From b85c294ce43b6abfa354851fe09317a051546854 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Pialasse Date: Wed, 10 Sep 2025 22:28:44 -0400 Subject: [PATCH] * Wed Sep 10 2025 Jean-Philippe Pialasse 11.0-9.sme - fix unexpected behaviour when item set as disabled [SME: 13136] rewrite of 10Domains fragment --- .../etc/dehydrated/domains.txt/10Domains | 187 +++++++----------- smeserver-certificates.spec | 8 +- 2 files changed, 79 insertions(+), 116 deletions(-) diff --git a/root/etc/e-smith/templates/etc/dehydrated/domains.txt/10Domains b/root/etc/e-smith/templates/etc/dehydrated/domains.txt/10Domains index 39a9ea4..346191f 100644 --- a/root/etc/e-smith/templates/etc/dehydrated/domains.txt/10Domains +++ b/root/etc/e-smith/templates/etc/dehydrated/domains.txt/10Domains @@ -2,132 +2,91 @@ use strict; use warnings; use esmith::ConfigDB; + + # $domain : current domain name + # $DomainName : primary domain name + # $domainname : domain name related to current host my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); my $domainsDB = esmith::ConfigDB->open_ro('domains') or die("can't connect to domains database"); my $hostsDB = esmith::ConfigDB->open_ro('hosts') or die("can't connect to hosts database"); - - # my $dbKey = 'domain'; - - # my $systemMode = $configDB->get("SystemMode")->value; - - # if ( $systemMode ne 'servergateway' ) { - # $OUT .= "# System not in Server Gateway mode\n"; - # } - + my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled'; - - if ( $letsencryptStatus ne 'disabled' ) { - - # This should get all the connections in an array - - my @domains = $domainsDB->keys; - my @hosts = $hostsDB->keys; - - # print "@domains\n"; - - # Need to check here if we want ALL set - # all, domains, hosts, both, none - my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none'; - - # First get all the domains - # We could do this BUT only once as the array drops $vars - - # my $dom = shift @domains; - - # Patch from JPP - # Put Primary domain at top - my $DomainName = $configDB->get('DomainName')->value; - my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' ) - || 'disabled'; - $OUT .= "$DomainName " unless $mainDomainStatus eq 'disabled'; - - foreach my $domain (@domains) { - - # If we are all or domains then lets do all regardless - if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) { - - # Check for self - #my $domainStatus = - # $domainsDB->get_prop( "Nameservers", 'HostType' ) || ''; - # - #if ( $domainStatus eq 'Localhost' ) { - $OUT .= "$domain "; - - #} - } - - else { - my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' ) - || 'disabled'; - - if ( $domainEnabled eq 'enabled' ) { - $OUT .= "$domain " unless $DomainName eq $domain; - } - } - - # Now check for hosts - - # Buggered if I remember why we check that - # the host has a domain name in domains ! - # Must have been a reason - - foreach my $fqdn (@hosts) { - - # If we are set to all or hosts just do it - if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) { - $OUT .= "$fqdn " unless $DomainName eq $fqdn; - } - - # Just do selected entries - else { - # Lets get the hostname - my $hostname = $fqdn; - $hostname =~ s/\..*//; - - # print "$hostname\n"; - - # Lets get the domain name - my $domainname = $fqdn; - $domainname =~ s/.*?\.//; - - # print "$domainname\n"; - - # is the domain name from the hosts file - # the same as that in the domains file ? - my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' ) + + return "# letsencrypt is disabled\n" if ( $letsencryptStatus if 'disabled' ) ; + + # if disabled will only ask certs for host pointing to self. + # if set otherwise, will try to get one even if host set as remote or local. + my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' ) || 'disabled'; - - if ( $domainname eq $domain && $hostEnabled eq 'enabled' ) { - - # Are we self ? - my $type = $hostsDB->get_prop( "$fqdn", 'HostType' ); - my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' ) - || 'disabled'; - - # print "Override $hostOverride"; - - if ( $hostOverride eq 'yes' ) { - $OUT .= "$fqdn " unless $DomainName eq $fqdn; - } - - elsif ( $type eq 'Self' ) { - - # print "Here: $fqdn $type\n"; - $OUT .= "$fqdn " unless $DomainName eq $fqdn; - } - - } - } + + my @domains = $domainsDB->keys; + my @hosts = $hostsDB->keys; + + # Need to check here if we want ALL set if not explicitly disabled + # all, domains, hosts, both, none + my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none'; + + # Put Primary domain at top : needs to be the main cert domain. + my $DomainName = $configDB->get('DomainName')->value; + my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' ) + || 'disabled'; + $OUT = "$DomainName " unless $mainDomainStatus eq 'disabled'; + + foreach my $domain (@domains) { + + # If default set to all or domains then do all except if explicitly disabled + if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) { + my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' ) + || 'enabled'; + $OUT .= "$domain " unless ( $domainEnabled eq 'disabled' || $DomainName eq $domain) ; + } + # otherwise only do if explicitly enabled + else { + my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' ) + || 'disabled'; + if ( $domainEnabled eq 'enabled' ) { + $OUT .= "$domain " unless $DomainName eq $domain; } } + + # Now check for this domain hosts + foreach my $fqdn (@hosts) { + + # exclude host identical to primary domain, already done + next if $DomainName eq $fqdn; + # exclude host identical to current domain, already done + next if $domain eq $fqdn; - } + # overide hostOverride : default disabled do not ask if host is not self + my $type = $hostsDB->get_prop( "$fqdn", 'HostType' ) || "Self"; + next unless ( $type eq "Self" || $hostOverride eq "disabled"); - else { - $OUT .= "# letsencrypt is disabled\n"; + # check if host related to current domain + # Lets get the hostname + my $hostname = $fqdn; + $hostname =~ s/\..*//; + # Lets get the domain name + my $domainname = $fqdn; + $domainname =~ s/.*?\.//; + next unless ($domainname eq $domain); + + # If we are set to all or hosts just do it + if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) { + my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' ) + || 'enabled'; + $OUT .= "$fqdn " unless $hostEnabled eq 'disabled'; + } + else { + # the same as that in the domains file ? + my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' ) + || 'disabled'; + $OUT .= "$fqdn " unless $hostEnabled eq 'disabled'; + + } + } } } diff --git a/smeserver-certificates.spec b/smeserver-certificates.spec index eaa123c..ef7bdbc 100644 --- a/smeserver-certificates.spec +++ b/smeserver-certificates.spec @@ -1,6 +1,6 @@ %define name smeserver-certificates %define version 11.0 -%define release 8 +%define release 9 Summary: This is what smeserver-certificates does. Name: %{name} Version: %{version} @@ -25,8 +25,12 @@ AutoReqProv: no %changelog +* Wed Sep 10 2025 Jean-Philippe Pialasse 11.0-9.sme +- fix unexpected behaviour when item set as disabled [SME: 13136] + rewrite of 10Domains fragment + * Mon Aug 25 2025 John Crisp 11.0-8.sme -- Set KEY_ALFO default to rsa - thanks Knuddi [SME: 13109] +- Set KEY_ALGO default to rsa - thanks Knuddi [SME: 13109] - bump server-manager version * Fri Jun 27 2025 Brian Read 11.0-7.sme