diff options
author | Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com> | 2018-08-17 16:19:18 -0700 |
---|---|---|
committer | Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com> | 2018-08-17 16:29:05 -0700 |
commit | 572150672972e58d3e2b2f21e5dfd3004bce6b68 (patch) | |
tree | c16bca53ef9542cc043bb0fcaee326b6b4481c0d | |
parent | 4455ce1788d419483b6561de5c83508b146aaa51 (diff) |
Copy out encrypted private key selectively
Only in the case where no tpm hosts are present, then encrypt
and copy out the private key
Change-Id: I34fbcf65e61c4e6803f594ffe1c527c9afd8f184
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
-rwxr-xr-x | bin/distcenter/entrypoint.sh | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh index 25cefd6..6aac3ca 100755 --- a/bin/distcenter/entrypoint.sh +++ b/bin/distcenter/entrypoint.sh @@ -2,22 +2,27 @@ set -e cd /distcenter /distcenter/bin/create_ca.sh -cd /distcenter/ca -cat /distcenter/passphrase/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \ - --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \ - --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \ - --passphrase-fd 0 privkey.pem -cp /distcenter/ca/privkey.pem.gpg /distcenter/data -cp /distcenter/ca/ca.cert /distcenter/data cd /distcenter/data -DLIST=`ls -d host_*` -#Iterate over all hosts (host in k8s corresponds node) -for DIR in $DLIST; do - echo $DIR - cp /distcenter/ca/ca.cert /distcenter/data/$DIR - cd /distcenter/data/$DIR - /dup/bin/ossl_tpm_duplicate -pemfile /distcenter/ca/privkey.pem -parentPub \ - /distcenter/data/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \ - dupSymseed -dupEncKey dupEncKey -done +DCOUNT=$(ls -d host_* 2> /dev/null | wc -l) +if [ "$DCOUNT" != "0" ] +then + DLIST=`ls -d host_*` + #Iterate over all hosts (host in k8s corresponds node) + for DIR in $DLIST; do + echo $DIR + cp /distcenter/ca/ca.cert /distcenter/data/$DIR + cd /distcenter/data/$DIR + /dup/bin/ossl_tpm_duplicate -pemfile /distcenter/ca/privkey.pem -parentPub \ + /distcenter/data/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \ + dupSymseed -dupEncKey dupEncKey + done +else + cd /distcenter/ca + cat /distcenter/passphrase/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \ + --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \ + --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \ + --passphrase-fd 0 privkey.pem + cp /distcenter/ca/privkey.pem.gpg /distcenter/data + cp /distcenter/ca/ca.cert /distcenter/data +fi |