-
Notifications
You must be signed in to change notification settings - Fork 214
Description
Hi,
I have the following challenge: in my ansible automation, I need to create a passbolt.php to define the CA-file for the communication with a mail server (local CA):
'EmailTransport' => [
...
'context' => [
'ssl' => [
'cafile' => '/usr/local/share/ca-certificates/my_root_certificate.crt'
],
],
...
];
By definining the passbolt.php the fingerprint of the automatically generated certificates is no longer extracted because of these lines:
passbolt_docker/scripts/entrypoint/passbolt/entrypoint.sh
Lines 96 to 98 in e51a518
| if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$passbolt_config/passbolt.php" ]; then | |
| gpg_auto_fingerprint="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)" | |
| export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint |
Now, I had to implement a GPG key generation process and the fingerprint extraction in ansible, which is basically already present in your code.
Would it be possible to extend the if clause in the code snippet by some kind of flag that enables the automatic fingerprint handling even if a passbolt.php file is present? Is there maybe a different way of achieving my goal?