ]; then # Rebuild config module for clients echo "Updating client config module..." ( @@ -138,7 +142,7 @@ if [ -n "$mknew" ]; then openssl rehash . tar -c -k -f "/opt/openslx/configs/modules/self-signed-ca.tar" \ --transform 's#^[./][./]*#/opt/openslx/ssl/#' . - cd /tmp + cd /tmp || exit 7 rm -rf -- "$tmpdir" sudo -u www-data -n php /srv/openslx/www/slx-admin/api.php sysconfig --action rebuild echo "." diff --git a/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php b/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php index a239fef..c585f1b 100644 --- a/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php +++ b/satellit_installer/static_files/slxadmin/srv/openslx/www/slx-admin/config.php @@ -7,11 +7,9 @@ define('CONFIG_SESSION_DIR', '/tmp/openslx'); define('CONFIG_SESSION_TIMEOUT', 86400 * 3); // Put your mysql credentials here -define('CONFIG_SQL_DSN', 'mysql:dbname=openslx;host=localhost'); +define('CONFIG_SQL_DSN', 'mysql:dbname=openslx;host=localhost;charset=utf8mb4'); define('CONFIG_SQL_USER', 'openslx'); define('CONFIG_SQL_PASS', '%MYSQL_OPENSLX_PASS%'); -// Set this to true if you mysql server doesn't default to UTF-8 on new connections -define('CONFIG_SQL_FORCE_UTF8', false); define('CONFIG_TM_PASSWORD', '%TM_OPENSLX_PASS%'); -- cgit v1.2.3-55-g7522