LibrePortal/scripts/install/install_certificate.sh
librelad 053a620e22 fix(reliability): split local result=$(cmd) so $? survives for checkSuccess
'local result=$(cmd)' resets $? to 0 (the local builtin's own exit), so the
following checkSuccess always saw success regardless of cmd's real exit — the
mechanism that masked the de-sudo write failures. Split declaration from
assignment ('local result; result=$(cmd)') across all 235 active-code sites
(84 files) so the command's exit reaches checkSuccess. No behaviour change
beyond $? now being accurate (no set -e in runtime code; multi-line
assignments transform safely).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-31 03:09:25 +01:00

71 lines
2.8 KiB
Bash
Executable File

#!/bin/bash
installSSLCertificate()
{
if [[ "$CFG_REQUIREMENT_SSLCERTS" == "true" ]]; then
if [[ "$SkipSSLInstall" != "true" ]]; then
isHeader "Install SSL Certificate"
# Get current configured domains
configured_domains=()
for domain_num in {1..9}; do
domain_var="CFG_DOMAIN_$domain_num"
domain_value="${!domain_var}"
if [ -n "$domain_value" ]; then
configured_domains+=("$domain_value")
fi
done
# Get existing certificate domains
existing_domains=()
if [ -d "$ssl_dir" ]; then
for cert_file in "$ssl_dir"/*.crt; do
if [ -f "$cert_file" ]; then
domain_name=$(basename "$cert_file" .crt)
existing_domains+=("$domain_name")
fi
done
fi
# Function to generate SSL certificate for a given domain
generateSSLCertificate() {
local domain_value="$1"
local result; result=$(cd $ssl_dir && openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/CN=$domain_value" -keyout "$ssl_dir/$domain_value.key" -out "$ssl_dir/$domain_value.crt" > /dev/null 2>&1)
checkSuccess "SSL Generation for $domain_value"
}
# Remove obsolete certificates first
for existing_domain in "${existing_domains[@]}"; do
is_still_configured=false
for configured_domain in "${configured_domains[@]}"; do
if [ "$existing_domain" == "$configured_domain" ]; then
is_still_configured=true
break
fi
done
if [ "$is_still_configured" == false ]; then
isNotice "Removing obsolete SSL certificate for $existing_domain..."
rm -f "$ssl_dir/$existing_domain.key" "$ssl_dir/$existing_domain.crt"
checkSuccess "Removed obsolete certificate for $existing_domain"
fi
done
# Generate SSL certificates for missing domains
for domain_value in "${configured_domains[@]}"; do
key_file="$ssl_dir/$domain_value.key"
crt_file="$ssl_dir/$domain_value.crt"
if [ ! -f "$key_file" ] || [ ! -f "$crt_file" ]; then
isNotice "Creating SSL certificate for $domain_value..."
generateSSLCertificate "$domain_value"
else
isSuccessful "Certificate for $domain_value already exists and is valid."
fi
done
sslcertchoice=n
fi
fi
}