Skip to content

Commit

Permalink
Clean up container startup scripts
Browse files Browse the repository at this point in the history 
The container startup scripts have been updated to use the
shorter paths for NSS database directory and password file.
  • Loading branch information
@edewata
edewata committed Jun 6, 2024
1 parent e06c2d9 commit 27580cd
Show file tree
Hide file tree
Showing 5 changed files with 123 additions and 103 deletions.
18 changes: 9 additions & 9 deletions base/acme/bin/pki-acme-run
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ umask 000

echo "################################################################################"

if [ -z "$(ls -A /conf 2>/dev/null)" ]
if [ -z "$(ls -A /conf 2> /dev/null)" ]
then
echo "INFO: Installing default config files"
cp -r /var/lib/pki/pki-tomcat/conf.default/* /conf
Expand All @@ -38,15 +38,15 @@ then
echo "INFO: Importing metadata configuration"

# empty current metadata configuration
> /var/lib/pki/pki-tomcat/conf/acme/metadata.conf
> /conf/acme/metadata.conf

# import metadata configuration parameters
for filename in /metadata/*
do
[ -e "$filename" ] || break
name=$(basename $filename)
value=$(cat $filename)
echo "$name=$value" >> /var/lib/pki/pki-tomcat/conf/acme/metadata.conf
echo "$name=$value" >> /conf/acme/metadata.conf
done
else
echo "INFO: Using default metadata configuration"
Expand All @@ -60,15 +60,15 @@ then
echo "INFO: Importing database configuration"

# empty current database configuration
> /var/lib/pki/pki-tomcat/conf/acme/database.conf
> /conf/acme/database.conf

# import database configuration parameters
for filename in /database/*
do
[ -e "$filename" ] || break
name=$(basename $filename)
value=$(cat $filename)
echo "$name=$value" >> /var/lib/pki/pki-tomcat/conf/acme/database.conf
echo "$name=$value" >> /conf/acme/database.conf
done
else
echo "INFO: Using default database configuration"
Expand All @@ -82,15 +82,15 @@ then
echo "INFO: Importing issuer configuration"

# empty current issuer configuration
> /var/lib/pki/pki-tomcat/conf/acme/issuer.conf
> /conf/acme/issuer.conf

# import issuer configuration parameters
for filename in /issuer/*
do
[ -e "$filename" ] || break
name=$(basename $filename)
value=$(cat $filename)
echo "$name=$value" >> /var/lib/pki/pki-tomcat/conf/acme/issuer.conf
echo "$name=$value" >> /conf/acme/issuer.conf
done
else
echo "INFO: Using default issuer configuration"
Expand All @@ -104,15 +104,15 @@ then
echo "INFO: Importing realm configuration"

# empty current realm configuration
> /var/lib/pki/pki-tomcat/conf/acme/realm.conf
> /conf/acme/realm.conf

# import realm configuration parameters
for filename in /realm/*
do
[ -e "$filename" ] || break
name=$(basename $filename)
value=$(cat $filename)
echo "$name=$value" >> /var/lib/pki/pki-tomcat/conf/acme/realm.conf
echo "$name=$value" >> /conf/acme/realm.conf
done
else
echo "INFO: Using default realm configuration"
Expand Down
114 changes: 57 additions & 57 deletions base/ca/bin/pki-ca-run
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ umask 000

echo "################################################################################"

if [ -z "$(ls -A /conf 2>/dev/null)" ]
if [ -z "$(ls -A /conf 2> /dev/null)" ]
then
echo "INFO: Installing default config files"
cp -r /var/lib/pki/pki-tomcat/conf.default/* /conf
Expand All @@ -42,8 +42,8 @@ then
echo "INFO: Importing server certs and keys"

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
pkcs12-import \
--pkcs12 /certs/server.p12 \
--password Secret.123
Expand All @@ -54,8 +54,8 @@ echo "##########################################################################
# check whether CA signing cert exists
rc=0
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-export \
--output-file /certs/ca_signing.crt \
"$PKI_CA_SIGNING_NICKNAME" \
Expand All @@ -66,16 +66,16 @@ then
echo "INFO: Creating CA signing cert"

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-request \
--subject "CN=CA Signing Certificate" \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--csr /certs/ca_signing.csr

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-issue \
--csr /certs/ca_signing.csr \
--ext /usr/share/pki/server/certs/ca_signing.conf \
Expand All @@ -84,8 +84,8 @@ then
--cert /certs/ca_signing.crt

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-import \
--cert /certs/ca_signing.crt \
--trust CT,C,C \
Expand All @@ -94,8 +94,8 @@ fi

echo "INFO: CA signing cert:"
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-show \
"$PKI_CA_SIGNING_NICKNAME"

Expand All @@ -104,8 +104,8 @@ then
echo "INFO: Exporting CA signing cert"

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-export \
--output-file /certs/ca_signing.crt \
"$PKI_CA_SIGNING_NICKNAME"
Expand All @@ -116,8 +116,8 @@ echo "##########################################################################
# check whether OCSP signing cert exists
rc=0
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-export \
--output-file /certs/ocsp_signing.crt \
"$PKI_OCSP_SIGNING_NICKNAME" \
Expand All @@ -128,34 +128,34 @@ then
echo "INFO: Creating OCSP signing cert"

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-request \
--subject "CN=OCSP Signing Certificate" \
--ext /usr/share/pki/server/certs/ocsp_signing.conf \
--csr /certs/ocsp_signing.csr

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-issue \
--issuer "$PKI_CA_SIGNING_NICKNAME" \
--csr /certs/ocsp_signing.csr \
--ext /usr/share/pki/server/certs/ocsp_signing.conf \
--cert /certs/ocsp_signing.crt

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-import \
--cert /certs/ocsp_signing.crt \
"$PKI_OCSP_SIGNING_NICKNAME"
fi

echo "INFO: OCSP signing cert:"
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-show \
"$PKI_OCSP_SIGNING_NICKNAME"

Expand All @@ -164,8 +164,8 @@ echo "##########################################################################
# check whether audit signing cert exists
rc=0
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-export \
--output-file /certs/audit_signing.crt \
"$PKI_AUDIT_SIGNING_NICKNAME" \
Expand All @@ -176,25 +176,25 @@ then
echo "INFO: Creating audit signing cert"

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-request \
--subject "CN=Audit Signing Certificate" \
--ext /usr/share/pki/server/certs/audit_signing.conf \
--csr /certs/audit_signing.csr

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-issue \
--issuer "$PKI_CA_SIGNING_NICKNAME" \
--csr /certs/audit_signing.csr \
--ext /usr/share/pki/server/certs/audit_signing.conf \
--cert /certs/audit_signing.crt

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-import \
--cert /certs/audit_signing.crt \
--trust ,,P \
Expand All @@ -203,8 +203,8 @@ fi

echo "INFO: Audit signing cert:"
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-show \
"$PKI_AUDIT_SIGNING_NICKNAME"

Expand All @@ -213,8 +213,8 @@ echo "##########################################################################
# check whether subsystem cert exists
rc=0
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-export \
--output-file /certs/subsystem.crt \
"$PKI_SUBSYSTEM_NICKNAME" \
Expand All @@ -225,33 +225,33 @@ then
echo "INFO: Creating subsystem cert"

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-request \
--subject "CN=Subsystem Certificate" \
--csr /certs/subsystem.csr

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-issue \
--issuer "$PKI_CA_SIGNING_NICKNAME" \
--csr /certs/subsystem.csr \
--ext /usr/share/pki/server/certs/subsystem.conf \
--cert /certs/subsystem.crt

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-import \
--cert /certs/subsystem.crt \
"$PKI_SUBSYSTEM_NICKNAME"
fi

echo "INFO: Subsystem cert:"
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-show \
"$PKI_SUBSYSTEM_NICKNAME"

Expand All @@ -260,8 +260,8 @@ echo "##########################################################################
# check whether SSL server cert exists
rc=0
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-export \
--output-file /certs/sslserver.crt \
"$PKI_SSLSERVER_NICKNAME" \
Expand All @@ -272,34 +272,34 @@ then
echo "INFO: Creating SSL server cert"

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-request \
--subject "CN=$HOSTNAME" \
--ext /usr/share/pki/server/certs/sslserver.conf \
--csr /certs/sslserver.csr

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-issue \
--issuer "$PKI_CA_SIGNING_NICKNAME" \
--csr /certs/sslserver.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert /certs/sslserver.crt

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-import \
--cert /certs/sslserver.crt \
"$PKI_SSLSERVER_NICKNAME"
fi

echo "INFO: SSL server cert:"
pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-show \
"$PKI_SSLSERVER_NICKNAME"

Expand Down Expand Up @@ -348,8 +348,8 @@ then
--csr /certs/admin.csr

pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-issue \
--issuer "$PKI_CA_SIGNING_NICKNAME" \
--csr /certs/admin.csr \
Expand Down
Loading

0 comments on commit 27580cd

Please sign in to comment.