1
0

certs-daemon 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960
  1. #!/usr/bin/env bash
  2. if [ `id -gn` != "root" ]; then
  3. echo "Run as root!"
  4. exit 1
  5. fi
  6. source "${SNAP}/init"
  7. DOMAIN=`snapctl get domain`
  8. echo "See log (journal -exf --grep=${SNAP_NAME}) for result"
  9. if [ "${DOMAIN}" != "--not-set" ]; then
  10. snapctl is-connected certs
  11. if [ $? -ne 0 ]; then
  12. logger "${SNAP_NAME}: Is disconnected (uuid: ${UUID})"
  13. logger "${SNAP_NAME}: Domain set to '--not-set'"
  14. logger "${SNAP_NAME}: See snap 'acme-sh' and connect acme-sh:certs"
  15. snapctl set domain="--not-set"
  16. exit 0
  17. fi
  18. readarray -d '' DOMAINS < <(find "${CERTS_DIR}" -type d -name "${DOMAIN}" -print0)
  19. logger "${SNAP_NAME}: Certificate (${DOMAIN}) available for ${SNAP_NAME}:${UUID}"
  20. if [ "${#DOMAINS[@]}" -ne 0 ]; then
  21. DOMAIN_DIR="${DOMAINS[0]}"
  22. gpg_start_agent
  23. i=0
  24. LAST_EDITED=`stat "${DOMAIN_DIR}/.time" --format="%Y" 2> /dev/null || echo 0`
  25. ORIG_EDITED=`stat "${SSL_DIR}/.time" --format="%Y" 2> /dev/null || echo 0`
  26. if [ "${LAST_EDITED}" -le "${ORIG_EDITED}" ]; then
  27. logger "${SNAP_NAME}: Certificate for ${DOMAIN} is not changed, exiting"
  28. exit 0
  29. fi
  30. readarray -d '' CERTIFICATES < <(find "${DOMAIN_DIR}" -type f -name "*.gpg" -print0)
  31. for CERTIFICATE in "${CERTIFICATES[@]}"; do
  32. DEST="${SSL_DIR}/`basename "${CERTIFICATE}" ".gpg"`"
  33. ORIG=""
  34. if [ -f "${DEST}" ]; then
  35. ORIG="`cat "${DEST}"`"
  36. fi
  37. gpg --batch --yes --output "${DEST}" --decrypt "${CERTIFICATE}"
  38. DIFF=`echo "${ORIG}" | diff "${DEST}" -`
  39. RET=$?
  40. if [ "${RET}" -ne 0 ]; then
  41. echo "${ORIG}" > "${DEST}.backup"
  42. (( i = $i + 1 ))
  43. fi
  44. done
  45. if [ "${i}" -ne 0 ]; then
  46. cp -f "${DOMAIN_DIR}/.time" "${SSL_DIR}/.time"
  47. logger "${SNAP_NAME}: Certificates (${DOMAIN}) changed for ${SNAP_NAME}-${UUID}, restart"
  48. snapctl restart "${SNAP_NAME}.hass"
  49. fi
  50. gpg_close_agent
  51. fi
  52. fi