search

cozy / cozy-debian

Cozy Debian package
13 stars 4 forks source link

Signed SSL Cert Wiped Out #31

Closed vectr0n closed 8 years ago

vectr0n commented 8 years ago

When running apt-get update with the most recent cozy changes, it seems a change has been made to integrate letsencrypt certificates into Cozy Cloud. The new dialog that allows you to generate a self signed certificate, letsencrypt certificate, or none at all. Seeing as I have a signed certificate for Cozy I selected none, but to my surprise it has wiped out my signed certificate/key and replaced it with a self signed certificate/key.

nledez commented 8 years ago

As @clochix can say in other place. I fix a typo in a990aab62eb0607b134112ee6708dea7a867d582.

Another posibly root cause is the filetype of '/etc/cozy/server.crt':

root@cozy-deb-8:~# ls -l /etc/cozy/
total 24
drwx------ 2 cozy             root 4096 May 18 09:43 acme
drwxr-xr-x 2 cozy             root 4096 May 18 09:43 certs
-rw-r----- 1 cozy-data-system root   18 May 18 09:42 couchdb.login
-r-------- 1 cozy             root  424 May 18 09:43 dh.pem
-rw-r--r-- 1 cozy             root  333 May 17 12:58 self-hosting.json
lrwxrwxrwx 1 cozy             root   43 May 18 09:43 server.crt -> /etc/cozy/certs/cozy-deb-8.cozycloud.cc.crt
lrwxrwxrwx 1 cozy             root   43 May 18 09:43 server.key -> /etc/cozy/certs/cozy-deb-8.cozycloud.cc.key
-rw------- 1 cozy             root   32 May 18 09:42 stack.token

These files must be symbolic links.

clochix commented 8 years ago

@nledez to be sure this won't ever happen again, could we replace all file deletion in our script and cozy_management by mv foo foo.bak. This would protect against errors in our scripts and mistakes from the user.

vectr0n commented 8 years ago

Because of this issue I no longer trust Cozy Cloud with my data, who's to say that another typo in an update won't wipe out all my files? Yes backups are important, but this whole ordeal made me no longer trust Cozy Cloud and I will never recommend it to anyone going forward.

frankrousseau commented 8 years ago

Hello @vectr0n, we are sad to read your story. As you noticed @clochix and @nledez took it very seriously and fixed the problem as soon as possible. We apologize for what happened and hope that losing your certificate was not too harmful. Thank you for taking time to write a bug report. It will avoid other people to face the same issue.

clochix commented 8 years ago

Closing as the source of this issue has been fixed for some days now.