* Sun Mar 16 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-31.sme

- handle dh params with template [SME: 12826]
 TODO timer and event
- foolproofing dummy.module

root/etc/e-smith/templates/etc/crontab/dhgenerate

@@ -0,0 +1,8 @@
+{
+use esmith::ssl;
+my $folder="/home/e-smith/dh.pem";
+my $KeySize = 4096;
+$OUT = "#4096 dhparam exists";
+$OUT = '@reboot root sleep 2d && /sbin/e-smith/signal-event dhparam-update'."\n" unless (dh_exists_good_size($KeySize,"$folder/$KeySize.pem"));
+}
+

root/etc/e-smith/templates/home/e-smith/dh.pem

@@ -0,0 +1,35 @@
+{
+    use esmith::ssl;
+    # for the generation of originals in /home/e-smith/dh.pem/ 
+    # we check that 4096 exist, if not we default to 2048. If not we generate it
+    # for replication : we copy what we have
+
+    my $DHSize = $modSSL{DHSize} ||'4096';
+    my $key = "/home/e-smith/dh.pem";
+    for my $DHSize (qw(4096 2048))
+    {
+			# if key exists and good size, we use it
+			if ( dh_exists_good_size($DHSize,"$key/$DHSize.pem") )
+			{
+				# Old key file is still good. Read it out - processTemplate will work
+				# out that it hasn't changed, and leave the old one in place
+				open(K, "$key/$DHSize.pem") or die "Couldn't open key file: $!";
+				my @key = <K>;
+				chomp @key;
+				$OUT = join "\n", @key;
+				close(K);
+				return;
+			}
+    }
+    # if nothing have ever been generated we call the action script as program
+    # it will generate a 2048, which 'should' be faster than 4096
+    # later if uptime is sufficient 4096 will be generated.
+    my $program = "/etc/e-smith/events/actions/dhgenerator";
+    system($program);
+    open(K, "$key/2048.pem") or die "Couldn't open dh file: $!";
+    my @key = <K>;
+    chomp @key; 
+    $OUT = join "\n", @key;
+    close(K);
+    return;
+}