From ab057c854cf423f3f49263e6f944f5dfc10cf69d Mon Sep 17 00:00:00 2001 From: key-networks <34238649+key-networks@users.noreply.github.com> Date: Thu, 14 Jan 2021 19:41:49 +0800 Subject: [PATCH] Issue#36: .deb deploys default TLS certificate and private key (#39) * issue#36: Generating TLS key and self-signed cert after installing/upgrading the package * issue#36: Updated libstdc++.a dependency to v10 * issue#36: Generate self-signed certs after install/upgrade * issue#36: Updated dependencies * issue#36: Check for pre-existence of key/cert --- build/after-install.sh | 17 +++++++++++++++-- build/after-upgrade.sh | 9 +++++++++ build/binding.gyp.patch | 6 +++--- build/build.sh | 33 ++++++++++++++++++++++----------- src/package.json | 6 +++--- 5 files changed, 52 insertions(+), 19 deletions(-) diff --git a/build/after-install.sh b/build/after-install.sh index 9235e69..dc71086 100644 --- a/build/after-install.sh +++ b/build/after-install.sh @@ -1,6 +1,19 @@ +#!/bin/bash + ETC='/opt/key-networks/ztncui/etc' -echo "Copying default password file..." -cp -pv $ETC/default.passwd $ETC/passwd +if [ -f ${ETC}/passwd ]; then + echo "Password file aready exists" +else + echo "Copying default password file..." + cp -pv ${ETC}/default.passwd ${ETC}/passwd +fi +if [ -f /opt/key-networks/ztncui/etc/tls/privkey.pem ] && [ -f /opt/key-networks/ztncui/etc/tls/fullchain.pem ]; then + echo "TLS key and certificate already exist" +else + echo "Generating new TLS key and self-signed certificate..." + openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /opt/key-networks/ztncui/etc/tls/privkey.pem -out /opt/key-networks/ztncui/etc/tls/fullchain.pem -subj "/C=XX/ST=YY/L=ZZ/O=Security/OU=SelfSigned/CN=example.com" +fi +chown ztncui.ztncui /opt/key-networks/ztncui/etc/tls/* echo "Enabling and starting ztncui service..." systemctl enable ztncui systemctl start ztncui diff --git a/build/after-upgrade.sh b/build/after-upgrade.sh index ab0a922..f00a075 100644 --- a/build/after-upgrade.sh +++ b/build/after-upgrade.sh @@ -1,2 +1,11 @@ +#!/bin/bash + +if [ -f /opt/key-networks/ztncui/etc/tls/privkey.pem ] && [ -f /opt/key-networks/ztncui/etc/tls/fullchain.pem ]; then + echo "TLS key and certificate already exist" +else + echo "Generating new TLS key and self-signed certificate..." + openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /opt/key-networks/ztncui/etc/tls/privkey.pem -out /opt/key-networks/ztncui/etc/tls/fullchain.pem -subj "/C=XX/ST=YY/L=ZZ/O=Security/OU=SelfSigned/CN=example.com" +fi +chown ztncui.ztncui /opt/key-networks/ztncui/etc/tls/* systemctl daemon-reload systemctl try-restart ztncui diff --git a/build/binding.gyp.patch b/build/binding.gyp.patch index 69c2874..b5fcb63 100644 --- a/build/binding.gyp.patch +++ b/build/binding.gyp.patch @@ -1,10 +1,10 @@ ---- /tmp/binding.gyp 2018-07-07 14:38:23.884143337 +0800 -+++ ../src/node_modules/argon2/binding.gyp 2018-07-07 14:39:09.684840870 +0800 +--- ../src/node_modules/argon2/binding.gyp ++++ ../src/node_modules/argon2/binding.gyp @@ -47,6 +47,7 @@ ], "cflags+": ["-Wno-cast-function-type"], "include_dirs+": ["