smeserver-koji/koji-setup/koji-add-user.sh
2023-11-05 09:40:25 +11:00

97 lines
2.4 KiB
Bash

#!/bin/bash
set -e
DEBUG=
SILENT="-s"
QUIET="-q"
for param in "$@" ; do
if [ $param ] ; then
case $param in
debug )
DEBUG="debug" ;;
permission=* )
NEW_PERMS=${param#*=} ;;
help | -h | --help )
echo "koji-add-user.sh <user> [permission=<permission> | debug]" ;;
* )
NEW_USER=$param ;;
esac
else
break
fi
done
if [ $DEBUG ] ; then
set -xe
SILENT=
QUIET="-v"
fi
# load required parameters
SCRIPT_DIR="$(echo ~)/bin"
if [ ! -f "$SCRIPT_DIR"/koji-parameters.sh ] ; then
echo "$SCRIPT_DIR/koji-parameters.sh NOT found - aborting"
exit 1
fi
source "$SCRIPT_DIR"/koji-parameters.sh
KOJI_HUB_FQDN="$(hostname -f)"
# pull down any required scripts
if [ ! -d $SCRIPT_DIR ] ; then mkdir -p $SCRIPT_DIR ; fi
if [ ! -f $SCRIPT_DIR/koji-gencert.sh ] ; then
curl $SILENT $SCRIPT_GIT/koji-gencert.sh > $SCRIPT_DIR/koji-gencert.sh
chmod o+x $SCRIPT_DIR/koji-gencert.sh
fi
# Add the new user into the database
sudo -u kojiadmin koji add-user "$NEW_USER"
if [ $NEW_PERMS ] ; then
sudo -u kojiadmin koji grant-permission --new $NEW_PERMS $NEW_USER
fi
# Generate a certificate for the user
pushd "$KOJI_PKI_DIR"
$SCRIPT_DIR/koji-gencert.sh "$NEW_USER" "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/CN=$NEW_USER"
popd
# crete a bundle (tarball) for deployment to the user
if [[ ! -d $KOJI_PKI_DIR/bundle ]] ; then
mkdir -p $KOJI_PKI_DIR/bundle
fi
WORK_DIR=`mktemp -p /tmp -d $NEW_USER-XXXXXXXX`
# check if tmp dir was created
if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temp dir"
exit 1
fi
# function to delete the temp directory
function cleanup {
rm -rf "$WORK_DIR"
}
# register the cleanup function to be called on the EXIT signal
trap cleanup EXIT
pushd $WORK_DIR
mkdir -p .koji
cp $KOJI_PKI_DIR/$NEW_USER.pem $WORK_DIR/.koji/client.crt
cp $KOJI_PKI_DIR/koji_ca_cert.crt $WORK_DIR/.koji/serverca.crt
cp $KOJI_PKI_DIR/certs/"$NEW_USER"_browser_cert.p12 $WORK_DIR/.koji/.
cat > $WORK_DIR/.koji/config <<- EOT
[koji]
server = $KOJI_URL/kojihub
weburl = $KOJI_URL/koji
topurl = $KOJI_URL/kojifiles
topdir = $KOJI_DIR
cert = ~/.koji/client.crt
serverca = ~/.koji/serverca.crt
anon_retry = true
authtype = ssl
EOT
tar -zcf koji-"$NEW_USER"-bundle.tgz .koji
cp koji-"$NEW_USER"-bundle.tgz $KOJI_PKI_DIR/bundle/.
popd
echo "The Koji CLI and Web key bundle for $NEW_USER is $KOJI_PKI_DIR/bundle/koij-$NEW_USER-bundle.tgz"