diff options
Diffstat (limited to 'bin/exit_hook.slapd.sh')
-rwxr-xr-x | bin/exit_hook.slapd.sh | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/bin/exit_hook.slapd.sh b/bin/exit_hook.slapd.sh new file mode 100755 index 0000000..2cb74cf --- /dev/null +++ b/bin/exit_hook.slapd.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +set -e + +NAME="$(cat /etc/hostname)" +DEHYDRATED_PATH="/srv/${NAME}/dehydrated/certs/${NAME}" +SLAPD_CERT_PATH="/etc/crypto/tls" +CA_CHAIN_NAME="cachain" + +mkdir -p "${SLAPD_CERT_PATH}" +unset CHANGE + +if ! cmp -s "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem" +then + /usr/bin/cp "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem" + CHANGE=true +fi + +if ! cmp -s "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem" +then + /usr/bin/cp "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem" + CHANGE=true +fi + +if ! cmp -s "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key" +then + /usr/bin/cp "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key" + CHANGE=true +fi + +if ! cmp -s "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem" +then + /usr/bin/cp "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem" + CHANGE=true +fi + +if [ ! -z ${CHANGE} ] +then + chmod 0640 /etc/crypto/tls/${NAME}* + chgrp ssl-cert /etc/crypto/tls/${NAME}* + systemctl restart slapd.service +fi |