summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-10-28 11:28:17 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-10-28 12:58:19 +0000
commit3a3a3496b633bdc7603f147eaa388f6effea2f14 (patch)
treef6b6700311aaaef0dc5f842b5b112abb5257dfc1
parentUsing variable for service-tools in makefile. (diff)
downloadservice-tools-3a3a3496b633bdc7603f147eaa388f6effea2f14.tar.xz
service-tools-3a3a3496b633bdc7603f147eaa388f6effea2f14.zip
Providing individual root and intermediate certificate files in dehydrated extra hook.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
-rwxr-xr-xdehydrated/share/hooks/deploy_cert.extra21
1 files changed, 18 insertions, 3 deletions
diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra
index ec61676..efca7b0 100755
--- a/dehydrated/share/hooks/deploy_cert.extra
+++ b/dehydrated/share/hooks/deploy_cert.extra
@@ -21,17 +21,32 @@
set -e
-echo " + Creating extra certificate files..."
+echo " + Creating extra certificate files:"
DIRECTORY="$(dirname "${CERTFILE}")"
+echo -n " + root and intermediate CA:"
+
+TMPFILE="$(mktemp -p "${DIRECTORY}" -u ca.XXXXXXXXXX)"
+grep -Ev '^$' "${CHAINFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}'
+
+mv "${TMPFILE}00" "${DIRECTORY}/ca-intermediate-${TIMESTAMP}.pem"
+ln -s "${DIRECTORY}/ca-intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/ca-intermediate.pem"
+
+mv "${TMPFILE}01" "${DIRECTORY}/ca-root-${TIMESTAMP}.pem"
+ln -s "${DIRECTORY}/ca-root-${TIMESTAMP}.pem" "${DIRECTORY}/ca-root.pem"
+
+echo " done."
+
for EXTRA in fullchain-privkey privkey-fullchain
do
+ echo -n " + creating ${EXTRA1}-${EXTRA2}:"
+
EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')"
EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')"
cat "${EXTRA1}-${TIMESTAMP}.pem" "${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem"
ln -sf "${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/cert.${EXTRA1}-${EXTRA2}.pem"
-done
-echo " done."
+ echo " done."
+done