mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2025-01-22 14:37:00 +01:00
95 lines
2.3 KiB
Bash
95 lines
2.3 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
DEBUG=
|
|
SILENT="-s"
|
|
QUIET="-q"
|
|
for param in $1 $2 $3 ; do
|
|
if [ $param ] ; then
|
|
case $param in
|
|
debug )
|
|
DEBUG="debug" ;;
|
|
permission=* )
|
|
NEW_PERMS=${param#*=} ;;
|
|
* )
|
|
NEW_USER=$param ;;
|
|
esac
|
|
else
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [ $DEBUG ] ; then
|
|
set -xe
|
|
SILENT=
|
|
QUIET="-v"
|
|
fi
|
|
|
|
# load required parameters
|
|
SCRIPT_DIR="$(echo ~)/bin"
|
|
if [ ! -f "$SCRIPT_DIR"/koji-parameters.sh ] ; then
|
|
echo "$SCRIPT_DIR/koji-parameters.sh NOT found - aborting"
|
|
exit 1
|
|
fi
|
|
source "$SCRIPT_DIR"/koji-parameters.sh
|
|
KOJI_HUB_FQDN="$(hostname -f)"
|
|
|
|
# pull down any required scripts
|
|
if [ ! -d $SCRIPT_DIR ] ; then mkdir -p $SCRIPT_DIR ; fi
|
|
if [ ! -f $SCRIPT_DIR/koji-gencert.sh ] ; then
|
|
curl $SILENT $SCRIPT_GIT/koji-gencert.sh > $SCRIPT_DIR/koji-gencert.sh
|
|
chmod o+x $SCRIPT_DIR/koji-gencert.sh
|
|
fi
|
|
|
|
# Add the new user into the database
|
|
sudo -u kojiadmin koji add-user "$NEW_USER"
|
|
if [ $NEW_PERMS ] ; then
|
|
sudo -u kojiadmin koji grant-permission --new $NEW_PERMS $NEW_USER
|
|
fi
|
|
# Generate a certificate for the user
|
|
pushd "$KOJI_PKI_DIR"
|
|
$SCRIPT_DIR/koji-gencert.sh "$NEW_USER" "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/CN=$NEW_USER"
|
|
popd
|
|
|
|
# crete a bundle (tarball) for deployment to the user
|
|
if [[ ! -d $KOJI_PKI_DIR/bundle ]] ; then
|
|
mkdir -p $KOJI_PKI_DIR/bundle
|
|
fi
|
|
|
|
WORK_DIR=`mktemp -p /tmp -d $NEW_USER-XXXXXXXX`
|
|
# check if tmp dir was created
|
|
if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
|
|
echo "Could not create temp dir"
|
|
exit 1
|
|
fi
|
|
|
|
# function to delete the temp directory
|
|
function cleanup {
|
|
rm -rf "$WORK_DIR"
|
|
}
|
|
|
|
# register the cleanup function to be called on the EXIT signal
|
|
trap cleanup EXIT
|
|
|
|
pushd $WORK_DIR
|
|
mkdir -p .koji
|
|
cp $KOJI_PKI_DIR/$NEW_USER.pem $WORK_DIR/.koji/client.crt
|
|
cp $KOJI_PKI_DIR/koji_ca_cert.crt $WORK_DIR/.koji/serverca.crt
|
|
cp $KOJI_PKI_DIR/certs/"$NEW_USER"_browser_cert.p12 $WORK_DIR/.koji/.
|
|
cat > $WORK_DIR/.koji/config <<- EOT
|
|
[koji]
|
|
server = $KOJI_URL/kojihub
|
|
weburl = $KOJI_URL/koji
|
|
topurl = $KOJI_URL/kojifiles
|
|
topdir = $KOJI_DIR
|
|
cert = ~/.koji/client.crt
|
|
serverca = ~/.koji/serverca.crt
|
|
anon_retry = true
|
|
authtype = ssl
|
|
EOT
|
|
tar -zcf koji-"$NEW_USER"-bundle.tgz .koji
|
|
cp koji-"$NEW_USER"-bundle.tgz $KOJI_PKI_DIR/bundle/.
|
|
popd
|
|
|
|
echo "The Koji CLI and Web key bundle for $NEW_USER is $KOJI_PKI_DIR/bundle/koij-$NEW_USER-bundle.tgz"
|