opengnsys
/
ogclone-engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'refs #2184 make stunnel use and/or verify tls' (#52) from stunnel-usetls into main
ogclient/pipeline/head This commit looks good Details
ogclient/pipeline/tag This commit looks good Details 

Reviewed-on: #52
pull/53/head 0.14.0
Natalia Serrano 2025-06-06 11:59:02 +02:00
parent 4df8caa203 df7d8d96cb
commit 357c94e9ea
2 changed files with 48 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.14.0] - 2025-06-07
### Changed
- Read $ogusetls and $ogverifytls from the environment and configure stunnel accordingly
## [0.13.9] - 2025-06-04
### Fixed

47
ogclient/etc/preinit/otherservices.sh
View File

@ -13,12 +13,49 @@ ogIsEfiActive && mount -t efivarfs none /sys/firmware/efi/efivars
# Lanzar servicios complementarios del cliente.
echo "${MSG_OTHERSERVICES:-.}"
# Iniciar stunnel
if [ -e /etc/stunnel/menu.conf ]; then
sed -i -e "s/__OGCORE_IP__/$ogcore/; s/__OGCORE_PORT__/8443/" /etc/stunnel/menu.conf
mkdir -p /var/run/stunnel4; chown stunnel4:stunnel4 /var/run/stunnel4
stunnel /etc/stunnel/menu.conf &>/var/log/stunnel4/menu.log &
# stunnel start
cat >/etc/stunnel/menu.conf <<__EOF__
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/menu.pid
foreground = yes
debug = info
[menu]
client = yes
accept = 127.0.0.1:81
connect = $ogcore:8443
__EOF__
if [[ true == "$ogusetls" ]]; then
if [[ true == "$ogverifytls" ]]; then
## use tls and verify
cat >>/etc/stunnel/menu.conf <<__EOF__
cert = /opt/opengnsys/etc/ogagent.crt
key = /opt/opengnsys/etc/ogagent.key
CAfile = /opt/opengnsys/etc/ca.crt
requireCert = yes
verifyChain = yes
__EOF__
else
## use tls but not verify
cat >>/etc/stunnel/menu.conf <<__EOF__
cert = /opt/opengnsys/etc/ogagent.crt
key = /opt/opengnsys/etc/ogagent.key
CAfile = /opt/opengnsys/etc/ca.crt
requireCert = no
verifyChain = no
__EOF__
fi
else
## don't use tls
cat >>/etc/stunnel/menu.conf <<__EOF__
requireCert = no
verifyChain = no
__EOF__
fi
mkdir -p /var/run/stunnel4; chown stunnel4:stunnel4 /var/run/stunnel4
stunnel /etc/stunnel/menu.conf &>/var/log/stunnel4/menu.log &
# stunnel end
# Iniciar dbus
if [ -e /etc/dbus-1/system.d/ogbrowser.conf ]; then