Updated Unifi deploy hook to use openssl's pkcs12 instead of Java Keytool after Ubiquiti removed it, update system configuration for stronger ciphers, and back up existing certificates prior to change.

pull/5246/head^2
3VAbdAVE 2024-08-11 22:39:47 -04:00
parent b1d019146a
commit 57da04b5ec
1 changed files with 4 additions and 3 deletions

View File

@ -104,6 +104,7 @@ unifi_deploy() {
_debug "Generate import pkcs12" _debug "Generate import pkcs12"
_import_pkcs12="$(_mktemp)" _import_pkcs12="$(_mktemp)"
_debug "_toPkcs $_import_pkcs12 $_ckey $_ccert $_cca $_unifi_keypass unifi root"
_toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
@ -154,8 +155,8 @@ unifi_deploy() {
rm "$_import_pkcs12" rm "$_import_pkcs12"
# Restarting unifi-core will bring up unifi, doing it out of order results in # Restarting unifi-core will bring up unifi, doing it out of order results in
# a certificate error, and may break wifiman. (unconfirmed) # a certificate error, and breaks wifiman.
# Restart if we aren't doing unifi-core, otherwise stop and let unifi-core restart it. # Restart if we aren't doing unifi-core, otherwise stop for later restart.
if systemctl -q is-active unifi; then if systemctl -q is-active unifi; then
if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then
_reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi" _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi"