From 99dc3a7ceed1c5e74727dcba989923d462668695 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 26 Jun 2022 18:58:43 +0200 Subject: Merging upstream version 20220626. Signed-off-by: Daniel Baumann --- CHANGELOG.txt | 9 +++++++ Makefile | 2 +- VERSION.txt | 2 +- dehydrated/TODO | 1 + dehydrated/share/hooks/exit_hook.zz-chrony | 42 ++++++++++++++++++++++++++++++ 5 files changed, 54 insertions(+), 2 deletions(-) create mode 100755 dehydrated/share/hooks/exit_hook.zz-chrony diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 131e7d3..c46b0fd 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,12 @@ +2022-06-26 Daniel Baumann + + * Releasing version 20220626. + + [ Daniel Baumann ] + * Updating dehydrated-tools TODO file. + * Adding dehydrated hook to workaround certificate handling in chrony (#1013882). + * Updating upload url in makefile. + 2022-06-24 Daniel Baumann * Releasing version 20220624. diff --git a/Makefile b/Makefile index f8d6057..5a5df6c 100644 --- a/Makefile +++ b/Makefile @@ -95,4 +95,4 @@ release: distclean rm -rf service-tools-$(VERSION) upload: - scp ../service-tools-$(VERSION).* get.open-infrastructure.net:/srv/get.open-infrastructure.net/files/software/service-tools/upstream + scp ../service-tools-$(VERSION).* get.open-infrastructure.net:/srv/get.open-infrastructure.net/software/service-tools/upstream diff --git a/VERSION.txt b/VERSION.txt index 4956361..33c7e14 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20220624 +20220626 diff --git a/dehydrated/TODO b/dehydrated/TODO index 9af54a5..1a2504f 100644 --- a/dehydrated/TODO +++ b/dehydrated/TODO @@ -5,3 +5,4 @@ TODO * use /etc/default for dehydrated-cron * use /etc/default for dehydrated-hook * use settings from _dehydrated.$domain.$tld + * allow specifing multiple certificates in preseeding with e.g. '|' as devider diff --git a/dehydrated/share/hooks/exit_hook.zz-chrony b/dehydrated/share/hooks/exit_hook.zz-chrony new file mode 100755 index 0000000..13a7e9a --- /dev/null +++ b/dehydrated/share/hooks/exit_hook.zz-chrony @@ -0,0 +1,42 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +if grep -r -qs -E '^ntsserver(cert|key)' /etc/chrony +then + echo -n " + chrony (workaround):" + + # https://bugs.debian.org/1013882 + HOST="$(cat /etc/hostname)" + + cp -L "/var/lib/dehydrated/certs/${HOST}/fullchain.pem" /etc/chrony/cert.pem + cp -L "/var/lib/dehydrated/certs/${HOST}/privkey.pem" /etc/chrony/key.pem + + chown _chrony:_chrony /etc/chrony/cert.pem /etc/chrony/key.pem + + if service chrony status > /dev/null 2>&1 + then + service chrony restart + fi + + echo " done." +fi -- cgit v1.2.3