Reworking chrony workaround (#1013882) now that we know it's going to be permanent.

Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>

1 files changed, 4 insertions, 11 deletions

diff --git a/dehydrated/share/hooks/exit_hook.zz-chrony b/dehydrated/share/hooks/deploy_cert.chrony
index 13a7e9a..9bccf75 100755
--- a/dehydrated/share/hooks/exit_hook.zz-chrony
+++ b/dehydrated/share/hooks/deploy_cert.chrony
@@ -21,22 +21,15 @@
 
 set -e
 
-if grep -r -qs -E '^ntsserver(cert|key)' /etc/chrony
+if grep -Eqrs '^ *ntsservercert' /etc/chrony
 then
-	echo -n "   + chrony (workaround):"
-
 	# https://bugs.debian.org/1013882
-	HOST="$(cat /etc/hostname)"
+	echo -n " + Copying certificate for chrony..."
 
-	cp -L "/var/lib/dehydrated/certs/${HOST}/fullchain.pem" /etc/chrony/cert.pem
-	cp -L "/var/lib/dehydrated/certs/${HOST}/privkey.pem" /etc/chrony/key.pem
+	cp -fL "${FULLCHAINFILE}" /etc/chrony/cert.pem
+	cp -fL "${KEYFILE}" /etc/chrony/key.pem
 
 	chown _chrony:_chrony /etc/chrony/cert.pem /etc/chrony/key.pem
 
-	if service chrony status > /dev/null 2>&1
-	then
-		service chrony restart
-	fi
-
 	echo " done."
 fi