From ad912197ef90951fc6fb8414032827cbaf933e41 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Mon, 2 Sep 2019 14:25:05 +0200
Subject: rotate-keys: should look for *.chain, too

---
 rotate-keys.in | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/rotate-keys.in b/rotate-keys.in
index 205916a..0fc6a44 100644
--- a/rotate-keys.in
+++ b/rotate-keys.in
@@ -48,15 +48,19 @@ if [ "$(whoami)" != "${certificate_user}" ]; then
     updated_something=false
     for host_key_file in ${host_key_files}; do
       if [ -f "${key_dir}/${host_key_file}.key.new" ] \
-      && [ -f "${key_dir}/${host_key_file}.crt.new" ]; then
+      && [ -f "${key_dir}/${host_key_file}.crt.new" ] \
+      && [ -f "${key_dir}/${host_key_file}.chain.new" ]; then
         if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
         && [ -f "${key_dir}/${host_key_file}.key" ] \
         && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
-        && [ -f "${key_dir}/${host_key_file}.crt" ]; then
+        && [ -f "${key_dir}/${host_key_file}.crt" ] \
+        && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
+        && [ -f "${key_dir}/${host_key_file}.chain" ]; then
           continue
         fi
         mv "${key_dir}/${host_key_file}.key"{.new,}
         mv "${key_dir}/${host_key_file}.crt"{.new,}
+        mv "${key_dir}/${host_key_file}.chain"{.new,}
         updated_something=true
       fi
     done
@@ -82,7 +86,8 @@ trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT
 printf '%s\n' "${hosts}" \
 | while read -r host other_hosts; do
   if [ -f "${key_dir}/${host}.key.new" ] \
-  && [ -f "${key_dir}/${host}.crt.new" ]; then
+  && [ -f "${key_dir}/${host}.crt.new" ] \
+  && [ -f "${key_dir}/${host}.chain.new" ]; then
     continue
   fi
 
@@ -117,7 +122,8 @@ ssh -T "${ca_host}" \
 | tar -xzf -
 
 for host_key_file in ${host_key_files}; do
-  if [ ! -f "${tmp_dir}/${host_key_file}.crt" ]; then
+  if [ ! -f "${tmp_dir}/${host_key_file}.crt" ] \
+  || [ ! -f "${tmp_dir}/${host_key_file}.chain" ]; then
     continue
   fi
   cat "${tmp_dir}/${host_key_file}.crt" \
-- 
cgit v1.2.3-54-g00ecf