update.sh: Core 194 - increment ipsec serial file if x509 set exists

- This is related to the fix patch set for bug13737. That patch set works with no problems
   if the root/host x509 set is created for the first time with that patch set merged.
   However if the x509 is already created previously then the contents of serial will
   still be 01 instead of 02.
- This patch checks if the hostcert.pm file exists and that the index.txt file is empty,
   and then increments the serial content from 01 to 02. This means that when the x509
   is regenerated the system will not complain that 01 cannot be used as it has already
   been revoked but will use 02 for the new host and everything works fine after that.

Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/core/194/update.sh b/config/rootfiles/core/194/update.sh
index e1e9dde9b3918549b3ee79ce2463335f7cc5df04..2ab4ca2a22232a3d71309093acfcf9290f220dd3 100644 (file)
--- a/config/rootfiles/core/194/update.sh
+++ b/config/rootfiles/core/194/update.sh
@@ -103,6 +103,11 @@ ldconfig
 # Filesytem cleanup
 /usr/local/bin/filesystem-cleanup
 
+# Increment ipsec serial file if x509 certificates present and no content in index.txt
+if [ -e /var/ipfire/certs/hostcert.pm ] && [ -z /var/ipfire/certs/index.txt]; then
+    sed -i "s/01/02/" /var/ipfire/certs/serial
+fi
+
 # Start services
 /etc/init.d/ipsec restart
 /etc/init.d/suricata restart