Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
K
kedifa
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Łukasz Nowak
kedifa
Commits
7f6bdd71
Commit
7f6bdd71
authored
2 years ago
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Plain Diff
contrib/shell: Add pair of utility script.
See merge request
nexedi/kedifa!13
parents
0448cb43
14f281d4
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
157 additions
and
0 deletions
+157
-0
contrib/shell/kedifa_generateauth
contrib/shell/kedifa_generateauth
+92
-0
contrib/shell/kedifa_update_cert
contrib/shell/kedifa_update_cert
+65
-0
No files found.
contrib/shell/kedifa_generateauth
0 → 100755
View file @
7f6bdd71
#!/bin/bash
# This file is part of kedifa
# Copyright (C) 2022 Nexedi SA
# Vincent Pelletier <vincent@nexedi.com>
#
# This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your
# option) any later version, as published by the Free Software Foundation.
#
# You can also Link and Combine this program with other software covered by
# the terms of any of the Free Software licenses or any of the Open Source
# Initiative approved licenses and Convey the resulting work. Corresponding
# source of such a combination shall include the source code for all other
# software used.
#
# This program is distributed WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See COPYING file for full licensing terms.
# See https://www.nexedi.com/licensing for rationale and options.
# shellcheck enable=avoid-nullary-conditions
# shellcheck enable=check-unassigned-uppercase,deprecate-which
set
-eu
if
[
$#
-ne
5
]
;
then
echo
"Usage:
$0
https://<kedifa-netloc>/<kedifa-domain-id>{,/generateauth,?auth=} <ca> <crl> <domain> <config-directory>"
echo
" ca, crl: Path of the service CA certificate used to sign kedifa's https certificate, and of coresponding CRL"
echo
" Note: these files must be maintained up-to-date, for example using cacuase-updater."
echo
" config-directory: existing directory where a configuration file usable by kedifa_update_cert will be created"
exit
1
fi
kedifa_url_base
=
"
$(
printf
'%s\n'
"
$1
"
|
sed
's:\(/generateauth\|\?auth=\)$::'
)
"
cafile
=
"
$2
"
crlfile
=
"
$3
"
domain
=
"
$4
"
config_base
=
"
$5
"
if
printf
'%s\n'
"
$kedifa_url_base
"
|
grep
-q
'^https://[^/]\+/[^/]\+$'
;
then
:
else
echo
"Invalid url, check usage"
exit
1
fi
if
[
!
-d
"
$config_base
"
]
;
then
echo
"Configuration directory does not exist"
exit
1
fi
outfile
=
"
${
config_base
}
/
${
domain
}
.sh"
if
[
-e
"
$outfile
"
]
;
then
echo
"Destination already exists, not updating"
exit
1
fi
if
touch
"
$outfile
"
;
then
:
else
echo
"Error creating
$outfile
"
exit
1
fi
trap
'rm "${outfile}"'
EXIT
chmod
go
=
"
$outfile
"
echo
-n
"Retrieving kedifa identifier for shared instance..."
kedifa_auth
=
"
$(
curl
--silent
--cacert
"
${
cafile
}
"
--crlfile
"
${
crlfile
}
"
"
${
kedifa_url_base
}
/generateauth"
)
"
trap
- EXIT
printf
'CA=%q\nCRL=%q\nURL=%q\n'
"
$cafile
"
"
$crlfile
"
"
${
kedifa_url_base
}
?auth=
${
kedifa_auth
}
"
>
"
$outfile
"
echo
" done."
if
curl
--output
/dev/null
--silent
"https://
$domain
"
;
then
:
elif
[
35
-eq
$?
]
;
then
echo
-n
"Bootstrapping
$domain
certificate..."
tmpdir
=
"
$(
mktemp
--directory
--tmpdir
"
$(
basename
"
$0
"
)
.XXXXXXXXXX"
)
"
# Note: this trap is responsible for the final deletion
trap
'rm -r "${tmpdir}"'
EXIT
openssl req
\
-outform
PEM
\
-out
"
${
tmpdir
}
/bootstrap.crt"
\
-new
\
-newkey
rsa:2048
\
-keyout
"
${
tmpdir
}
/bootstrap.key"
\
-nodes
\
-subj
"/CN=
${
domain
}
"
\
-x509
\
-batch
\
>
/dev/null 2>&1
kedifa_update_cert
\
"
$outfile
"
\
"
${
tmpdir
}
/bootstrap.key"
\
"
${
tmpdir
}
/bootstrap.crt"
echo
" done."
else
echo
"Unexpected curl status:
$?
"
exit
1
fi
This diff is collapsed.
Click to expand it.
contrib/shell/kedifa_update_cert
0 → 100755
View file @
7f6bdd71
#!/bin/bash
# This file is part of kedifa
# Copyright (C) 2022 Nexedi SA
# Vincent Pelletier <vincent@nexedi.com>
#
# This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your
# option) any later version, as published by the Free Software Foundation.
#
# You can also Link and Combine this program with other software covered by
# the terms of any of the Free Software licenses or any of the Open Source
# Initiative approved licenses and Convey the resulting work. Corresponding
# source of such a combination shall include the source code for all other
# software used.
#
# This program is distributed WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See COPYING file for full licensing terms.
# See https://www.nexedi.com/licensing for rationale and options.
# shellcheck enable=avoid-nullary-conditions
# shellcheck enable=check-unassigned-uppercase,deprecate-which
set
-eu
if
[
$#
-ne
3
]
;
then
echo
"Usage:
$0
<config.sh> <key> <cert>"
echo
" config.sh: as generated by kedifa_generateauth"
echo
" key, cert: The private key and certificate to send to kedifa."
exit
1
fi
config
=
"
$1
"
key
=
"
$2
"
crt
=
"
$3
"
if
grep
-q
'^-----BEGIN .*\<KEY-----'
"
$key
"
;
then
:
else
printf
'"%q" is not a PEM-encoded private key\n'
"
$key
"
exit
1
fi
if
grep
-q
'^-----BEGIN CERTIFICATE-----$'
"
$crt
"
;
then
:
else
printf
'"%q" is not a PEM-encoded certificate\n'
"
$crt
"
fi
CA
=
CRL
=
URL
=
# shellcheck disable=SC1090
.
"
$config
"
if
test
-z
"
$CA
"
||
test
-z
"
$CRL
"
||
test
-z
"
$URL
"
;
then
printf
'"%q": Malformed file\n'
"
$config
"
fi
keycert
=
"
$(
mktemp
--tmpdir
kedifa_update_XXXXXXXX
)
"
trap
'rm "${keycert}"'
EXIT
cat
"
$key
"
"
$crt
"
>
"
$keycert
"
if
output
=
"
$(
curl
--silent
--cacert
"
$CA
"
--crlfile
"
$CRL
"
--upload-file
"
$keycert
"
"
$URL
"
)
"
;
then
status
=
"
$?
"
printf
'"%q": Failed uploading to kedifa\n'
"
$config
"
exit
"
$status
"
fi
if
[
-n
"
$output
"
]
;
then
printf
'"%q": kedifa rejected the update: %s\n'
"
$config
"
"
$output
"
exit
1
fi
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment