From 79e78ec39490b0dce1776f5fd1459db271c3e3f2 Mon Sep 17 00:00:00 2001 From: Trevor Batley Date: Wed, 6 Sep 2023 10:04:26 +1000 Subject: [PATCH] add create cert bundle when add user --- koji-setup/koji-add-user.sh | 41 ++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/koji-setup/koji-add-user.sh b/koji-setup/koji-add-user.sh index c2f790e..f5f13cb 100644 --- a/koji-setup/koji-add-user.sh +++ b/koji-setup/koji-add-user.sh @@ -50,4 +50,43 @@ pushd "$KOJI_PKI_DIR" $SCRIPT_DIR/koji-gencert.sh "$NEW_USER" "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/CN=$NEW_USER" popd -echo "The Koji CLI key for $NEW_USER is $KOJI_PKI_DIR/$NEW_USER.pem and the browser key $KOJI_PKI_DIR/certs/$NEW_USER_browser_cert.p12" +# crete a bundle (tarball) for deployment to the user +if [[ ! -d $KOJI_PKI_DIR/bundle ]] ; then + mkdir -p $KOJI_PKI_DIR/bundle +fi + +WORK_DIR=`mktemp -d $NEW_USER-XXXXXXXX` +# check if tmp dir was created +if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then + echo "Could not create temp dir" + exit 1 +fi +# register the cleanup function to be called on the EXIT signal +trap cleanup EXIT + +pushd $WORK_DIR +mkdir -p .koji +cp $KOJI_PKI_DIR/$NEW_USER.pem $WORK_DIR/.koji/client.crt +cp $KOJI_PKI_DIR/koji_ca_cert.crt $WORK_DIR/.koji/serverca.crt +cp $KOJI_PKI_DIR/certs/"$NEW_USER"_browser_cert.p12 $WORK_DIR/.koji/. +cat > $WORK_DIR/.koji/config <<- EOT +[koji] +server = $KOJI_URL/kojihub +weburl = $KOJI_URL/koji +topurl = $KOJI_URL/kojifiles +topdir = $KOJI_DIR +cert = ~/.koji/client.crt +serverca = ~/.koji/serverca.crt +anon_retry = true +authtype = ssl +EOT +tar -zcf koji-"$NEW_USER"-bundle.tgz .koji +cp koji-"$NEW_USER"-bundle.tgz $KOJI_PKI_DIR/bundle/. +popd + +echo "The Koji CLI and Web key bundle for $NEW_USER is $KOJI_PKI_DIR/bundle/koij-$NEW_USER-bundle.tgz" + +# function to delete the temp directory +function cleanup { + rm -rf "$WORK_DIR" +}