From 5eaccabb5c60e0a94b4ddf119e0433d7192adc5c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Tue, 28 Feb 2017 10:29:52 +0100 Subject: [PATCH] upd: changes according to current gigi changes Change-Id: Ic9fd80f4047ca179fecd5074f223b1cf916ef208 --- bootstrap-user | 12 ++++++++---- environments/production/manifests/gigi.pp | 5 +++-- modules/gigi/templates/gigi.properties.epp | 2 ++ 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/bootstrap-user b/bootstrap-user index d25faf1..6241432 100644 --- a/bootstrap-user +++ b/bootstrap-user @@ -31,6 +31,10 @@ function silent_read { #execute a registration in gigi. If "$1" == "nopass" a password is not asked for but chosen at random. function register { csrf=$(mcurl register -c $folder/cookie-jar | csrf) + if ! [[ -f $folder/cookie-jar ]]; then + echo "error, could not start gigi" + exit 1 + fi open-jar $folder/cookie-jar silent_read "First Name: " fname silent_read "Last Name: " lname @@ -115,7 +119,7 @@ fi echo "granting initial bootstrapping-rights" sudo lxc-attach -n postgres-primary -- su -c "psql -d gigi" postgres <\([a-zA-Z0-9]*\)<.*_\1_") -name=$(grep "content available under" $folder/domain | sed "s_.*/cacert-\([a-zA-Z0-9]*\)\\.txt.*_\1_") +name=$(grep "content available under" $folder/domain | sed "s_.*/\([a-zA-Z0-9]*\)\\.txt.*_\1_") -sudo mkdir -p /data/nginx/challenge -printf "%s" "$token" | sudo tee /data/nginx/challenge/cacert-$name.txt > /dev/null +sudo mkdir -p /data/nginx/challenge/.well-known/someca-challenge +printf "%s" "$token" | sudo tee /data/nginx/challenge/.well-known/someca-challenge/$name.txt > /dev/null openssl req -newkey rsa:4096 -subj "/CN=$domainName/OU=$token" -nodes -out $folder/self-req -keyout $folder/self-priv openssl x509 -req -in $folder/self-req -signkey $folder/self-priv -out $folder/self-cert -extfile <(printf "extendedKeyUsage = clientAuth, serverAuth\n") diff --git a/environments/production/manifests/gigi.pp b/environments/production/manifests/gigi.pp index 00a6c5f..d90c73a 100644 --- a/environments/production/manifests/gigi.pp +++ b/environments/production/manifests/gigi.pp @@ -81,7 +81,7 @@ node gigi { provider => 'shell', path => '', cwd => '/var/lib/wpia-gigi/config', - unless => '/usr/bin/[ /var/lib/wpia-gigi/keys/keystore.pkcs12 -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/cacerts.jks -ot /etc/wpia/gigi/conf.tar ]', + unless => '/usr/bin/[ /var/lib/wpia-gigi/keys/keystore.pkcs12 -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/cacerts.jks -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/gigi.properties -ot /etc/wpia/gigi/conf.tar ]', subscribe => [File['/var/lib/wpia-gigi/config/truststorepw'],Exec['keytool for /var/lib/wpia-gigi/config/cacerts.jks'],File['/var/lib/wpia-gigi/config/gigi.properties']], require => File['/etc/wpia/gigi'] } @@ -97,7 +97,8 @@ node gigi { } exec {'/gigi-ready': creates => '/gigi-ready', - command =>'/bin/false' + command =>'/bin/false', + require => Exec['tar for gigi-conf'] } exec{'alexa': command => '/usr/bin/gigi fetch-alexa /var/lib/wpia-gigi/blacklist.dat 100', diff --git a/modules/gigi/templates/gigi.properties.epp b/modules/gigi/templates/gigi.properties.epp index 8e144f9..8c127a8 100644 --- a/modules/gigi/templates/gigi.properties.epp +++ b/modules/gigi/templates/gigi.properties.epp @@ -1,4 +1,6 @@ name.suffix=<%=$systemDomain%> +appName=SomeCA +appIdentifier=someca gigi.uid=-1 gigi.gid=-1 -- 2.39.2