X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-cert-cron;h=b69bc28e4913fb1333d917f3cb6ce50287ca6803;hb=refs%2Fheads%2Fmaster;hp=4202ccbd053926dd8b96521d1b9629e6f1829760;hpb=d67edcdca8795a4bca116aa532d02dda246a6f53;p=distro-setup

diff --git a/mail-cert-cron b/mail-cert-cron
index 4202ccb..b69bc28 100755
--- a/mail-cert-cron
+++ b/mail-cert-cron
@@ -1,13 +1,40 @@
 #!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
+interactive=false
 case $1 in
   # For first run, accept host key. Note, known_hosts is saved in /p.
   -1)
     opt=(-e 'ssh -oStrictHostKeyChecking=no')
+    shift
+    ;;
+  -i)
+    interactive=true
+    shift
     ;;
 esac
 
@@ -17,11 +44,22 @@ if [[ -e $f ]]; then
   source $f
 fi
 
+try() {
+  local ret=0
+  "$@" || ret=$?
+  if $interactive && (( ret >=1 )); then
+    echo "$0: ERROR: exit $ret on: $*"
+  fi
+}
+
+# note: when certificate is expired, you will get this in /var/log/mail.log when k-9 mail tries to fetch:
+# imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.8.0.4, TLS handshaking: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46, session=<EsdzzmAWosNKXpza
+
 case $HOSTNAME in
   $MAIL_HOST|bk)
     # ||: is to allow for temporary connection issues.
-    rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
-          root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||:
+    try rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
+          root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4
     if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
       echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
       exit 1