summaryrefslogtreecommitdiffstats
path: root/dehydrated
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-11-22 11:59:36 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-11-22 14:15:30 +0000
commit5f4feffcccc67c02c5d4cfa59d8cab90e01d24f2 (patch)
treea9acd2eff7786e0e7d768ea0d50a99e7d2d9e9ec /dehydrated
parentUsing shortnames for extra certificates in dehydrated extra hooks. (diff)
downloadservice-tools-5f4feffcccc67c02c5d4cfa59d8cab90e01d24f2.tar.xz
service-tools-5f4feffcccc67c02c5d4cfa59d8cab90e01d24f2.zip
Adding dehydrated hook to cleanup extra files.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rwxr-xr-xdehydrated/share/hooks/exit_hook.extra-cleanup77
1 files changed, 77 insertions, 0 deletions
diff --git a/dehydrated/share/hooks/exit_hook.extra-cleanup b/dehydrated/share/hooks/exit_hook.extra-cleanup
new file mode 100755
index 0000000..59e203e
--- /dev/null
+++ b/dehydrated/share/hooks/exit_hook.extra-cleanup
@@ -0,0 +1,77 @@
+#!/bin/sh
+
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+echo -n " + Cleanup extra certificate files..."
+
+for EXTRA in root intermediate fullchain_privkey privkey_fullchain
+do
+ for CERTIFICATE in "${CERTDIR}"/*/
+ do
+ if ! ls "${CERTIFICATE}"/${EXTRA}*.pem > /dev/null 2>&1
+ then
+ continue
+ fi
+
+ SYMLINK="${CERTIFICATE}/${EXTRA}.pem"
+ ORIGINAL="$(readlink -f "${SYMLINK}")"
+
+ if [ -e "${SYMLINK}" ] && [ ! -e "${ORIGINAL}" ]
+ then
+ # remove dangling symlink
+ rm -f "${SYMLINK}"
+ fi
+
+ if [ -e "${SYMLINK}.ocsp" ] && [ ! -e "${ORIGINAL}.ocsp" ]
+ then
+ # remove dangling symlink
+ rm -f "${SYMLINK}.ocsp"
+ fi
+
+ if [ -e "${SYMLINK}" ]
+ then
+ for FILE in "${CERTIFICATE}/${EXTRA}"-[0-9]*.pem
+ do
+ case "$(basename "${FILE}")" in
+ "$(basename "${ORIGINAL}")")
+ continue
+ ;;
+
+ *)
+ # archive unused files
+ ARCHIVE="${BASEDIR}/archive/$(basename "${CERTIFICATE}")"
+ mkdir -p "${ARCHIVE}"
+
+ mv "${FILE}" "${ARCHIVE}"
+
+ if [ -e "${FILE}.ocsp" ]
+ then
+ mv "${FILE}.ocsp" "${ARCHIVE}"
+ fi
+ ;;
+ esac
+ done
+ fi
+ done
+done
+
+echo " done."