diff options
| author | Erich Eckner <git@eckner.net> | 2019-09-02 14:25:05 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2019-09-02 14:25:05 +0200 |
| commit | ad912197ef90951fc6fb8414032827cbaf933e41 (patch) | |
| tree | 3e07f6347fbc5ae3cdb82a8af116acecede9b6e5 | |
| parent | 473948ddbb63ad32751841de977618d049b8e99f (diff) | |
| download | simple-pki-ad912197ef90951fc6fb8414032827cbaf933e41.tar.xz | |
rotate-keys: should look for *.chain, too
| -rw-r--r-- | rotate-keys.in | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/rotate-keys.in b/rotate-keys.in index 205916a..0fc6a44 100644 --- a/rotate-keys.in +++ b/rotate-keys.in @@ -48,15 +48,19 @@ if [ "$(whoami)" != "${certificate_user}" ]; then updated_something=false for host_key_file in ${host_key_files}; do if [ -f "${key_dir}/${host_key_file}.key.new" ] \ - && [ -f "${key_dir}/${host_key_file}.crt.new" ]; then + && [ -f "${key_dir}/${host_key_file}.crt.new" ] \ + && [ -f "${key_dir}/${host_key_file}.chain.new" ]; then if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ && [ -f "${key_dir}/${host_key_file}.key" ] \ && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ - && [ -f "${key_dir}/${host_key_file}.crt" ]; then + && [ -f "${key_dir}/${host_key_file}.crt" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ + && [ -f "${key_dir}/${host_key_file}.chain" ]; then continue fi mv "${key_dir}/${host_key_file}.key"{.new,} mv "${key_dir}/${host_key_file}.crt"{.new,} + mv "${key_dir}/${host_key_file}.chain"{.new,} updated_something=true fi done @@ -82,7 +86,8 @@ trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT printf '%s\n' "${hosts}" \ | while read -r host other_hosts; do if [ -f "${key_dir}/${host}.key.new" ] \ - && [ -f "${key_dir}/${host}.crt.new" ]; then + && [ -f "${key_dir}/${host}.crt.new" ] \ + && [ -f "${key_dir}/${host}.chain.new" ]; then continue fi @@ -117,7 +122,8 @@ ssh -T "${ca_host}" \ | tar -xzf - for host_key_file in ${host_key_files}; do - if [ ! -f "${tmp_dir}/${host_key_file}.crt" ]; then + if [ ! -f "${tmp_dir}/${host_key_file}.crt" ] \ + || [ ! -f "${tmp_dir}/${host_key_file}.chain" ]; then continue fi cat "${tmp_dir}/${host_key_file}.crt" \ |