diff options
author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-11-22 13:24:32 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-11-22 14:13:43 +0000 |
commit | a2edcbefd4d935e89437f6f00184d6a688754553 (patch) | |
tree | f7f4ee52adfc8575816ae3c067e3ae22e2fb29af | |
parent | Using certdir variable in dehydrated hook instead of hardcoded path. (diff) | |
download | service-tools-a2edcbefd4d935e89437f6f00184d6a688754553.tar.xz service-tools-a2edcbefd4d935e89437f6f00184d6a688754553.zip |
Using shortnames for extra certificates in dehydrated extra hooks.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
-rwxr-xr-x | dehydrated/share/hooks/deploy_cert.extra | 33 | ||||
-rwxr-xr-x | dehydrated/share/hooks/deploy_ocsp.extra | 8 |
2 files changed, 19 insertions, 22 deletions
diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra index 47a8391..56ca2f4 100755 --- a/dehydrated/share/hooks/deploy_cert.extra +++ b/dehydrated/share/hooks/deploy_cert.extra @@ -21,32 +21,29 @@ set -e -echo " + Creating extra certificate files:" +echo -n " + Creating extra certificate files..." DIRECTORY="$(dirname "${CERTFILE}")" -echo -n " + root and intermediate CA:" - +# root and intermediate CA TMPFILE="$(mktemp -p "${DIRECTORY}" -u ca.XXXXXXXXXX)" grep -Ev '^$' "${CHAINFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}' -mv "${TMPFILE}00" "${DIRECTORY}/ca.intermediate-${TIMESTAMP}.pem" -ln -sf "${DIRECTORY}/ca.intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/ca.intermediate.pem" - -mv "${TMPFILE}01" "${DIRECTORY}/ca.root-${TIMESTAMP}.pem" -ln -sf "${DIRECTORY}/ca.root-${TIMESTAMP}.pem" "${DIRECTORY}/ca.root.pem" +mv "${TMPFILE}00" "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" +ln -sf "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem" -echo " done." +mv "${TMPFILE}01" "${DIRECTORY}/root-${TIMESTAMP}.pem" +ln -sf "${DIRECTORY}/root-${TIMESTAMP}.pem" "${DIRECTORY}/root.pem" -for EXTRA in fullchain-privkey privkey-fullchain +# extra certificate permutations: +# * privkey_fullchain.pem: postfix +for EXTRA in fullchain_privkey privkey_fullchain do - EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')" - - echo -n " + creating ${EXTRA1}-${EXTRA2}:" + EXTRA1="$(echo ${EXTRA} | awk -F_ '{ print $1 }')" + EXTRA2="$(echo ${EXTRA} | awk -F_ '{ print $2 }')" - cat "${DIRECTORY}/${EXTRA1}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem" - ln -sf "${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/cert.${EXTRA1}-${EXTRA2}.pem" - - echo " done." + cat "${DIRECTORY}/${EXTRA1}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem" + ln -sf "${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA1}_${EXTRA2}.pem" done + +echo " done." diff --git a/dehydrated/share/hooks/deploy_ocsp.extra b/dehydrated/share/hooks/deploy_ocsp.extra index 36d0302..35a13f6 100755 --- a/dehydrated/share/hooks/deploy_ocsp.extra +++ b/dehydrated/share/hooks/deploy_ocsp.extra @@ -26,12 +26,12 @@ echo " + Creating extra ocsp links..." DIRECTORY="$(dirname "${OCSPFILE}")" OCSP="$(readlink "${OCSPFILE}")" -for EXTRA in fullchain-privkey privkey-fullchain +for EXTRA in fullchain_privkey privkey_fullchain do - EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')" + EXTRA1="$(echo ${EXTRA} | awk -F_ '{ print $1 }')" + EXTRA2="$(echo ${EXTRA} | awk -F_ '{ print $2 }')" - ln -sf "${OCSP}" "${DIRECTORY}/cert.${EXTRA1}-${EXTRA2}.pem.ocsp" + ln -sf "${OCSP}" "${DIRECTORY}/${EXTRA1}_${EXTRA2}.pem.ocsp" done echo " done." |