From 453cc058d9ee6d7cb47529d99061216e72149a5f Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 9 May 2021 06:21:55 +0200
Subject: Adding bin.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 bin/exit_hook.slapd.sh | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100755 bin/exit_hook.slapd.sh

(limited to 'bin/exit_hook.slapd.sh')

diff --git a/bin/exit_hook.slapd.sh b/bin/exit_hook.slapd.sh
new file mode 100755
index 0000000..2cb74cf
--- /dev/null
+++ b/bin/exit_hook.slapd.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+NAME="$(cat /etc/hostname)"
+DEHYDRATED_PATH="/srv/${NAME}/dehydrated/certs/${NAME}"
+SLAPD_CERT_PATH="/etc/crypto/tls"
+CA_CHAIN_NAME="cachain"
+
+mkdir -p "${SLAPD_CERT_PATH}"
+unset CHANGE
+
+if ! cmp -s "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem"
+then
+	/usr/bin/cp "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem"
+	CHANGE=true
+fi
+
+if ! cmp -s "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem"
+then
+	/usr/bin/cp "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem"
+	CHANGE=true
+fi
+
+if ! cmp -s "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key"
+then
+	/usr/bin/cp "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key"
+	CHANGE=true
+fi
+
+if ! cmp -s "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem"
+then
+	/usr/bin/cp "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem"
+	CHANGE=true
+fi
+
+if [ ! -z ${CHANGE} ]
+then
+	chmod 0640 /etc/crypto/tls/${NAME}*
+	chgrp ssl-cert /etc/crypto/tls/${NAME}*
+	systemctl restart slapd.service
+fi
-- 
cgit v1.2.3