From e5edcc37dafdc38b7b7f993902fdaa4fe0d56dd2 Mon Sep 17 00:00:00 2001 From: Starttoaster Date: Thu, 30 Nov 2023 21:09:05 -0800 Subject: [PATCH 1/2] Check if harvester cert matches defined CA cert --- docker-entrypoint.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4844d83..17fae88 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -15,8 +15,13 @@ cd /chia-blockchain || exit 1 chia ${chia_args} init --fix-ssl-permissions if [[ -n ${ca} ]]; then - # shellcheck disable=SC2086 - chia ${chia_args} init -c "${ca}" + openssl verify -CAfile ${ca}/private_ca.crt ${CHIA_ROOT}/config/ssl/harvester/private_harvester.crt &>/dev/null + if [ ${?} -ne 0 ]; then + echo "initializing from new CA" + chia ${chia_args} init -c "${ca}" + else + echo "using existing CA" + fi fi # Enables whatever the default testnet is for the version of chia that is running From 4d65e4e2f6041bed75c6c457bea5b8b2d5af4e25 Mon Sep 17 00:00:00 2001 From: Starttoaster Date: Thu, 30 Nov 2023 21:41:29 -0800 Subject: [PATCH 2/2] Fix lint --- docker-entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 17fae88..0be1f4a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -15,9 +15,9 @@ cd /chia-blockchain || exit 1 chia ${chia_args} init --fix-ssl-permissions if [[ -n ${ca} ]]; then - openssl verify -CAfile ${ca}/private_ca.crt ${CHIA_ROOT}/config/ssl/harvester/private_harvester.crt &>/dev/null - if [ ${?} -ne 0 ]; then + if ! openssl verify -CAfile "${ca}/private_ca.crt" "${CHIA_ROOT}/config/ssl/harvester/private_harvester.crt" &>/dev/null; then echo "initializing from new CA" + # shellcheck disable=SC2086 chia ${chia_args} init -c "${ca}" else echo "using existing CA"