mirror of
https://github.com/EvernodeXRPL/sashimono.git
synced 2026-04-29 15:38:00 +00:00
Tls certificate fix when updating evernode (#223)
This commit is contained in:
Chalith Desaman
14
installer/jshelper/package-lock.json
generated
14
installer/jshelper/package-lock.json
generated
@@ -6,7 +6,7 @@
|
||||
"": {
|
||||
"name": "evernode-setup-helper",
|
||||
"dependencies": {
|
||||
"evernode-js-client": "0.5.12"
|
||||
"evernode-js-client": "0.5.14"
|
||||
}
|
||||
},
|
||||
"node_modules/@types/node": {
|
||||
@@ -270,9 +270,9 @@
|
||||
"integrity": "sha512-MEl9uirslVwqQU369iHNWZXsI8yaZYGg/D65aOgZkeyFJwHYSxilf7rQzXKI7DdDuBPrBXbfk3sl9hJhmd5AUw=="
|
||||
},
|
||||
"node_modules/evernode-js-client": {
|
||||
"version": "0.5.12",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.12.tgz",
|
||||
"integrity": "sha512-9PfJBy9Su2+cG7qt9BXUnI1v6/rZ07wwc1KkGi0Ov/5cZ2tlkpqXXtdROF2JFmmWi8kOkR8Zbi60qBdrVOepLA==",
|
||||
"version": "0.5.14",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.14.tgz",
|
||||
"integrity": "sha512-VH/Pu9kELIXJ4vhtOIZGgcljsE+In4JpXsnuj89Rw7kt4vYRGOQWEJHxxmvGQQsfD9/pHPQFt6XR0gpnVoRi+A==",
|
||||
"dependencies": {
|
||||
"elliptic": "6.5.4",
|
||||
"libsodium-wrappers": "0.7.10",
|
||||
@@ -1109,9 +1109,9 @@
|
||||
"integrity": "sha512-MEl9uirslVwqQU369iHNWZXsI8yaZYGg/D65aOgZkeyFJwHYSxilf7rQzXKI7DdDuBPrBXbfk3sl9hJhmd5AUw=="
|
||||
},
|
||||
"evernode-js-client": {
|
||||
"version": "0.5.12",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.12.tgz",
|
||||
"integrity": "sha512-9PfJBy9Su2+cG7qt9BXUnI1v6/rZ07wwc1KkGi0Ov/5cZ2tlkpqXXtdROF2JFmmWi8kOkR8Zbi60qBdrVOepLA==",
|
||||
"version": "0.5.14",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.14.tgz",
|
||||
"integrity": "sha512-VH/Pu9kELIXJ4vhtOIZGgcljsE+In4JpXsnuj89Rw7kt4vYRGOQWEJHxxmvGQQsfD9/pHPQFt6XR0gpnVoRi+A==",
|
||||
"requires": {
|
||||
"elliptic": "6.5.4",
|
||||
"libsodium-wrappers": "0.7.10",
|
||||
|
||||
@@ -4,6 +4,6 @@
|
||||
"build": "ncc build index.js --minify -o dist"
|
||||
},
|
||||
"dependencies": {
|
||||
"evernode-js-client": "0.5.12"
|
||||
"evernode-js-client": "0.5.14"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,7 +25,6 @@ description=${18}
|
||||
|
||||
script_dir=$(dirname "$(realpath "$0")")
|
||||
|
||||
|
||||
function stage() {
|
||||
echo "STAGE $1" # This is picked up by the setup console output filter.
|
||||
}
|
||||
@@ -113,7 +112,7 @@ function setup_certbot() {
|
||||
# We need to place our script in certbook deploy hooks dir.
|
||||
local deploy_hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||
! [ -d $deploy_hooks_dir ] && echo "$deploy_hooks_dir not found" && return 1
|
||||
|
||||
|
||||
# Setup deploy hook (update contract certs on certbot SSL auto-renewal)
|
||||
local deploy_hook="/etc/letsencrypt/renewal-hooks/deploy/sashimono-$inetaddr.sh"
|
||||
echo "Setting up certbot deploy hook $deploy_hook"
|
||||
@@ -128,26 +127,26 @@ certname=\$(basename \$RENEWED_LINEAGE)
|
||||
function setup_tls_certs() {
|
||||
mkdir -p $SASHIMONO_DATA/tls
|
||||
|
||||
if [ "$tls_key_file" == "letsencrypt" ] ; then
|
||||
if [ "$tls_key_file" == "letsencrypt" ]; then
|
||||
|
||||
! setup_certbot && echo "Error when setting up letsencrypt SSL certificate." && rollback
|
||||
|
||||
elif [ "$tls_key_file" == "self" ] ; then
|
||||
elif [ "$tls_key_file" == "self" ]; then
|
||||
# If user has not provided certs we generate self-signed ones.
|
||||
stage "Generating self-signed certificates"
|
||||
! openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout $SASHIMONO_DATA/contract_template/cfg/tlskey.pem \
|
||||
-out $SASHIMONO_DATA/contract_template/cfg/tlscert.pem -subj "/C=$countrycode/CN=$inetaddr" && \
|
||||
-out $SASHIMONO_DATA/contract_template/cfg/tlscert.pem -subj "/C=$countrycode/CN=$inetaddr" &&
|
||||
echo "Error when generating self-signed certificate." && rollback
|
||||
|
||||
elif [ -f "$tls_key_file" ] && [ -f "$tls_cert_file" ] ; then
|
||||
elif [ -f "$tls_key_file" ] && [ -f "$tls_cert_file" ]; then
|
||||
|
||||
stage "Transfering certificate files"
|
||||
|
||||
cp $tls_key_file $SASHIMONO_DATA/contract_template/cfg/tlskey.pem
|
||||
cp $tls_cert_file $SASHIMONO_DATA/contract_template/cfg/tlscert.pem
|
||||
# ca bundle is optional.
|
||||
[ "$tls_cabundle_file" != "-" ] && [ -f "$tls_cabundle_file" ] && \
|
||||
cat $tls_cabundle_file >> $SASHIMONO_DATA/contract_template/cfg/tlscert.pem
|
||||
[ "$tls_cabundle_file" != "-" ] && [ -f "$tls_cabundle_file" ] &&
|
||||
cat $tls_cabundle_file >>$SASHIMONO_DATA/contract_template/cfg/tlscert.pem
|
||||
|
||||
else
|
||||
echo "Error when setting up SSL certificate." && rollback
|
||||
@@ -172,11 +171,22 @@ chmod +x $SASHIMONO_BIN/sashimono-uninstall.sh
|
||||
! set_cpu_info && echo "Fetching CPU info failed" && rollback
|
||||
|
||||
# Copy contract template and licence file (delete existing)
|
||||
# Backup the ssl cert files if exists
|
||||
tmp=$(mktemp -d)
|
||||
cp $SASHIMONO_DATA/contract_template/cfg/{tlskey.pem,tlscert.pem} "$tmp"/
|
||||
rm -r "$SASHIMONO_DATA"/{contract_template,licence.txt} >/dev/null 2>&1
|
||||
cp -r "$script_dir"/{contract_template,licence.txt} $SASHIMONO_DATA
|
||||
cp "$tmp"/{tlskey.pem,tlscert.pem} $SASHIMONO_DATA/contract_template/cfg/
|
||||
rm -r "$tmp"
|
||||
|
||||
# Create self signed tls certs on update if not exists
|
||||
# This is added to auto fix the hosts which got their ssl certificates removed in v0.5.20
|
||||
[ "$UPGRADE" != "0" ] && ( [ ! -f "$SASHIMONO_DATA/contract_template/cfg/tlskey.pem" ] || [ ! -f "$SASHIMONO_DATA/contract_template/cfg/tlscert.pem" ] ) &&
|
||||
openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout $SASHIMONO_DATA/contract_template/cfg/tlskey.pem \
|
||||
-out $SASHIMONO_DATA/contract_template/cfg/tlscert.pem -subj "/C=HP/CN=$(jq -r '.hp.host_address' $SASHIMONO_DATA/sa.cfg)"
|
||||
|
||||
# Setup tls certs used for contract instance websockets.
|
||||
setup_tls_certs
|
||||
[ "$UPGRADE" == "0" ] && setup_tls_certs
|
||||
|
||||
# Install Sashimono agent binaries into sashimono bin dir.
|
||||
cp "$script_dir"/{sagent,hpfs,user-cgcreate.sh,user-install.sh,user-uninstall.sh,docker-registry-uninstall.sh} $SASHIMONO_BIN
|
||||
|
||||
@@ -27,7 +27,7 @@ appenv = {
|
||||
ORPHAN_PRUNE_SCHEDULER_INTERVAL_HOURS: 4,
|
||||
EXPIRE_INSTANCES_SCHEDULER_INTERVAL_SECONDS: 2,
|
||||
SASHI_CLI_PATH: appenv.IS_DEV_MODE ? "../build/sashi" : "/usr/bin/sashi",
|
||||
MB_VERSION: '0.5.20',
|
||||
MB_VERSION: '0.5.21',
|
||||
TOS_HASH: '757A0237B44D8B2BBB04AE2BAD5813858E0AECD2F0B217075E27E0630BA74314' // This is the sha256 hash of TOS text.
|
||||
}
|
||||
Object.freeze(appenv);
|
||||
|
||||
14
mb-xrpl/package-lock.json
generated
14
mb-xrpl/package-lock.json
generated
@@ -6,7 +6,7 @@
|
||||
"": {
|
||||
"name": "mb-xrpl",
|
||||
"dependencies": {
|
||||
"evernode-js-client": "0.5.12",
|
||||
"evernode-js-client": "0.5.14",
|
||||
"sqlite3": "5.0.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
@@ -937,9 +937,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/evernode-js-client": {
|
||||
"version": "0.5.12",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.12.tgz",
|
||||
"integrity": "sha512-9PfJBy9Su2+cG7qt9BXUnI1v6/rZ07wwc1KkGi0Ov/5cZ2tlkpqXXtdROF2JFmmWi8kOkR8Zbi60qBdrVOepLA==",
|
||||
"version": "0.5.14",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.14.tgz",
|
||||
"integrity": "sha512-VH/Pu9kELIXJ4vhtOIZGgcljsE+In4JpXsnuj89Rw7kt4vYRGOQWEJHxxmvGQQsfD9/pHPQFt6XR0gpnVoRi+A==",
|
||||
"dependencies": {
|
||||
"elliptic": "6.5.4",
|
||||
"libsodium-wrappers": "0.7.10",
|
||||
@@ -3931,9 +3931,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"evernode-js-client": {
|
||||
"version": "0.5.12",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.12.tgz",
|
||||
"integrity": "sha512-9PfJBy9Su2+cG7qt9BXUnI1v6/rZ07wwc1KkGi0Ov/5cZ2tlkpqXXtdROF2JFmmWi8kOkR8Zbi60qBdrVOepLA==",
|
||||
"version": "0.5.14",
|
||||
"resolved": "https://registry.npmjs.org/evernode-js-client/-/evernode-js-client-0.5.14.tgz",
|
||||
"integrity": "sha512-VH/Pu9kELIXJ4vhtOIZGgcljsE+In4JpXsnuj89Rw7kt4vYRGOQWEJHxxmvGQQsfD9/pHPQFt6XR0gpnVoRi+A==",
|
||||
"requires": {
|
||||
"elliptic": "6.5.4",
|
||||
"libsodium-wrappers": "0.7.10",
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
"build": "npm run lint && ncc build app.js --minify -o dist"
|
||||
},
|
||||
"dependencies": {
|
||||
"evernode-js-client": "0.5.12",
|
||||
"evernode-js-client": "0.5.14",
|
||||
"sqlite3": "5.0.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
namespace version
|
||||
{
|
||||
// Sashimono agent version. Written to new configs.
|
||||
constexpr const char *AGENT_VERSION = "0.5.20";
|
||||
constexpr const char *AGENT_VERSION = "0.5.21";
|
||||
|
||||
// Minimum compatible config version (this will be used to validate configs).
|
||||
constexpr const char *MIN_CONFIG_VERSION = "0.5.0";
|
||||
|
||||
Reference in New Issue
Block a user