Replace ssl certificate

ambipur · September 4, 2016, 10:16pm

I have replaced the self signed ssl certificates with not self signed ones, but syncthing somehow regenerates the original certificate when I restart the service. Has anybody an idea?

Nutomic · September 4, 2016, 11:07pm

What’s does Syncthing print in the logs when you start it?

kluppy · September 5, 2016, 4:47am

Sounds like you may be using a script to start syncthing that uses a different home location than you expect.

ambipur · September 5, 2016, 5:26pm

I am using on Debian 8 the following init script located at /etc/init.d

#!/bin/sh

### BEGIN INIT INFO
# Provides:          syncthing
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Should-Start:      $network
# Should-Stop:       $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Multi-user daemonized version of syncthing.
# Description:       Starts the syncthing daemon for all registered users.
### END INIT INFO

# Replace with users you want to run syncthing clients for
syncthing_USERS="root"
LOGFILE=/var/log/syslog
DAEMON=/usr/bin/syncthing

startd() {
  for stuser in $syncthing_USERS; do
    HOMEDIR=$(getent passwd $stuser | awk -F: '{print $6}')
    if [ -f $config ]; then
      echo "Starting syncthing for $stuser"
      start-stop-daemon -b -o -c $stuser -S -u $stuser -x $DAEMON
    else
      echo "Couldn't start syncthing for $stuser (no $config found)"
    fi
  done
}

stopd() {
  for stuser in $syncthing_USERS; do
    dbpid=$(pgrep -fu $stuser $DAEMON)
    if [ ! -z "$dbpid" ]; then
      echo "Stopping syncthing for $stuser"
      start-stop-daemon -o -c $stuser -K -u $stuser -x $DAEMON
    fi
  done
}

status() {
  for stuser in $syncthing_USERS; do
    dbpid=$(pgrep -fu $stuser $DAEMON)
    if [ -z "$dbpid" ]; then
      echo "syncthing for USER $stuser: not running."
    else
      echo "syncthing for USER $stuser: running (pid $dbpid)"
    fi
  done
}

case "$1" in
  start) startd
    ;;
  stop) stopd
    ;;
  restart|reload|force-reload) stopd && startd
    ;;
  status) status
    ;;
  *) echo "Usage: /etc/init.d/syncthing {start|stop|reload|force-reload|restart|status}"
     exit 1
   ;;
esac

exit 0

ambipur · September 5, 2016, 5:34pm

According to the init script above, I suppose I should see in /var/log/syslog at least I have started or stopped syncthing, but grepping the syslog about sync, I get nothing. Can I configure syncthing log level somehow?

canton7 · September 5, 2016, 6:39pm

My guess is that it’ll be putting the certs in /root/.config/syncthing

calmh · September 5, 2016, 6:51pm

That init script is really, really bad. You should stop using it in favor of one of the alternatives we ship, and complain loudly to whomever gave it to you. It’s essentially blind luck that it manages to start Syncthing at all.

Why the actual fuck does [ -f $undefinedVariable ] evaluate to true? I’m attributing that to some POSIX compatibility damage, and the script above depends on it… Bash, correctly used, avoids that bug at least.

xor-gate · September 5, 2016, 7:22pm

Who uses nasty SYS-V init scripts when systemd is available should be punished . *BSD is the exception.

system · October 5, 2016, 7:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.