yacloud/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh.git synced 2025-04-29 22:52:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6168 from adn77/master

Browse Source 
Fix keystore ownership in Unifi deployment - unifi.sh
This commit is contained in:
neil 2024-12-22 13:26:26 +01:00 committed by GitHub
commit b81939f02d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
deploy/unifi.sh
View File

@ -135,20 +135,36 @@ unifi_deploy() {
cp -f "$_import_pkcs12" "$_unifi_keystore" cp -f "$_import_pkcs12" "$_unifi_keystore"
fi fi
# correct file ownership according to the directory, the keystore is placed in
_unifi_keystore_dir=$(dirname "${_unifi_keystore}")
_unifi_keystore_dir_owner=$(ls -ld "${_unifi_keystore_dir}" | awk '{print $3}')
_unifi_keystore_owner=$(ls -l "${_unifi_keystore}" | awk '{print $3}')
if ! [ "${_unifi_keystore_owner}" = "${_unifi_keystore_dir_owner}" ] ; then
_debug "Changing keystore owner to ${_unifi_keystore_dir_owner}"
chown $_unifi_keystore_dir_owner "${_unifi_keystore}" >/dev/null 2>&1 # fail quietly if we're not running as root
fi
# Update unifi service for certificate cipher compatibility # Update unifi service for certificate cipher compatibility
if ${ACME_OPENSSL_BIN:-openssl} pkcs12 \ if ${ACME_OPENSSL_BIN:-openssl} pkcs12 \
-in "$_import_pkcs12" \ -in "$_import_pkcs12" \
-password pass:aircontrolenterprise \ -password pass:aircontrolenterprise \
-nokeys | ${ACME_OPENSSL_BIN:-openssl} x509 -text \ -nokeys | ${ACME_OPENSSL_BIN:-openssl} x509 -text \
-noout | grep -i "signature" | grep -iq ecdsa >/dev/null 2>&1; then -noout | grep -i "signature" | grep -iq ecdsa >/dev/null 2>&1; then
cp -f /usr/lib/unifi/data/system.properties /usr/lib/unifi/data/system.properties_original if [ -f "$(dirname ${DEPLOY_UNIFI_KEYSTORE})/system.properties" ] ; then
_info "Updating system configuration for cipher compatibility." _unifi_system_properties="$(dirname ${DEPLOY_UNIFI_KEYSTORE})/system.properties"
_info "Saved original system config to /usr/lib/unifi/data/system.properties_original" else
sed -i '/unifi\.https\.ciphers/d' /usr/lib/unifi/data/system.properties _unifi_system_properties="/usr/lib/unifi/data/system.properties"
echo "unifi.https.ciphers=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256" >>/usr/lib/unifi/data/system.properties fi
sed -i '/unifi\.https\.sslEnabledProtocols/d' /usr/lib/unifi/data/system.properties if [ -f "${_unifi_system_properties}" ] ; then
echo "unifi.https.sslEnabledProtocols=TLSv1.3,TLSv1.2" >>/usr/lib/unifi/data/system.properties cp -f "${_unifi_system_properties}" "${_unifi_system_properties}"_original
_info "System configuration updated." _info "Updating system configuration for cipher compatibility."
_info "Saved original system config to ${_unifi_system_properties}_original"
sed -i '/unifi\.https\.ciphers/d' "${_unifi_system_properties}"
echo "unifi.https.ciphers=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256" >>"${_unifi_system_properties}"
sed -i '/unifi\.https\.sslEnabledProtocols/d' "${_unifi_system_properties}"
echo "unifi.https.sslEnabledProtocols=TLSv1.3,TLSv1.2" >>"${_unifi_system_properties}"
_info "System configuration updated."
fi
fi fi
rm "$_import_pkcs12" rm "$_import_pkcs12"