Spotter-Cluster/vmmgr
2
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

chmod ACM cron job instead of deleting/recreating

Browse Source
This commit is contained in:
Disassembler 2018-11-06 22:04:52 +01:00
parent 741c9d309a
commit 8b010a3aee
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
3 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
usr/lib/python3.6/vmmgr/crypto.py
View File

@ -13,6 +13,7 @@ from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID
CERT_PUB_FILE = '/etc/ssl/services.pem' CERT_PUB_FILE = '/etc/ssl/services.pem'
CERT_KEY_FILE = '/etc/ssl/services.key' CERT_KEY_FILE = '/etc/ssl/services.key'
SIG_PUB_FILE = '/etc/vmmgr/packages.pub' SIG_PUB_FILE = '/etc/vmmgr/packages.pub'
ACME_CRON = '/etc/periodic/daily/acme-sh'
def create_cert(domain): def create_cert(domain):
# Create selfsigned certificate with wildcard alternative subject name # Create selfsigned certificate with wildcard alternative subject name
@ -73,7 +74,7 @@ def get_cert_info():
'issuer': cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value, 'issuer': cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value,
'expires': '{} UTC'.format(cert.not_valid_after), 'expires': '{} UTC'.format(cert.not_valid_after),
'method': 'manual'} 'method': 'manual'}
if os.path.exists('/etc/periodic/daily/acme-sh'): if os.access(ACME_CRON, os.X_OK):
data['method'] = 'letsencrypt' data['method'] = 'letsencrypt'
# Naive method of inferring if the cert is selfsigned # Naive method of inferring if the cert is selfsigned
# Good enough as reputable CAs will never have the same subject and issuer CN # Good enough as reputable CAs will never have the same subject and issuer CN

5
usr/lib/python3.6/vmmgr/templates.py
View File

@ -112,8 +112,3 @@ ISSUE = '''
- \x1b[1m{url}\x1b[0m - \x1b[1m{url}\x1b[0m
- \x1b[1m{ip}\x1b[0m\x1b[?1c - \x1b[1m{ip}\x1b[0m\x1b[?1c
''' '''
ACME_CRON = '''#!/bin/sh
[ -x /usr/bin/acme.sh ] && /usr/bin/acme.sh --cron >/dev/null
'''

15
usr/lib/python3.6/vmmgr/vmmgr.py
View File

@ -65,9 +65,8 @@ class VMMgr:
self.conf.save() self.conf.save()
def create_selfsigned_cert(self): def create_selfsigned_cert(self):
# Remove acme.sh cronjob # Disable acme.sh cronjob
if os.path.exists(ACME_CRON): os.chmod(ACME_CRON, 0o640)
os.unlink(ACME_CRON)
# Create selfsigned certificate with wildcard alternative subject name # Create selfsigned certificate with wildcard alternative subject name
crypto.create_cert(self.domain) crypto.create_cert(self.domain)
@ -95,14 +94,12 @@ class VMMgr:
raise raise
# Install the issued certificate # Install the issued certificate
subprocess.run(['/usr/bin/acme.sh', '--install-cert', '-d', self.domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True) subprocess.run(['/usr/bin/acme.sh', '--install-cert', '-d', self.domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
# Install acme.sh cronjob # Enable acme.sh cronjob
with open(ACME_CRON, 'w') as f: os.chmod(ACME_CRON, 0o750)
f.write(templates.ACME_CRON)
def install_manual_cert(self, public_file, private_file): def install_manual_cert(self, public_file, private_file):
# Remove acme.sh cronjob # Disable acme.sh cronjob
if os.path.exists(ACME_CRON): os.chmod(ACME_CRON, 0o640)
os.unlink(ACME_CRON)
# Copy certificate files # Copy certificate files
shutil.copyfile(public_file, crypto.CERT_PUB_FILE) shutil.copyfile(public_file, crypto.CERT_PUB_FILE)
shutil.copyfile(private_file, crypto.CERT_KEY_FILE) shutil.copyfile(private_file, crypto.CERT_KEY_FILE)