Fix/integration/0.2.11 (#265)

* backports tor security fix to 0.2.10, adds functionality to allow for ssh key management during an update (#263) * actually upgrade to 0.3.5.14-1 * update lan services on backup restore * reload nginx, update welcome message, move reset lan to handler * moves lan refresh after backup restore to asynchronous part of restore * fix certificate generation * match guards Co-authored-by: Keagan McClelland <keagan.mcclelland@gmail.com>
2026-03-30 12:11:56 +00:00 · 2021-03-19 16:50:52 -06:00
parent 5b8f27e53e
commit 11b007a31d
8 changed files with 80 additions and 22 deletions
--- a/appmgr/src/backup.rs
+++ b/appmgr/src/backup.rs
@@ -1,3 +1,4 @@
+use std::os::unix::process::ExitStatusExt;
 use std::path::Path;

 use argon2::Config;
@@ -10,6 +11,7 @@ use serde::Serialize;
 use crate::util::from_yaml_async_reader;
 use crate::util::to_yaml_async_writer;
 use crate::util::Invoke;
+use crate::util::PersistencePath;
 use crate::version::VersionT;
 use crate::Error;
 use crate::ResultExt;
@@ -224,6 +226,28 @@ pub async fn restore_backup<P: AsRef<Path>>(
    }

    crate::tor::restart().await?;
+    // Delete the fullchain certificate, so it can be regenerated with the restored tor pubkey address
+    PersistencePath::from_ref("apps")
+        .join(&app_id)
+        .join("cert-local.fullchain.crt.pem")
+        .delete()
+        .await?;
+    crate::tor::write_lan_services(
+        &crate::tor::services_map(&PersistencePath::from_ref(crate::SERVICES_YAML)).await?,
+    )
+    .await?;
+    let svc_exit = std::process::Command::new("service")
+        .args(&["nginx", "reload"])
+        .status()?;
+    crate::ensure_code!(
+        svc_exit.success(),
+        crate::error::GENERAL_ERROR,
+        "Failed to Reload Nginx: {}",
+        svc_exit
+            .code()
+            .or_else(|| { svc_exit.signal().map(|a| 128 + a) })
+            .unwrap_or(0)
+    );

    Ok(())
 }
--- a/appmgr/src/util.rs
+++ b/appmgr/src/util.rs
@@ -110,6 +110,14 @@ impl PersistencePath {
    pub async fn for_update(self) -> Result<UpdateHandle<ForRead>, Error> {
        UpdateHandle::new(self).await
    }
+
+    pub async fn delete(&self) -> Result<(), Error> {
+        match tokio::fs::remove_file(self.path()).await {
+            Ok(()) => Ok(()),
+            Err(k) if k.kind() == std::io::ErrorKind::NotFound => Ok(()),
+            e => e.with_code(crate::error::FILESYSTEM_ERROR),
+        }
+    }
 }

 #[derive(Debug)]