generar certificados sin sutty.local

* genera los certificados usando openssl en vez de gnutls * migra los certificados de sutty.local si existen Squashed commit of the following: commit cdc76a1dfb6cdec484ce1adf3e623ad2655a1c7a Author: void <v@sutty.nl> Date: Thu Jun 10 00:42:14 2021 +0000 migrar certificados de sutty.local commit b65ab40dba4ed2b7a6e8376506189fe237cdea6e Author: void <v@sutty.nl> Date: Thu Jun 10 00:42:02 2021 +0000 ups commit 49df2116c7e00cd7747ffd83f12c4b2517c6fa2f Author: void <v@sutty.nl> Date: Wed Jun 9 18:11:06 2021 +0000 generar certificados sin sutty.local
2021-06-16 17:54:27 +00:00 · 2021-06-16 17:54:27 +00:00 · 04ad94100d
commit 04ad94100d
parent 2e34275c8e
2 changed files with 51 additions and 1 deletions
--- a/haini.sh
+++ b/haini.sh
@ -55,6 +55,54 @@ correr() {
    /bin/sh -l -c "$1" < "${stdin:-/dev/null}"
 }

+generar_certificado() {
+  chmod 700 "$ENTORNO/etc/ssl/private"
+
+  ca_key="/etc/ssl/private/ca-sutty.key"
+  ca_crt="/etc/ssl/certs/ca-sutty.crt"
+
+  domain_key="/etc/ssl/private/sutty.local.key"
+  domain_csr="/etc/ssl/private/sutty.local.csr"
+  domain_crt="/etc/ssl/certs/sutty.local.crt"
+
+  if test -f "$DIR/../sutty.local/domain/sutty.local.crt"; then
+    SUTTY_LOCAL="$DIR/../sutty.local"
+
+    echo "Migrando certificados de sutty.local..."
+
+    cp "$SUTTY_LOCAL/ca/key.key" "$ENTORNO$ca_key"
+    cp "$SUTTY_LOCAL/ca/crt.crt" "$ENTORNO$ca_crt"
+
+    cp "$SUTTY_LOCAL/domain/sutty.local.key" "$ENTORNO$domain_key"
+    cp "$SUTTY_LOCAL/domain/sutty.local.csr" "$ENTORNO$domain_csr"
+    cp "$SUTTY_LOCAL/domain/sutty.local.crt" "$ENTORNO$domain_crt"
+    return
+  fi
+
+  echo "Generando certificados..."
+
+  correr "openssl genpkey -algorithm RSA -pass pass:sutty -out $ca_key"
+  correr "openssl req -x509 -new -nodes -key $ca_key -sha256 \
+    -passin pass:sutty -passout pass:sutty \
+    -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=Sutty Local CA' \
+    -days 3650 -out $ca_crt"
+
+  correr "openssl req -nodes -newkey rsa:2048 -keyout $domain_key -out $domain_csr \
+    -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=sutty.local/CN=*.sutty.local'"
+  correr "openssl x509 -req -in $domain_csr \
+    -CA $ca_crt -CAkey $ca_key -CAcreateserial \
+    -out $domain_crt -days 3650 -sha256"
+
+  echo "Instalando certificados..."
+  if which update-ca-certificates 2>/dev/null; then
+    sudo install -Dm 644 "$ENTORNO$ca_crt" /usr/share/ca-certificates/extra/sutty.crt
+    sudo dpkg-reconfigure ca-certificates
+    sudo update-ca-certificates
+  else
+    sudo trust anchor "$ENTORNO$ca_crt"
+  fi
+}
+
 crear_entorno() {
  ALPINE="3.13.5"
  ALPINE_URL="https://dl-cdn.alpinelinux.org/alpine/v${ALPINE%.*}/releases/x86_64/alpine-minirootfs-${ALPINE}-x86_64.tar.gz"
@ -104,6 +152,8 @@ crear_entorno() {
  for script in "$DIR/bin/"*; do
    install -m 755 "$script" "$ENTORNO/usr/local/bin/${script##*/}"
  done
+
+  test -f "$ENTORNO/etc/ssl/certs/sutty.local.crt" || generar_certificado
 }

 crear_entorno
--- a/2
+++ b/2
@ -3,7 +3,6 @@ daemonize
 ffmpeg
 file
 git
-gnutls-utils
 less
 libssh2
 libxml2
@ -14,6 +13,7 @@ nano-syntax
 ncurses-terminfo
 nginx
 nodejs
+openssl
 postgresql
 postgresql-contrib
 postgresql-libs