diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-07-11 20:50:54 -0400 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-07-11 20:51:04 -0400 |
| commit | 23447b9622b3e39fce4737aa913f830710618adf (patch) | |
| tree | 2625c5a4aa31e2b5d0d8a8df63cfc8a93431bb7a | |
| parent | 85007db580ccf662a45cf2aaeb83518ad2ddb85a (diff) | |
| download | infrastructure-23447b9622b3e39fce4737aa913f830710618adf.tar.gz | |
cleanup scripts and add more logging
| -rw-r--r-- | lib/30-files | 6 | ||||
| -rwxr-xr-x | pki | 62 |
2 files changed, 37 insertions, 31 deletions
diff --git a/lib/30-files b/lib/30-files index c7b2000..fb4bbee 100644 --- a/lib/30-files +++ b/lib/30-files @@ -52,6 +52,7 @@ install_file(){ while [ $# -gt 0 ]; do _bcif_src=$(_boxconf_try_files "$1") install -m "$_bcif_mode" $_bcif_install_args "$_bcif_src" "$1" + log "installed file ${1}" shift done } @@ -73,6 +74,7 @@ install_directory(){ while [ $# -gt 0 ]; do install -m "$_bcid_mode" $_bcid_install_args "$1" + log "installed directory ${1}" shift done } @@ -103,6 +105,7 @@ __BOXCONF_EOF__ " [ -s "${_bcit_src}.render" ] || bug "failed to render template: ${_bcit_src}" install -m "$_bcit_mode" $_bcit_install_args "${_bcit_src}.render" "$1" + log "installed template ${1}" shift done } @@ -128,6 +131,7 @@ install_certificate(){ || bug "no certificate exists for ${BOXCONF_HOSTNAME}/${1}" install -m "$_bcic_mode" $_bcic_install_args "${BOXCONF_CA_DIR}/${BOXCONF_HOSTNAME}/${1}.fullchain.crt" "$2" + log "installed certificate ${2}" } install_certificate_key(){ @@ -151,6 +155,7 @@ install_certificate_key(){ || bug "no key exists for ${BOXCONF_HOSTNAME}/${1}" install -m "$_bcick_mode" $_bcick_install_args "${BOXCONF_CA_DIR}/${BOXCONF_HOSTNAME}/${1}.key" "$2" + log "installed certificate key ${2}" } install_ca_certificate(){ @@ -172,4 +177,5 @@ install_ca_certificate(){ [ -f "${BOXCONF_CA_DIR}/ca.crt" ] || bug 'CA certificate not found' install -m "$_bcicc_mode" $_bcicc_install_args "${BOXCONF_CA_DIR}/ca.crt" "$1" + log "installed root CA to ${1}" } @@ -65,8 +65,8 @@ _pki_postsign(){ cat "${BOXCONF_CA_DIR}/${1}.crt" "${BOXCONF_CA_DIR}/ca.crt" > "${BOXCONF_CA_DIR}/${1}.fullchain.crt" # Delete useless files. - rm -f \ - "${BOXCONF_CA_DIR}/index.txt.old" \ + rm -f \ + "${BOXCONF_CA_DIR}/index.txt.old" \ "${BOXCONF_CA_DIR}/index.txt.attr.old" \ "${BOXCONF_CA_DIR}/serial.old" } @@ -77,29 +77,29 @@ _pki_sign(){ # $2 = validity time (days) # Generate encrypted private key for the server certificate. - PASS="$BOXCONF_VAULT_PASSWORD" openssl genpkey \ - -algorithm ec \ + PASS="$BOXCONF_VAULT_PASSWORD" openssl genpkey \ + -algorithm ec \ -pkeyopt "ec_paramgen_curve:${EC_CURVE}" \ - "-${CIPHER}" \ - -pass env:PASS \ + "-${CIPHER}" \ + -pass env:PASS \ -out "${BOXCONF_CA_DIR}/${1}.key" # Generate the CSR. PASS="$BOXCONF_VAULT_PASSWORD" openssl req -new \ - -key "${BOXCONF_CA_DIR}/${1}.key" \ - "-${DIGEST}" \ - -passin env:PASS \ - -config "${BOXCONF_CA_DIR}/${1}.cnf" \ + -key "${BOXCONF_CA_DIR}/${1}.key" \ + "-${DIGEST}" \ + -passin env:PASS \ + -config "${BOXCONF_CA_DIR}/${1}.cnf" \ -out "${BOXCONF_CA_DIR}/${1}.csr" # Sign the certificate. PASS="$BOXCONF_CA_PASSWORD" openssl ca -batch \ - -config "${BOXCONF_CA_DIR}/ca.cnf" \ - -passin env:PASS \ - ${2:+-days $2} \ - -notext \ - -out /dev/null \ - -outdir "${BOXCONF_CA_DIR}/certs" \ + -config "${BOXCONF_CA_DIR}/ca.cnf" \ + -passin env:PASS \ + ${2:+-days $2} \ + -notext \ + -out /dev/null \ + -outdir "${BOXCONF_CA_DIR}/certs" \ -infiles "${BOXCONF_CA_DIR}/${1}.csr" _pki_postsign "$1" @@ -113,12 +113,12 @@ _pki_renew(){ # Sign the certificate. PASS="$BOXCONF_CA_PASSWORD" openssl ca -batch \ - -config "${BOXCONF_CA_DIR}/ca.cnf" \ - -passin env:PASS \ - ${2:+-days $2} \ - -notext \ - -out /dev/null \ - -outdir "${BOXCONF_CA_DIR}/certs" \ + -config "${BOXCONF_CA_DIR}/ca.cnf" \ + -passin env:PASS \ + ${2:+-days $2} \ + -notext \ + -out /dev/null \ + -outdir "${BOXCONF_CA_DIR}/certs" \ -infiles "${BOXCONF_CA_DIR}/${1}.csr" _pki_postsign "$1" @@ -146,11 +146,11 @@ pki_init(){ mkdir -p "${BOXCONF_CA_DIR}/certs" # Generate encrypted private key for CA. - PASS="$BOXCONF_CA_PASSWORD" openssl genpkey \ - -algorithm ec \ + PASS="$BOXCONF_CA_PASSWORD" openssl genpkey \ + -algorithm ec \ -pkeyopt "ec_paramgen_curve:${EC_CURVE}" \ - "-${CIPHER}" \ - -pass env:PASS \ + "-${CIPHER}" \ + -pass env:PASS \ -out "${BOXCONF_CA_DIR}/ca.key" # Create a config file for the CA certificate. @@ -204,11 +204,11 @@ EOF # Self-sign the CA certificate. PASS="$BOXCONF_CA_PASSWORD" openssl req -new -x509 \ - -days "$CA_VALID_DAYS" \ - "-${DIGEST}" \ - -passin env:PASS \ - -config "${BOXCONF_CA_DIR}/ca.cnf" \ - -key "${BOXCONF_CA_DIR}/ca.key" \ + -days "$CA_VALID_DAYS" \ + "-${DIGEST}" \ + -passin env:PASS \ + -config "${BOXCONF_CA_DIR}/ca.cnf" \ + -key "${BOXCONF_CA_DIR}/ca.key" \ -out "${BOXCONF_CA_DIR}/ca.crt" # Create empty index db. |