chmod ACM cron job instead of deleting/recreating

2018-11-06 22:04:52 +01:00 · 2018-11-06 22:04:52 +01:00 · 8b010a3aee
commit 8b010a3aee
parent 741c9d309a
3 changed files with 8 additions and 15 deletions
--- a/usr/lib/python3.6/vmmgr/crypto.py
+++ b/usr/lib/python3.6/vmmgr/crypto.py
@ -13,6 +13,7 @@ from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID
 CERT_PUB_FILE = '/etc/ssl/services.pem'
 CERT_KEY_FILE = '/etc/ssl/services.key'
 SIG_PUB_FILE = '/etc/vmmgr/packages.pub'
+ACME_CRON = '/etc/periodic/daily/acme-sh'

 def create_cert(domain):
    # Create selfsigned certificate with wildcard alternative subject name
@ -73,7 +74,7 @@ def get_cert_info():
            'issuer': cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value,
            'expires': '{} UTC'.format(cert.not_valid_after),
            'method': 'manual'}
-    if os.path.exists('/etc/periodic/daily/acme-sh'):
+    if os.access(ACME_CRON, os.X_OK):
        data['method'] = 'letsencrypt'
    # Naive method of inferring if the cert is selfsigned
    # Good enough as reputable CAs will never have the same subject and issuer CN
--- a/usr/lib/python3.6/vmmgr/templates.py
+++ b/usr/lib/python3.6/vmmgr/templates.py
@ -112,8 +112,3 @@ ISSUE = '''
   - \x1b[1m{url}\x1b[0m
   - \x1b[1m{ip}\x1b[0m\x1b[?1c
 '''
-
-ACME_CRON = '''#!/bin/sh
-
-[ -x /usr/bin/acme.sh ] && /usr/bin/acme.sh --cron >/dev/null
-'''
--- a/usr/lib/python3.6/vmmgr/vmmgr.py
+++ b/usr/lib/python3.6/vmmgr/vmmgr.py
@ -65,9 +65,8 @@ class VMMgr:
        self.conf.save()

    def create_selfsigned_cert(self):
-        # Remove acme.sh cronjob
-        if os.path.exists(ACME_CRON):
-            os.unlink(ACME_CRON)
+        # Disable acme.sh cronjob
+        os.chmod(ACME_CRON, 0o640)
        # Create selfsigned certificate with wildcard alternative subject name
        crypto.create_cert(self.domain)

@ -95,14 +94,12 @@ class VMMgr:
                    raise
        # Install the issued certificate
        subprocess.run(['/usr/bin/acme.sh', '--install-cert', '-d', self.domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
-        # Install acme.sh cronjob
-        with open(ACME_CRON, 'w') as f:
-            f.write(templates.ACME_CRON)
+        # Enable acme.sh cronjob
+        os.chmod(ACME_CRON, 0o750)

    def install_manual_cert(self, public_file, private_file):
-        # Remove acme.sh cronjob
-        if os.path.exists(ACME_CRON):
-            os.unlink(ACME_CRON)
+        # Disable acme.sh cronjob
+        os.chmod(ACME_CRON, 0o640)
        # Copy certificate files
        shutil.copyfile(public_file, crypto.CERT_PUB_FILE)
        shutil.copyfile(private_file, crypto.CERT_KEY_FILE)