stack/caucase: generate key / csr only once

If key or csr are already present, we should not re-run this openssl command which generates a new key and a new CSR.

stack/caucase: generate key / csr only once
If key or csr are already present, we should not re-run this openssl command which generates a new key and a new CSR.
618653e5 · Jérome Perrin · b136ac8f · 618653e5 · 618653e5
Commit 618653e5 authored Nov 09, 2020 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

stack/caucase/buildout.hash.cfg stack/caucase/buildout.hash.cfg +1 -1

stack/caucase/caucase.jinja2.library stack/caucase/caucase.jinja2.library +4 -1

No files found.
--- a/stack/caucase/buildout.hash.cfg
+++ b/stack/caucase/buildout.hash.cfg
@@ -15,4 +15,4 @@

 [caucase-jinja2-library]
 filename = caucase.jinja2.library
-md5sum = 9e64eca810ae0a184917dd466808dc4f
+md5sum = b8a5a93b8a7bacd6ebd4b6df24c7c828
--- a/stack/caucase/caucase.jinja2.library
+++ b/stack/caucase/caucase.jinja2.library
@@ -88,7 +88,10 @@ rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
 {%-   else -%}
 [{{ prefix }}-csr]
 recipe = plone.recipe.command
-command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
+command =
+  if [ ! -f '{{ key_path or crt_path }}' ] && [ ! -f '${:csr}' ] ; then
+    '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
+  fi
 {%-   endif %}
 csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
 {%- endif %}