commit - 9bb2f62e241164788b683971648e51e3cf174947
commit + d7e2e22c588996c2c4c3aea5a390327282b67f0e
blob - 9895ba7c9755379f038199aefe3ade8fd608b81a
blob + e69c10860b5e61366d2de0a7607f218f3e22bb0a
--- ChangeLog
+++ ChangeLog
+2021-10-09 Omar Polo <op@omarpolo.com>
+
+ * contrib/gencert: add gencert, a simple script to generate self-signed certs
+
2021-10-04 Omar Polo <op@omarpolo.com>
* regress/lib.sh (raw): reduced the timeout time for single checks from 30 to 10 seconds
blob - ab45f9bd8c051602da9e2eb481d16d3450005e46
blob + d4fa347dde73598afb857c5057c991b317095fe4
--- contrib/README
+++ contrib/README
Sample Dockerfile to build alpine-based gmid images.
+gencert
+
+ Simple shell script to generate self-signed certificates.
+
gmid
Sample rc(8) script for OpenBSD, to be placed in /etc/rc.d.
blob - /dev/null
blob + 888194f8be3cec6f3f6197c07e828cee8afd88f9 (mode 755)
--- /dev/null
+++ contrib/gencert
+#!/bin/sh
+#
+# NAME
+# gencert - generate certificates
+#
+# SYNOPSIS
+# ./gencert [-fh] [-D days] [-d destdir] hostname
+#
+# DESCRIPTION
+# A simple script to generate self-signed X.509 certificates for
+# gmid.
+#
+# The option are as follows:
+# -D Specify the number of days the certificate
+# will be valid for. Use 365 (a year) by default.
+# -d Save the certificates to the given directory.
+# By default the current directory is used.
+# -f Forcefully overwrite existing certificates
+# without prompting.
+# -h Display usage and exit.
+#
+# SEE ALSO
+# openssl(1)
+#
+
+progname="$(basename -- "$0")"
+
+usage() {
+ echo "usage: $progname [-fh] [-d destdir] [-D days] hostname" >&2
+ echo "Please read the comment at the top of $0 for the usage." >&2
+ exit $1
+}
+
+force=no
+destdir=.
+days=365
+
+while getopts "D:d:fh" flag; do
+ case $flag in
+ D) days="$OPTARG" ;;
+ d) destdir="${OPTARG%/}" ;;
+ f) force=yes ;;
+ h) usage 0 ;;
+ ?) usage 1 ;;
+ esac
+done
+
+shift $(($OPTIND - 1))
+
+if [ $# -ne 1 ]; then
+ usage 1
+fi
+
+if [ ! -d "${destdir}" ]; then
+ echo "${progname}: ${destdir} is not a directory." >&2
+ usage 1
+fi
+
+hostname="${1}"
+pem="${destdir}/${hostname}.pem"
+key="${destdir}/${hostname}.key"
+
+if [ -f "$pem" -o -f "$key" ]; then
+ if [ $force = no ]; then
+ while :; do
+ printf "Overwrite existing certificate $pem? [y/n] "
+ if ! read -r reply; then
+ echo
+ exit 1
+ fi
+ case "$reply" in
+ [yY]) echo "overwriting"; break ;;
+ [nN]) echo "quitting"; exit 0 ;;
+ esac
+ done
+ fi
+fi
+
+openssl req -x509 \
+ -newkey rsa:4096 \
+ -out "${pem}" \
+ -keyout "${key}" \
+ -days "${days}" \
+ -nodes \
+ -subj "/CN=$hostname"
+
+e=$?
+if [ $e -ne 0 ]; then
+ exit $e
+fi
+
+echo
+echo "Generated files:"
+echo " $pem : certificate"
+echo " $key : private key"