diff --git a/manifest.json b/manifest.json index 66ecf989b258cba7d5a2feceff62e6dfd3e86199..22e9d0c45518dd27c7d37463e09acb1d02d6cec0 100644 --- a/manifest.json +++ b/manifest.json @@ -5,7 +5,7 @@ "en": "Auto renewal for the Neutrinet vpn-certificates", "fr": "Renouvellement automatique des certificats vpn Neutrinet" }, - "version": "0.3.0~ynh5", + "version": "0.3.1~ynh1", "license": "GPL-3+", "maintainer": { "name": "ilja", diff --git a/scripts/install b/scripts/install index 13b6ce286dcd5f40bcac730fb3b1085653b71314..770f8a369e3fce2d871420a023225ad10ea332df 100644 --- a/scripts/install +++ b/scripts/install @@ -110,7 +110,7 @@ ynh_systemd_action nginx reload # INSTALL RENEW CERT #================================================= -renew_cert_repo="https://github.com/neutrinet/renew_cert" +renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git" renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1) renew_cert_path="$opt_path/renew_cert" renew_cert_cron_script="renew_cert_cron.sh" @@ -139,7 +139,7 @@ ynh_script_progression "Setting up cron job for certificate renewal…" cat < /etc/cron.daily/$app-renew-cert #!/bin/bash cd $renew_cert_path -$renew_cert_path/$renew_cert_cron_script +$renew_cert_path/$renew_cert_cron_script -q EOF chown root:root /etc/cron.daily/$app-renew-cert diff --git a/scripts/renew_cert_cron.sh b/scripts/renew_cert_cron.sh index 3b72e6dea454bfb5800b31f4a0e4e1c0f34915ba..60d1070cc4bf272b553df243c46723d576860564 100644 --- a/scripts/renew_cert_cron.sh +++ b/scripts/renew_cert_cron.sh @@ -26,14 +26,6 @@ then fi RENEW_CERT_SCRIPT="${RENEW_CERT_PATH}/renew.py" -DEBUG=false -while getopts "v" opt -do - case $opt in - v) DEBUG=true;; - esac -done - if [[ -f $OPENVPN_CREDENTIALS_FILE ]] then credentials_file=$OPENVPN_CREDENTIALS_FILE @@ -50,30 +42,17 @@ password=$(tail -n 1 "$credentials_file") run_date=$(date +'%Y-%m-%d_%H:%M:%S') renew_dir="certs_$run_date" +renew_params="$@" -if $DEBUG -then - $RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" -v -else - # Keep the logs for later. We will print them only if the certificates are being renewed. - renew_cert_logs=$($RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir") -fi +$RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" $renew_params if [[ ! -d $renew_dir || ! -f $renew_dir/ca.crt || ! -f $renew_dir/client.crt || ! -f $renew_dir/client.key ]] then - if $DEBUG - then - echo "Cleaning $renew_dir directory." - fi rm -rf "$renew_dir" exit 0 fi -if [[ -n $renew_cert_logs ]] -then - echo "$renew_cert_logs" -fi - +echo "VPN certificate renewed!" echo "Saving old OpenVPN config" cp -r $OPENVPN_CONF_DIR{,.old_${run_date}} @@ -87,6 +66,7 @@ cp "$renew_dir/client.key" "$OPENVPN_USER_KEY" echo "Adding user credentials" echo -e "$login\n$password" > "$OPENVPN_CREDENTIALS_FILE" +chmod 0600 "$OPENVPN_CREDENTIALS_FILE" echo "Updating VPNClient config" yunohost app setting vpnclient server_name -v "vpn.neutrinet.be" diff --git a/scripts/upgrade b/scripts/upgrade index 8a61966882597198464a2c97789b3b75944a2fc8..5797c8ecb686c3804459e3b4b00554261ac533ec 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -143,7 +143,7 @@ ynh_systemd_action nginx reload ynh_script_progression "Installing automatic VPN certificate renewal..." -renew_cert_repo="https://github.com/neutrinet/renew_cert" +renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git" renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1) renew_cert_path="$opt_path/renew_cert" renew_cert_cron_script="renew_cert_cron.sh" @@ -151,6 +151,7 @@ renew_cert_cron_script="renew_cert_cron.sh" if [[ ! -e $renew_cert_path ]]; then git clone $renew_cert_repo $renew_cert_path else + git -C $renew_cert_path remote set-url origin $renew_cert_repo git -C $renew_cert_path fetch -t fi @@ -175,7 +176,7 @@ ynh_script_progression "Setting up cron job for renewal..." cat < /etc/cron.daily/$app-renew-cert #!/bin/bash cd $renew_cert_path -$renew_cert_path/$renew_cert_cron_script +$renew_cert_path/$renew_cert_cron_script -q EOF chown root:root /etc/cron.daily/$app-renew-cert