diff --git a/contrib/package/arch/PKGBUILD b/contrib/package/arch/PKGBUILD index 51dc6bef..7535c9ec 100644 --- a/contrib/package/arch/PKGBUILD +++ b/contrib/package/arch/PKGBUILD @@ -9,6 +9,7 @@ license=('MIT') depends=("python" "lsof" "python-jinja") makedepends=("python-wheel" "python-setuptools" "python-build" "python-installer" "make" "pigz") optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tags" + "cfssl: generate TLS certificates on startup (pointless when reverse-proxied)" "python-mutagen: music tags (alternative)" "python-pillow: thumbnails for images" "python-pyvips: thumbnails for images (higher quality, faster, uses more ram)" diff --git a/contrib/package/nix/copyparty/default.nix b/contrib/package/nix/copyparty/default.nix index 359b9d56..9380a1e5 100644 --- a/contrib/package/nix/copyparty/default.nix +++ b/contrib/package/nix/copyparty/default.nix @@ -3,6 +3,9 @@ # use argon2id-hashed passwords in config files (sha2 is always available) withHashedPasswords ? true, +# generate TLS certificates on startup (pointless when reverse-proxied) +withCertgen ? false, + # create thumbnails with Pillow; faster than FFmpeg / MediaProcessing withThumbnails ? true, @@ -34,6 +37,7 @@ let ] ++ lib.optional withSMB impacket ++ lib.optional withFTPS pyopenssl + ++ lib.optional withCertgen cfssl ++ lib.optional withThumbnails pillow ++ lib.optional withFastThumbnails pyvips ++ lib.optional withMediaProcessing ffmpeg diff --git a/copyparty/cert.py b/copyparty/cert.py index 7ba0ca8e..6b40dea4 100644 --- a/copyparty/cert.py +++ b/copyparty/cert.py @@ -132,7 +132,10 @@ def _gen_srv(log: "RootLogger", args, netdevs: dict[str, Netdev]): try: expiry, inf = _read_crt(args, "srv.pem") - expired = time.time() + args.crt_sdays * 60 * 60 * 24 * 0.1 > expiry + if "sans" not in inf: + raise Exception("no useable cert found") + + expired = time.time() + args.crt_sdays * 60 * 60 * 24 * 0.5 > expiry cert_insec = os.path.join(args.E.mod, "res/insecure.pem") for n in names: if n not in inf["sans"]: