diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-06-19 05:43:04 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-06-19 05:43:04 +0000 |
| commit | 2c4977e589e3fa1c3c67e12bc516332e586ca8a0 (patch) | |
| tree | d1f80eb967144252f8476064fb8e26902f818c81 /dehydrated/share/hooks/deploy_cert.extra | |
| parent | Releasing debian version 20221224-1. (diff) | |
| download | open-infrastructure-service-tools-2c4977e589e3fa1c3c67e12bc516332e586ca8a0.tar.xz open-infrastructure-service-tools-2c4977e589e3fa1c3c67e12bc516332e586ca8a0.zip | |
Merging upstream version 20221225.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dehydrated/share/hooks/deploy_cert.extra')
| -rwxr-xr-x | dehydrated/share/hooks/deploy_cert.extra | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra index fd93fad..b0d8737 100755 --- a/dehydrated/share/hooks/deploy_cert.extra +++ b/dehydrated/share/hooks/deploy_cert.extra @@ -27,12 +27,14 @@ DIRECTORY="$(dirname "${CERTFILE}")" if [ "$(grep -c 'BEGIN CERTIFICATE' ${FULLCHAINFILE})" -ge 3 ] then - # - chain.pem: R3 | ISRG Root X1 - # - fullchain.pem: Certificate | R3 | ISRG Root X1 + # long chain: + # * chain.pem: (R3 | ISRG Root X1) + # * fullchain.pem: (Certificate | R3 | ISRG Root X1) CHAIN="long" else - # - chain.pem: R3 - # - fullchain.pem: Certificate | R3 + # short chain: + # * chain.pem: (R3) + # * fullchain.pem (Certificate | R3) CHAIN="short" fi @@ -53,7 +55,7 @@ case "${CHAIN}" in short) # intermediate (R3) - cp "${DIRECTORY}/chain-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" + grep -Ev '^$' "${DIRECTORY}/chain-${TIMESTAMP}.pem" > "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" ln -sf "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem" # root (ISRG Root X1) @@ -68,14 +70,19 @@ case "${CHAIN}" in esac # extra certificate permutations: -# * privkey_fullchain.pem: postfix -for EXTRA in fullchain_privkey privkey_fullchain +# * privkey_fullchain.pem: postfix +# * root_intermediate_cert.pem: redis + +for EXTRA in fullchain_privkey privkey_fullchain root_intermediate_cert do - EXTRA1="$(echo ${EXTRA} | awk -F_ '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F_ '{ print $2 }')" + rm -f "${DIRECTORY}/${EXTRA}-${TIMESTAMP}.pem" + + for FILE in $(echo ${EXTRA} | sed -e 's|_| |g') + do + cat "${DIRECTORY}/${FILE}-${TIMESTAMP}.pem" >> "${DIRECTORY}/${EXTRA}-${TIMESTAMP}.pem" + done - cat "${DIRECTORY}/${EXTRA1}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem" - ln -sf "${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA1}_${EXTRA2}.pem" + ln -sf "${EXTRA}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA}.pem" done echo " done." |