projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '14383-java-sdk-double-slash'. Fixes #14383.
[arvados.git]
/
tools
/
arvbox
/
lib
/
arvbox
/
docker
/
service
/
certificate
/
run
diff --git
a/tools/arvbox/lib/arvbox/docker/service/certificate/run
b/tools/arvbox/lib/arvbox/docker/service/certificate/run
index 2b802f2ab09c0be2b4aa43c934970f0e6706dd92..1b062ad8d131c141dd55a18bf0a474a6991a0186 100755
(executable)
--- a/
tools/arvbox/lib/arvbox/docker/service/certificate/run
+++ b/
tools/arvbox/lib/arvbox/docker/service/certificate/run
@@
-37,6
+37,13
@@
if test ! -s /var/lib/arvados/root-cert.pem ; then
fi
if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
fi
if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
+
+ if [[ $localip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+ san=IP:$localip
+ else
+ san=DNS:$localip
+ fi
+
# req signing request sub-command
# -new new certificate request
# -nodes "no des" don't encrypt key
# req signing request sub-command
# -new new certificate request
# -nodes "no des" don't encrypt key
@@
-56,7
+63,7
@@
if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
-reqexts x509_ext \
-extensions x509_ext \
-config <(cat /etc/ssl/openssl.cnf \
-reqexts x509_ext \
-extensions x509_ext \
-config <(cat /etc/ssl/openssl.cnf \
- <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,
IP:$localip
")) \
+ <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,
$san
")) \
-out /var/lib/arvados/server-cert-${localip}.csr \
-keyout /var/lib/arvados/server-cert-${localip}.key \
-days 365
-out /var/lib/arvados/server-cert-${localip}.csr \
-keyout /var/lib/arvados/server-cert-${localip}.key \
-days 365
@@
-69,7
+76,7
@@
if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
-out /var/lib/arvados/server-cert-${localip}.pem \
-set_serial $RANDOM$RANDOM \
-extfile <(cat /etc/ssl/openssl.cnf \
-out /var/lib/arvados/server-cert-${localip}.pem \
-set_serial $RANDOM$RANDOM \
-extfile <(cat /etc/ssl/openssl.cnf \
- <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,
IP:$localip
")) \
+ <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,
$san
")) \
-extensions x509_ext
chown arvbox:arvbox /var/lib/arvados/server-cert-${localip}.*
-extensions x509_ext
chown arvbox:arvbox /var/lib/arvados/server-cert-${localip}.*
@@
-78,4
+85,4
@@
fi
cp /var/lib/arvados/root-cert.pem /usr/local/share/ca-certificates/arvados-testing-cert.crt
update-ca-certificates
cp /var/lib/arvados/root-cert.pem /usr/local/share/ca-certificates/arvados-testing-cert.crt
update-ca-certificates
-sv stop certificate
\ No newline at end of file
+sv stop certificate