chmod ACM cron job instead of deleting/recreating

This commit is contained in:
Disassembler 2018-11-06 22:04:52 +01:00
parent 741c9d309a
commit 8b010a3aee
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
3 changed files with 8 additions and 15 deletions

View File

@ -13,6 +13,7 @@ from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID
CERT_PUB_FILE = '/etc/ssl/services.pem'
CERT_KEY_FILE = '/etc/ssl/services.key'
SIG_PUB_FILE = '/etc/vmmgr/packages.pub'
ACME_CRON = '/etc/periodic/daily/acme-sh'
def create_cert(domain):
# Create selfsigned certificate with wildcard alternative subject name
@ -73,7 +74,7 @@ def get_cert_info():
'issuer': cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value,
'expires': '{} UTC'.format(cert.not_valid_after),
'method': 'manual'}
if os.path.exists('/etc/periodic/daily/acme-sh'):
if os.access(ACME_CRON, os.X_OK):
data['method'] = 'letsencrypt'
# Naive method of inferring if the cert is selfsigned
# Good enough as reputable CAs will never have the same subject and issuer CN

View File

@ -112,8 +112,3 @@ ISSUE = '''
- \x1b[1m{url}\x1b[0m
- \x1b[1m{ip}\x1b[0m\x1b[?1c
'''
ACME_CRON = '''#!/bin/sh
[ -x /usr/bin/acme.sh ] && /usr/bin/acme.sh --cron >/dev/null
'''

View File

@ -65,9 +65,8 @@ class VMMgr:
self.conf.save()
def create_selfsigned_cert(self):
# Remove acme.sh cronjob
if os.path.exists(ACME_CRON):
os.unlink(ACME_CRON)
# Disable acme.sh cronjob
os.chmod(ACME_CRON, 0o640)
# Create selfsigned certificate with wildcard alternative subject name
crypto.create_cert(self.domain)
@ -95,14 +94,12 @@ class VMMgr:
raise
# Install the issued certificate
subprocess.run(['/usr/bin/acme.sh', '--install-cert', '-d', self.domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
# Install acme.sh cronjob
with open(ACME_CRON, 'w') as f:
f.write(templates.ACME_CRON)
# Enable acme.sh cronjob
os.chmod(ACME_CRON, 0o750)
def install_manual_cert(self, public_file, private_file):
# Remove acme.sh cronjob
if os.path.exists(ACME_CRON):
os.unlink(ACME_CRON)
# Disable acme.sh cronjob
os.chmod(ACME_CRON, 0o640)
# Copy certificate files
shutil.copyfile(public_file, crypto.CERT_PUB_FILE)
shutil.copyfile(private_file, crypto.CERT_KEY_FILE)