diff options
Diffstat (limited to 'pixelserv-ca-init.sh')
-rwxr-xr-x | pixelserv-ca-init.sh | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/pixelserv-ca-init.sh b/pixelserv-ca-init.sh index 74d7066277be..5d58f5875843 100755 --- a/pixelserv-ca-init.sh +++ b/pixelserv-ca-init.sh @@ -1,10 +1,24 @@ -#!/bin/sh +#!/bin/env bash + +# target directory +TARGET_DIR='/var/cache/pixelserv' + +# ensure the target directory exists +if [[ ! -d "$TARGET_DIR" ]]; then + sudo mkdir -pv "$TARGET_DIR" +fi + +# check the ownership of the directory +if [[ "$(stat -c '%U' "$TARGET_DIR")" != 'nobody' ]]; then + sudo chown -v nobody:nobody "$TARGET_DIR" +fi # generate cert -sudo -u nobody openssl genrsa -out /var/cache/pixelserv/ca.key 1024 -sudo -u nobody openssl req -key /var/cache/pixelserv/ca.key -new -x509 -days 3650 -sha256 \ - -extensions v3_ca -out /var/cache/pixelserv/ca.crt -subj "/CN=Pixelserv CA" +sudo -u nobody openssl genrsa -out "$TARGET_DIR"/ca.key 2048 +sudo -u nobody openssl req -key "$TARGET_DIR"/ca.key -new -x509 -days 3650 -sha256 \ + -extensions v3_ca -config /etc/ssl/openssl.cnf \ + -out "$TARGET_DIR"/ca.crt -subj "/CN=Pixelserv CA" # trust cert -sudo cp /var/cache/pixelserv/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt +sudo cp "$TARGET_DIR"/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt sudo trust extract-compat |