diff options
-rw-r--r-- | CHANGELOG.txt | 9 | ||||
-rw-r--r-- | VERSION.txt | 2 | ||||
-rwxr-xr-x | dehydrated/share/hooks/deploy_cert.extra | 29 |
3 files changed, 28 insertions, 12 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index a9f029c..2bca1d1 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,12 @@ +2022-12-25 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221225. + + [ Daniel Baumann ] + * Updating chain coments in deploy_cert.extra dehydrated hook. + * Stripping empty lines from partial files when using short chain in deploy_cert.extra dehydrated hook. + * Generalizing extra file generation for any number of components as needed by redis in deploy_cert.extra dehydrated hook. + 2022-12-24 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20221224. diff --git a/VERSION.txt b/VERSION.txt index 84446d7..afa39b2 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20221224 +20221225 diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra index fd93fad..b0d8737 100755 --- a/dehydrated/share/hooks/deploy_cert.extra +++ b/dehydrated/share/hooks/deploy_cert.extra @@ -27,12 +27,14 @@ DIRECTORY="$(dirname "${CERTFILE}")" if [ "$(grep -c 'BEGIN CERTIFICATE' ${FULLCHAINFILE})" -ge 3 ] then - # - chain.pem: R3 | ISRG Root X1 - # - fullchain.pem: Certificate | R3 | ISRG Root X1 + # long chain: + # * chain.pem: (R3 | ISRG Root X1) + # * fullchain.pem: (Certificate | R3 | ISRG Root X1) CHAIN="long" else - # - chain.pem: R3 - # - fullchain.pem: Certificate | R3 + # short chain: + # * chain.pem: (R3) + # * fullchain.pem (Certificate | R3) CHAIN="short" fi @@ -53,7 +55,7 @@ case "${CHAIN}" in short) # intermediate (R3) - cp "${DIRECTORY}/chain-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" + grep -Ev '^$' "${DIRECTORY}/chain-${TIMESTAMP}.pem" > "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" ln -sf "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem" # root (ISRG Root X1) @@ -68,14 +70,19 @@ case "${CHAIN}" in esac # extra certificate permutations: -# * privkey_fullchain.pem: postfix -for EXTRA in fullchain_privkey privkey_fullchain +# * privkey_fullchain.pem: postfix +# * root_intermediate_cert.pem: redis + +for EXTRA in fullchain_privkey privkey_fullchain root_intermediate_cert do - EXTRA1="$(echo ${EXTRA} | awk -F_ '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F_ '{ print $2 }')" + rm -f "${DIRECTORY}/${EXTRA}-${TIMESTAMP}.pem" + + for FILE in $(echo ${EXTRA} | sed -e 's|_| |g') + do + cat "${DIRECTORY}/${FILE}-${TIMESTAMP}.pem" >> "${DIRECTORY}/${EXTRA}-${TIMESTAMP}.pem" + done - cat "${DIRECTORY}/${EXTRA1}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem" - ln -sf "${EXTRA1}_${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA1}_${EXTRA2}.pem" + ln -sf "${EXTRA}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA}.pem" done echo " done." |