diff --git a/VERSION b/VERSION index abf5cfc..9810a3b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1.63 +0.1.64 diff --git a/bin/ih-setup b/bin/ih-setup index d17db2b..c38e520 100755 --- a/bin/ih-setup +++ b/bin/ih-setup @@ -52,10 +52,18 @@ declare -a IH_SETUP_DOMAINS # they are for the user to customize. export IH_CUSTOM_DIR="$IH_DIR/custom" +if [ ! -d "$IH_CUSTOM_DIR" ]; then + mkdir "$IH_CUSTOM_DIR" +fi + # The directory where IH shell default files are to be installed # These are files that may be overwritten during an upgrade export IH_DEFAULT_DIR="$IH_DIR/default" +if [ ! -d "$IH_DEFAULT_DIR" ]; then + mkdir "$IH_DEFAULT_DIR" +fi + # If a step sets this then the ih-setup script will # write out a warning to the user that they should # source their .rcs when the script is done. diff --git a/formula/ih-core.rb b/formula/ih-core.rb index 4785dcb..bf386aa 100644 --- a/formula/ih-core.rb +++ b/formula/ih-core.rb @@ -1,5 +1,5 @@ class IhCore < Formula - VERSION="0.1.63" + VERSION="0.1.64" desc "Brew formula for installing core tools used at Included Health engineering." homepage "https://github.com/ConsultingMD/homebrew-ih-public" license "CC BY-NC-ND 4.0" diff --git a/lib/core/certificates/step.sh b/lib/core/certificates/step.sh index 20dde32..25fbfc2 100644 --- a/lib/core/certificates/step.sh +++ b/lib/core/certificates/step.sh @@ -2,6 +2,13 @@ # IH_CORE_DIR will be set to the directory containing the bin and lib directories. +CA_DIR="$HOME/.ih/certs" +SOURCE_CA_PATH="$IH_CORE_LIB_DIR/core/certificates/certs/grand_rounds_chained_ca.pem" +INSTALLED_CA_PATH="$CA_DIR/grand_rounds_chained_ca.pem" +SOURCE_CERT_SCRIPT="$IH_CORE_LIB_DIR/core/certificates/default/11_certificates.sh" +INSTALLED_CERT_SCRIPT="$IH_DEFAULT_DIR/11_certificates.sh" +MOZILLA_PATH="$CA_DIR/mozilla.pem" + function ih::setup::core.certificates::help() { # shellcheck disable=SC2016 echo 'Trust the certificates used by the VPN DLP @@ -24,12 +31,20 @@ function ih::setup::core.certificates::help() { # Check if the step has been installed and return 0 if it has. # Otherwise return 1. function ih::setup::core.certificates::test() { + if [ ! -f "$INSTALLED_CERT_SCRIPT" ]; then + return 1 + fi - if [ ! -f "$IH_DEFAULT_DIR/11_certificates.sh" ]; then + if [ ! -d "$CA_DIR" ]; then return 1 fi - if [ ! -d "$HOME/.ih/certs" ]; then + # Compare both the CA cert and the certificates script with their sources + if [ ! -f "$INSTALLED_CA_PATH" ] || ! diff -q "$SOURCE_CA_PATH" "$INSTALLED_CA_PATH" >/dev/null; then + return 1 + fi + + if ! diff -q "$SOURCE_CERT_SCRIPT" "$INSTALLED_CERT_SCRIPT" >/dev/null; then return 1 fi @@ -42,10 +57,6 @@ function ih::setup::core.certificates::deps() { } function ih::setup::core.certificates::install() { - - local CA_DIR="$HOME/.ih/certs" - local CA_PATH="$CA_DIR/grand_rounds_chained_ca.pem" - local MOZILLA_PATH="$CA_DIR"/mozilla.pem mkdir -p "$CA_DIR" ih::log::info "Copying internal CA certs into $CA_DIR" @@ -85,7 +96,7 @@ function ih::setup::core.certificates::install() { return 1 fi # Append our DLP certs to the mozilla bundle. - cat "$CA_PATH" >>"$MOZILLA_PATH" + cat "$INSTALLED_CA_PATH" >>"$MOZILLA_PATH" # Download a CA cert that AWS sometimes uses, which is not # included in the Mozilla bundle. This affects a few people @@ -107,7 +118,7 @@ function ih::setup::core.certificates::install() { OPENSSL_FOUND=$? if [[ "$OPENSSL_FOUND" -eq 0 ]]; then ih::log::info "Copying internal CA cert to brew OpenSSL certs..." - cp "$CA_PATH" "$OPENSSL_PATH"/gr_root_ca.pem + cp "$INSTALLED_CA_PATH" "$OPENSSL_PATH"/gr_root_ca.pem REHASH_PATH=$(brew info openssl | grep -oE "/usr/local/opt/openssl.*") $REHASH_PATH fi @@ -115,5 +126,5 @@ function ih::setup::core.certificates::install() { ih::log::info "Rehashing brew OpenSSL certs..." "$(brew --prefix)"/opt/openssl/bin/c_rehash - cp -f "$IH_CORE_LIB_DIR/core/certificates/default/11_certificates.sh" "$IH_DEFAULT_DIR/11_certificates.sh" + cp -f "$SOURCE_CERT_SCRIPT" "$INSTALLED_CERT_SCRIPT" }