[agent] Added "capath" argument and configuration option

This argument allows specifying a customized capath argument for curl.
openwisp · Apr 13, 2016 · d6294ce · d6294ce
1 parent c6b3f46
commit d6294ce
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 1 deletion.
diff --git a/README.rst b/README.rst
@@ -61,6 +61,7 @@ UCI configuration options must go in ``/etc/config/openwisp``.
 - ``unmanaged``: list of config sections which won't be overwritten, see `Unmanaged Configurations`_
 - ``test_config``: whether a new configuration must be tested before being considered applied, defaults to ``1``
 - ``test_script``: custom test script, read more about this feature in `Configuration test`_
+- ``capath``: custom ``--capath`` argument for curl, see `curl capath argument <https://curl.haxx.se/docs/manpage.html#--capath>`_
 
 Automatic registration
 ----------------------

diff --git a/openwisp-config/files/openwisp.agent b/openwisp-config/files/openwisp.agent
@@ -12,6 +12,7 @@ while [ -n "$1" ]; do
 		--unmanaged) export UNMANAGED="$2"; shift;;
 		--test-config) export TEST_CONFIG="$2"; shift;;
 		--test-script) export TEST_SCRIPT="$2"; shift;;
+		--capath) export CAPATH="$2"; shift;;
 		-*)
 			echo "Invalid option: $1"
 			exit 1
@@ -38,6 +39,7 @@ fi
 INTERVAL=${INTERVAL:-120}
 VERIFY_SSL=${VERIFY_SSL:-1}
 TEST_CONFIG=${TEST_CONFIG:-1}
+CAPATH=${CAPATH:-/etc/ssl/certs}
 WORKING_DIR="/tmp/openwisp"
 BASEURL="$URL/controller"
 CONFIGURATION_ARCHIVE="$WORKING_DIR/configuration.tar.gz"
@@ -57,6 +59,10 @@ if [ "$VERIFY_SSL" != "1" ]; then
 	FETCH_COMMAND="$FETCH_COMMAND -k"
 fi
 
+if [ -n "$CAPATH" ]; then
+	FETCH_COMMAND="$FETCH_COMMAND --capath $CAPATH"
+fi
+
 if [ -n "$UNMANAGED" ]; then
 	# replace commas with spaces
 	UNMANAGED=$(echo $UNMANAGED | tr ',' ' ')

diff --git a/openwisp-config/files/openwisp.config b/openwisp-config/files/openwisp.config
@@ -18,3 +18,4 @@ config controller 'http'
 	list unmanaged 'network.wan'
 	list unmanaged 'network.@switch'
 	list unmanaged 'network.@switch_vlan'
+	#option capath '/etc/ssl/certs'
diff --git a/openwisp-config/files/openwisp.init b/openwisp-config/files/openwisp.init
@@ -17,6 +17,7 @@ start_service() {
 	unmanaged=$(config_get http unmanaged)
 	test_config=$(config_get http test_config)
 	test_script=$(config_get http test_script)
+	capath=$(config_get http capath)
 	if [ $url ]; then url="--url $url"; fi
 	if [ $interval ]; then interval="--interval $interval"; fi
 	if [ $verify_ssl ]; then verify_ssl="--verify-ssl $verify_ssl"; fi
@@ -31,6 +32,7 @@ start_service() {
 	fi
 	if [ $test_config ]; then test_config="--test-config $test_config"; fi
 	if [ $test_script ]; then test_script="--test-script $test_script"; fi
+	if [ $capath ]; then capath="--capath $capath"; fi
 
 	if [ -z "$url" ]; then
 		logger -s "url is not set, please add it in /etc/config/openwisp" \
@@ -47,7 +49,7 @@ start_service() {
 	fi
 
 	procd_open_instance
-	procd_set_param command $PROG $url $interval $verify_ssl $uuid $key \
+	procd_set_param command $PROG $url $interval $verify_ssl $uuid $key $capath \
 	                        $shared_secret $unmanaged $test_config $test_script
 	procd_set_param respawn
 	procd_close_instance