Commit c5e0d9c0 authored by HgO's avatar HgO
Browse files

Merge branch 'hotfix-renew-cert-cn-certificates' into 'stable'

Hotfix renew-cert CN certificates

Closes #20

See merge request !30
parents 0c6fc658 cb9845f7
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
"en": "Auto renewal for the Neutrinet vpn-certificates", "en": "Auto renewal for the Neutrinet vpn-certificates",
"fr": "Renouvellement automatique des certificats vpn Neutrinet" "fr": "Renouvellement automatique des certificats vpn Neutrinet"
}, },
"version": "0.3.0~ynh5", "version": "0.3.1~ynh1",
"license": "GPL-3+", "license": "GPL-3+",
"maintainer": { "maintainer": {
"name": "ilja", "name": "ilja",
......
...@@ -110,7 +110,7 @@ ynh_systemd_action nginx reload ...@@ -110,7 +110,7 @@ ynh_systemd_action nginx reload
# INSTALL RENEW CERT # INSTALL RENEW CERT
#================================================= #=================================================
renew_cert_repo="https://github.com/neutrinet/renew_cert" renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1) renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert" renew_cert_path="$opt_path/renew_cert"
renew_cert_cron_script="renew_cert_cron.sh" renew_cert_cron_script="renew_cert_cron.sh"
...@@ -139,7 +139,7 @@ ynh_script_progression "Setting up cron job for certificate renewal…" ...@@ -139,7 +139,7 @@ ynh_script_progression "Setting up cron job for certificate renewal…"
cat <<EOF > /etc/cron.daily/$app-renew-cert cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash #!/bin/bash
cd $renew_cert_path cd $renew_cert_path
$renew_cert_path/$renew_cert_cron_script $renew_cert_path/$renew_cert_cron_script -q
EOF EOF
chown root:root /etc/cron.daily/$app-renew-cert chown root:root /etc/cron.daily/$app-renew-cert
......
...@@ -26,14 +26,6 @@ then ...@@ -26,14 +26,6 @@ then
fi fi
RENEW_CERT_SCRIPT="${RENEW_CERT_PATH}/renew.py" RENEW_CERT_SCRIPT="${RENEW_CERT_PATH}/renew.py"
DEBUG=false
while getopts "v" opt
do
case $opt in
v) DEBUG=true;;
esac
done
if [[ -f $OPENVPN_CREDENTIALS_FILE ]] if [[ -f $OPENVPN_CREDENTIALS_FILE ]]
then then
credentials_file=$OPENVPN_CREDENTIALS_FILE credentials_file=$OPENVPN_CREDENTIALS_FILE
...@@ -50,30 +42,17 @@ password=$(tail -n 1 "$credentials_file") ...@@ -50,30 +42,17 @@ password=$(tail -n 1 "$credentials_file")
run_date=$(date +'%Y-%m-%d_%H:%M:%S') run_date=$(date +'%Y-%m-%d_%H:%M:%S')
renew_dir="certs_$run_date" renew_dir="certs_$run_date"
renew_params="$@"
if $DEBUG $RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" $renew_params
then
$RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" -v
else
# Keep the logs for later. We will print them only if the certificates are being renewed.
renew_cert_logs=$($RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir")
fi
if [[ ! -d $renew_dir || ! -f $renew_dir/ca.crt || ! -f $renew_dir/client.crt || ! -f $renew_dir/client.key ]] if [[ ! -d $renew_dir || ! -f $renew_dir/ca.crt || ! -f $renew_dir/client.crt || ! -f $renew_dir/client.key ]]
then then
if $DEBUG
then
echo "Cleaning $renew_dir directory."
fi
rm -rf "$renew_dir" rm -rf "$renew_dir"
exit 0 exit 0
fi fi
if [[ -n $renew_cert_logs ]] echo "VPN certificate renewed!"
then
echo "$renew_cert_logs"
fi
echo "Saving old OpenVPN config" echo "Saving old OpenVPN config"
cp -r $OPENVPN_CONF_DIR{,.old_${run_date}} cp -r $OPENVPN_CONF_DIR{,.old_${run_date}}
...@@ -87,6 +66,7 @@ cp "$renew_dir/client.key" "$OPENVPN_USER_KEY" ...@@ -87,6 +66,7 @@ cp "$renew_dir/client.key" "$OPENVPN_USER_KEY"
echo "Adding user credentials" echo "Adding user credentials"
echo -e "$login\n$password" > "$OPENVPN_CREDENTIALS_FILE" echo -e "$login\n$password" > "$OPENVPN_CREDENTIALS_FILE"
chmod 0600 "$OPENVPN_CREDENTIALS_FILE"
echo "Updating VPNClient config" echo "Updating VPNClient config"
yunohost app setting vpnclient server_name -v "vpn.neutrinet.be" yunohost app setting vpnclient server_name -v "vpn.neutrinet.be"
......
...@@ -143,7 +143,7 @@ ynh_systemd_action nginx reload ...@@ -143,7 +143,7 @@ ynh_systemd_action nginx reload
ynh_script_progression "Installing automatic VPN certificate renewal..." ynh_script_progression "Installing automatic VPN certificate renewal..."
renew_cert_repo="https://github.com/neutrinet/renew_cert" renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1) renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert" renew_cert_path="$opt_path/renew_cert"
renew_cert_cron_script="renew_cert_cron.sh" renew_cert_cron_script="renew_cert_cron.sh"
...@@ -151,6 +151,7 @@ renew_cert_cron_script="renew_cert_cron.sh" ...@@ -151,6 +151,7 @@ renew_cert_cron_script="renew_cert_cron.sh"
if [[ ! -e $renew_cert_path ]]; then if [[ ! -e $renew_cert_path ]]; then
git clone $renew_cert_repo $renew_cert_path git clone $renew_cert_repo $renew_cert_path
else else
git -C $renew_cert_path remote set-url origin $renew_cert_repo
git -C $renew_cert_path fetch -t git -C $renew_cert_path fetch -t
fi fi
...@@ -175,7 +176,7 @@ ynh_script_progression "Setting up cron job for renewal..." ...@@ -175,7 +176,7 @@ ynh_script_progression "Setting up cron job for renewal..."
cat <<EOF > /etc/cron.daily/$app-renew-cert cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash #!/bin/bash
cd $renew_cert_path cd $renew_cert_path
$renew_cert_path/$renew_cert_cron_script $renew_cert_path/$renew_cert_cron_script -q
EOF EOF
chown root:root /etc/cron.daily/$app-renew-cert chown root:root /etc/cron.daily/$app-renew-cert
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment