drops uniqueness requirement (#236)

2026-03-26 10:21:52 +00:00 · 2021-03-08 16:21:21 -07:00
parent 894fa21002
commit 91557c39e5
1 changed files with 15 additions and 0 deletions
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -125,6 +125,7 @@ sync_0_2_9 = Synchronizer
    , syncConvertEcdsaCerts
    , syncRestarterService
    , syncInstallEject
+    , syncDropCertificateUniqueness
    ]

 syncCreateAgentTmp :: SyncOp
@@ -595,6 +596,20 @@ syncUpgradeTor = SyncOp "Install Tor 0.3.5.12-1" check migrate False
            shell "apt-get update"
            shell "apt-get install -y tor=0.3.5.12-1"

+syncDropCertificateUniqueness :: SyncOp
+syncDropCertificateUniqueness = SyncOp "Eliminate OpenSSL unique_subject=yes" check migrate False
+    where
+        uni   = "unique_subject = no\n"
+        check = do
+            base         <- asks $ appFilesystemBase . appSettings
+            contentsRoot <- liftIO . BS.readFile . toS $ (rootCaDirectory <> "index.txt.attr") `relativeTo` base
+            contentsInt  <- liftIO . BS.readFile . toS $ (intermediateCaDirectory <> "index.txt.attr") `relativeTo` base
+            pure $ uni /= contentsRoot || uni /= contentsInt
+        migrate = do
+            base <- asks $ appFilesystemBase . appSettings
+            liftIO $ BS.writeFile (toS $ (rootCaDirectory <> "index.txt.attr") `relativeTo` base) uni
+            liftIO $ BS.writeFile (toS $ (intermediateCaDirectory <> "index.txt.attr") `relativeTo` base) uni
+
 failUpdate :: S9Error -> ExceptT Void (ReaderT AgentCtx IO) ()
 failUpdate e = do
    ref <- asks appIsUpdateFailed