diff options
author | Tomáš Levora <t.levora@partner.samsung.com> | 2018-12-20 09:02:23 +0100 |
---|---|---|
committer | Tomáš Levora <t.levora@partner.samsung.com> | 2018-12-20 09:02:23 +0100 |
commit | 94fb571669bf471bf1c7e857e686fdb0db3e7fac (patch) | |
tree | 2cb7b58b6058ed00ddf3c733f69802c73c20898f | |
parent | 918c5707e29424bfdcf7e37cef3182cd3a8c8448 (diff) |
Add certificate extraction and generation
Adding extraction and generation of certificates for nginx to handle SSL
connection to nexus repository in bash installer
Issue-ID: OOM-1551
Change-Id: Icf24bea5204c62f398a025178ff6d8a51d6bbb78
Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com>
-rwxr-xr-x | bash/tools/certificates/2create_cert_for_nginx.sh | 47 | ||||
-rwxr-xr-x | bash/tools/certificates/self_extract_cacert.sh | 55 |
2 files changed, 102 insertions, 0 deletions
diff --git a/bash/tools/certificates/2create_cert_for_nginx.sh b/bash/tools/certificates/2create_cert_for_nginx.sh new file mode 100755 index 00000000..a9adb520 --- /dev/null +++ b/bash/tools/certificates/2create_cert_for_nginx.sh @@ -0,0 +1,47 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# boilerplate +RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +message info "Reading configuration" +get_configuration + +update_hosts + +message info "Restarting dnsmasq" +systemctl enable dnsmasq +systemctl restart dnsmasq + +message info "Configure ssl certificates" +create_cert "nexus" + +message info "** Certificates finished **" + +docker restart nginx diff --git a/bash/tools/certificates/self_extract_cacert.sh b/bash/tools/certificates/self_extract_cacert.sh new file mode 100755 index 00000000..1e7a5abc --- /dev/null +++ b/bash/tools/certificates/self_extract_cacert.sh @@ -0,0 +1,55 @@ +#! /bin/sh + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + + +extract_ca() { + cpath=$1 + sed '0,/^#EOF#$/d' $0 > $cpath; + echo "Certificate installed into: $cpath" +} + +OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release) +OS_ID="${OS_ID%\"}" +OS_ID="${OS_ID#\"}" + +if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then + # for centos/ rhel + echo "Detected rhel like distribution" + + update-ca-trust force-enable + extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt + update-ca-trust extract + +elif [ "$OS_ID" = "ubuntu" ]; then + echo "Detected ubuntu distribution" + + mkdir -p /usr/local/share/ca-certificates/extra + extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt + update-ca-certificates +else + echo "OS $OS_ID is not supported" + exit -2 +fi + +echo "** Please restart docker (because of reload new CA) **" + +exit 0 +#EOF# |