summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-11-22 13:24:32 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-11-22 14:13:43 +0000
commita2edcbefd4d935e89437f6f00184d6a688754553 (patch)
treef7f4ee52adfc8575816ae3c067e3ae22e2fb29af
parentUsing certdir variable in dehydrated hook instead of hardcoded path. (diff)
downloadservice-tools-a2edcbefd4d935e89437f6f00184d6a688754553.tar.xz
service-tools-a2edcbefd4d935e89437f6f00184d6a688754553.zip
Using shortnames for extra certificates in dehydrated extra hooks.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
-rwxr-xr-xdehydrated/share/hooks/deploy_cert.extra33
-rwxr-xr-xdehydrated/share/hooks/deploy_ocsp.extra8
2 files changed, 19 insertions, 22 deletions
diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra
index 47a8391..56ca2f4 100755
--- a/dehydrated/share/hooks/deploy_cert.extra
+++ b/dehydrated/share/hooks/deploy_cert.extra
@@ -21,32 +21,29 @@
set -e
-echo " + Creating extra certificate files:"
+echo -n " + Creating extra certificate files..."
DIRECTORY="$(dirname "${CERTFILE}")"
-echo -n " + root and intermediate CA:"
-
+# root and intermediate CA
TMPFILE="$(mktemp -p "${DIRECTORY}" -u ca.XXXXXXXXXX)"
grep -Ev '^$' "${CHAINFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}'
-mv "${TMPFILE}00" "${DIRECTORY}/ca.intermediate-${TIMESTAMP}.pem"
-ln -sf "${DIRECTORY}/ca.intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/ca.intermediate.pem"
-
-mv "${TMPFILE}01" "${DIRECTORY}/ca.root-${TIMESTAMP}.pem"
-ln -sf "${DIRECTORY}/ca.root-${TIMESTAMP}.pem" "${DIRECTORY}/ca.root.pem"
+mv "${TMPFILE}00" "${DIRECTORY}/intermediate-${TIMESTAMP}.pem"
+ln -sf "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem"
-echo " done."
+mv "${TMPFILE}01" "${DIRECTORY}/root-${TIMESTAMP}.pem"
+ln -sf "${DIRECTORY}/root-${TIMESTAMP}.pem" "${DIRECTORY}/root.pem"
-for EXTRA in fullchain-privkey privkey-fullchain
+# extra certificate permutations:
+# * privkey_fullchain.pem: postfix
+for EXTRA in fullchain_privkey privkey_fullchain
do
- EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')"
- EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')"
-
- echo -n " + creating ${EXTRA1}-${EXTRA2}:"
+ EXTRA1="$(echo ${EXTRA} | awk -F_ '{ print $1 }')"
+ EXTRA2="$(echo ${EXTRA} | awk -F_ '{ print $2 }')"
- cat "${DIRECTORY}/${EXTRA1}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem"
- ln -sf "${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/cert.${EXTRA1}-${EXTRA2}.pem"
-
- echo " done."
+ cat "${DIRECTORY}/${EXTRA1}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem"
+ ln -sf "${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA1}_${EXTRA2}.pem"
done
+
+echo " done."
diff --git a/dehydrated/share/hooks/deploy_ocsp.extra b/dehydrated/share/hooks/deploy_ocsp.extra
index 36d0302..35a13f6 100755
--- a/dehydrated/share/hooks/deploy_ocsp.extra
+++ b/dehydrated/share/hooks/deploy_ocsp.extra
@@ -26,12 +26,12 @@ echo " + Creating extra ocsp links..."
DIRECTORY="$(dirname "${OCSPFILE}")"
OCSP="$(readlink "${OCSPFILE}")"
-for EXTRA in fullchain-privkey privkey-fullchain
+for EXTRA in fullchain_privkey privkey_fullchain
do
- EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')"
- EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')"
+ EXTRA1="$(echo ${EXTRA} | awk -F_ '{ print $1 }')"
+ EXTRA2="$(echo ${EXTRA} | awk -F_ '{ print $2 }')"
- ln -sf "${OCSP}" "${DIRECTORY}/cert.${EXTRA1}-${EXTRA2}.pem.ocsp"
+ ln -sf "${OCSP}" "${DIRECTORY}/${EXTRA1}_${EXTRA2}.pem.ocsp"
done
echo " done."