certs-daemon 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. #!/usr/bin/env bash
  2. source "${SNAP}/init"
  3. DOMAIN=`snapctl get domain`
  4. if [ "${DOMAIN}" != "--not-set" ]; then
  5. snapctl is-connected certs
  6. if [ $? -ne 0 ]; then
  7. logger "${SNAP_NAME} is disconnected (uuid: ${UUID})"
  8. logger "${SNAP_NAME} domain is set to '--not-set'"
  9. snapctl set domain="--not-set"
  10. exit 1
  11. fi
  12. CERT_MATCH_NAME="${UUID}_${DOMAIN}"
  13. readarray -d '' CERTIFICATES < <(find ${CERTS_DIR} -type f -name "*${CERT_MATCH_NAME}*" -print0)
  14. logger "`expr ${#CERTIFICATES[@]} / 4` available for ${CERT_MATCH_NAME}"
  15. if [ "${#CERTIFICATES[@]}" -ne 0 ]; then
  16. gpg_start_agent
  17. i=0
  18. for CERTIFICATE in "${CERTIFICATES[@]}"; do
  19. DEST="${SSL_DIR}/`basename "${CERTIFICATE}" ".gpg"`"
  20. ORIG=""
  21. if [ -f "${DEST}" ]; then
  22. ORIG="`cat "${DEST}"`"
  23. fi
  24. gpg --batch --yes --output "${DEST}" --decrypt "${CERTIFICATE}"
  25. DIFF=`echo "${ORIG}" | diff "${DEST}" -`
  26. RET=$?
  27. if [ "${RET}" -ne 0 ]; then
  28. echo "${ORIG}" > "${DEST}.backup"
  29. (( i = $i + 1 ))
  30. fi
  31. done
  32. if [ "${i}" -ne 0 ]; then
  33. logger "Certificates (${DOMAIN}) changed for ${SNAP_NAME}-${UUID}, restart"
  34. snapctl restart "${SNAP_NAME}.hass"
  35. fi
  36. gpg_close_agent
  37. fi
  38. else
  39. readarray -d '' CERTIFICATES < <(find ${CERTS_DIR} -type f -name "*${UUID}*" -print0)
  40. if [ "${#CERTIFICATES[@]}" -ne 0 ]; then
  41. logger "> `expr ${#CERTIFICATES[@]} / 4` available for ${SNAP_NAME} (uuid: ${UUID})"
  42. logger "> Consider setting your domain with 'sudo snap set ${SNAP_NAME} domain=\"domain.tld\"'"
  43. fi
  44. fi