Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
K
kedifa
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jérome Perrin
kedifa
Commits
7f6bdd71
Commit
7f6bdd71
authored
Oct 19, 2022
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Plain Diff
contrib/shell: Add pair of utility script.
See merge request
nexedi/kedifa!13
parents
0448cb43
14f281d4
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
157 additions
and
0 deletions
+157
-0
contrib/shell/kedifa_generateauth
contrib/shell/kedifa_generateauth
+92
-0
contrib/shell/kedifa_update_cert
contrib/shell/kedifa_update_cert
+65
-0
No files found.
contrib/shell/kedifa_generateauth
0 → 100755
View file @
7f6bdd71
#!/bin/bash
# This file is part of kedifa
# Copyright (C) 2022 Nexedi SA
# Vincent Pelletier <vincent@nexedi.com>
#
# This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your
# option) any later version, as published by the Free Software Foundation.
#
# You can also Link and Combine this program with other software covered by
# the terms of any of the Free Software licenses or any of the Open Source
# Initiative approved licenses and Convey the resulting work. Corresponding
# source of such a combination shall include the source code for all other
# software used.
#
# This program is distributed WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See COPYING file for full licensing terms.
# See https://www.nexedi.com/licensing for rationale and options.
# shellcheck enable=avoid-nullary-conditions
# shellcheck enable=check-unassigned-uppercase,deprecate-which
set
-eu
if
[
$#
-ne
5
]
;
then
echo
"Usage:
$0
https://<kedifa-netloc>/<kedifa-domain-id>{,/generateauth,?auth=} <ca> <crl> <domain> <config-directory>"
echo
" ca, crl: Path of the service CA certificate used to sign kedifa's https certificate, and of coresponding CRL"
echo
" Note: these files must be maintained up-to-date, for example using cacuase-updater."
echo
" config-directory: existing directory where a configuration file usable by kedifa_update_cert will be created"
exit
1
fi
kedifa_url_base
=
"
$(
printf
'%s\n'
"
$1
"
|
sed
's:\(/generateauth\|\?auth=\)$::'
)
"
cafile
=
"
$2
"
crlfile
=
"
$3
"
domain
=
"
$4
"
config_base
=
"
$5
"
if
printf
'%s\n'
"
$kedifa_url_base
"
|
grep
-q
'^https://[^/]\+/[^/]\+$'
;
then
:
else
echo
"Invalid url, check usage"
exit
1
fi
if
[
!
-d
"
$config_base
"
]
;
then
echo
"Configuration directory does not exist"
exit
1
fi
outfile
=
"
${
config_base
}
/
${
domain
}
.sh"
if
[
-e
"
$outfile
"
]
;
then
echo
"Destination already exists, not updating"
exit
1
fi
if
touch
"
$outfile
"
;
then
:
else
echo
"Error creating
$outfile
"
exit
1
fi
trap
'rm "${outfile}"'
EXIT
chmod
go
=
"
$outfile
"
echo
-n
"Retrieving kedifa identifier for shared instance..."
kedifa_auth
=
"
$(
curl
--silent
--cacert
"
${
cafile
}
"
--crlfile
"
${
crlfile
}
"
"
${
kedifa_url_base
}
/generateauth"
)
"
trap
- EXIT
printf
'CA=%q\nCRL=%q\nURL=%q\n'
"
$cafile
"
"
$crlfile
"
"
${
kedifa_url_base
}
?auth=
${
kedifa_auth
}
"
>
"
$outfile
"
echo
" done."
if
curl
--output
/dev/null
--silent
"https://
$domain
"
;
then
:
elif
[
35
-eq
$?
]
;
then
echo
-n
"Bootstrapping
$domain
certificate..."
tmpdir
=
"
$(
mktemp
--directory
--tmpdir
"
$(
basename
"
$0
"
)
.XXXXXXXXXX"
)
"
# Note: this trap is responsible for the final deletion
trap
'rm -r "${tmpdir}"'
EXIT
openssl req
\
-outform
PEM
\
-out
"
${
tmpdir
}
/bootstrap.crt"
\
-new
\
-newkey
rsa:2048
\
-keyout
"
${
tmpdir
}
/bootstrap.key"
\
-nodes
\
-subj
"/CN=
${
domain
}
"
\
-x509
\
-batch
\
>
/dev/null 2>&1
kedifa_update_cert
\
"
$outfile
"
\
"
${
tmpdir
}
/bootstrap.key"
\
"
${
tmpdir
}
/bootstrap.crt"
echo
" done."
else
echo
"Unexpected curl status:
$?
"
exit
1
fi
contrib/shell/kedifa_update_cert
0 → 100755
View file @
7f6bdd71
#!/bin/bash
# This file is part of kedifa
# Copyright (C) 2022 Nexedi SA
# Vincent Pelletier <vincent@nexedi.com>
#
# This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your
# option) any later version, as published by the Free Software Foundation.
#
# You can also Link and Combine this program with other software covered by
# the terms of any of the Free Software licenses or any of the Open Source
# Initiative approved licenses and Convey the resulting work. Corresponding
# source of such a combination shall include the source code for all other
# software used.
#
# This program is distributed WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See COPYING file for full licensing terms.
# See https://www.nexedi.com/licensing for rationale and options.
# shellcheck enable=avoid-nullary-conditions
# shellcheck enable=check-unassigned-uppercase,deprecate-which
set
-eu
if
[
$#
-ne
3
]
;
then
echo
"Usage:
$0
<config.sh> <key> <cert>"
echo
" config.sh: as generated by kedifa_generateauth"
echo
" key, cert: The private key and certificate to send to kedifa."
exit
1
fi
config
=
"
$1
"
key
=
"
$2
"
crt
=
"
$3
"
if
grep
-q
'^-----BEGIN .*\<KEY-----'
"
$key
"
;
then
:
else
printf
'"%q" is not a PEM-encoded private key\n'
"
$key
"
exit
1
fi
if
grep
-q
'^-----BEGIN CERTIFICATE-----$'
"
$crt
"
;
then
:
else
printf
'"%q" is not a PEM-encoded certificate\n'
"
$crt
"
fi
CA
=
CRL
=
URL
=
# shellcheck disable=SC1090
.
"
$config
"
if
test
-z
"
$CA
"
||
test
-z
"
$CRL
"
||
test
-z
"
$URL
"
;
then
printf
'"%q": Malformed file\n'
"
$config
"
fi
keycert
=
"
$(
mktemp
--tmpdir
kedifa_update_XXXXXXXX
)
"
trap
'rm "${keycert}"'
EXIT
cat
"
$key
"
"
$crt
"
>
"
$keycert
"
if
output
=
"
$(
curl
--silent
--cacert
"
$CA
"
--crlfile
"
$CRL
"
--upload-file
"
$keycert
"
"
$URL
"
)
"
;
then
status
=
"
$?
"
printf
'"%q": Failed uploading to kedifa\n'
"
$config
"
exit
"
$status
"
fi
if
[
-n
"
$output
"
]
;
then
printf
'"%q": kedifa rejected the update: %s\n'
"
$config
"
"
$output
"
exit
1
fi
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment