2
0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-10-26 08:55:24 +00:00
Files
xcat-core/xCAT-genesis-scripts/usr/bin/getcert
Samveen Gulati 63a3efe8bb move /*bin to /usr/ to fix path conflict of genesis base and scripts
RH7/Centos7 and recent versions of fedora relocate `/*bin/*` into `/usr/*bin/`. This causes
conflicts for upgrades against xCAT-genesis-scripts-* packages which expect the `/bin` a to be
a directory while `xCAT-genesis-base-*` packages provide a link. Relocating all files into `/usr`
fixes that conflict and allows a clean upgrade from all old versions.
2018-01-12 06:06:25 +00:00

42 lines
1.5 KiB
Bash
Executable File

#!/bin/bash
allowcred.awk &
CREDPID=$!
if [ -z "$XCATDEST" ]; then
XCATDEST=$1
fi
#retry in case certkey.pem is not right, yet
while ! openssl req -new -key /etc/xcat/certkey.pem -out /tmp/tls.csr -subj "/CN=`hostname`" >& /dev/null; do
sleep 1
done
echo "<xcatrequest>
<command>getcredentials</command>
<arg>x509cert</arg>
<callback_port>300</callback_port>
<csr>" > /tmp/certreq.xml
cat /tmp/tls.csr >> /tmp/certreq.xml
echo "</csr>
<sha512sig>
</sha512sig>
</xcatrequest>" >> /tmp/certreq.xml
openssl dgst -sha512 -out /tmp/certreq.sha512 -sign /etc/xcat/privkey.pem /tmp/certreq.xml #chain off the switch published key
openssl enc -e -a -in /tmp/certreq.sha512 > /tmp/certreq.b64sig
cat /tmp/certreq.xml |while read line; do
if [ "$line" = "</sha512sig>" ]; then
cat /tmp/certreq.b64sig >> /tmp/certreq.xml.new
fi
echo $line >> /tmp/certreq.xml.new
done
mv /tmp/certreq.xml.new /tmp/certreq.xml
rm /tmp/certreq.b64sig /tmp/certreq.sha512
cat /tmp/certreq.xml | openssl s_client -connect $XCATDEST -quiet 2> /dev/null > /tmp/certresp.xml
if grep 'BEGIN CERTIFICATE' /tmp/certresp.xml > /dev/null; then
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' < /tmp/certresp.xml > /etc/xcat/cert.pem
#stop transmitting sysDesc, allowing the public key to age out of validity
for iface in `grep '^ e' /var/lib/lldpad/lldpad.conf|awk '{print $1}' `; do
lldptool -T -i $iface -V sysDesc enableTx=no >& /dev/null
done
fi
rm /tmp/certreq.xml
rm /tmp/certresp.xml
kill $CREDPID