stack/caucase: generate key / csr only once

If key or csr are already present, we should not re-run this openssl command which generates a new key and a new CSR.

stack/caucase: generate key / csr only once
If key or csr are already present, we should not re-run this openssl command which generates a new key and a new CSR.
355aa844 · Jérome Perrin · 002e4185 · 355aa844 · 355aa844
Commit 355aa844 authored Nov 09, 2020 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

stack/caucase/buildout.hash.cfg stack/caucase/buildout.hash.cfg +1 -1

stack/caucase/caucase.jinja2.library stack/caucase/caucase.jinja2.library +4 -1

No files found.
--- a/stack/caucase/buildout.hash.cfg
+++ b/stack/caucase/buildout.hash.cfg
@@ -15,4 +15,4 @@

 [caucase-jinja2-library]
 filename = caucase.jinja2.library
-md5sum = 2e7e61bb0cf41c28d6d811a0283cf03e
+md5sum = a59dec6d2ecc1cc4dcd0292d571c79d8
--- a/stack/caucase/caucase.jinja2.library
+++ b/stack/caucase/caucase.jinja2.library
@@ -88,7 +88,10 @@ rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
 {%-   else -%}
 [{{ prefix }}-csr]
 recipe = plone.recipe.command
-command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
+command =
+  if [ ! -f '{{ key_path or crt_path }}' ] && [ ! -f '${:csr}' ] ; then
+    '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
+  fi
 {%-   endif %}
 csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
 {%- endif %}