From 94fb571669bf471bf1c7e857e686fdb0db3e7fac Mon Sep 17 00:00:00 2001 From: Tomáš Levora Date: Thu, 20 Dec 2018 09:02:23 +0100 Subject: Add certificate extraction and generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adding extraction and generation of certificates for nginx to handle SSL connection to nexus repository in bash installer Issue-ID: OOM-1551 Change-Id: Icf24bea5204c62f398a025178ff6d8a51d6bbb78 Signed-off-by: Tomáš Levora --- bash/tools/certificates/2create_cert_for_nginx.sh | 47 +++++++++++++++++++ bash/tools/certificates/self_extract_cacert.sh | 55 +++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100755 bash/tools/certificates/2create_cert_for_nginx.sh create mode 100755 bash/tools/certificates/self_extract_cacert.sh diff --git a/bash/tools/certificates/2create_cert_for_nginx.sh b/bash/tools/certificates/2create_cert_for_nginx.sh new file mode 100755 index 00000000..a9adb520 --- /dev/null +++ b/bash/tools/certificates/2create_cert_for_nginx.sh @@ -0,0 +1,47 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# boilerplate +RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +message info "Reading configuration" +get_configuration + +update_hosts + +message info "Restarting dnsmasq" +systemctl enable dnsmasq +systemctl restart dnsmasq + +message info "Configure ssl certificates" +create_cert "nexus" + +message info "** Certificates finished **" + +docker restart nginx diff --git a/bash/tools/certificates/self_extract_cacert.sh b/bash/tools/certificates/self_extract_cacert.sh new file mode 100755 index 00000000..1e7a5abc --- /dev/null +++ b/bash/tools/certificates/self_extract_cacert.sh @@ -0,0 +1,55 @@ +#! /bin/sh + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + + +extract_ca() { + cpath=$1 + sed '0,/^#EOF#$/d' $0 > $cpath; + echo "Certificate installed into: $cpath" +} + +OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release) +OS_ID="${OS_ID%\"}" +OS_ID="${OS_ID#\"}" + +if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then + # for centos/ rhel + echo "Detected rhel like distribution" + + update-ca-trust force-enable + extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt + update-ca-trust extract + +elif [ "$OS_ID" = "ubuntu" ]; then + echo "Detected ubuntu distribution" + + mkdir -p /usr/local/share/ca-certificates/extra + extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt + update-ca-certificates +else + echo "OS $OS_ID is not supported" + exit -2 +fi + +echo "** Please restart docker (because of reload new CA) **" + +exit 0 +#EOF# -- cgit 1.2.3-korg