assuming a readonly root, if we gen certs, don't overwrite the originals

caolanm · caolanm · commit 0db285301179 · 2025-03-07T16:10:03.000Z
Signed-off-by: Caolán McNamara &lt;caolan.mcnamara@collabora.com&gt;
Change-Id: Id1077ff63203f74f4802af087558a6ae652fbcf1
diff --git a/docker/from-packages/scripts/start-collabora-online.sh b/docker/from-packages/scripts/start-collabora-online.sh
@@ -21,10 +21,11 @@ else
 openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=${cert_domain}"
 fi
 openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131
-mv -f certs/servers/localhost/privkey.pem /etc/coolwsd/key.pem
-mv -f certs/servers/localhost/cert.pem /etc/coolwsd/cert.pem
-mv -f certs/ca/root.crt.pem /etc/coolwsd/ca-chain.cert.pem
+cert_params="\
+ --o:ssl.cert_file_path=/tmp/ssl/certs/servers/localhost/cert.pem \
+ --o:ssl.key_file_path=/tmp/ssl/certs/servers/localhost/privkey.pem \
+ --o:ssl.ca_file_path=/tmp/ssl/certs/ca/root.crt.pem"
 fi
 
 # Start coolwsd
-exec /usr/bin/coolwsd --version --use-env-vars --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --o:cache_files.path=/opt/cool/cache --o:logging.color=false --o:stop_on_config_change=true ${extra_params} "$@"
+exec /usr/bin/coolwsd --version --use-env-vars ${cert_params} --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --o:cache_files.path=/opt/cool/cache --o:logging.color=false --o:stop_on_config_change=true ${extra_params} "$@"
diff --git a/docker/from-source-gh-action/start-collabora-online.sh b/docker/from-source-gh-action/start-collabora-online.sh
@@ -21,10 +21,11 @@ else
 openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=${cert_domain}"
 fi
 openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131
-mv -f certs/servers/localhost/privkey.pem /etc/coolwsd/key.pem
-mv -f certs/servers/localhost/cert.pem /etc/coolwsd/cert.pem
-mv -f certs/ca/root.crt.pem /etc/coolwsd/ca-chain.cert.pem
+cert_params="\
+ --o:ssl.cert_file_path=/tmp/ssl/certs/servers/localhost/cert.pem \
+ --o:ssl.key_file_path=/tmp/ssl/certs/servers/localhost/privkey.pem \
+ --o:ssl.ca_file_path=/tmp/ssl/certs/ca/root.crt.pem"
 fi
 
 # Start coolwsd
-exec /usr/bin/coolwsd --version --use-env-vars --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --o:cache_files.path=/opt/cool/cache --o:logging.color=false --o:stop_on_config_change=true ${extra_params} "$@"
+exec /usr/bin/coolwsd --version --use-env-vars ${cert_params} --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --o:cache_files.path=/opt/cool/cache --o:logging.color=false --o:stop_on_config_change=true ${extra_params} "$@"
