Merge branch 'hotfix-renew-cert-cn-certificates' into 'stable'

Hotfix renew-cert CN certificates

Closes #20

See merge request !30

manifest.json

@@ -5,7 +5,7 @@
         "en": "Auto renewal for the Neutrinet vpn-certificates",
         "fr": "Renouvellement automatique des certificats vpn Neutrinet"
     },
-    "version": "0.3.0~ynh5",
+    "version": "0.3.1~ynh1",
     "license": "GPL-3+",
     "maintainer": {
         "name": "ilja",

scripts/install

@@ -110,7 +110,7 @@ ynh_systemd_action nginx reload
 # INSTALL RENEW CERT
 #=================================================
 
-renew_cert_repo="https://github.com/neutrinet/renew_cert"
+renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
 renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
 renew_cert_path="$opt_path/renew_cert"
 renew_cert_cron_script="renew_cert_cron.sh"
@@ -139,7 +139,7 @@ ynh_script_progression "Setting up cron job for certificate renewal…"
 cat <<EOF > /etc/cron.daily/$app-renew-cert
 #!/bin/bash
 cd $renew_cert_path
-$renew_cert_path/$renew_cert_cron_script
+$renew_cert_path/$renew_cert_cron_script -q
 EOF
 
 chown root:root /etc/cron.daily/$app-renew-cert

scripts/renew_cert_cron.sh

@@ -26,14 +26,6 @@ then
 fi
 RENEW_CERT_SCRIPT="${RENEW_CERT_PATH}/renew.py"
 
-DEBUG=false
-while getopts "v" opt
-do
-  case $opt in
-    v) DEBUG=true;;
-  esac
-done
-
 if [[ -f $OPENVPN_CREDENTIALS_FILE ]]
 then
   credentials_file=$OPENVPN_CREDENTIALS_FILE
@@ -50,30 +42,17 @@ password=$(tail -n 1 "$credentials_file")
 
 run_date=$(date +'%Y-%m-%d_%H:%M:%S')
 renew_dir="certs_$run_date"
+renew_params="$@"
 
-if $DEBUG
-then
-  $RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" -v
-else
-  # Keep the logs for later. We will print them only if the certificates are being renewed.
-  renew_cert_logs=$($RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir")
-fi
+$RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" $renew_params
 
 if [[ ! -d $renew_dir || ! -f $renew_dir/ca.crt || ! -f $renew_dir/client.crt || ! -f $renew_dir/client.key ]]
 then
-  if $DEBUG
-  then
-    echo "Cleaning $renew_dir directory."
-  fi
   rm -rf "$renew_dir"
   exit 0
 fi
 
-if [[ -n $renew_cert_logs ]]
-then
-  echo "$renew_cert_logs"
-fi
-
+echo "VPN certificate renewed!"
 echo "Saving old OpenVPN config"
 cp -r $OPENVPN_CONF_DIR{,.old_${run_date}}
 
@@ -87,6 +66,7 @@ cp "$renew_dir/client.key" "$OPENVPN_USER_KEY"
 
 echo "Adding user credentials"
 echo -e "$login\n$password" > "$OPENVPN_CREDENTIALS_FILE"
+chmod 0600 "$OPENVPN_CREDENTIALS_FILE"
 
 echo "Updating VPNClient config"
 yunohost app setting vpnclient server_name -v "vpn.neutrinet.be"

scripts/upgrade

@@ -143,7 +143,7 @@ ynh_systemd_action nginx reload
 
 ynh_script_progression "Installing automatic VPN certificate renewal..."
 
-renew_cert_repo="https://github.com/neutrinet/renew_cert"
+renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
 renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
 renew_cert_path="$opt_path/renew_cert"
 renew_cert_cron_script="renew_cert_cron.sh"
@@ -151,6 +151,7 @@ renew_cert_cron_script="renew_cert_cron.sh"
 if [[ ! -e $renew_cert_path ]]; then
   git clone $renew_cert_repo $renew_cert_path
 else
+  git -C $renew_cert_path remote set-url origin $renew_cert_repo
   git -C $renew_cert_path fetch -t
 fi
 
@@ -175,7 +176,7 @@ ynh_script_progression "Setting up cron job for renewal..."
 cat <<EOF > /etc/cron.daily/$app-renew-cert
 #!/bin/bash
 cd $renew_cert_path
-$renew_cert_path/$renew_cert_cron_script
+$renew_cert_path/$renew_cert_cron_script -q
 EOF
 
 chown root:root /etc/cron.daily/$app-renew-cert