prosodyctl cert: If running as root, write certificate files to config directory (fixes #530)
--- a/prosodyctl Wed Apr 19 20:38:55 2017 +0200
+++ b/prosodyctl Wed Apr 19 20:39:47 2017 +0200
@@ -697,9 +697,16 @@
end
end
+local cert_basedir = CFG_DATADIR or "./certs";
+if have_pposix and pposix.getuid() == 0 then
+ -- FIXME should be enough to check if this directory is writable
+ local cert_dir = config.get("*", "certificates") or "certs";
+ cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir);
+end
+
function cert_commands.config(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
+ local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf";
if use_existing(conf_filename) then
return nil, conf_filename;
end
@@ -760,7 +767,7 @@
function cert_commands.key(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
+ local key_filename = cert_basedir .. "/" .. arg[1] .. ".key";
if use_existing(key_filename) then
return nil, key_filename;
end
@@ -782,7 +789,7 @@
function cert_commands.request(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
+ local req_filename = cert_basedir .. "/" .. arg[1] .. ".req";
if use_existing(req_filename) then
return nil, req_filename;
end
@@ -800,7 +807,7 @@
function cert_commands.generate(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
+ local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt";
if use_existing(cert_filename) then
return nil, cert_filename;
end