Commit c5e0d9c0 authored by HgO's avatar HgO

Merge branch 'hotfix-renew-cert-cn-certificates' into 'stable'

Hotfix renew-cert CN certificates

Closes #20

See merge request !30
parents 0c6fc658 cb9845f7
......@@ -5,7 +5,7 @@
"en": "Auto renewal for the Neutrinet vpn-certificates",
"fr": "Renouvellement automatique des certificats vpn Neutrinet"
},
"version": "0.3.0~ynh5",
"version": "0.3.1~ynh1",
"license": "GPL-3+",
"maintainer": {
"name": "ilja",
......
......@@ -110,7 +110,7 @@ ynh_systemd_action nginx reload
# INSTALL RENEW CERT
#=================================================
renew_cert_repo="https://github.com/neutrinet/renew_cert"
renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert"
renew_cert_cron_script="renew_cert_cron.sh"
......@@ -139,7 +139,7 @@ ynh_script_progression "Setting up cron job for certificate renewal…"
cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash
cd $renew_cert_path
$renew_cert_path/$renew_cert_cron_script
$renew_cert_path/$renew_cert_cron_script -q
EOF
chown root:root /etc/cron.daily/$app-renew-cert
......
......@@ -26,14 +26,6 @@ then
fi
RENEW_CERT_SCRIPT="${RENEW_CERT_PATH}/renew.py"
DEBUG=false
while getopts "v" opt
do
case $opt in
v) DEBUG=true;;
esac
done
if [[ -f $OPENVPN_CREDENTIALS_FILE ]]
then
credentials_file=$OPENVPN_CREDENTIALS_FILE
......@@ -50,30 +42,17 @@ password=$(tail -n 1 "$credentials_file")
run_date=$(date +'%Y-%m-%d_%H:%M:%S')
renew_dir="certs_$run_date"
renew_params="$@"
if $DEBUG
then
$RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" -v
else
# Keep the logs for later. We will print them only if the certificates are being renewed.
renew_cert_logs=$($RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir")
fi
$RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" $renew_params
if [[ ! -d $renew_dir || ! -f $renew_dir/ca.crt || ! -f $renew_dir/client.crt || ! -f $renew_dir/client.key ]]
then
if $DEBUG
then
echo "Cleaning $renew_dir directory."
fi
rm -rf "$renew_dir"
exit 0
fi
if [[ -n $renew_cert_logs ]]
then
echo "$renew_cert_logs"
fi
echo "VPN certificate renewed!"
echo "Saving old OpenVPN config"
cp -r $OPENVPN_CONF_DIR{,.old_${run_date}}
......@@ -87,6 +66,7 @@ cp "$renew_dir/client.key" "$OPENVPN_USER_KEY"
echo "Adding user credentials"
echo -e "$login\n$password" > "$OPENVPN_CREDENTIALS_FILE"
chmod 0600 "$OPENVPN_CREDENTIALS_FILE"
echo "Updating VPNClient config"
yunohost app setting vpnclient server_name -v "vpn.neutrinet.be"
......
......@@ -143,7 +143,7 @@ ynh_systemd_action nginx reload
ynh_script_progression "Installing automatic VPN certificate renewal..."
renew_cert_repo="https://github.com/neutrinet/renew_cert"
renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert"
renew_cert_cron_script="renew_cert_cron.sh"
......@@ -151,6 +151,7 @@ renew_cert_cron_script="renew_cert_cron.sh"
if [[ ! -e $renew_cert_path ]]; then
git clone $renew_cert_repo $renew_cert_path
else
git -C $renew_cert_path remote set-url origin $renew_cert_repo
git -C $renew_cert_path fetch -t
fi
......@@ -175,7 +176,7 @@ ynh_script_progression "Setting up cron job for renewal..."
cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash
cd $renew_cert_path
$renew_cert_path/$renew_cert_cron_script
$renew_cert_path/$renew_cert_cron_script -q
EOF
chown root:root /etc/cron.daily/$app-renew-cert
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment