Alternatively we could just not change anything and add a smiling from the old path to the new one. > On 14 Dec 2022, at 18:02, Michael Tremer wrote: > > Hello Peter, > >> On 13 Dec 2022, at 15:47, Peter Müller wrote: >> >> This ensures restoring a backup won't silently bring back an insecure >> Diffie-Hellman parameter (which could also not be inspected through the >> web interface anymore). >> >> Reported-by: Michael Tremer >> Signed-off-by: Peter Müller >> --- >> config/backup/backup.pl | 9 +++++++++ >> 1 file changed, 9 insertions(+) >> >> diff --git a/config/backup/backup.pl b/config/backup/backup.pl >> index 6fd9e45bb..520d9315d 100644 >> --- a/config/backup/backup.pl >> +++ b/config/backup/backup.pl >> @@ -187,6 +187,15 @@ restore_backup() { >> # Update OpenVPN CRL >> /etc/fcron.daily/openvpn-crl-updater >> >> + # Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096 >> + if [ -f /var/ipfire/ovpn/server.conf ]; then >> + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf >> + fi >> + >> + if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then >> + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf >> + fi > > The second command will never be executed because "/var/ipfire/ovpn/n2nconf/*/*.conf” will never exist. > > Because the string is quoted, the shell won’t conduct any path expansion. > > What could work is running the sed command on all files simultaneously and if there is nothing to change, it won’t do anything. Passing server.conf and n2nconfig/*/*.conf will never fail if there is no N2N configuration. server.conf should always exist. > > Best, > -Michael > >> + >> return 0 >> } >> >> -- >> 2.35.3