| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- #!/usr/bin/env bash
- if [ `id -gn` != "root" ]; then
- echo "Run as root!"
- exit 1
- fi
- source "${SNAP}/init"
- DOMAIN=`snapctl get domain`
- echo "See log (journal -exf --grep=snap.${SNAP_NAME}*) for result"
- if [ "${DOMAIN}" != "--not-set" ]; then
- snapctl is-connected certs
- if [ $? -ne 0 ]; then
- snapctl set domain="--not-set"
- exit 0
- fi
- readarray -d '' DOMAINS < <(find "${CERTS_DIR}" -type d -name "${DOMAIN}" -print0)
- if [ "${#DOMAINS[@]}" -ne 0 ]; then
- DOMAIN_DIR="${DOMAINS[0]}"
- LAST_EDITED=`stat "${DOMAIN_DIR}/.time" --format="%Y" 2> /dev/null || echo 0`
- ORIG_EDITED=`stat "${SSL_DIR}/.time" --format="%Y" 2> /dev/null || echo 0`
- if [ "${LAST_EDITED}" -le "${ORIG_EDITED}" ]; then
- logger "${SNAP_NAME}: Certificate for ${DOMAIN} is not changed"
- exit 0
- fi
- gpg_start_agent
- i=0
- readarray -d '' CERTIFICATES < <(find "${DOMAIN_DIR}" -type f -name "*.gpg" -print0)
- for CERTIFICATE in "${CERTIFICATES[@]}"; do
- DEST="${SSL_DIR}/`basename "${CERTIFICATE}" ".gpg"`"
- ORIG=""
- if [ -f "${DEST}" ]; then
- ORIG="`cat "${DEST}"`"
- fi
- gpg --batch --yes --output "${DEST}" --decrypt "${CERTIFICATE}"
-
- DIFF=`echo "${ORIG}" | diff "${DEST}" -`
- RET=$?
- if [ "${RET}" -ne 0 ]; then
- echo "${ORIG}" > "${DEST}.backup"
- (( i = $i + 1 ))
- fi
- done
- if [ "${i}" -ne 0 ]; then
- cp -f "${DOMAIN_DIR}/.time" "${SSL_DIR}/.time"
- logger "${SNAP_NAME}: Certificates (${DOMAIN}) changed for ${SNAP_NAME}-${UUID}, restart"
- snapctl restart "${SNAP_NAME}"
- fi
- gpg_close_agent
- else
- logger "No certificate for ${DOMAIN} for ${SNAP_NAME}"
- fi
- fi
|
