diff options
author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-11-22 11:59:36 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-11-22 14:15:30 +0000 |
commit | 5f4feffcccc67c02c5d4cfa59d8cab90e01d24f2 (patch) | |
tree | a9acd2eff7786e0e7d768ea0d50a99e7d2d9e9ec /dehydrated | |
parent | Using shortnames for extra certificates in dehydrated extra hooks. (diff) | |
download | service-tools-5f4feffcccc67c02c5d4cfa59d8cab90e01d24f2.tar.xz service-tools-5f4feffcccc67c02c5d4cfa59d8cab90e01d24f2.zip |
Adding dehydrated hook to cleanup extra files.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rwxr-xr-x | dehydrated/share/hooks/exit_hook.extra-cleanup | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/dehydrated/share/hooks/exit_hook.extra-cleanup b/dehydrated/share/hooks/exit_hook.extra-cleanup new file mode 100755 index 0000000..59e203e --- /dev/null +++ b/dehydrated/share/hooks/exit_hook.extra-cleanup @@ -0,0 +1,77 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +echo -n " + Cleanup extra certificate files..." + +for EXTRA in root intermediate fullchain_privkey privkey_fullchain +do + for CERTIFICATE in "${CERTDIR}"/*/ + do + if ! ls "${CERTIFICATE}"/${EXTRA}*.pem > /dev/null 2>&1 + then + continue + fi + + SYMLINK="${CERTIFICATE}/${EXTRA}.pem" + ORIGINAL="$(readlink -f "${SYMLINK}")" + + if [ -e "${SYMLINK}" ] && [ ! -e "${ORIGINAL}" ] + then + # remove dangling symlink + rm -f "${SYMLINK}" + fi + + if [ -e "${SYMLINK}.ocsp" ] && [ ! -e "${ORIGINAL}.ocsp" ] + then + # remove dangling symlink + rm -f "${SYMLINK}.ocsp" + fi + + if [ -e "${SYMLINK}" ] + then + for FILE in "${CERTIFICATE}/${EXTRA}"-[0-9]*.pem + do + case "$(basename "${FILE}")" in + "$(basename "${ORIGINAL}")") + continue + ;; + + *) + # archive unused files + ARCHIVE="${BASEDIR}/archive/$(basename "${CERTIFICATE}")" + mkdir -p "${ARCHIVE}" + + mv "${FILE}" "${ARCHIVE}" + + if [ -e "${FILE}.ocsp" ] + then + mv "${FILE}.ocsp" "${ARCHIVE}" + fi + ;; + esac + done + fi + done +done + +echo " done." |