From ee1c66d0c2d1c062b60740e2e03777bbca8d03d9 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Wed, 24 Feb 2021 16:23:48 -0700
Subject: [PATCH] appmgr: bugfix: use fullchain cert

---
 appmgr/src/nginx-standard.conf.template |  2 +-
 appmgr/src/tor.rs                       | 26 +++++++++++++++++++++++++
 appmgr/src/util.rs                      |  1 +
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/appmgr/src/nginx-standard.conf.template b/appmgr/src/nginx-standard.conf.template
index 607d36b92..d623d353d 100644
--- a/appmgr/src/nginx-standard.conf.template
+++ b/appmgr/src/nginx-standard.conf.template
@@ -1,7 +1,7 @@
 server {{
     listen 443 ssl;
     server_name {hostname}.local;
-    ssl_certificate /root/appmgr/apps/{app_id}/cert-local.crt.pem;
+    ssl_certificate /root/appmgr/apps/{app_id}/cert-local.fullchain.crt.pem;
     ssl_certificate_key /root/appmgr/apps/{app_id}/cert-local.key.pem;
     location / {{
         proxy_pass http://{app_ip}:{internal_port}/;
diff --git a/appmgr/src/tor.rs b/appmgr/src/tor.rs
index bc8f18a69..493280733 100644
--- a/appmgr/src/tor.rs
+++ b/appmgr/src/tor.rs
@@ -302,6 +302,32 @@ pub async fn write_lan_services(hidden_services: &ServicesMap) -> Result<(), Err
                             .invoke("OpenSSL GenKey")
                             .await?;
                     }
+                    let fullchain_path = base_path.join("cert-local.fullchain.crt.pem");
+                    if !fullchain_path.exists().await {
+                        let mut fullchain_file = fullchain_path.write(None).await?;
+                        tokio::io::copy(
+                            &mut tokio::fs::File::open(&cert_path).await?,
+                            &mut *fullchain_file,
+                        )
+                        .await?;
+                        tokio::io::copy(
+                            &mut tokio::fs::File::open(
+                                "/root/agent/ca/intermediate/certs/embassy-int-ca.crt.pem",
+                            )
+                            .await?,
+                            &mut *fullchain_file,
+                        )
+                        .await?;
+                        tokio::io::copy(
+                            &mut tokio::fs::File::open(
+                                "/root/agent/ca/certs/embassy-int-ca.crt.pem",
+                            )
+                            .await?,
+                            &mut *fullchain_file,
+                        )
+                        .await?;
+                        fullchain_file.commit().await?;
+                    }
                     f.write_all(
                         format!(
                             include_str!("nginx-standard.conf.template"),
diff --git a/appmgr/src/util.rs b/appmgr/src/util.rs
index 530707399..5d6ab00da 100644
--- a/appmgr/src/util.rs
+++ b/appmgr/src/util.rs
@@ -137,6 +137,7 @@ impl PersistenceFile {
         if let Some(mut file) = self.file.take() {
             file.flush().await?;
             file.shutdown().await?;
+            file.sync_all().await?;
             drop(file);
         }
         if let Some(path) = self.needs_commit.take() {